Jump to content


Photo
- - - - -

roguesecurityprogram.anti-spyware-plus-2006


  • This topic is locked This topic is locked
23 replies to this topic

#1 gregb204

gregb204

    New Member

  • Members
  • Pip
  • 21 posts

Posted 19 January 2011 - 09:03 AM

roguesecurityprogram.anti-spyware-plus-2006 this is found by another program but not the 1.5.mb comes back on my system before I reboot. in hkey user of registry. does get removed and no effect on my w7 64 comp. that I can see.

says found infected in hkey_current_user\software\microsoft\windows\currentversion\internet settings\p3p\history\buy.com and 8 other similiear places.

any tip on complete removal be good. still have and found by another prog that cant remove it for good. did remove and quarintined before this post.

do not notice any effect on my computer speed or popups . w7 64 os. ie8.

thanks. see another post with same bug but stopped due to no response. files attached per my old post same topic.

Attached Files



#2 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 21 January 2011 - 11:08 PM

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log. Next, run DDS again and post DDS.txt; post them directly into your reply instead of attaching them.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 gregb204

gregb204

    New Member

  • Members
  • Pip
  • 21 posts

Posted 22 January 2011 - 08:00 AM

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log. Next, run DDS again and post DDS.txt; post them directly into your reply instead of attaching them.


thanks.

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/7/2010 5:20:12 PM
System Uptime: 1/22/2011 5:48:02 AM (1 hours ago)

Motherboard: PEGATRON CORPORATION | | Narra6
Processor: AMD Athlon™ II X2 240 Processor | CPU 1 | 2800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 456 GiB total, 397.353 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.448 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP218: 1/2/2011 4:11:57 PM - Made by Regsofts
RP219: 1/2/2011 9:19:32 PM - HPSF Applying updates
RP220: 1/2/2011 9:24:57 PM - Installed HP Support Assistant
RP221: 1/7/2011 5:12:39 AM - Windows Update
RP222: 1/7/2011 7:57:07 PM - 360 Amigo System Speedup PRO(1.2.1.4700)
RP223: 1/8/2011 5:46:25 AM - Removed Visual Studio 2008 x64 Redistributables
RP224: 1/8/2011 5:48:49 AM - Windows Live Essentials
RP225: 1/8/2011 5:49:29 AM - Windows Update
RP226: 1/8/2011 5:50:21 AM - Installed DirectX
RP227: 1/8/2011 5:51:07 AM - Installed DirectX
RP228: 1/8/2011 5:52:24 AM - WLSetup
RP229: 1/9/2011 9:13:21 PM - Cleaned registry with Windows Live OneCare safety scanner
RP230: 1/12/2011 5:21:53 AM - Windows Update
RP231: 1/12/2011 6:11:50 AM - Create by Wise Registry Cleaner
RP232: 1/12/2011 6:16:14 AM - Windows Update
RP233: 1/14/2011 8:41:00 PM - Restore Operation
RP234: 1/14/2011 9:04:38 PM - Revo Uninstaller's restore point - avast! Free Antivirus
RP235: 1/14/2011 9:05:12 PM - avast! Free Antivirus Setup
RP236: 1/14/2011 9:07:42 PM - Restore Operation
RP237: 1/14/2011 9:28:55 PM - Windows Update
RP238: 1/15/2011 6:03:19 AM - Restore Operation
RP239: 1/15/2011 6:59:00 AM - avast! Free Antivirus Setup
RP240: 1/15/2011 3:17:05 PM - Revo Uninstaller's restore point - Malwarebytes' Anti-Malware
RP241: 1/15/2011 3:29:57 PM - 360 Amigo System Speedup PRO(1.2.1.4800)
RP242: 1/15/2011 6:02:47 PM - Revo Uninstaller's restore point - Software Informer 1.0 BETA
RP243: 1/17/2011 9:01:46 PM - Revo Uninstaller's restore point - Argente Utilities 1.0.3.1
RP244: 1/18/2011 4:48:03 AM - Windows Update
RP245: 1/18/2011 5:13:09 PM - Installed PretonSaver Home Edition.
RP246: 1/18/2011 7:52:16 PM - Revo Uninstaller's restore point - Spyware Doctor 7.0
RP247: 1/18/2011 9:11:37 PM - Spyware Terminator - restore point
RP248: 1/19/2011 5:39:18 PM - Removed Microsoft IntelliPoint 8.0
RP249: 1/21/2011 4:31:54 AM - Revo Uninstaller's restore point - Auslogics BoostSpeed Special Edition
RP250: 1/21/2011 5:03:30 AM - Revo Uninstaller's restore point - Windows Live Essentials
RP251: 1/21/2011 9:26:03 AM - Installed MozyHome
RP252: 1/21/2011 6:45:09 PM - Windows Update

==== Installed Programs ======================

360 Amigo System Speedup PRO
7-Zip 4.65
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Advanced System Protector
Advanced SystemCare 3
AI RoboForm (All Users)
Aiseesoft Total Video Converter 6.1.08
AnVir Task Manager
Ashampoo Snap 3.50
Ashampoo WinOptimizer 6.60
Auslogics Disk Defrag
Avant Browser (remove only)
avast! Free Antivirus
BufferChm
Comodo Dragon
Compatibility Pack for the 2007 Office system
Copy
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
D3DX10
Destinations
Device Doctor 1.0.0.1
DeviceDiscovery
DirectX for Managed Code Update (Summer 2004)
DJ_AIO_03_F4200_Software_Min
Emsisoft Anti-Malware 5.0
F.lux
F4200
FILEminimizer Pictures
Foxit Reader
Glary Utilities Pro 2.31.0.1098
GmailDefaultMaker
Google Updater
GPBaseService2
HijackThis 2.0.2
HP Advisor
HP Customer Experience Enhancements
HP Games
HP Product Detection
HP Setup
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Identity Finder
Java Auto Updater
Java™ 6 Update 23
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes' Anti-Malware
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft Easy Assist v2
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.13)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Norton DNS
OpenOffice.org 3.2
PictureMover
Power2Go
PowerDirector
Process Lasso
Realtek High Definition Audio Driver
Recovery Manager
Revo Uninstaller 1.91
Sansa Updater
Scan
Secunia PSI (2.0.0.1003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Skype™ 5.0
SmartWebPrinting
Software Informer 1.0 BETA
SolutionCenter
Spy Sweeper
Spy Sweeper Core
Spybot - Search & Destroy
SpywareBlaster 4.4
Status
Toolbox
TrayApp
Unity Web Player
UnloadSupport
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2008 x64 Redistributables
WashAndGo
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinUtilities 9.96 Professional Edition
Wipe 2011.01
Wise Registry Cleaner 5.9.1
Zentimo 1.0
ZoneAlarm

