Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Firefox & IE 7 Search Redirects Plus other Odd Stuff

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Unread postby melboy » July 29th, 2010, 12:09 pm

HI

Good - Now lets get down to the business of your re-directions.


ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix: Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    For instructions on how to disable your security programs, please see this topic:
    How to disable your security applications

  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Unread postby Steve001 » July 29th, 2010, 3:06 pm

I have combo fix downloaded from a previous time. It was on the desktop then moved to a download folder then a shortcut was made today back to the desktop. Will that work just as well ? I'm unable to just move it to the desktop without creating a shortcut.
I ran it just to see what would happen and a warning message appears stating
Combofix has detected the real time scanners to be active
AVG anti virus
Zone Alarm anti virus
I've uninstalled the AVG as requested previously, but there are still files that were not removed.
I don't no how to turn off Zone Alarm. There's no option to to do so as far as I can tell.
Steve001
Regular Member
 
Posts: 57
Joined: April 17th, 2010, 1:59 pm

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Unread postby melboy » July 29th, 2010, 3:39 pm

Steve001 wrote:I have combo fix downloaded from a previous time
Combofix is updated regularly so delete any copies of combofix you already have, including any shortcuts. I'll get you to download a fresh copy after fully removing AVG.

Steve001 wrote:I've uninstalled the AVG as requested previously, but there are still files that were not removed.
Ok, we'll deal with that.

SystemLook

Please download SystemLook by jpshortstuff from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
     :filefind
    *AVG*
    :folderfind
    *AVG*
    :regfind
    *AVG*

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



Steve001 wrote:I don't no how to turn off Zone Alarm. There's no option to to do so as far as I can tell.

From the article I linked you to:
Zone Alarm

  • Check the toolbar in the bottom right-hand corner of your screen and find the icon for Zone alarm.
  • Right-click the Zone Alarm Icon.
  • Scroll down and select "Shutdown Zone Alarm."

Does that not work? Answer me that and post the contents of SystemLook.txt in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Unread postby Steve001 » July 29th, 2010, 11:46 pm

About Zone Alarm. The Icon does appear where you say to look however it is hidden until I expand the view. When I do that as I get the cursor close to the ZA icon the darn thing disappears. I'm going to uninstall and the download it again.
Ok, that seems to have solved the disappearing icon problem.


SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 23:29 on 29/07/2010 by steve (Administrator - Elevation successful)