==== Event Viewer Messages From Past Week ========

1/22/2011 6:26:49 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{B9911001-CBCB-4BCD-81B0-24A4815D702C} because another computer on the network has the same name. The server could not start.
1/22/2011 6:26:49 AM, Error: NetBT [4321] - The name "GREG-PC :20" could not be registered on the interface with IP address 192.168.0.10. The computer with the IP address 192.168.0.12 did not allow the name to be claimed by this computer.
1/22/2011 6:26:14 AM, Error: NetBT [4321] - The name "GREG-PC :0" could not be registered on the interface with IP address 192.168.0.10. The computer with the IP address 192.168.0.12 did not allow the name to be claimed by this computer.
1/22/2011 6:25:12 AM, Error: volmgr [46] - Crash dump initialization failed!
1/21/2011 9:10:08 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
1/20/2011 8:42:23 AM, Error: Service Control Manager [7031] - The PretonSaver service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/20/2011 5:19:35 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL
1/20/2011 5:19:05 AM, Error: Microsoft-Windows-Eventlog [106] - Corruption was detected in the log for the Security channel and some data was erased.
1/20/2011 5:19:05 AM, Error: Microsoft-Windows-Eventlog [106] - Corruption was detected in the log for the Microsoft-Windows-NetworkProfile/Operational channel and some data was erased.
1/20/2011 5:15:48 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume COMPAQ.
1/20/2011 5:15:48 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
1/19/2011 9:01:07 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
1/19/2011 9:01:07 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
1/19/2011 9:00:59 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.
1/19/2011 8:59:59 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2011 8:59:59 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2011 8:59:59 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2011 8:59:59 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2011 8:59:59 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
1/19/2011 8:59:59 PM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2011 8:59:59 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2011 8:59:46 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Base Filtering Engine service, but this action failed with the following error: An instance of the service is already running.
1/19/2011 8:59:27 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/19/2011 8:59:07 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2011 8:59:07 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2011 8:59:07 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2011 8:59:07 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2011 8:59:07 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2011 8:59:07 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2011 8:59:07 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2011 8:59:07 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2011 8:59:07 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2011 8:59:07 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2011 8:57:51 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
1/19/2011 8:57:44 PM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2011 8:57:44 PM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2011 8:57:43 PM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/18/2011 7:37:42 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd SABKUTIL
1/18/2011 4:24:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
1/15/2011 3:48:18 PM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.

==== End Of File ===========================
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5570

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/22/2011 6:39:24 AM
mbam-log-2011-01-22 (06-39-24).txt

Scan type: Quick scan
Objects scanned: 161723
Time elapsed: 3 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files



#4 gregb204

gregb204

    New Member

  • Members
  • Pip
  • 21 posts

Posted 22 January 2011 - 09:52 AM

hi,

my zonealarm is asking for permission to allow SWREG.DAT so wanted to pass along in case helps.

#5 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 22 January 2011 - 04:57 PM

Hi,

You posted Attach.txt from DDS; please post DDS.txt as requested. Allow SWReg.dat in ZoneAlarm..
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 gregb204

gregb204

    New Member

  • Members
  • Pip
  • 21 posts

Posted 22 January 2011 - 05:40 PM

hi,

my zonealarm is asking for permission to allow SWREG.DAT so wanted to pass along in case helps.

sorry thanks.