========== filefind ==========

Searching for "*AVG*"
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcfg.log --a--- 1078 bytes [19:53 13/04/2010] [19:54 13/04/2010] 6689075FBF5599E71FAABE3856055828
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcfg.log.lock --a--- 0 bytes [19:53 13/04/2010] [19:53 13/04/2010] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log --a--- 685224 bytes [00:46 28/04/2009] [02:42 17/04/2010] 8C5668AAA1DE5C1A794B54A0C4417C54
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.1 --a--- 1024080 bytes [00:46 28/04/2009] [20:32 13/04/2010] 5A45E73CC1EE22610F67C03B57CFD4CD
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.10 --a--c 1024302 bytes [00:46 28/04/2009] [18:28 31/07/2009] 505FB6B98459B2F57D6EF63E6A20BBAD
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.2 --a--- 1024248 bytes [00:46 28/04/2009] [20:32 13/04/2010] B3A397B818A0ECA91670F3E01DAD23D9
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.3 --a--- 1024712 bytes [00:46 28/04/2009] [20:23 13/04/2010] 1C2536DCE1EB83E7624F799BA2758DFE
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.4 --a--- 1024474 bytes [00:46 28/04/2009] [20:18 13/04/2010] F9FCE466341EA518FF55D721B89D6AB8
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.5 --a--- 1024202 bytes [00:46 28/04/2009] [20:33 13/04/2010] 80F062BD7759ED9F6F6AE94CBEBF9907
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.6 --a--c 1024208 bytes [00:46 28/04/2009] [13:49 12/02/2010] 5F5F89EAF416EA5C2D8C0840BAB9B115
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.7 --a--c 1024190 bytes [00:46 28/04/2009] [16:29 21/11/2009] A492CE8585A28B73AEA61A1D3A978812
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.8 --a--c 1024104 bytes [00:46 28/04/2009] [21:36 20/10/2009] 3E8C7FFF1DBFA50CCA4F378AE7C01B5F
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.9 --a--c 1024348 bytes [00:46 28/04/2009] [17:02 12/09/2009] 6ED62F76E1BDC672D266E575AC0DEC34
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.lock --a--c 0 bytes [00:46 28/04/2009] [00:46 28/04/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgfrw.log --a--c 810 bytes [00:49 28/04/2009] [00:49 28/04/2009] DFB57DBEA24CE0356D6B2958A70904E7
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgfrw.log.lock --a--c 0 bytes [00:49 28/04/2009] [00:49 28/04/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgldr.log --a--- 202642 bytes [00:46 28/04/2009] [03:41 08/05/2010] 69D266141D7775A4AB3A79193C3BE6E3
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgldr.log.1 --a--- 1024324 bytes [00:46 28/04/2009] [13:30 09/04/2010] 691C51516B19ABDAB186DAF3F69DB071
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgldr.log.2 --a--c 1024084 bytes [00:46 28/04/2009] [00:18 16/10/2009] 599A03F8AA7495F731D9E1E56EF1903B
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgldr.log.lock --a--c 0 bytes [00:46 28/04/2009] [00:46 28/04/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log --a--- 995482 bytes [00:46 28/04/2009] [02:42 17/04/2010] E34EB1576B7DC96E41F3ED656F479A9F
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log.1 --a--c 1024038 bytes [00:46 28/04/2009] [13:12 29/12/2009] 222136FF200741F7FE95BEDFDFED9129
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log.2 --a--c 1024126 bytes [00:46 28/04/2009] [03:05 16/11/2009] 46EEDDE4350EF1B6E9FD5F2A8CAE47EB
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log.3 --a--c 1024066 bytes [00:46 28/04/2009] [18:44 08/10/2009] A2EBDDC907ACDD23758E66A974A23400
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log.4 --a--c 1024138 bytes [00:46 28/04/2009] [11:57 04/09/2009] 776CD5B81ACBE9B78B1699D84D6BB390
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log.5 --a--c 1024126 bytes [00:46 28/04/2009] [00:41 25/07/2009] 1D4B9B62CDAE6B075158D427E6B8BF7B
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log.6 --a--c 1024278 bytes [00:46 28/04/2009] [12:24 09/06/2009] 2EA9BE9F42B263CE652E3B001881A3A7
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log.lock --a--c 0 bytes [00:46 28/04/2009] [00:46 28/04/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgns.log --a--c 20256 bytes [00:46 28/04/2009] [19:58 28/04/2009] 431FECCEF89C4BAFA00C6EE654FBF08A
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgns.log.lock --a--c 0 bytes [00:46 28/04/2009] [00:46 28/04/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log --a--- 607586 bytes [00:46 28/04/2009] [16:06 17/04/2010] 2C79CAF93002CB46F510B3CF6D11599D
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log.1 --a--- 1024050 bytes [00:46 28/04/2009] [15:34 17/04/2010] 5B511849D063E8B721CE11E47F294369
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log.10 --a--- 1024016 bytes [00:46 28/04/2009] [13:37 16/04/2010] D6F030DAFC5167D276E6BD688A419323
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log.2 --a--- 1024276 bytes [00:46 28/04/2009] [14:43 17/04/2010] 27171B7E90141D7C33B97A073B600D0D
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log.3 --a--- 1024280 bytes [00:46 28/04/2009] [13:31 17/04/2010] 91C64C7E013660B3686A419DF11BE553
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log.4 --a--- 1024002 bytes [00:46 28/04/2009] [04:07 17/04/2010] 756A57A3F7610A01380E6660D47907F1
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log.5 --a--- 1024240 bytes [00:46 28/04/2009] [03:13 17/04/2010] D4325506DA7B2700EF957E16D0510389
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log.6 --a--- 1024206 bytes [00:46 28/04/2009] [02:21 17/04/2010] 6C0E524CA2B4C427B0945BD7C507BB25
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log.7 --a--- 1024224 bytes [00:46 28/04/2009] [21:08 16/04/2010] 2A91517B34DCF840F2293E0F21500D3A
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log.8 --a--- 1024002 bytes [00:46 28/04/2009] [18:05 16/04/2010] 413C4C17908FDE2C00AEA687CFC12B5D
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log.9 --a--- 1024046 bytes [00:46 28/04/2009] [17:12 16/04/2010] C195285E2719AD58AF32B50994B42B80
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log.lock --a--c 0 bytes [00:46 28/04/2009] [00:46 28/04/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgscan.log --a--- 67438 bytes [00:51 28/04/2009] [20:33 13/04/2010] 5AB023BBA0705FB3042B0A2A9BD71758
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgscan.log.lock --a--c 0 bytes [00:51 28/04/2009] [00:51 28/04/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log --a--c 266558 bytes [00:49 28/04/2009] [20:06 28/04/2009] 2F1BBC0C016A43D9D5F49B2D44C8FE2D
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log.lock --a--c 0 bytes [00:49 28/04/2009] [00:49 28/04/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsrm.log --a--- 219370 bytes [00:50 28/04/2009] [20:33 13/04/2010] C3F4DD88A51A356AB660B61627363101
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsrm.log.lock --a--c 0 bytes [00:50 28/04/2009] [00:50 28/04/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log --a--- 49002 bytes [00:46 28/04/2009] [19:54 13/04/2010] B61F9E3353E46D926A7D0036E67AB5A9
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log.lock --a--c 0 bytes [00:46 28/04/2009] [00:46 28/04/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\avg8\Log\avguilog.cfg --a--- 1219 bytes [00:45 28/04/2009] [00:45 28/04/2009] CE35DEEBE791E4DFBBF7BF6B8EE48400
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgupd.log --a--c 252134 bytes [00:47 28/04/2009] [13:17 28/04/2009] BC82492810302D1EA15162E87CB6C2E9
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgupd.log.lock --a--c 0 bytes [00:47 28/04/2009] [00:47 28/04/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log --a--c 307982 bytes [00:46 28/04/2009] [20:06 28/04/2009] A4B32E767324C0CF368842D71B66FC37
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log.lock --a--c 0 bytes [00:46 28/04/2009] [00:46 28/04/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwdsvc.log --a--c 14622 bytes [00:46 28/04/2009] [20:06 28/04/2009] 5863943271F9C86B4CB4BEF85DB52316
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwdsvc.log.lock --a--c 0 bytes [00:46 28/04/2009] [00:46 28/04/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\avg8\update\backup\microavi.avg --a--c 40212 bytes [00:48 28/04/2009] [00:48 28/04/2009] EA0BBA3BA1036A7640107FD1C7513E6D
C:\Documents and Settings\All Users\Application Data\avg8\update\download\avginfoavi.ctf --a--c 2375 bytes [07:59 28/04/2009] [13:17 28/04/2009] B48C7F3047CF0FAC4037D2F37CA57BA6
C:\Documents and Settings\All Users\Application Data\avg8\update\download\avginfowin.ctf --a--c 5397 bytes [07:59 28/04/2009] [13:17 28/04/2009] 5C9AA9D5EE46B6E62F4E813FB85AD77B
C:\Documents and Settings\deborah\Recent\avg9inst.lnk --a--- 550 bytes [17:19 17/04/2010] [17:19 17/04/2010] AF8E4ED1BAB749F9BE83A50A0AC44C1E
C:\Documents and Settings\steve\Recent\avg9inst.lnk --a--- 1154 bytes [18:39 08/05/2010] [18:39 08/05/2010] D768092621BD810AA17C21873566974B