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by greg at 6:43:50.27 on Sat 01/22/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.1476 [GMT -6:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Users\greg\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files\Process Lasso\processlasso.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files (x86)\Avant Browser\avant.exe
C:\Program Files (x86)\Avant Browser\ybrowser.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Avant Browser\ybrowser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XZJNSPDZ\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.bing.com/?pc=AVBR
uSearch Bar = Preserve
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [F.lux] "C:\Users\greg\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
mRun: [HP Software Update] "c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} - hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} - hxxp://www.superadblocker.com/activex/sabminf.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB-X64: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
mRun-x64: [PC-Doctor for Windows localizer] "C:\Program Files\PC-Doctor for Windows\localizer.exe"
mRun-x64: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
mRun-x64: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
mRun-x64: [PretonClient] C:\Program Files\Preton\PretonSaver\PretonClient.exe
mRun-x64: [(Default)]
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\pdja30py.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - component: C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\pdja30py.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\FFExternalAlert.dll
FF - component: C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\pdja30py.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCore.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Users\greg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Proxy Tool: proxytool@proxylist.co - %profile%\extensions\proxytool@proxylist.co
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - Ext: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2010-5-26 37456]
R0 ssfs0bbc;ssfs0bbc;C:\Windows\System32\drivers\ssfs0bbc.sys [2009-11-6 37488]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2010-5-8 48216]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-5-8 14720]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-1-15 273488]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2010-5-27 49752]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-1-15 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-1-15 62032]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-15 40384]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-5 33528]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2010-11-5 822264]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-30 1153368]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [2009-11-6 4048240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2010-5-8 84752]
S3 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2010-5-8 2850296]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-8 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Norton DNS;Norton DNS;C:\Program Files (x86)\Norton DNS\NortonDNSSvc.exe [2010-10-13 97664]
S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 Paragon System Backup Service;Paragon System Backup Service;C:\Program Files (x86)\Paragon Software\System Backup 9.5\program\dbhservice.exe [2010-5-6 150096]
S3 PretonClientService;PretonSaver;C:\Program Files\Preton\PretonSaver\PretonClientService.exe [2010-10-26 91136]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe [2010-10-3 93848]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2010-12-21 987704]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-8 1255736]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-9-24 306416]
S3 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [2010-9-30 1201640]
S3 ZentimoService;Zentimo Assistant;C:\Program Files (x86)\Zentimo\ZentimoService.exe [2010-12-2 524248]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2011-01-22 12:33:48 -------- d-----w- C:\Users\greg\AppData\Local\{16A7EB70-A058-4BA5-88DD-3F6D9BC16881}
2011-01-22 00:45:56 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{140D1CB5-3709-43C2-A8E5-325FC41EB6F9}\mpengine.dll
2011-01-22 00:33:22 -------- d-----w- C:\Users\greg\AppData\Local\{20704E36-74A2-4FDE-9288-4F2AAA7367C5}
2011-01-21 15:26:44 66552 ----a-w- C:\Windows\System32\drivers\mozy.sys
2011-01-21 15:26:43 -------- d-----w- C:\Program Files\MozyHome
2011-01-21 14:57:39 -------- d-----w- C:\Users\greg\AppData\Roaming\Auslogics
2011-01-21 10:18:29 -------- d-----w- C:\Users\greg\AppData\Local\{5C65A4DD-204E-4474-9905-32FA61133B94}
2011-01-20 14:59:22 -------- d-----w- C:\Users\greg\AppData\Local\{8D32EEDE-F06F-447B-884A-8A7C27CDBA32}
2011-01-20 11:23:51 -------- d-----w- C:\Users\greg\AppData\Local\AnVir
2011-01-20 11:15:42 7168 ----a-w- C:\Windows\SysWow64\temp.015
2011-01-20 11:15:42 172032 ----a-w- C:\Windows\SysWow64\temp.016
2011-01-20 11:15:42 1386496 ----a-w- C:\Windows\SysWow64\temp.017
2011-01-20 11:15:39 76288 ----a-w- C:\Windows\SysWow64\temp.014
2011-01-20 11:15:39 219136 ----a-w- C:\Windows\SysWow64\sqlite3_engine.dll
2011-01-20 02:58:55 -------- d-----w- C:\Users\greg\AppData\Local\{21ED94FD-5C65-45ED-B183-17A7A717284A}
2011-01-20 02:54:40 -------- d-----w- C:\Users\greg\AppData\Local\{D9C63B57-2301-43C6-AB82-C7BF08C295E2}
2011-01-19 15:05:32 -------- d-----w- C:\Users\greg\AppData\Roaming\QuickScan
2011-01-19 14:47:41 -------- d-----w- C:\Users\greg\AppData\Local\{4A00451D-BC52-4098-A128-90809030761F}
2011-01-19 12:00:08 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-19 03:35:03 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys
2011-01-19 03:35:02 -------- d-----w- C:\Program Files\Prevx
2011-01-19 03:34:40 -------- d-----w- C:\PROGRA~3\PrevxCSI
2011-01-19 02:47:16 -------- d-----w- C:\Users\greg\AppData\Local\{2C7A9B98-7444-4CB4-A82A-E51E5500A8DF}
2011-01-18 23:14:23 -------- d-----w- C:\Users\greg\AppData\Local\Preton_Ltd
2011-01-18 23:14:08 -------- d-----w- C:\Users\greg\AppData\Local\IsolatedStorage
2011-01-18 23:13:47 -------- d-----w- C:\Program Files\Preton
2011-01-18 14:47:03 -------- d-----w- C:\Users\greg\AppData\Local\{A0806E67-EDE7-4565-80F1-15F010022A63}
2011-01-18 11:38:00 -------- d-----w- C:\Users\greg\AppData\Local\360Amigo
2011-01-18 10:49:14 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-01-18 02:46:37 -------- d-----w- C:\Users\greg\AppData\Local\{9099572D-C039-48B4-B2BE-07E4FBC4A696}
2011-01-17 14:46:25 -------- d-----w- C:\Users\greg\AppData\Local\{65399AD4-91FD-4B28-9A74-0232951144AE}
2011-01-17 02:46:00 -------- d-----w- C:\Users\greg\AppData\Local\{987FACC1-2372-4E9C-8489-E56943000822}
2011-01-16 13:04:57 -------- d-----w- C:\Users\greg\AppData\Local\{3B0DA4BB-3B18-480A-A2B1-A8745B7D8194}
2011-01-16 01:04:45 -------- d-----w- C:\Users\greg\AppData\Local\{B43834A7-B7D1-4B43-9D50-C55CC3E96678}
2011-01-16 00:21:36 -------- d-----w- C:\Program Files (x86)\Software Informer
2011-01-15 21:52:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-15 21:47:35 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-01-15 21:09:25 -------- d-----w- C:\Malwarebytes
2011-01-15 13:04:33 -------- d-----w- C:\Users\greg\AppData\Local\{0E5EC1DD-A51E-406B-A816-2A3459F2910A}
2011-01-15 12:59:43 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-01-15 12:59:29 38848 ----a-w- C:\Windows\avastSS.scr
2011-01-15 02:47:10 17816 ----a-w- C:\PROGRA~3\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-01-15 01:10:40 -------- d--h--w- C:\Program Files (x86)\InstallJammer Registry
2011-01-15 01:10:36 -------- d-----w- C:\Program Files (x86)\GmailDefaultMaker
2011-01-15 01:04:08 -------- d-----w- C:\Users\greg\AppData\Local\{161838AA-0801-4A6A-9781-2038AF3CAA14}
2011-01-15 01:04:07 -------- d-----w- C:\Users\greg\AppData\Local\{9CBED043-0EEA-4E47-B98C-503B9B4030BC}
2011-01-14 12:17:21 -------- d-----w- C:\Users\greg\AppData\Local\{3DAA4812-E61E-4202-AA70-68CDB3F060B2}
2011-01-14 00:17:09 -------- d-----w- C:\Users\greg\AppData\Local\{F5F787D0-846F-4F20-9E5C-DE660F853897}
2011-01-13 11:52:21 -------- d-----w- C:\Users\greg\AppData\Local\{86025D2E-4BCD-4C22-8E76-5F980FF675CA}
2011-01-13 11:34:10 -------- d-----w- C:\PROGRA~3\ProcessLasso
2011-01-13 11:33:45 -------- d-----w- C:\Users\greg\AppData\Roaming\ProcessLasso
2011-01-13 11:33:44 -------- d-----w- C:\Program Files\Process Lasso
2011-01-12 23:51:56 -------- d-----w- C:\Users\greg\AppData\Local\{29CF5BC7-EE78-4A61-A0E2-CB9F32756217}
2011-01-12 12:07:25 -------- d-----w- C:\Program Files (x86)\Wise Registry Cleaner
2011-01-12 11:51:39 -------- d-----w- C:\Users\greg\AppData\Local\{F5138517-1927-42EF-8D06-A80B860CA272}
2011-01-11 23:51:27 -------- d-----w- C:\Users\greg\AppData\Local\{698B50E2-EB78-4C0E-803F-83C38A117822}
2011-01-11 11:51:02 -------- d-----w- C:\Users\greg\AppData\Local\{7CC6C46E-32BE-45FF-9311-80590403BA84}
2011-01-10 23:50:38 -------- d-----w- C:\Users\greg\AppData\Local\{9A5A81ED-421D-4E38-9B86-6A358C55B6AA}
2011-01-10 12:01:45 -------- d-----w- C:\Program Files (x86)\WinUtilities
2011-01-10 11:02:27 -------- d-----w- C:\Users\greg\AppData\Local\{FDCFB807-0AC5-43E0-B920-67F9D536979C}
2011-01-09 21:34:48 -------- d-----w- C:\Users\greg\AppData\Local\{226A08D2-6EF9-43CE-9F52-FAAC7752C6DB}
2011-01-09 15:00:28 -------- d-----w- C:\Users\greg\AppData\Local\{19DFAAF0-2D37-4B3B-AD13-7F5053FB04DB}
2011-01-08 14:32:44 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-01-08 12:28:45 -------- d-----w- C:\Users\greg\AppData\Local\{3740FA85-5582-4B52-9438-9CB15CDFD976}
2011-01-08 12:01:47 -------- d-----w- C:\Windows\en
2011-01-08 11:57:50 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-01-08 11:53:20 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2011-01-08 11:51:37 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-01-08 11:51:37 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-01-08 11:51:33 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-01-08 11:51:33 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-01-08 11:49:56 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2011-01-08 11:49:56 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2011-01-08 11:49:55 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2011-01-08 11:49:55 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2011-01-08 11:49:26 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1918f3c01cbaf2a08\MeshBetaRemover.exe
2011-01-08 11:49:20 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\159216f01cbaf2a07\DSETUP.dll
2011-01-08 11:49:20 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\159216f01cbaf2a07\DXSETUP.exe
2011-01-08 11:49:20 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\159216f01cbaf2a07\dsetup32.dll
2011-01-08 11:49:15 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\11f31e401cbaf2a06\DSETUP.dll
2011-01-08 11:49:15 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\11f31e401cbaf2a06\DXSETUP.exe
2011-01-08 11:49:15 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\11f31e401cbaf2a06\dsetup32.dll
2011-01-03 03:24:43 -------- d-----w- C:\PROGRA~3\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2011-01-03 03:23:00 -------- d---a-w- C:\swsetup
2011-01-03 03:22:56 -------- d--h--w- C:\SYSTEM.SAV
2011-01-01 16:50:31 -------- d-----w- C:\Program Files (x86)\ZoneAlarm_Security
2011-01-01 16:50:21 -------- d-----w- C:\Program Files\CheckPoint
2011-01-01 16:50:02 1238528 ----a-w- C:\Windows\SysWow64\zpeng25.dll
2011-01-01 16:50:02 -------- d-----w- C:\Windows\SysWow64\ZoneLabs
2011-01-01 16:49:57 458840 ------w- C:\Windows\System32\drivers\vsdatant.sys
2011-01-01 16:49:57 -------- d-----w- C:\Program Files (x86)\Zone Labs
2011-01-01 16:49:21 -------- d-----w- C:\PROGRA~3\CheckPoint
2010-12-30 11:57:37 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-12-30 11:57:37 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-12-24 02:37:06 -------- d-----w- C:\Users\greg\AppData\Local\Secunia PSI
2010-12-24 02:33:33 -------- d-----w- C:\Program Files (x86)\Secunia

==================== Find3M ====================

2010-12-28 00:23:40 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-09 11:17:05 673280 ----a-w- C:\Windows\is-TIFH6.exe
2010-11-13 00:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-10 08:54:18 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-11-10 08:28:46 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:21:51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2010-11-02 05:18:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2010-11-02 05:18:59 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
2010-11-02 05:18:58 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:12:53 1133568 ----a-w- C:\Windows\System32\FntCache.dll
2010-11-02 05:12:25 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2010-11-02 05:12:08 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2010-11-02 05:12:07 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2010-11-02 05:12:06 902656 ----a-w- C:\Windows\System32\d2d1.dll
2010-11-02 05:12:06 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:59:08 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-11-02 04:41:36 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:35:51 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-11-02 02:50:58 258048 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

============= FINISH: 6:45:44.47 ===============

#7 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 22 January 2011 - 09:36 PM

Hi,

Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.


-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#8 gregb204

gregb204

    New Member

  • Members
  • Pip
  • 21 posts

Posted 22 January 2011 - 10:40 PM

2 post , missed keeping together.

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by greg at 21:36:22.37 on Sat 01/22/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.1253 [GMT -6:00]

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files (x86)\Norton DNS\NortonDNSTray.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Norton DNS\NortonDNSSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Preton\PretonSaver\PretonClientService.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Avant Browser\avant.exe
C:\Program Files (x86)\Avant Browser\ybrowser.exe
C:\Program Files (x86)\Avant Browser\ybrowser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\greg\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
uRun: [F.lux] "C:\Users\greg\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
mRun: [HP Software Update] "c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Norton DNS Tray Icon.lnk - C:\Program Files (x86)\Norton DNS\NortonDNSTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} - hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} - hxxp://www.superadblocker.com/activex/sabminf.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {B9911001-CBCB-4BCD-81B0-24A4815D702C} = 198.153.192.1,198.153.194.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB-X64: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
mRun-x64: [PC-Doctor for Windows localizer] "C:\Program Files\PC-Doctor for Windows\localizer.exe"
mRun-x64: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
mRun-x64: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
mRun-x64: [PretonClient] C:\Program Files\Preton\PretonSaver\PretonClient.exe
mRun-x64: [(Default)]
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\pdja30py.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - component: C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\pdja30py.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\FFExternalAlert.dll
FF - component: C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\pdja30py.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCore.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Users\greg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Proxy Tool: proxytool@proxylist.co - %profile%\extensions\proxytool@proxylist.co
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2010-5-26 37456]
R0 ssfs0bbc;ssfs0bbc;C:\Windows\System32\drivers\ssfs0bbc.sys [2009-11-6 37488]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2010-5-8 48216]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-5-8 14720]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-1-15 273488]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2010-5-27 49752]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-1-15 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-1-15 62032]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-15 40384]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-5 33528]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2010-11-5 822264]
R2 Norton DNS;Norton DNS;C:\Program Files (x86)\Norton DNS\NortonDNSSvc.exe [2010-10-13 97664]
R2 PretonClientService;PretonSaver;C:\Program Files\Preton\PretonSaver\PretonClientService.exe [2010-10-26 91136]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-30 1153368]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [2009-11-6 4048240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2010-5-8 84752]
S3 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2010-5-8 2850296]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-8 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 Paragon System Backup Service;Paragon System Backup Service;C:\Program Files (x86)\Paragon Software\System Backup 9.5\program\dbhservice.exe [2010-5-6 150096]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe [2010-10-3 93848]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2010-12-21 987704]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-8 1255736]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-9-24 306416]
S3 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [2010-9-30 1201640]
S3 ZentimoService;Zentimo Assistant;C:\Program Files (x86)\Zentimo\ZentimoService.exe [2010-12-2 524248]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2011-01-23 03:02:54 98816 ----a-w- C:\Windows\sed.exe
2011-01-23 03:02:54 89088 ----a-w- C:\Windows\MBR.exe
2011-01-23 03:02:54 256512 ----a-w- C:\Windows\PEV.exe
2011-01-23 03:02:54 161792 ----a-w- C:\Windows\SWREG.exe
2011-01-23 01:02:51 -------- d-----w- C:\Users\greg\AppData\Local\{184146E2-0D1B-4EB0-A44D-8632E59388A0}
2011-01-22 17:35:06 -------- d-----w- C:\Program Files (x86)\Norton DNS
2011-01-22 12:33:48 -------- d-----w- C:\Users\greg\AppData\Local\{16A7EB70-A058-4BA5-88DD-3F6D9BC16881}
2011-01-22 00:45:56 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{140D1CB5-3709-43C2-A8E5-325FC41EB6F9}\mpengine.dll
2011-01-22 00:33:22 -------- d-----w- C:\Users\greg\AppData\Local\{20704E36-74A2-4FDE-9288-4F2AAA7367C5}
2011-01-21 15:26:44 66552 ----a-w- C:\Windows\System32\drivers\mozy.sys
2011-01-21 15:26:43 -------- d-----w- C:\Program Files\MozyHome
2011-01-21 14:57:39 -------- d-----w- C:\Users\greg\AppData\Roaming\Auslogics
2011-01-21 10:18:29 -------- d-----w- C:\Users\greg\AppData\Local\{5C65A4DD-204E-4474-9905-32FA61133B94}
2011-01-20 14:59:22 -------- d-----w- C:\Users\greg\AppData\Local\{8D32EEDE-F06F-447B-884A-8A7C27CDBA32}
2011-01-20 11:23:51 -------- d-----w- C:\Users\greg\AppData\Local\AnVir
2011-01-20 11:15:42 7168 ----a-w- C:\Windows\SysWow64\temp.015
2011-01-20 11:15:42 172032 ----a-w- C:\Windows\SysWow64\temp.016
2011-01-20 11:15:42 1386496 ----a-w- C:\Windows\SysWow64\temp.017
2011-01-20 11:15:39 76288 ----a-w- C:\Windows\SysWow64\temp.014
2011-01-20 11:15:39 219136 ----a-w- C:\Windows\SysWow64\sqlite3_engine.dll
2011-01-20 02:58:55 -------- d-----w- C:\Users\greg\AppData\Local\{21ED94FD-5C65-45ED-B183-17A7A717284A}
2011-01-20 02:54:40 -------- d-----w- C:\Users\greg\AppData\Local\{D9C63B57-2301-43C6-AB82-C7BF08C295E2}
2011-01-19 15:05:32 -------- d-----w- C:\Users\greg\AppData\Roaming\QuickScan
2011-01-19 14:47:41 -------- d-----w- C:\Users\greg\AppData\Local\{4A00451D-BC52-4098-A128-90809030761F}
2011-01-19 12:00:08 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-19 03:35:03 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys
2011-01-19 03:35:02 -------- d-----w- C:\Program Files\Prevx
2011-01-19 03:34:40 -------- d-----w- C:\PROGRA~3\PrevxCSI
2011-01-19 02:47:16 -------- d-----w- C:\Users\greg\AppData\Local\{2C7A9B98-7444-4CB4-A82A-E51E5500A8DF}
2011-01-18 23:14:23 -------- d-----w- C:\Users\greg\AppData\Local\Preton_Ltd
2011-01-18 23:14:08 -------- d-----w- C:\Users\greg\AppData\Local\IsolatedStorage
2011-01-18 23:13:47 -------- d-----w- C:\Program Files\Preton
2011-01-18 14:47:03 -------- d-----w- C:\Users\greg\AppData\Local\{A0806E67-EDE7-4565-80F1-15F010022A63}
2011-01-18 11:38:00 -------- d-----w- C:\Users\greg\AppData\Local\360Amigo
2011-01-18 10:49:14 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-01-18 02:46:37 -------- d-----w- C:\Users\greg\AppData\Local\{9099572D-C039-48B4-B2BE-07E4FBC4A696}
2011-01-17 14:46:25 -------- d-----w- C:\Users\greg\AppData\Local\{65399AD4-91FD-4B28-9A74-0232951144AE}
2011-01-17 02:46:00 -------- d-----w- C:\Users\greg\AppData\Local\{987FACC1-2372-4E9C-8489-E56943000822}
2011-01-16 13:04:57 -------- d-----w- C:\Users\greg\AppData\Local\{3B0DA4BB-3B18-480A-A2B1-A8745B7D8194}
2011-01-16 01:04:45 -------- d-----w- C:\Users\greg\AppData\Local\{B43834A7-B7D1-4B43-9D50-C55CC3E96678}
2011-01-16 00:21:36 -------- d-----w- C:\Program Files (x86)\Software Informer
2011-01-15 21:52:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-15 21:47:35 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-01-15 21:09:25 -------- d-----w- C:\Malwarebytes
2011-01-15 13:04:33 -------- d-----w- C:\Users\greg\AppData\Local\{0E5EC1DD-A51E-406B-A816-2A3459F2910A}
2011-01-15 12:59:43 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-01-15 12:59:29 38848 ----a-w- C:\Windows\avastSS.scr
2011-01-15 02:47:10 17816 ----a-w- C:\PROGRA~3\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-01-15 01:10:40 -------- d--h--w- C:\Program Files (x86)\InstallJammer Registry
2011-01-15 01:10:36 -------- d-----w- C:\Program Files (x86)\GmailDefaultMaker
2011-01-15 01:04:08 -------- d-----w- C:\Users\greg\AppData\Local\{161838AA-0801-4A6A-9781-2038AF3CAA14}
2011-01-15 01:04:07 -------- d-----w- C:\Users\greg\AppData\Local\{9CBED043-0EEA-4E47-B98C-503B9B4030BC}
2011-01-14 12:17:21 -------- d-----w- C:\Users\greg\AppData\Local\{3DAA4812-E61E-4202-AA70-68CDB3F060B2}
2011-01-14 00:17:09 -------- d-----w- C:\Users\greg\AppData\Local\{F5F787D0-846F-4F20-9E5C-DE660F853897}
2011-01-13 11:52:21 -------- d-----w- C:\Users\greg\AppData\Local\{86025D2E-4BCD-4C22-8E76-5F980FF675CA}
2011-01-13 11:34:10 -------- d-----w- C:\PROGRA~3\ProcessLasso
2011-01-13 11:33:45 -------- d-----w- C:\Users\greg\AppData\Roaming\ProcessLasso
2011-01-13 11:33:44 -------- d-----w- C:\Program Files\Process Lasso
2011-01-12 23:51:56 -------- d-----w- C:\Users\greg\AppData\Local\{29CF5BC7-EE78-4A61-A0E2-CB9F32756217}
2011-01-12 12:07:25 -------- d-----w- C:\Program Files (x86)\Wise Registry Cleaner
2011-01-12 11:51:39 -------- d-----w- C:\Users\greg\AppData\Local\{F5138517-1927-42EF-8D06-A80B860CA272}
2011-01-11 23:51:27 -------- d-----w- C:\Users\greg\AppData\Local\{698B50E2-EB78-4C0E-803F-83C38A117822}
2011-01-11 11:51:02 -------- d-----w- C:\Users\greg\AppData\Local\{7CC6C46E-32BE-45FF-9311-80590403BA84}
2011-01-10 23:50:38 -------- d-----w- C:\Users\greg\AppData\Local\{9A5A81ED-421D-4E38-9B86-6A358C55B6AA}
2011-01-10 12:01:45 -------- d-----w- C:\Program Files (x86)\WinUtilities
2011-01-10 11:02:27 -------- d-----w- C:\Users\greg\AppData\Local\{FDCFB807-0AC5-43E0-B920-67F9D536979C}
2011-01-09 21:34:48 -------- d-----w- C:\Users\greg\AppData\Local\{226A08D2-6EF9-43CE-9F52-FAAC7752C6DB}
2011-01-09 15:00:28 -------- d-----w- C:\Users\greg\AppData\Local\{19DFAAF0-2D37-4B3B-AD13-7F5053FB04DB}
2011-01-08 14:32:44 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-01-08 12:28:45 -------- d-----w- C:\Users\greg\AppData\Local\{3740FA85-5582-4B52-9438-9CB15CDFD976}
2011-01-08 12:01:47 -------- d-----w- C:\Windows\en
2011-01-08 11:57:50 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-01-08 11:53:20 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2011-01-08 11:51:37 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-01-08 11:51:37 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-01-08 11:51:33 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-01-08 11:51:33 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-01-08 11:49:56 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2011-01-08 11:49:56 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2011-01-08 11:49:55 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2011-01-08 11:49:55 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2011-01-08 11:49:26 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1918f3c01cbaf2a08\MeshBetaRemover.exe
2011-01-08 11:49:20 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\159216f01cbaf2a07\DSETUP.dll
2011-01-08 11:49:20 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\159216f01cbaf2a07\DXSETUP.exe
2011-01-08 11:49:20 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\159216f01cbaf2a07\dsetup32.dll
2011-01-08 11:49:15 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\11f31e401cbaf2a06\DSETUP.dll
2011-01-08 11:49:15 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\11f31e401cbaf2a06\DXSETUP.exe
2011-01-08 11:49:15 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\11f31e401cbaf2a06\dsetup32.dll
2011-01-03 03:24:43 -------- d-----w- C:\PROGRA~3\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2011-01-03 03:23:00 -------- d---a-w- C:\swsetup
2011-01-03 03:22:56 -------- d-----w- C:\SYSTEM.SAV
2011-01-01 16:50:31 -------- d-----w- C:\Program Files (x86)\ZoneAlarm_Security
2011-01-01 16:50:21 -------- d-----w- C:\Program Files\CheckPoint
2011-01-01 16:50:02 1238528 ----a-w- C:\Windows\SysWow64\zpeng25.dll
2011-01-01 16:50:02 -------- d-----w- C:\Windows\SysWow64\ZoneLabs
2011-01-01 16:49:57 458840 ------w- C:\Windows\System32\drivers\vsdatant.sys
2011-01-01 16:49:57 -------- d-----w- C:\Program Files (x86)\Zone Labs
2011-01-01 16:49:21 -------- d-----w- C:\PROGRA~3\CheckPoint
2010-12-30 11:57:37 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-12-30 11:57:37 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy

==================== Find3M ====================

2010-12-28 00:23:40 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-09 11:17:05 673280 ----a-w- C:\Windows\is-TIFH6.exe
2010-11-13 00:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-10 08:54:18 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-11-10 08:28:46 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:21:51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2010-11-02 05:18:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2010-11-02 05:18:59 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
2010-11-02 05:18:58 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:12:53 1133568 ----a-w- C:\Windows\System32\FntCache.dll
2010-11-02 05:12:25 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2010-11-02 05:12:08 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2010-11-02 05:12:07 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2010-11-02 05:12:06 902656 ----a-w- C:\Windows\System32\d2d1.dll
2010-11-02 05:12:06 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:59:08 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-11-02 04:41:36 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:35:51 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-11-02 02:50:58 258048 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

============= FINISH: 21:37:53.06 ===============

#9 gregb204

gregb204

    New Member

  • Members
  • Pip
  • 21 posts

Posted 22 January 2011 - 10:51 PM

omboFix 11-01-22.02 - greg 01/22/2011 21:05:11.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.1618 [GMT -6:00]
Running from: c:\users\greg\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\users\greg\GoToAssistDownloadHelper.exe
c:\windows\system32\Ijl11.dll
c:\windows\SysWow64\Ijl11.dll

.
((((((((((((((((((((((((( Files Created from 2010-12-23 to 2011-01-23 )))))))))))))))))))))))))))))))
.