C:\Documents and Settings\steve\Recent\avgremover.lnk --a--- 670 bytes [18:39 08/05/2010] [18:11 29/07/2010] 0A07E07700214048EBB0DBF6DC884C36
C:\Program Files\AVG\AVG8\avg.snu.install_backup --a--- 150 bytes [00:45 28/04/2009] [00:45 28/04/2009] 1E01711005596F2320563079930A61FA
C:\Program Files\AVG\AVG8\avg7api.dll.install_backup --a--- 226584 bytes [00:45 28/04/2009] [00:45 28/04/2009] 2E1B3426F74B774AF1B5B0AB840E37D3
C:\Program Files\AVG\AVG8\avg8us.lng.install_backup --a--- 284607 bytes [00:46 28/04/2009] [00:46 28/04/2009] 0ED32BF75D32EF7478577B2CFDBE1FAE
C:\Program Files\AVG\AVG8\avgabout.dll.install_backup --a--- 1159960 bytes [00:45 28/04/2009] [00:45 28/04/2009] 820244118C78577FE4697C5D790AF0CC
C:\Program Files\AVG\AVG8\avgamnot.dll.install_backup --a--- 274200 bytes [00:45 28/04/2009] [00:45 28/04/2009] A4EB0D3A6A44C543A198012BDE2A65D9
C:\Program Files\AVG\AVG8\avgapix.dll.install_backup --a--- 1213720 bytes [00:45 28/04/2009] [00:45 28/04/2009] 69DFB3A41B53D105F31556F6008D54E6
C:\Program Files\AVG\AVG8\avgatend.stp.install_backup --a--- 2552 bytes [00:45 28/04/2009] [00:45 28/04/2009] 9E0962E2EF11432F2ED04FB03E8EC828
C:\Program Files\AVG\AVG8\avgatupd.stp.install_backup --a--- 1184 bytes [00:45 28/04/2009] [00:45 28/04/2009] 27EB259B71CC8F4EED49D13DDD90D319
C:\Program Files\AVG\AVG8\avgbat.bav.install_backup --a--- 237336 bytes [00:45 28/04/2009] [00:45 28/04/2009] A887718D3A138CA279020B965BDC3B1E
C:\Program Files\AVG\AVG8\avgcclix.dll.install_backup --a--- 417048 bytes [00:45 28/04/2009] [00:45 28/04/2009] A47A341324EF1AD497D722F8309583ED
C:\Program Files\AVG\AVG8\avgcfgex.exe.install_backup --a--- 729880 bytes [00:45 28/04/2009] [00:45 28/04/2009] 2DF4C5D1D873D2BAC38EA9AC6FD36019
C:\Program Files\AVG\AVG8\avgcfgx.dll.install_backup --a--- 826648 bytes [00:45 28/04/2009] [00:45 28/04/2009] E53F7833350338FA34A1AEC62AAADEEA
C:\Program Files\AVG\AVG8\avgclitx.dll.install_backup --a--- 380184 bytes [00:45 28/04/2009] [00:45 28/04/2009] 2C4A43A31CB5693BE0E845AEE7D4AD72
C:\Program Files\AVG\AVG8\avgcmgr.exe.install_backup --a--- 824600 bytes [00:45 28/04/2009] [00:45 28/04/2009] 8EF18D173C2E8D21BDFF76ADA2CE3397
C:\Program Files\AVG\AVG8\avgcorex.dll.install_backup --a--- 2039576 bytes [00:45 28/04/2009] [00:45 28/04/2009] 5E58BAC9A7B4FA7D492E54F8EE0A24D6
C:\Program Files\AVG\AVG8\avgcrlpx.dll.install_backup --a--- 69400 bytes [00:45 28/04/2009] [00:45 28/04/2009] F2A3A309185280B459DEB91629EDFA4E
C:\Program Files\AVG\AVG8\avgcsrvx.exe.install_backup --a--- 691992 bytes [00:45 28/04/2009] [00:45 28/04/2009] B42A408640B4F78E80D9160453D7C613
C:\Program Files\AVG\AVG8\avgdumpx.exe.install_backup --a--- 75544 bytes [00:45 28/04/2009] [00:45 28/04/2009] 49D2C42928D11CA72CA6FB9D542DC390
C:\Program Files\AVG\AVG8\avgf8us.chm.install_backup --a--- 183994 bytes [00:46 28/04/2009] [00:46 28/04/2009] C49691BFC7B98CCBB54310550DC003FB
C:\Program Files\AVG\AVG8\avgfree_us.mht.install_backup --a--- 17128 bytes [00:46 28/04/2009] [00:46 28/04/2009] 9755DBE6ABD06374651F8E2ADD755A43
C:\Program Files\AVG\AVG8\avgfrw.exe.install_backup --a--- 1209624 bytes [00:45 28/04/2009] [00:45 28/04/2009] 2E1D5417A8E215C5F3A579FB0FED3FD9
C:\Program Files\AVG\AVG8\avginet.dll.install_backup --a--- 746264 bytes [00:45 28/04/2009] [00:45 28/04/2009] 1F6C2DFF1926220111A8ECE791ED32BA
C:\Program Files\AVG\AVG8\avgiproxy.exe.install_backup --a--- 582936 bytes [00:45 28/04/2009] [00:45 28/04/2009] 456DFADF98DB09B87D4FF49C3337C700
C:\Program Files\AVG\AVG8\avglngx.dll.install_backup --a--- 311576 bytes [00:45 28/04/2009] [00:45 28/04/2009] AD6349F3B3A73FEB8F57B65F2CE844EE
C:\Program Files\AVG\AVG8\avglogx.dll.install_backup --a--- 337176 bytes [00:45 28/04/2009] [00:45 28/04/2009] CDBBA30D0667388CE7021A4F2E1F7968
C:\Program Files\AVG\AVG8\avgmail.dll.install_backup --a--- 176920 bytes [00:45 28/04/2009] [00:45 28/04/2009] 51EB54E5FFBF826B6199B003444CED71
C:\Program Files\AVG\AVG8\avgmvflx.dll.install_backup --a--- 299288 bytes [00:45 28/04/2009] [00:45 28/04/2009] 536EF1BD7EB5215C2A90A8B71D85EED6
C:\Program Files\AVG\AVG8\avgmwdef_us.mht.install_backup --a--- 4889 bytes [00:46 28/04/2009] [00:46 28/04/2009] 84C0ED6ED8D827695CEAF3D022651DF5
C:\Program Files\AVG\AVG8\avgnsx.exe.install_backup --a--- 594200 bytes [00:45 28/04/2009] [00:45 28/04/2009] F0DEC9B60998D84CD9153428C5E3435F
C:\Program Files\AVG\AVG8\avgoff2k.dll.install_backup --a--- 264984 bytes [00:45 28/04/2009] [00:45 28/04/2009] 5F659D0D8982EB8611712A7A71E0DC12
C:\Program Files\AVG\AVG8\avgpp.dll.install_backup --a--- 79128 bytes [00:46 28/04/2009] [00:46 28/04/2009] CBB9BDABBF52DB2B14DC806E057DACB7
C:\Program Files\AVG\AVG8\avgresf.dll.install_backup --a--- 2167576 bytes [00:45 28/04/2009] [00:45 28/04/2009] E6C963CD761B5F62FE98066BBFA7175C
C:\Program Files\AVG\AVG8\avgrsx.exe.install_backup --a--- 485144 bytes [00:45 28/04/2009] [00:45 28/04/2009] 7ADFB0D513C0BBA494CA8022AB0A4805
C:\Program Files\AVG\AVG8\avgscanx.dll.install_backup --a--- 338200 bytes [00:45 28/04/2009] [00:45 28/04/2009] 13331F4895E5136370F1DE56FD3D36A6
C:\Program Files\AVG\AVG8\avgscanx.exe.install_backup --a--- 760600 bytes [00:45 28/04/2009] [00:45 28/04/2009] 7AEBB6651ADF4C43CD133BBCEEED077E
C:\Program Files\AVG\AVG8\avgsched.dll.install_backup --a--- 531224 bytes [00:45 28/04/2009] [00:45 28/04/2009] 8D1A04944018EFCDAECBC58B6B9287FE
C:\Program Files\AVG\AVG8\avgse.dll.install_backup --a--- 117528 bytes [00:45 28/04/2009] [00:45 28/04/2009] 238A494EC16AA05565114AFA1B245519
C:\Program Files\AVG\AVG8\avgsrmax.exe.install_backup --a--- 341272 bytes [00:45 28/04/2009] [00:45 28/04/2009] 430F748F1B91DA0C05841620861E6F2F
C:\Program Files\AVG\AVG8\avgsrmx.dll.install_backup --a--- 681752 bytes [00:45 28/04/2009] [00:45 28/04/2009] 837675D8A366D0D7C92B743E67FFB531
C:\Program Files\AVG\AVG8\avgssie.dll.install_backup --a--- 1078552 bytes [00:45 28/04/2009] [00:45 28/04/2009] A99B481A7EA094E13B5B99AA52AE1D82
C:\Program Files\AVG\AVG8\avguiadv.dll.install_backup --a--- 2301208 bytes [00:45 28/04/2009] [00:45 28/04/2009] 18999D94A09851D63C69CCFA924F1F9C
C:\Program Files\AVG\AVG8\avguires.dll.install_backup --a--- 2670872 bytes [00:45 28/04/2009] [00:45 28/04/2009] 01ED740077C8C1FC00B00991ADF05C12
C:\Program Files\AVG\AVG8\avgupd.dll.install_backup --a--- 1423640 bytes [00:45 28/04/2009] [00:45 28/04/2009] 500A45A75E9A8AD5F3A35FD11EFE6A99
C:\Program Files\AVG\AVG8\avgupd.exe.install_backup --a--- 1057048 bytes [00:45 28/04/2009] [00:45 28/04/2009] C738B49AD6934D53D943FC5541C0D633
C:\Program Files\AVG\AVG8\avgvvx.dll.install_backup --a--- 511256 bytes [00:45 28/04/2009] [00:45 28/04/2009] B95029E0272A8988457CD9496E6D59AE
C:\Program Files\AVG\AVG8\avgwd.dll.install_backup --a--- 1247424 bytes [00:45 28/04/2009] [00:45 28/04/2009] BFCFB6A4B412C2065FA44C455AE1F454
C:\Program Files\AVG\AVG8\avgwdsvc.exe.install_backup --a--- 298264 bytes [00:45 28/04/2009] [00:45 28/04/2009] 4688233E07402D0D85E723979804D93E
C:\Program Files\AVG\AVG8\avgwdwsc.dll.install_backup --a--- 422912 bytes [00:45 28/04/2009] [00:45 28/04/2009] 6859740A970B4933A2E9037EACD7BA78
C:\Program Files\AVG\AVG8\avgxch32.dll.install_backup --a--- 353048 bytes [00:45 28/04/2009] [00:45 28/04/2009] 4D2EA51E09CE0BE1197EBE26434F9E0E
C:\Program Files\AVG\AVG8\avgxpl.dll.install_backup --a--- 935192 bytes [00:45 28/04/2009] [00:45 28/04/2009] E373D505C372720548734AC1605BF018
C:\Program Files\AVG\AVG8\Firefox\Components\avgssff.dll --a--c 1045784 bytes [00:45 28/04/2009] [00:45 28/04/2009] 41972EFCB99D032403F01B10FD7FE6AF
C:\Program Files\Grisoft\AVG7\avgamsvr.exe --a--- 353792 bytes [23:59 09/02/2007] [23:59 09/02/2007] 56E33AF1F89CBAB2487680DEED6EBCD1
C:\Program Files\Grisoft\AVG7\avgemc.exe --a--- 324096 bytes [23:59 09/02/2007] [23:59 09/02/2007] 301C6A7360139B07FDE450C0EFA5067F
C:\Program Files\Grisoft\AVG7\avgupsvc.exe --a--- 49664 bytes [23:59 09/02/2007] [23:59 09/02/2007] 30A14F65DB477DC00A64A5A24E96919C
C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AVG7_CC.reg.dat --a--- 588 bytes [04:11 08/05/2010] [04:11 08/05/2010] 6F71E0845858A22DC4D059AA48FEF449
C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AVG8_TRAY.reg.dat --a--- 574 bytes [04:11 08/05/2010] [04:11 08/05/2010] AF4351EC3260E7FD8166A0A4C4804539
C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AVG9_TRAY.reg.dat --a--- 574 bytes [04:11 08/05/2010] [04:11 08/05/2010] 51F982F9B14F40D97E75588110331793
C:\Qoobox\Quarantine\Registry_backups\Notify-avgrsstarter.reg.dat --a--- 378 bytes [04:09 08/05/2010] [04:09 08/05/2010] 63C78AD085C5D679FEDD5EBF912E9993
C:\WINDOWS\system32\avgfwdx.dll --a--- 50968 bytes [16:47 17/04/2010] [16:47 17/04/2010] 62706490A089938110E7CDE99ADFAA67
C:\WINDOWS\system32\drivers\avgfwdx.sys --a--- 30104 bytes [16:47 17/04/2010] [16:47 17/04/2010] FA6336F05695E39995884D0C959C9608

========== folderfind ==========

Searching for "*AVG*"
C:\$AVG8.VAULT$ d----- [00:58 28/04/2009]
C:\Documents and Settings\All Users\Application Data\avg8 d----- [00:45 28/04/2009]
C:\Documents and Settings\All Users\Application Data\avg8\AvgAm d----- [00:45 28/04/2009]
C:\Documents and Settings\All Users\Application Data\avg8\AvgApi d----- [00:45 28/04/2009]
C:\Documents and Settings\deborah\Application Data\AVG8 d----- [16:39 17/04/2010]
C:\Program Files\AVG d----- [00:45 28/04/2009]
C:\Program Files\AVG\AVG8 d----- [00:45 28/04/2009]
C:\Program Files\Grisoft\AVG7 d----- [23:59 09/02/2007]

========== regfind ==========

Searching for "*AVG*"
No data found.

-=End Of File=-
Steve001
Regular Member
 
Posts: 57
Joined: April 17th, 2010, 1:59 pm

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Unread postby melboy » July 30th, 2010, 12:15 pm

Hi Steve,


OTM

Download OTM by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Paste the following code under the Image area. Do not include the word Code.
    Code: Select all
    :Services
    Avgfwdx
    Avgfwfd
    
    :Files
    C:\Documents and Settings\All Users\Application Data\avg8
    C:\Program Files\AVG
    C:\Program Files\Grisoft
    C:\WINDOWS\system32\avgfwdx.dll
    C:\WINDOWS\system32\drivers\avgfwdx.sys 
    C:\$AVG8.VAULT$
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
    

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.


    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


    Should all go well with the above, please run combofix after any reboot by OTM.


    ComboFix (by sUBs)
    Please visit this webpage for instructions for downloading and running ComboFix: Bleeping Computer ComboFix Tutorial

    • You must download it to and run it from your Desktop
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
      For instructions on how to disable your security programs, please see this topic:
      How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply
    • Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Unread postby Steve001 » July 31st, 2010, 8:00 am

All processes killed
========== SERVICES/DRIVERS ==========
Service Avgfwdx stopped successfully!
Service Avgfwdx deleted successfully!
Service Avgfwfd stopped successfully!
Service Avgfwfd deleted successfully!
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\avg8\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\update\download\ads folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\update\download folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\update\backup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\Temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\scanlogs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\Lsdb\Prev folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\Lsdb folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\emc folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\CfgAll folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\AvgApi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\AvgAm folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\admincli folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8 folder moved successfully.
C:\Program Files\AVG\AVG8\Notification folder moved successfully.
C:\Program Files\AVG\AVG8\Icons folder moved successfully.
C:\Program Files\AVG\AVG8\Firefox\Components folder moved successfully.
C:\Program Files\AVG\AVG8\Firefox\Chrome folder moved successfully.
C:\Program Files\AVG\AVG8\Firefox folder moved successfully.
C:\Program Files\AVG\AVG8 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
C:\Program Files\Grisoft\AVG7 folder moved successfully.
C:\Program Files\Grisoft folder moved successfully.
C:\WINDOWS\system32\avgfwdx.dll moved successfully.
C:\WINDOWS\system32\drivers\avgfwdx.sys moved successfully.
C:\$AVG8.VAULT$ folder moved successfully.
========== COMMANDS ==========
Steve001
Regular Member
 
Posts: 57
Joined: April 17th, 2010, 1:59 pm

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Unread postby melboy » July 31st, 2010, 8:19 am

Good - post the combofix log when ready, Steve.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Unread postby Steve001 » July 31st, 2010, 8:35 am

Just tried to run Combofix. It stopped because it says AVG is still active.
Steve001
Regular Member
 
Posts: 57
Joined: April 17th, 2010, 1:59 pm

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Unread postby Steve001 » July 31st, 2010, 8:55 am

So even with the warning I tried running Combofix, because I don't see any way to stop it from running after I closed the warning box- it just automatically runs. CBF ran fine while creating a system restore point but appeared to stop when it started to scan. What's up with that ? So I waited for a while just to see what happened- nothing happened it just hung. I eventually ctrl-alt-del just to see if that work- no. So I had to end up pushing the power button to turn off the machined.

How do you turn off Prevx ?
Last edited by Steve001 on July 31st, 2010, 9:02 am, edited 1 time in total.
Steve001
Regular Member
 
Posts: 57
Joined: April 17th, 2010, 1:59 pm

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Unread postby melboy » July 31st, 2010, 9:00 am

Steve, Did you delete your previous copy of combofix as requested? Did you visit the combofix tutorial at BC? If you did the above - Please be patient and let combofix run.

With regards to it detecting AVG is active, I know what is happening here. When you get the message that combofix has detected that AVG is running, click OK. You will be prompted again, warning you that AVG is still active and that combofix will continue running - Click OK again and allow combofix to continue.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Unread postby Steve001 » July 31st, 2010, 9:14 am

Yes I did remove the previous copy. I've also turned off Prevx and shut down Zone Alarm. Wiil run CBF again now
Steve001
Regular Member
 
Posts: 57
Joined: April 17th, 2010, 1:59 pm

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Unread postby melboy » July 31st, 2010, 9:25 am

Ok - post when ready.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Unread postby Steve001 » July 31st, 2010, 9:26 am

ComboFix ran this time. Here are the results. I'll be back in a while.

ComboFix 10-07-30.04 - steve 07/31/2010 9:16.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1604 [GMT -4:00]
Running from: c:\documents and settings\steve\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\deborah\Application Data\028C0CA68054239B315BD294733F9D4E
c:\documents and settings\deborah\Application Data\028C0CA68054239B315BD294733F9D4E\appmodule719.exe
c:\documents and settings\deborah\Application Data\028C0CA68054239B315BD294733F9D4E\enemies-names.txt
c:\documents and settings\deborah\Application Data\028C0CA68054239B315BD294733F9D4E\local.ini
c:\documents and settings\deborah\Application Data\028C0CA68054239B315BD294733F9D4E\lsrslt.ini
c:\documents and settings\deborah\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
c:\documents and settings\deborah\Desktop\Antimalware Doctor.lnk
c:\documents and settings\deborah\Start Menu\Antimalware Doctor.lnk
c:\documents and settings\deborah\Start Menu\Programs\Antimalware Doctor
c:\documents and settings\deborah\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\documents and settings\deborah\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\documents and settings\deborah\Start Menu\Programs\Startup\Antimalware Doctor.lnk
c:\windows\system32\fsc.txt
c:\windows\system32\ide.txt
c:\windows\system32\klgd.bmp
c:\windows\system32\lrg.txt
c:\windows\system32\qks.txt
c:\windows\system32\xef.txt

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 )))))))))))))))))))))))))))))))
.