2011-01-23 03:25 . 2011-01-23 03:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-23 01:02 . 2011-01-23 01:03 -------- d-----w- c:\users\greg\AppData\Local\{184146E2-0D1B-4EB0-A44D-8632E59388A0}
2011-01-22 17:35 . 2011-01-22 17:35 -------- d-----w- c:\program files (x86)\Norton DNS
2011-01-22 12:33 . 2011-01-22 12:33 -------- d-----w- c:\users\greg\AppData\Local\{16A7EB70-A058-4BA5-88DD-3F6D9BC16881}
2011-01-22 00:45 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{140D1CB5-3709-43C2-A8E5-325FC41EB6F9}\mpengine.dll
2011-01-22 00:33 . 2011-01-22 00:33 -------- d-----w- c:\users\greg\AppData\Local\{20704E36-74A2-4FDE-9288-4F2AAA7367C5}
2011-01-21 15:26 . 2010-11-08 22:06 66552 ----a-w- c:\windows\system32\drivers\mozy.sys
2011-01-21 15:26 . 2011-01-21 15:26 -------- d-----w- c:\program files\MozyHome
2011-01-21 14:57 . 2011-01-21 14:57 -------- d-----w- c:\users\greg\AppData\Roaming\Auslogics
2011-01-21 10:18 . 2011-01-21 10:18 -------- d-----w- c:\users\greg\AppData\Local\{5C65A4DD-204E-4474-9905-32FA61133B94}
2011-01-20 14:59 . 2011-01-20 14:59 -------- d-----w- c:\users\greg\AppData\Local\{8D32EEDE-F06F-447B-884A-8A7C27CDBA32}
2011-01-20 11:23 . 2011-01-20 11:24 -------- d-----w- c:\users\greg\AppData\Local\AnVir
2011-01-20 11:15 . 2009-07-14 10:15 1386496 ----a-w- c:\windows\SysWow64\temp.017
2011-01-20 11:15 . 2008-05-10 06:53 172032 ----a-w- c:\windows\SysWow64\temp.016
2011-01-20 11:15 . 2003-04-01 07:00 7168 ----a-w- c:\windows\SysWow64\temp.015
2011-01-20 11:15 . 2008-04-14 19:12 76288 ----a-w- c:\windows\SysWow64\temp.014
2011-01-20 11:15 . 2007-06-18 23:57 219136 ----a-w- c:\windows\SysWow64\sqlite3_engine.dll
2011-01-20 02:58 . 2011-01-20 02:59 -------- d-----w- c:\users\greg\AppData\Local\{21ED94FD-5C65-45ED-B183-17A7A717284A}
2011-01-20 02:54 . 2011-01-20 02:54 -------- d-----w- c:\users\greg\AppData\Local\{D9C63B57-2301-43C6-AB82-C7BF08C295E2}
2011-01-19 15:05 . 2011-01-19 15:05 -------- d-----w- c:\users\greg\AppData\Roaming\QuickScan
2011-01-19 14:47 . 2011-01-19 14:47 -------- d-----w- c:\users\greg\AppData\Local\{4A00451D-BC52-4098-A128-90809030761F}
2011-01-19 12:00 . 2010-12-21 00:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-19 03:35 . 2011-01-19 03:35 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-01-19 03:35 . 2011-01-19 03:35 -------- d-----w- c:\program files\Prevx
2011-01-19 03:34 . 2011-01-19 11:30 -------- d-----w- c:\programdata\PrevxCSI
2011-01-19 02:47 . 2011-01-19 02:47 -------- d-----w- c:\users\greg\AppData\Local\{2C7A9B98-7444-4CB4-A82A-E51E5500A8DF}
2011-01-18 23:14 . 2011-01-22 12:27 -------- d-----w- c:\users\greg\AppData\Local\Preton_Ltd
2011-01-18 23:14 . 2011-01-18 23:14 -------- d-----w- c:\users\greg\AppData\Local\IsolatedStorage
2011-01-18 23:13 . 2011-01-18 23:13 -------- d-----w- c:\program files\Preton
2011-01-18 14:47 . 2011-01-18 14:47 -------- d-----w- c:\users\greg\AppData\Local\{A0806E67-EDE7-4565-80F1-15F010022A63}
2011-01-18 11:38 . 2011-01-20 00:29 -------- d-----w- c:\users\greg\AppData\Local\360Amigo
2011-01-18 02:46 . 2011-01-18 02:46 -------- d-----w- c:\users\greg\AppData\Local\{9099572D-C039-48B4-B2BE-07E4FBC4A696}
2011-01-17 14:46 . 2011-01-17 14:46 -------- d-----w- c:\users\greg\AppData\Local\{65399AD4-91FD-4B28-9A74-0232951144AE}
2011-01-17 02:46 . 2011-01-17 02:46 -------- d-----w- c:\users\greg\AppData\Local\{987FACC1-2372-4E9C-8489-E56943000822}
2011-01-16 13:04 . 2011-01-16 13:05 -------- d-----w- c:\users\greg\AppData\Local\{3B0DA4BB-3B18-480A-A2B1-A8745B7D8194}
2011-01-16 01:04 . 2011-01-16 01:04 -------- d-----w- c:\users\greg\AppData\Local\{B43834A7-B7D1-4B43-9D50-C55CC3E96678}
2011-01-16 00:21 . 2011-01-16 00:21 -------- d-----w- c:\program files (x86)\Software Informer
2011-01-15 21:52 . 2011-01-19 12:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-15 21:47 . 2011-01-15 21:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-15 21:09 . 2011-01-15 21:10 -------- d-----w- C:\Malwarebytes
2011-01-15 13:04 . 2011-01-15 13:04 -------- d-----w- c:\users\greg\AppData\Local\{0E5EC1DD-A51E-406B-A816-2A3459F2910A}
2011-01-15 12:59 . 2011-01-13 08:37 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-15 12:59 . 2011-01-13 08:41 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-15 12:59 . 2011-01-13 08:40 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-15 12:59 . 2011-01-13 08:37 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-15 12:59 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-15 12:59 . 2011-01-13 08:37 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-15 12:59 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-01-15 12:59 . 2011-01-13 08:47 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-01-15 12:59 . 2011-01-15 12:59 -------- d-----w- c:\program files\Alwil Software
2011-01-15 02:47 . 2011-01-15 02:47 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-01-15 01:10 . 2011-01-15 01:10 -------- d--h--w- c:\program files (x86)\InstallJammer Registry
2011-01-15 01:10 . 2011-01-15 12:51 -------- d-----w- c:\program files (x86)\GmailDefaultMaker
2011-01-15 01:04 . 2011-01-15 01:09 -------- d-----w- c:\users\greg\AppData\Local\{161838AA-0801-4A6A-9781-2038AF3CAA14}
2011-01-15 01:04 . 2011-01-15 01:04 -------- d-----w- c:\users\greg\AppData\Local\{9CBED043-0EEA-4E47-B98C-503B9B4030BC}
2011-01-14 12:17 . 2011-01-14 12:17 -------- d-----w- c:\users\greg\AppData\Local\{3DAA4812-E61E-4202-AA70-68CDB3F060B2}
2011-01-14 00:17 . 2011-01-14 00:17 -------- d-----w- c:\users\greg\AppData\Local\{F5F787D0-846F-4F20-9E5C-DE660F853897}
2011-01-13 11:52 . 2011-01-13 11:52 -------- d-----w- c:\users\greg\AppData\Local\{86025D2E-4BCD-4C22-8E76-5F980FF675CA}
2011-01-13 11:34 . 2011-01-13 11:34 -------- d-----w- c:\programdata\ProcessLasso
2011-01-13 11:33 . 2011-01-15 12:51 -------- d-----w- c:\users\greg\AppData\Roaming\ProcessLasso
2011-01-13 11:33 . 2011-01-15 12:51 -------- d-----w- c:\program files\Process Lasso
2011-01-12 23:51 . 2011-01-12 23:52 -------- d-----w- c:\users\greg\AppData\Local\{29CF5BC7-EE78-4A61-A0E2-CB9F32756217}
2011-01-12 12:07 . 2011-01-15 12:51 -------- d-----w- c:\program files (x86)\Wise Registry Cleaner
2011-01-12 11:51 . 2011-01-12 11:51 -------- d-----w- c:\users\greg\AppData\Local\{F5138517-1927-42EF-8D06-A80B860CA272}
2011-01-11 23:51 . 2011-01-11 23:51 -------- d-----w- c:\users\greg\AppData\Local\{698B50E2-EB78-4C0E-803F-83C38A117822}