2010-07-31 11:54 . 2010-07-31 11:54 -------- d-----w- C:\_OTM
2010-07-30 03:52 . 2010-06-23 17:51 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-07-30 03:52 . 2010-06-23 17:51 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-07-30 03:51 . 2010-06-23 17:51 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-07-30 03:44 . 2010-07-30 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ZA_PreservedFiles
2010-07-26 23:38 . 2010-07-26 23:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-21 12:23 . 2010-07-21 12:23 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-21 12:07 . 2010-07-21 12:07 -------- d-----w- c:\documents and settings\steve\Local Settings\Application Data\Sunbelt Software
2010-07-16 13:08 . 2010-05-04 17:20 52224 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-16 13:08 . 2010-05-04 17:20 459264 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-16 13:08 . 2010-05-04 17:20 268288 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-16 13:08 . 2010-05-04 17:20 6067200 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-16 13:08 . 2010-05-04 17:20 380928 ------w- c:\windows\system32\dllcache\ieapfltr.dll
2010-07-16 13:08 . 2010-05-04 17:20 63488 ------w- c:\windows\system32\dllcache\icardie.dll
2010-07-16 13:08 . 2010-04-16 13:24 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-07-16 13:08 . 2010-02-22 22:04 2452872 ------w- c:\windows\system32\dllcache\ieapfltr.dat
2010-07-15 02:25 . 2010-07-21 13:31 -------- d-----w- c:\documents and settings\steve\Local Settings\Application Data\tawlugjli
2010-07-14 21:03 . 2009-08-13 15:16 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2010-07-14 14:24 . 2010-07-14 14:24 -------- d-----w- c:\windows\system32\scripting
2010-07-14 14:24 . 2010-07-14 14:24 -------- d-----w- c:\windows\l2schemas
2010-07-14 14:24 . 2010-07-14 14:24 -------- d-----w- c:\windows\system32\en
2010-07-14 14:24 . 2010-07-14 14:24 -------- d-----w- c:\windows\system32\bits
2010-07-14 02:30 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 07:10 . 2010-07-13 07:10 -------- d-----w- c:\documents and settings\deborah\Application Data\CheckPoint
2010-07-11 14:37 . 2010-07-11 14:37 -------- d-----w- c:\documents and settings\steve\Application Data\Malwarebytes
2010-07-11 14:37 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-11 14:37 . 2010-07-11 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-11 14:37 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-11 13:37 . 2010-07-11 13:38 -------- d-----w- c:\documents and settings\steve\Local Settings\Application Data\Temp
2010-07-11 13:37 . 2010-07-11 13:37 -------- d-----w- c:\documents and settings\steve\Local Settings\Application Data\Deployment
2010-07-07 21:43 . 2010-07-07 21:43 -------- d-----w- c:\documents and settings\steve\Application Data\CheckPoint
2010-07-07 21:38 . 2010-07-07 21:38 -------- d-----w- c:\program files\CheckPoint

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 12:50 . 2010-04-17 17:35 -------- d-----w- c:\program files\Panda Security
2010-07-31 12:15 . 2010-04-17 17:26 -------- d-----w- c:\documents and settings\steve\Application Data\QuickScan
2010-07-31 03:42 . 2010-05-12 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-07-30 03:52 . 2006-10-02 16:56 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-07-29 11:58 . 2008-09-29 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-15 12:51 . 2006-12-01 16:27 -------- d-----w- c:\documents and settings\steve\Application Data\Canon
2010-07-14 14:27 . 2005-08-16 08:41 88699 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-13 02:28 . 2006-12-01 17:57 -------- d-----w- c:\documents and settings\steve\Application Data\Apple Computer
2010-07-12 11:47 . 2006-10-20 14:47 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-07-11 14:37 . 2010-04-22 13:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-08 01:32 . 2010-05-12 18:51 68120 ----a-w- c:\windows\system32\PxSecure.dll
2010-07-08 01:32 . 2010-05-12 18:51 61752 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-07-08 01:32 . 2010-05-12 18:51 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-07-08 01:32 . 2010-05-12 18:51 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-07-08 01:32 . 2010-05-12 18:51 -------- d-----w- c:\program files\Prevx
2010-07-08 01:32 . 2010-06-04 00:45 936392 ----a-w- c:\documents and settings\All Users\Application Data\PrevxCSI\~PrevxCSIUpdate.exe
2010-06-14 14:31 . 2005-08-16 08:40 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-31 20:34 . 2010-06-25 10:52 702120 ----a-w- c:\documents and settings\steve\Application Data\Mozilla\Firefox\Profiles\xasojl8t.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-05-31 20:34 . 2010-06-25 10:52 868456 ----a-w- c:\documents and settings\steve\Application Data\Mozilla\Firefox\Profiles\xasojl8t.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-05-27 23:11 . 2010-05-27 23:11 61440 ----a-w- c:\documents and settings\steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6aa30aed-n\decora-sse.dll
2010-05-27 23:11 . 2010-05-27 23:11 503808 ----a-w- c:\documents and settings\steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2c710efa-n\msvcp71.dll
2010-05-27 23:11 . 2010-05-27 23:11 499712 ----a-w- c:\documents and settings\steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2c710efa-n\jmc.dll
2010-05-27 23:11 . 2010-05-27 23:11 348160 ----a-w- c:\documents and settings\steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2c710efa-n\msvcr71.dll
2010-05-27 23:11 . 2010-05-27 23:11 12800 ----a-w- c:\documents and settings\steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6aa30aed-n\decora-d3d.dll
2010-05-24 02:56 . 2010-05-24 02:56 58004 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-24 02:55 . 2006-10-01 03:28 76896 -c--a-w- c:\documents and settings\deborah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-23 03:09 . 2010-05-23 03:09 503808 ----a-w- c:\documents and settings\deborah\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2fd401c3-n\msvcp71.dll
2010-05-23 03:09 . 2010-05-23 03:09 499712 ----a-w- c:\documents and settings\deborah\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2fd401c3-n\jmc.dll
2010-05-23 03:09 . 2010-05-23 03:09 61440 ----a-w- c:\documents and settings\deborah\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6725733a-n\decora-sse.dll
2010-05-23 03:09 . 2010-05-23 03:09 348160 ----a-w- c:\documents and settings\deborah\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2fd401c3-n\msvcr71.dll
2010-05-23 03:09 . 2010-05-23 03:09 12800 ----a-w- c:\documents and settings\deborah\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6725733a-n\decora-d3d.dll
2010-05-17 20:01 . 2010-05-17 20:01 65536 ----a-r- c:\documents and settings\steve\Application Data\Microsoft\Installer\{2B10CE30-4316-11D0-86A0-00C0F003261B}\Uni.exe
2010-05-17 20:01 . 2010-05-17 20:01 65536 ----a-r- c:\documents and settings\steve\Application Data\Microsoft\Installer\{2B10CE30-4316-11D0-86A0-00C0F003261B}\_FA7EDA30DA22_11D5_B840_00105A1EFFF1.exe
2010-05-17 20:01 . 2010-05-17 20:01 65536 ----a-r- c:\documents and settings\steve\Application Data\Microsoft\Installer\{2B10CE30-4316-11D0-86A0-00C0F003261B}\_DFB96E40DA22_11D5_B840_00105A1EFFF1.exe
2010-05-17 20:01 . 2010-05-17 20:01 65536 ----a-r- c:\documents and settings\steve\Application Data\Microsoft\Installer\{2B10CE30-4316-11D0-86A0-00C0F003261B}\_C2F10C20DA22_11D5_B840_00105A1EFFF1.exe
2010-05-17 20:01 . 2010-05-17 20:01 40960 ----a-r- c:\documents and settings\steve\Application Data\Microsoft\Installer\{2B10CE30-4316-11D0-86A0-00C0F003261B}\UPlug98P.exe
2010-05-12 02:42 . 2006-09-29 19:17 76896 -c--a-w- c:\documents and settings\steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-08 03:11 . 2010-05-08 03:11 61440 ----a-w- c:\documents and settings\steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1a74a437-n\decora-sse.dll
2010-05-08 03:11 . 2010-05-08 03:11 503808 ----a-w- c:\documents and settings\steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5e72a23a-n\msvcp71.dll
2010-05-08 03:11 . 2010-05-08 03:11 499712 ----a-w- c:\documents and settings\steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5e72a23a-n\jmc.dll
2010-05-08 03:11 . 2010-05-08 03:11 348160 ----a-w- c:\documents and settings\steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5e72a23a-n\msvcr71.dll
2010-05-08 03:11 . 2010-05-08 03:11 12800 ----a-w- c:\documents and settings\steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1a74a437-n\decora-d3d.dll
2010-05-08 02:07 . 2010-05-08 02:07 61440 ----a-w- c:\documents and settings\deborah\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1281375f-n\decora-sse.dll
2010-05-08 02:07 . 2010-05-08 02:07 503808 ----a-w- c:\documents and settings\deborah\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ac21396-n\msvcp71.dll
2010-05-08 02:07 . 2010-05-08 02:07 499712 ----a-w- c:\documents and settings\deborah\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ac21396-n\jmc.dll
2010-05-08 02:07 . 2010-05-08 02:07 348160 ----a-w- c:\documents and settings\deborah\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ac21396-n\msvcr71.dll
2010-05-08 02:07 . 2010-05-08 02:07 12800 ----a-w- c:\documents and settings\deborah\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1281375f-n\decora-d3d.dll
2010-05-08 02:06 . 2010-05-08 02:07 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-04 17:20 . 2005-08-16 08:18 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2005-08-16 08:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2005-08-16 08:18 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-03 13:05 . 2009-12-07 15:09 10752 ----a-w- c:\windows\DCEBoot.exe
2007-03-17 17:41 . 2006-10-04 16:31 825 ----a-w- c:\program files\Shortcut to HijackThis.lnk
1999-05-11 20:47 . 2006-10-06 15:39 398848 ----a-w- c:\program files\Spider.exe
2008-01-30 21:37 . 2007-03-17 02:45 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"tgcmd"="c:\program files\support.com\bin\tgcmd.exe" [2002-04-25 1544192]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-27 24576]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellHelp]
2004-04-01 19:51 1589248 -c--a-w- c:\dell\DellHelp\DellHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 07:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-11 13:37 136176 ----atw- c:\documents and settings\steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2003-02-12 13:27 1232896 ------w- c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]
2010-05-26 13:35 730600 ----a-w- c:\program files\CheckPoint\ZAForceField\ForceField.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 20:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2002-10-08 10:03 155648 ----a-r- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 16:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 03:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService"=2 (0x2)
"mcupdmgr.exe"=2 (0x2)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"avg8wd"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"avg9wd"=2 (0x2)
"SharedAccess"=2 (0x2)
"iPod Service"=3 (0x3)
"Fax"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"CCALib8"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"MDM"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WEB Framework\\wbfrmwrk.exe"=

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [10/2/2006 10:12 AM 9344]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [5/12/2010 2:51 PM 30320]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [5/12/2010 2:51 PM 6384592]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [5/26/2010 9:35 AM 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [5/26/2010 9:35 AM 493032]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [5/12/2010 2:51 PM 61752]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [5/12/2010 2:51 PM 24400]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [10/2/2006 10:12 AM 389504]
.
Contents of the 'Scheduled Tasks' folder

2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2810448116-9971513-1748473005-1006Core.job
- c:\documents and settings\steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-11 13:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\steve\Application Data\Mozilla\Firefox\Profiles\xasojl8t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\steve\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\steve\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{9FE088DC-C3B2-479C-A314-08F90CE5166F} - vecrits93.dll
ActiveSetup-{4925B664-BDFA-4E68-B325-EC00937E8110} - vecrits93.dll



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\perc2]
"ImagePath"="\SystemRoot\system32\DRIVERS\perc2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\perc2hib]
"ImagePath"="\SystemRoot\system32\DRIVERS\perc2hib.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PQNTDrv]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\pxkbf]
"ImagePath"="System32\drivers\pxkbf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\pxrts]
"ImagePath"="System32\drivers\pxrts.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\pxscan]
"ImagePath"="System32\drivers\pxscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ql1080]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql1080.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Ql10wnt]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql10wnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ql12160]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql12160.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ql1240]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql1240.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ql1280]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql1280.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\sisagp]
"ImagePath"="\SystemRoot\system32\DRIVERS\sisagp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Sparrow]
"ImagePath"="\SystemRoot\system32\DRIVERS\sparrow.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\STHDA]
"ImagePath"="system32\drivers\sthda.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{6F6160A9-C71A-4D34-91A0-5B9E71074979}"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\symc810]
"ImagePath"="\SystemRoot\system32\DRIVERS\symc810.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\symc8xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\symc8xx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\sym_hi]
"ImagePath"="\SystemRoot\system32\DRIVERS\sym_hi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\sym_u3]
"ImagePath"="\SystemRoot\system32\DRIVERS\sym_u3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Tcpip6]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\TosIde]
"ImagePath"="\SystemRoot\system32\DRIVERS\toside.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ultra]
"ImagePath"="\SystemRoot\system32\DRIVERS\ultra.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\usb]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\USBAAPL]
"ImagePath"="System32\Drivers\usbaapl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\viaagp]
"ImagePath"="\SystemRoot\system32\DRIVERS\viaagp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ViaIde]
"ImagePath"="\SystemRoot\system32\DRIVERS\viaide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\vsdatant]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Vxd]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\w32time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\wanatw]
"ImagePath"="system32\DRIVERS\wanatw4.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\winachsf]
"ImagePath"="system32\DRIVERS\HSF_CNXT.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\MsPMSNSv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WMPNetworkSvc]
"ImagePath"="\"c:\program files\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\{5823CCB5-97EB-4EF4-B451-61390CF475F5}]
.
Completion time: 2010-07-31 09:24:00
ComboFix-quarantined-files.txt 2010-07-31 13:23
ComboFix2.txt 2010-05-08 04:44

Pre-Run: 38,035,632,128 bytes free
Post-Run: 38,198,448,128 bytes free

Current=7 Default=7 Failed=6 LastKnownGood=9 Sets=1,2,6,7,9
- - End Of File - - 9478D4FBEFFDED77C87D163EB51608FA
Steve001
Regular Member
 
Posts: 57
Joined: April 17th, 2010, 1:59 pm

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Unread postby melboy » July 31st, 2010, 10:27 am

Hi Steve

Good - Give me an update on how things are running.


Check a file
  • Go to VirusTotal
    c:\program files\Spider.exe
  • Copy/Paste the file above into the white Upload a file box.
  • Click Send File, and the file will upload to VirusTotal, where it will be scanned by several anti-virus programmes.
    NOTE: if you receive a message stating:
    • File has already been analyzed, click Reanalyze file Now.
  • After a while, a window will open, with details of what the scans found.
  • Copy and paste the results into your next reply.



COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    SecCenter::
    {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    
    Folder::
    c:\documents and settings\steve\Local Settings\Application Data\tawlugjli
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "MskService"=-
    "mcupdmgr.exe"=-
    "McTskshd.exe"=-
    "McShield"=-
    "McDetect.exe"=-
    "AVGEMS"=-
    "Avg7UpdSvc"=-
    "Avg7Alrt"=-
    "avg8wd"=-
    "AVGIDSAgent"=-
    "avg9wd"=-
    
    DDS::
    Trusted Zone: musicmatch.com\online
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Unread postby Steve001 » July 31st, 2010, 1:13 pm

Everytime I click to paste this c:\program files\Spider.exe my picture folder shows up. So I copied this file to wordpad and saved it to my document. That's what I uploaded. I got results; I know if they are the results you are looking for.