2011-01-11 11:51 . 2011-01-11 11:51 -------- d-----w- c:\users\greg\AppData\Local\{7CC6C46E-32BE-45FF-9311-80590403BA84}
2011-01-10 23:50 . 2011-01-10 23:50 -------- d-----w- c:\users\greg\AppData\Local\{9A5A81ED-421D-4E38-9B86-6A358C55B6AA}
2011-01-10 12:01 . 2011-01-10 12:15 -------- d-----w- c:\program files (x86)\WinUtilities
2011-01-10 11:02 . 2011-01-10 11:02 -------- d-----w- c:\users\greg\AppData\Local\{FDCFB807-0AC5-43E0-B920-67F9D536979C}
2011-01-10 00:36 . 2011-01-10 03:14 -------- d-----w- c:\program files (x86)\Windows Live Safety Center
2011-01-09 21:34 . 2011-01-09 21:35 -------- d-----w- c:\users\greg\AppData\Local\{226A08D2-6EF9-43CE-9F52-FAAC7752C6DB}
2011-01-09 15:00 . 2011-01-09 15:00 -------- d-----w- c:\users\greg\AppData\Local\{19DFAAF0-2D37-4B3B-AD13-7F5053FB04DB}
2011-01-08 14:32 . 2011-01-08 14:32 -------- d-----w- c:\program files (x86)\Trend Micro
2011-01-08 12:28 . 2011-01-08 12:28 -------- d-----w- c:\users\greg\AppData\Local\{3740FA85-5582-4B52-9438-9CB15CDFD976}
2011-01-08 12:01 . 2011-01-08 12:01 -------- d-----w- c:\windows\en
2011-01-08 11:57 . 2011-01-08 11:57 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-01-08 11:53 . 2010-09-23 06:36 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-01-08 11:52 . 2011-01-08 11:53 -------- d-----w- c:\program files\Windows Live
2011-01-08 11:51 . 2009-09-04 23:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-01-08 11:51 . 2009-09-04 23:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-01-08 11:51 . 2009-09-04 23:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-01-08 11:51 . 2009-09-04 23:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-01-08 11:49 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-01-08 11:49 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2011-01-08 11:49 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2011-01-08 11:49 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2011-01-08 11:49 . 2011-01-08 11:49 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1918f3c01cbaf2a08\MeshBetaRemover.exe
2011-01-08 11:49 . 2011-01-08 11:49 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\159216f01cbaf2a07\DSETUP.dll
2011-01-08 11:49 . 2011-01-08 11:49 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\159216f01cbaf2a07\DXSETUP.exe
2011-01-08 11:49 . 2011-01-08 11:49 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\159216f01cbaf2a07\dsetup32.dll
2011-01-08 11:49 . 2011-01-08 11:49 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\11f31e401cbaf2a06\DSETUP.dll
2011-01-08 11:49 . 2011-01-08 11:49 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\11f31e401cbaf2a06\DXSETUP.exe
2011-01-08 11:49 . 2011-01-08 11:49 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\11f31e401cbaf2a06\dsetup32.dll
2011-01-03 03:24 . 2011-01-15 02:08 -------- d-----w- c:\programdata\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2011-01-03 03:23 . 2011-01-03 03:23 -------- d---a-w- C:\swsetup
2011-01-03 03:22 . 2011-01-03 03:23 -------- d-----w- C:\SYSTEM.SAV
2011-01-01 16:50 . 2011-01-01 16:50 -------- d-----w- c:\program files (x86)\ZoneAlarm_Security
2011-01-01 16:50 . 2011-01-01 16:50 -------- d-----w- c:\program files\CheckPoint
2011-01-01 16:50 . 2010-11-16 23:45 69120 ----a-w- c:\windows\SysWow64\zlcomm.dll
2011-01-01 16:50 . 2010-11-16 23:45 104448 ----a-w- c:\windows\SysWow64\zlcommdb.dll
2011-01-01 16:50 . 2011-01-01 16:51 -------- d-----w- c:\windows\SysWow64\ZoneLabs
2011-01-01 16:50 . 2010-11-16 23:45 1238528 ----a-w- c:\windows\SysWow64\zpeng25.dll
2011-01-01 16:49 . 2011-01-01 16:49 -------- d-----w- c:\program files (x86)\Zone Labs
2011-01-01 16:49 . 2010-05-15 22:30 458840 ------w- c:\windows\system32\drivers\vsdatant.sys
2011-01-01 16:49 . 2011-01-01 16:49 -------- d-----w- c:\programdata\CheckPoint
2010-12-30 11:57 . 2011-01-21 00:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-30 11:57 . 2010-12-30 12:01 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 00:23 . 2010-05-27 09:49 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-21 00:08 . 2010-05-08 01:13 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-09 11:17 . 2010-12-09 11:17 673280 ----a-w- c:\windows\is-TIFH6.exe
2010-11-13 00:53 . 2010-05-09 10:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-11-10 08:54 . 2010-11-10 08:54 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2010-11-10 08:28 . 2010-11-10 08:28 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-11-04 06:35 . 2010-12-15 11:47 1194496 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-15 11:47 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-15 11:47 978944 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-15 11:47 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-15 11:47 482816 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-15 11:47 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-15 11:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-15 11:47 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-15 11:47 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-15 11:47 473600 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 05:17 . 2010-12-15 11:47 1169408 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 05:16 . 2010-12-15 11:47 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-15 11:47 464384 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-15 11:47 285696 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-15 11:47 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-15 11:47 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-15 11:47 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-15 11:47 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-10-27 05:06 . 2010-12-15 11:47 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-27 04:32 . 2010-12-15 11:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2010-12-01 17:27 2735200 ----a-w- c:\program files (x86)\ZoneAlarm_Security\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\greg\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-12-26 160328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Norton DNS Tray Icon.lnk - c:\program files (x86)\Norton DNS\NortonDNSTray.exe [2010-10-13 75136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
"ForceActiveDesktopOn"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk \0sasnative64
SetupExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe"
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe"