File virusscanDoc.txt received on 2010.07.31 17:30:28 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/42 (0%)

Antivirus Version Last Update Result
AhnLab-V3 2010.07.31.00 2010.07.30 -
AntiVir 8.2.4.32 2010.07.30 -
Antiy-AVL 2.0.3.7 2010.07.30 -
Authentium 5.2.0.5 2010.07.31 -
Avast 4.8.1351.0 2010.07.31 -
Avast5 5.0.332.0 2010.07.31 -
AVG 9.0.0.851 2010.07.31 -
BitDefender 7.2 2010.07.31 -
CAT-QuickHeal 11.00 2010.07.31 -
ClamAV 0.96.0.3-git 2010.07.30 -
Comodo 5598 2010.07.31 -
DrWeb 5.0.2.03300 2010.07.30 -
Emsisoft 5.0.0.34 2010.07.30 -
eSafe 7.0.17.0 2010.07.29 -
eTrust-Vet 36.1.7753 2010.07.31 -
F-Prot 4.6.1.107 2010.07.31 -
F-Secure 9.0.15370.0 2010.07.31 -
Fortinet 4.1.143.0 2010.07.31 -
GData 21 2010.07.31 -
Ikarus T3.1.1.84.0 2010.07.31 -
Jiangmin 13.0.900 2010.07.29 -
Kaspersky 7.0.0.125 2010.07.31 -
McAfee 5.400.0.1158 2010.07.31 -
McAfee-GW-Edition 2010.1 2010.07.30 -
Microsoft 1.6004 2010.07.31 -
NOD32 5327 2010.07.30 -
Norman 6.05.11 2010.07.31 -
nProtect 2010-07-31.01 2010.07.31 -
Panda 10.0.2.7 2010.07.31 -
PCTools 7.0.3.5 2010.07.31 -
Prevx 3.0 2010.07.31 -
Rising 22.58.05.04 2010.07.31 -
Sophos 4.56.0 2010.07.31 -
Sunbelt 6668 2010.07.31 -
SUPERAntiSpyware 4.40.0.1006 2010.07.31 -
Symantec 20101.1.1.7 2010.07.31 -
TheHacker 6.5.2.1.328 2010.07.30 -
TrendMicro 9.120.0.1004 2010.07.31 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.31 -
VBA32 3.12.12.7 2010.07.30 -
ViRobot 2010.7.31.3965 2010.07.31 -
VirusBuster 5.0.27.0 2010.07.31 -
Additional information
File size: 27 bytes
MD5...: b4f33e3abee667b783c4c8e1e8350359
SHA1..: 1b09ff5045c25ab7f6fa5ebf4e404779e914ff9d
SHA256: 0cedb1a53b204186ab0c8fe1cd9ab413633a0fb00758356e7d1128b9d771514b
ssdeep: 3:I5VXZRFcAWIM2bAdA:ILjCgkdA
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


ComboFix 10-07-30.04 - steve 07/31/2010 13:03:45.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1586 [GMT -4:00]
Running from: c:\documents and settings\steve\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\steve\Desktop\CFScript.txt
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\steve\Local Settings\Application Data\tawlugjli

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 )))))))))))))))))))))))))))))))
.

2010-07-31 11:54 . 2010-07-31 11:54 -------- d-----w- C:\_OTM
2010-07-30 03:52 . 2010-06-23 17:51 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-07-30 03:52 . 2010-06-23 17:51 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-07-30 03:51 . 2010-06-23 17:51 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-07-30 03:44 . 2010-07-30 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ZA_PreservedFiles
2010-07-26 23:38 . 2010-07-26 23:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-21 12:23 . 2010-07-21 12:23 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-21 12:07 . 2010-07-21 12:07 -------- d-----w- c:\documents and settings\steve\Local Settings\Application Data\Sunbelt Software
2010-07-16 13:08 . 2010-05-04 17:20 52224 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-16 13:08 . 2010-05-04 17:20 459264 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-16 13:08 . 2010-05-04 17:20 268288 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-16 13:08 . 2010-05-04 17:20 6067200 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-16 13:08 . 2010-05-04 17:20 380928 ------w- c:\windows\system32\dllcache\ieapfltr.dll
2010-07-16 13:08 . 2010-05-04 17:20 63488 ------w- c:\windows\system32\dllcache\icardie.dll
2010-07-16 13:08 . 2010-04-16 13:24 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-07-16 13:08 . 2010-02-22 22:04 2452872 ------w- c:\windows\system32\dllcache\ieapfltr.dat
2010-07-14 21:03 . 2009-08-13 15:16 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2010-07-14 14:24 . 2010-07-14 14:24 -------- d-----w- c:\windows\system32\scripting
2010-07-14 14:24 . 2010-07-14 14:24 -------- d-----w- c:\windows\l2schemas
2010-07-14 14:24 . 2010-07-14 14:24 -------- d-----w- c:\windows\system32\en
2010-07-14 14:24 . 2010-07-14 14:24 -------- d-----w- c:\windows\system32\bits
2010-07-14 02:30 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 07:10 . 2010-07-13 07:10 -------- d-----w- c:\documents and settings\deborah\Application Data\CheckPoint
2010-07-11 14:37 . 2010-07-11 14:37 -------- d-----w- c:\documents and settings\steve\Application Data\Malwarebytes
2010-07-11 14:37 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-11 14:37 . 2010-07-11 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-11 14:37 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-11 13:37 . 2010-07-11 13:38 -------- d-----w- c:\documents and settings\steve\Local Settings\Application Data\Temp
2010-07-11 13:37 . 2010-07-11 13:37 -------- d-----w- c:\documents and settings\steve\Local Settings\Application Data\Deployment
2010-07-07 21:43 . 2010-07-07 21:43 -------- d-----w- c:\documents and settings\steve\Application Data\CheckPoint
2010-07-07 21:38 . 2010-07-07 21:38 -------- d-----w- c:\program files\CheckPoint