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"a-squared"="c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2guard.exe" /d=60

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2010-10-02 84752]
R3 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-01-16 2850296]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 Paragon System Backup Service;Paragon System Backup Service;c:\program files (x86)\Paragon Software\System Backup 9.5\program\dbhservice.exe [2010-05-06 150096]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe [2009-08-10 93848]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2010-12-21 987704]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-08 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
R3 WRConsumerService;Webroot Client Service;c:\program files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [2010-09-30 1201640]
R3 ZentimoService;Zentimo Assistant;c:\program files (x86)\Zentimo\ZentimoService.exe [2010-10-28 524248]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 27216]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-05-06 37456]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-11-06 37488]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2010-10-02 48216]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-08 14720]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-12-28 49752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-05 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-11-05 822264]
S2 Norton DNS;Norton DNS;c:\program files (x86)\Norton DNS\NortonDNSSvc.exe [2010-10-13 97664]
S2 PretonClientService;PretonSaver;c:\program files\Preton\PretonSaver\PretonClientService.exe [2010-10-26 91136]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 51600]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2011-01-16 c:\windows\Tasks\Advanced System Protector.job
- c:\program files (x86)\Systweak\Advanced System Protector\RunSchedule.exe [2010-05-08 00:38]

2011-01-23 c:\windows\Tasks\AWC Update.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-05-10 21:24]

2011-01-22 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2010-05-09 20:13]

2011-01-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-12-01 02:55]

2011-01-03 c:\windows\Tasks\HPCeeScheduleForgreg.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]

2010-12-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-11-08 22:06 4345144 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-11-08 22:06 4345144 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-11-05 1123320]
"PretonClient"="c:\program files\Preton\PretonSaver\PretonClient.exe" [2010-10-25 2577920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: {B9911001-CBCB-4BCD-81B0-24A4815D702C} = 198.153.192.1,198.153.194.1
DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} - hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB
DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} - hxxp://www.superadblocker.com/activex/sabminf.cab
FF - ProfilePath - c:\users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\pdja30py.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Proxy Tool: proxytool@proxylist.co - %profile%\extensions\proxytool@proxylist.co
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files (x86)\Siber Systems\AI RoboForm\Firefox
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
HKLM-Run-(Default) - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-22 21:31:17
ComboFix-quarantined-files.txt 2011-01-23 03:31

Pre-Run: 424,451,665,920 bytes free
Post-Run: 424,588,173,312 bytes free

- - End Of File - - F6A6C16C7DB99C22E7CA5A664A5F1A9F

#10 gregb204

gregb204

    New Member

  • Members
  • Pip
  • 21 posts

Posted 23 January 2011 - 06:11 AM

these items are hidden and found in trusted sites by another prog. I do remove but come back on there own. also spywareblaster by javacool gets 13 sites unenabled when I check it after finding these sites and removing them. not sure if will help you but on comp this boot up.

IE - Trusted Sites]
[people.1gb.ru]
Items=people.1gb.ru
Description=
Publisher=
Path=people.1gb.ru
[dialer.cjb.net]
Items=dialer.cjb.net
Description=
Publisher=
Path=dialer.cjb.net
[fastmp3search.com.ar]
Items=fastmp3search.com.ar
Description=
Publisher=
Path=fastmp3search.com.ar
[direct.data-line.us]
Items=direct.data-line.us
Description=
Publisher=
Path=direct.data-line.us
[getflash.hostzi.com]
Items=getflash.hostzi.com
Description=
Publisher=
Path=getflash.hostzi.com
[regi.lolso.com]
Items=regi.lolso.com
Description=
Publisher=
Path=regi.lolso.com
[karleyt.narod.ru]
Items=karleyt.narod.ru
Description=
Publisher=
Path=karleyt.narod.ru
[toolbar.push.com]
Items=toolbar.push.com
Description=
Publisher=
Path=toolbar.push.com
[search.scourweb.net]
Items=search.scourweb.net
Description=
Publisher=
Path=search.scourweb.net
[dewis.spb.ru]
Items=dewis.spb.ru
Description=
Publisher=
Path=dewis.spb.ru
[cehjbiladg.stlouismoonline.com]
Items=cehjbiladg.stlouismoonline.com
Description=
Publisher=
Path=cehjbiladg.stlouismoonline.com
[ads.tucows.com]
Items=ads.tucows.com
Description=
Publisher=
Path=ads.tucows.com
[searchmeta.webhost.ru]
Items=searchmeta.webhost.ru
Description=
Publisher=
Path=searchmeta.webhost.ru

#11 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 24 January 2011 - 07:24 PM

Hi,

these items are hidden and found in trusted sites by another prog.

By which program?


not sure if will help you but on comp this boot up.

What do you mean by this? Take a screenshot of what you see and post it here.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#12 gregb204

gregb204

    New Member

  • Members
  • Pip
  • 21 posts

Posted 24 January 2011 - 07:43 PM

hi,
Amigo 360 list them in system optimizer , startup services. trusted sites. only place can see them. not in the normal trusted sites.

That is what I meant , they came back after combofix ran. I manuallly delete and come back.

also just ran Advanced system protector and it came back with alot more . ziped the file. mbam and superantispyware do not show these items.

have not deleted the trusted sites found waiting to see if it can help you.

snap shot of the amigo 360 page.

thanks.

Attached Files



#13 gregb204

gregb204

    New Member

  • Members
  • Pip
  • 21 posts

Posted 24 January 2011 - 09:06 PM

have a home network and these 13 startup items are also found on my vista desktop and on the laptop w7 that is used wireless. also ran asp and find the roque 2006 on them too. have disconnected the cable to desktop to keep more malware getting on it. the spywareblaster program doesnt show not protected till I remove the 13 trusted sites then it changes to 13 items not enabled/protected. been doing that for a week now since I found malware and trusted sites coming back .

THe zip file shows the 2006 roq malware and the rest have never seen till today. will have to wait to see if they come back after reboot.

greg

#14 gregb204

gregb204

    New Member

  • Members
  • Pip
  • 21 posts

Posted 24 January 2011 - 09:58 PM

avast found these 2 items, win32:vitro was found on boot scan on 1/18. picture attached. other must of been regular scan on 1/22

Attached Files



#15 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 25 January 2011 - 03:20 AM

Hi,

I would not recommend keeping 360Amigo and Advanced System Protector. It looks like they are giving false reports to scare you into purchasing whatever they offer. You can't find their detections because they don't really exist. I suggest uninstalling them as soon as possible.

Regarding the avast detection, can you expand the "Original Location" section so I can see exactly what is being detected?
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#16 gregb204

gregb204

    New Member

  • Members
  • Pip
  • 21 posts

Posted 25 January 2011 - 06:36 AM

Not sure how to expand avast, opend chest and this info is all it shows. amigo 360 is free but I have the pro version from a giveaway. the asp is free and with no nag screens to buy the pro version with shields. but it does seem to fiind false pos as you mention. there support said run a hijack this scan and then told me spywareblaster was needing uninstalled to remove sites found in roq 2006 placed in the p3p history area by spywareblaster to block the bad sites. didnt believe them passed on removal. Never try to sell up. but only program that is saying roq 2006 on comp.

Let me know how to expand avast. can rt click and show properties but same info on line. wouldnt take pic of the pop up info.

360 is a cleaner program with no malware removal .

#17 gregb204

gregb204

    New Member

  • Members
  • Pip
  • 21 posts

Posted 25 January 2011 - 07:36 AM

Advanced System Protector
Just looked up at download.com and had a 4 star rating and very good reviews from users. My comp does run very fast and no pop ups so wondering if the asp was giving false pos on the roq 2006 find. It does seem to find it on all my comp.

#18 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 26 January 2011 - 01:53 AM

Regarding avast, looking at in the screenshot above, just click and drag the vertical line that looks like a | to the right of "Original Location" and directly left of "Last Changed" and drag it to the right so I can see the full path.

Ah I see what the issue is. There is a false positive by ASP; it's detecting SpywareBlaster's database as malicious. SpywareBlaster has been around for many years and I would recommend urging them to fix it. In the meantime, feel free to ignore the detection. ;)
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#19 gregb204

gregb204

    New Member

  • Members
  • Pip
  • 21 posts

Posted 26 January 2011 - 05:05 AM

thanks, I will ask asp to fix or look into ,
here is expanded picture of avast. the auslogic boostspeed special edition I did get free download and have since uninstalled it since found virus.

Attached Files



#20 gregb204

gregb204

    New Member

  • Members
  • Pip
  • 21 posts

Posted 26 January 2011 - 10:30 AM

zonealarm showed these logs today. still seeing the trusted sites items come back after removing..

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users