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 17:00 . 2010-05-12 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-07-31 12:50 . 2010-04-17 17:35 -------- d-----w- c:\program files\Panda Security
2010-07-31 12:15 . 2010-04-17 17:26 -------- d-----w- c:\documents and settings\steve\Application Data\QuickScan
2010-07-30 03:52 . 2006-10-02 16:56 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-07-29 11:58 . 2008-09-29 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-15 12:51 . 2006-12-01 16:27 -------- d-----w- c:\documents and settings\steve\Application Data\Canon
2010-07-14 14:27 . 2005-08-16 08:41 88699 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-13 02:28 . 2006-12-01 17:57 -------- d-----w- c:\documents and settings\steve\Application Data\Apple Computer
2010-07-12 11:47 . 2006-10-20 14:47 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-07-11 14:37 . 2010-04-22 13:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-08 01:32 . 2010-05-12 18:51 68120 ----a-w- c:\windows\system32\PxSecure.dll
2010-07-08 01:32 . 2010-05-12 18:51 61752 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-07-08 01:32 . 2010-05-12 18:51 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-07-08 01:32 . 2010-05-12 18:51 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-07-08 01:32 . 2010-05-12 18:51 -------- d-----w- c:\program files\Prevx
2010-07-08 01:32 . 2010-06-04 00:45 936392 ----a-w- c:\documents and settings\All Users\Application Data\PrevxCSI\~PrevxCSIUpdate.exe
2010-06-14 14:31 . 2005-08-16 08:40 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-31 20:34 . 2010-06-25 10:52 702120 ----a-w- c:\documents and settings\steve\Application Data\Mozilla\Firefox\Profiles\xasojl8t.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-05-31 20:34 . 2010-06-25 10:52 868456 ----a-w- c:\documents and settings\steve\Application Data\Mozilla\Firefox\Profiles\xasojl8t.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-05-27 23:11 . 2010-05-27 23:11 61440 ----a-w- c:\documents and settings\steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6aa30aed-n\decora-sse.dll
2010-05-27 23:11 . 2010-05-27 23:11 503808 ----a-w- c:\documents and settings\steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2c710efa-n\msvcp71.dll
2010-05-27 23:11 . 2010-05-27 23:11 499712 ----a-w- c:\documents and settings\steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2c710efa-n\jmc.dll
2010-05-27 23:11 . 2010-05-27 23:11 348160 ----a-w- c:\documents and settings\steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2c710efa-n\msvcr71.dll
2010-05-27 23:11 . 2010-05-27 23:11 12800 ----a-w- c:\documents and settings\steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6aa30aed-n\decora-d3d.dll
2010-05-24 02:56 . 2010-05-24 02:56 58004 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-24 02:55 . 2006-10-01 03:28 76896 -c--a-w- c:\documents and settings\deborah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-23 03:09 . 2010-05-23 03:09 503808 ----a-w- c:\documents and settings\deborah\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2fd401c3-n\msvcp71.dll
2010-05-23 03:09 . 2010-05-23 03:09 499712 ----a-w- c:\documents and settings\deborah\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2fd401c3-n\jmc.dll
2010-05-23 03:09 . 2010-05-23 03:09 61440 ----a-w- c:\documents and settings\deborah\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6725733a-n\decora-sse.dll
2010-05-23 03:09 . 2010-05-23 03:09 348160 ----a-w- c:\documents and settings\deborah\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2fd401c3-n\msvcr71.dll
2010-05-23 03:09 . 2010-05-23 03:09 12800 ----a-w- c:\documents and settings\deborah\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6725733a-n\decora-d3d.dll
2010-05-17 20:01 . 2010-05-17 20:01 65536 ----a-r- c:\documents and settings\steve\Application Data\Microsoft\Installer\{2B10CE30-4316-11D0-86A0-00C0F003261B}\Uni.exe
2010-05-17 20:01 . 2010-05-17 20:01 65536 ----a-r- c:\documents and settings\steve\Application Data\Microsoft\Installer\{2B10CE30-4316-11D0-86A0-00C0F003261B}\_FA7EDA30DA22_11D5_B840_00105A1EFFF1.exe
2010-05-17 20:01 . 2010-05-17 20:01 65536 ----a-r- c:\documents and settings\steve\Application Data\Microsoft\Installer\{2B10CE30-4316-11D0-86A0-00C0F003261B}\_DFB96E40DA22_11D5_B840_00105A1EFFF1.exe
2010-05-17 20:01 . 2010-05-17 20:01 65536 ----a-r- c:\documents and settings\steve\Application Data\Microsoft\Installer\{2B10CE30-4316-11D0-86A0-00C0F003261B}\_C2F10C20DA22_11D5_B840_00105A1EFFF1.exe
2010-05-17 20:01 . 2010-05-17 20:01 40960 ----a-r- c:\documents and settings\steve\Application Data\Microsoft\Installer\{2B10CE30-4316-11D0-86A0-00C0F003261B}\UPlug98P.exe
2010-05-12 02:42 . 2006-09-29 19:17 76896 -c--a-w- c:\documents and settings\steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-08 03:11 . 2010-05-08 03:11 61440 ----a-w- c:\documents and settings\steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1a74a437-n\decora-sse.dll
2010-05-08 03:11 . 2010-05-08 03:11 503808 ----a-w- c:\documents and settings\steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5e72a23a-n\msvcp71.dll
2010-05-08 03:11 . 2010-05-08 03:11 499712 ----a-w- c:\documents and settings\steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5e72a23a-n\jmc.dll
2010-05-08 03:11 . 2010-05-08 03:11 348160 ----a-w- c:\documents and settings\steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5e72a23a-n\msvcr71.dll
2010-05-08 03:11 . 2010-05-08 03:11 12800 ----a-w- c:\documents and settings\steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1a74a437-n\decora-d3d.dll
2010-05-08 02:07 . 2010-05-08 02:07 61440 ----a-w- c:\documents and settings\deborah\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1281375f-n\decora-sse.dll
2010-05-08 02:07 . 2010-05-08 02:07 503808 ----a-w- c:\documents and settings\deborah\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ac21396-n\msvcp71.dll
2010-05-08 02:07 . 2010-05-08 02:07 499712 ----a-w- c:\documents and settings\deborah\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ac21396-n\jmc.dll
2010-05-08 02:07 . 2010-05-08 02:07 348160 ----a-w- c:\documents and settings\deborah\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ac21396-n\msvcr71.dll
2010-05-08 02:07 . 2010-05-08 02:07 12800 ----a-w- c:\documents and settings\deborah\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1281375f-n\decora-d3d.dll
2010-05-08 02:06 . 2010-05-08 02:07 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-04 17:20 . 2005-08-16 08:18 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2005-08-16 08:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2005-08-16 08:18 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-03 13:05 . 2009-12-07 15:09 10752 ----a-w- c:\windows\DCEBoot.exe
2007-03-17 17:41 . 2006-10-04 16:31 825 ----a-w- c:\program files\Shortcut to HijackThis.lnk
1999-05-11 20:47 . 2006-10-06 15:39 398848 ----a-w- c:\program files\Spider.exe
2008-01-30 21:37 . 2007-03-17 02:45 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"tgcmd"="c:\program files\support.com\bin\tgcmd.exe" [2002-04-25 1544192]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-27 24576]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellHelp]
2004-04-01 19:51 1589248 -c--a-w- c:\dell\DellHelp\DellHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 07:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-11 13:37 136176 ----atw- c:\documents and settings\steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2003-02-12 13:27 1232896 ------w- c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]
2010-05-26 13:35 730600 ----a-w- c:\program files\CheckPoint\ZAForceField\ForceField.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 20:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2002-10-08 10:03 155648 ----a-r- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 16:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 03:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)
"iPod Service"=3 (0x3)
"Fax"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"CCALib8"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"MDM"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WEB Framework\\wbfrmwrk.exe"=

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [10/2/2006 10:12 AM 9344]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [5/12/2010 2:51 PM 30320]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [5/12/2010 2:51 PM 6384592]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [5/26/2010 9:35 AM 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [5/26/2010 9:35 AM 493032]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [5/12/2010 2:51 PM 61752]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [5/12/2010 2:51 PM 24400]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [10/2/2006 10:12 AM 389504]
.
Contents of the 'Scheduled Tasks' folder

2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2810448116-9971513-1748473005-1006Core.job
- c:\documents and settings\steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-11 13:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\steve\Application Data\Mozilla\Firefox\Profiles\xasojl8t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\steve\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\steve\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-31 13:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\perc2]
"ImagePath"="\SystemRoot\system32\DRIVERS\perc2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\perc2hib]
"ImagePath"="\SystemRoot\system32\DRIVERS\perc2hib.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PQNTDrv]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\pxkbf]
"ImagePath"="System32\drivers\pxkbf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\pxrts]
"ImagePath"="System32\drivers\pxrts.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\pxscan]
"ImagePath"="System32\drivers\pxscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ql1080]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql1080.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Ql10wnt]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql10wnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ql12160]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql12160.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ql1240]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql1240.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ql1280]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql1280.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\sisagp]
"ImagePath"="\SystemRoot\system32\DRIVERS\sisagp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Sparrow]
"ImagePath"="\SystemRoot\system32\DRIVERS\sparrow.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\STHDA]
"ImagePath"="system32\drivers\sthda.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{6F6160A9-C71A-4D34-91A0-5B9E71074979}"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\symc810]
"ImagePath"="\SystemRoot\system32\DRIVERS\symc810.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\symc8xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\symc8xx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\sym_hi]
"ImagePath"="\SystemRoot\system32\DRIVERS\sym_hi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\sym_u3]
"ImagePath"="\SystemRoot\system32\DRIVERS\sym_u3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Tcpip6]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\TosIde]
"ImagePath"="\SystemRoot\system32\DRIVERS\toside.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ultra]
"ImagePath"="\SystemRoot\system32\DRIVERS\ultra.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\usb]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\USBAAPL]
"ImagePath"="System32\Drivers\usbaapl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\viaagp]
"ImagePath"="\SystemRoot\system32\DRIVERS\viaagp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ViaIde]
"ImagePath"="\SystemRoot\system32\DRIVERS\viaide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\vsdatant]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Vxd]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\w32time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\wanatw]
"ImagePath"="system32\DRIVERS\wanatw4.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\winachsf]
"ImagePath"="system32\DRIVERS\HSF_CNXT.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\MsPMSNSv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WMPNetworkSvc]
"ImagePath"="\"c:\program files\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\{5823CCB5-97EB-4EF4-B451-61390CF475F5}]
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2592)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-31 13:11:28
ComboFix-quarantined-files.txt 2010-07-31 17:11
ComboFix2.txt 2010-07-31 13:24
ComboFix3.txt 2010-05-08 04:44

Pre-Run: 37,654,200,320 bytes free
Post-Run: 37,640,675,328 bytes free

Current=7 Default=7 Failed=6 LastKnownGood=9 Sets=1,2,6,7,9
- - End Of File - - 9704D38E3EB8623C782C6B3127B3EB5A
Steve001
Regular Member
 
Posts: 57
Joined: April 17th, 2010, 1:59 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 156 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware