gregb204

roguesecurityprogram.anti-spyware-plus-2006

24 posts in this topic

roguesecurityprogram.anti-spyware-plus-2006 this is found by another program but not the 1.5.mb comes back on my system before I reboot. in hkey user of registry. does get removed and no effect on my w7 64 comp. that I can see.

says found infected in hkey_current_user\software\microsoft\windows\currentversion\internet settings\p3p\history\buy.com and 8 other similiear places.

any tip on complete removal be good. still have and found by another prog that cant remove it for good. did remove and quarintined before this post.

do not notice any effect on my computer speed or popups . w7 64 os. ie8.

thanks. see another post with same bug but stopped due to no response. files attached per my old post same topic.

DDS.txt

Attachdds.txt

gmer.log

Share this post


Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log. Next, run DDS again and post DDS.txt; post them directly into your reply instead of attaching them.

Share this post


Link to post
Share on other sites
Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log. Next, run DDS again and post DDS.txt; post them directly into your reply instead of attaching them.

thanks.

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 5/7/2010 5:20:12 PM

System Uptime: 1/22/2011 5:48:02 AM (1 hours ago)

Motherboard: PEGATRON CORPORATION | | Narra6

Processor: AMD Athlon II X2 240 Processor | CPU 1 | 2800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 456 GiB total, 397.353 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 1.448 GiB free.

E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP218: 1/2/2011 4:11:57 PM - Made by Regsofts

RP219: 1/2/2011 9:19:32 PM - HPSF Applying updates

RP220: 1/2/2011 9:24:57 PM - Installed HP Support Assistant

RP221: 1/7/2011 5:12:39 AM - Windows Update

RP222: 1/7/2011 7:57:07 PM - 360 Amigo System Speedup PRO(1.2.1.4700)

RP223: 1/8/2011 5:46:25 AM - Removed Visual Studio 2008 x64 Redistributables

RP224: 1/8/2011 5:48:49 AM - Windows Live Essentials

RP225: 1/8/2011 5:49:29 AM - Windows Update

RP226: 1/8/2011 5:50:21 AM - Installed DirectX

RP227: 1/8/2011 5:51:07 AM - Installed DirectX

RP228: 1/8/2011 5:52:24 AM - WLSetup

RP229: 1/9/2011 9:13:21 PM - Cleaned registry with Windows Live OneCare safety scanner

RP230: 1/12/2011 5:21:53 AM - Windows Update

RP231: 1/12/2011 6:11:50 AM - Create by Wise Registry Cleaner

RP232: 1/12/2011 6:16:14 AM - Windows Update

RP233: 1/14/2011 8:41:00 PM - Restore Operation

RP234: 1/14/2011 9:04:38 PM - Revo Uninstaller's restore point - avast! Free Antivirus

RP235: 1/14/2011 9:05:12 PM - avast! Free Antivirus Setup

RP236: 1/14/2011 9:07:42 PM - Restore Operation

RP237: 1/14/2011 9:28:55 PM - Windows Update

RP238: 1/15/2011 6:03:19 AM - Restore Operation

RP239: 1/15/2011 6:59:00 AM - avast! Free Antivirus Setup

RP240: 1/15/2011 3:17:05 PM - Revo Uninstaller's restore point - Malwarebytes' Anti-Malware

RP241: 1/15/2011 3:29:57 PM - 360 Amigo System Speedup PRO(1.2.1.4800)

RP242: 1/15/2011 6:02:47 PM - Revo Uninstaller's restore point - Software Informer 1.0 BETA

RP243: 1/17/2011 9:01:46 PM - Revo Uninstaller's restore point - Argente Utilities 1.0.3.1

RP244: 1/18/2011 4:48:03 AM - Windows Update

RP245: 1/18/2011 5:13:09 PM - Installed PretonSaver Home Edition.

RP246: 1/18/2011 7:52:16 PM - Revo Uninstaller's restore point - Spyware Doctor 7.0

RP247: 1/18/2011 9:11:37 PM - Spyware Terminator - restore point

RP248: 1/19/2011 5:39:18 PM - Removed Microsoft IntelliPoint 8.0

RP249: 1/21/2011 4:31:54 AM - Revo Uninstaller's restore point - Auslogics BoostSpeed Special Edition

RP250: 1/21/2011 5:03:30 AM - Revo Uninstaller's restore point - Windows Live Essentials

RP251: 1/21/2011 9:26:03 AM - Installed MozyHome

RP252: 1/21/2011 6:45:09 PM - Windows Update

==== Installed Programs ======================

360 Amigo System Speedup PRO

7-Zip 4.65

Adobe Download Manager

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Advanced System Protector

Advanced SystemCare 3

AI RoboForm (All Users)

Aiseesoft Total Video Converter 6.1.08

AnVir Task Manager

Ashampoo Snap 3.50

Ashampoo WinOptimizer 6.60

Auslogics Disk Defrag

Avant Browser (remove only)

avast! Free Antivirus

BufferChm

Comodo Dragon

Compatibility Pack for the 2007 Office system

Copy

Coupon Printer for Windows

CyberLink DVD Suite Deluxe

D3DX10

Destinations

Device Doctor 1.0.0.1

DeviceDiscovery

DirectX for Managed Code Update (Summer 2004)

DJ_AIO_03_F4200_Software_Min

Emsisoft Anti-Malware 5.0

F.lux

F4200

FILEminimizer Pictures

Foxit Reader

Glary Utilities Pro 2.31.0.1098

GmailDefaultMaker

Google Updater

GPBaseService2

HijackThis 2.0.2

HP Advisor

HP Customer Experience Enhancements

HP Games

HP Product Detection

HP Setup

HP Update

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

Identity Finder

Java Auto Updater

Java 6 Update 23

Junk Mail filter update

LabelPrint

LightScribe System Software

Malwarebytes' Anti-Malware

MarketResearch

Mesh Runtime

Messenger Companion

Microsoft Easy Assist v2

Microsoft Live Search Toolbar

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Mozilla Firefox (3.6.13)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 and SOAP Toolkit 3.0

Norton DNS

OpenOffice.org 3.2

PictureMover

Power2Go

PowerDirector

Process Lasso

Realtek High Definition Audio Driver

Recovery Manager

Revo Uninstaller 1.91

Sansa Updater

Scan

Secunia PSI (2.0.0.1003)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Skype

mbam_log_2011_01_22__06_39_24_.txt

Share this post


Link to post
Share on other sites

hi,

my zonealarm is asking for permission to allow SWREG.DAT so wanted to pass along in case helps.

Share this post


Link to post
Share on other sites

Hi,

You posted Attach.txt from DDS; please post DDS.txt as requested. Allow SWReg.dat in ZoneAlarm..

Share this post


Link to post
Share on other sites
hi,

my zonealarm is asking for permission to allow SWREG.DAT so wanted to pass along in case helps.

sorry thanks.

DDS (Ver_10-12-12.02) - NTFS_AMD64

Run by greg at 6:43:50.27 on Sat 01/22/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.1476 [GMT -6:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\SysWOW64\ZoneLabs\vsmon.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Users\greg\Local Settings\Apps\F.lux\flux.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Program Files\MozyHome\mozystat.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Process Lasso\processgovernor.exe

C:\Program Files\Process Lasso\processlasso.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\vssvc.exe

C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\MozyHome\mozybackup.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\Program Files (x86)\Avant Browser\avant.exe

C:\Program Files (x86)\Avant Browser\ybrowser.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Avant Browser\ybrowser.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XZJNSPDZ\dds[1].scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com

uSearch Page = hxxp://www.bing.com/?pc=AVBR

uSearch Bar = Preserve

uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll

mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll

mWinlogon: Userinit=userinit.exe

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [F.lux] "C:\Users\greg\Local Settings\Apps\F.lux\flux.exe" /noshow

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

mRun: [HP Software Update] "c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"

mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: NoResolveTrack = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} - hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB

DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} - hxxp://www.superadblocker.com/activex/sabminf.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO-X64: ZoneAlarm Security Engine Registrar - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File

TB-X64: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File

mRun-x64: [PC-Doctor for Windows localizer] "C:\Program Files\PC-Doctor for Windows\localizer.exe"

mRun-x64: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

mRun-x64: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

mRun-x64: [PretonClient] C:\Program Files\Preton\PretonSaver\PretonClient.exe

mRun-x64: [(Default)]

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\pdja30py.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll

FF - component: C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\pdja30py.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\FFExternalAlert.dll

FF - component: C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\pdja30py.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCore.dll

FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll

FF - plugin: C:\Users\greg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Proxy Tool: proxytool@proxylist.co - %profile%\extensions\proxytool@proxylist.co

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

FF - Ext: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}

FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]

R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2010-5-26 37456]

R0 ssfs0bbc;ssfs0bbc;C:\Windows\System32\drivers\ssfs0bbc.sys [2009-11-6 37488]

R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2010-5-8 48216]

R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-5-8 14720]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-1-15 273488]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]

R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2010-5-27 49752]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-1-15 20560]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-1-15 62032]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-15 40384]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-5 33528]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2010-11-5 822264]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-30 1153368]

R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416]

R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [2009-11-6 4048240]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]

S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2010-5-8 84752]

S3 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2010-5-8 2850296]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-8 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 Norton DNS;Norton DNS;C:\Program Files (x86)\Norton DNS\NortonDNSSvc.exe [2010-10-13 97664]

S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]

S3 Paragon System Backup Service;Paragon System Backup Service;C:\Program Files (x86)\Paragon Software\System Backup 9.5\program\dbhservice.exe [2010-5-6 150096]

S3 PretonClientService;PretonSaver;C:\Program Files\Preton\PretonSaver\PretonClientService.exe [2010-10-26 91136]

S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]

S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe [2010-10-3 93848]

S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2010-12-21 987704]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-8 1255736]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-9-24 306416]

S3 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [2010-9-30 1201640]

S3 ZentimoService;Zentimo Assistant;C:\Program Files (x86)\Zentimo\ZentimoService.exe [2010-12-2 524248]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2011-01-22 12:33:48 -------- d-----w- C:\Users\greg\AppData\Local\{16A7EB70-A058-4BA5-88DD-3F6D9BC16881}

2011-01-22 00:45:56 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{140D1CB5-3709-43C2-A8E5-325FC41EB6F9}\mpengine.dll

2011-01-22 00:33:22 -------- d-----w- C:\Users\greg\AppData\Local\{20704E36-74A2-4FDE-9288-4F2AAA7367C5}

2011-01-21 15:26:44 66552 ----a-w- C:\Windows\System32\drivers\mozy.sys

2011-01-21 15:26:43 -------- d-----w- C:\Program Files\MozyHome

2011-01-21 14:57:39 -------- d-----w- C:\Users\greg\AppData\Roaming\Auslogics

2011-01-21 10:18:29 -------- d-----w- C:\Users\greg\AppData\Local\{5C65A4DD-204E-4474-9905-32FA61133B94}

2011-01-20 14:59:22 -------- d-----w- C:\Users\greg\AppData\Local\{8D32EEDE-F06F-447B-884A-8A7C27CDBA32}

2011-01-20 11:23:51 -------- d-----w- C:\Users\greg\AppData\Local\AnVir

2011-01-20 11:15:42 7168 ----a-w- C:\Windows\SysWow64\temp.015

2011-01-20 11:15:42 172032 ----a-w- C:\Windows\SysWow64\temp.016

2011-01-20 11:15:42 1386496 ----a-w- C:\Windows\SysWow64\temp.017

2011-01-20 11:15:39 76288 ----a-w- C:\Windows\SysWow64\temp.014

2011-01-20 11:15:39 219136 ----a-w- C:\Windows\SysWow64\sqlite3_engine.dll

2011-01-20 02:58:55 -------- d-----w- C:\Users\greg\AppData\Local\{21ED94FD-5C65-45ED-B183-17A7A717284A}

2011-01-20 02:54:40 -------- d-----w- C:\Users\greg\AppData\Local\{D9C63B57-2301-43C6-AB82-C7BF08C295E2}

2011-01-19 15:05:32 -------- d-----w- C:\Users\greg\AppData\Roaming\QuickScan

2011-01-19 14:47:41 -------- d-----w- C:\Users\greg\AppData\Local\{4A00451D-BC52-4098-A128-90809030761F}

2011-01-19 12:00:08 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-19 03:35:03 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys

2011-01-19 03:35:02 -------- d-----w- C:\Program Files\Prevx

2011-01-19 03:34:40 -------- d-----w- C:\PROGRA~3\PrevxCSI

2011-01-19 02:47:16 -------- d-----w- C:\Users\greg\AppData\Local\{2C7A9B98-7444-4CB4-A82A-E51E5500A8DF}

2011-01-18 23:14:23 -------- d-----w- C:\Users\greg\AppData\Local\Preton_Ltd

2011-01-18 23:14:08 -------- d-----w- C:\Users\greg\AppData\Local\IsolatedStorage

2011-01-18 23:13:47 -------- d-----w- C:\Program Files\Preton

2011-01-18 14:47:03 -------- d-----w- C:\Users\greg\AppData\Local\{A0806E67-EDE7-4565-80F1-15F010022A63}

2011-01-18 11:38:00 -------- d-----w- C:\Users\greg\AppData\Local\360Amigo

2011-01-18 10:49:14 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-01-18 02:46:37 -------- d-----w- C:\Users\greg\AppData\Local\{9099572D-C039-48B4-B2BE-07E4FBC4A696}

2011-01-17 14:46:25 -------- d-----w- C:\Users\greg\AppData\Local\{65399AD4-91FD-4B28-9A74-0232951144AE}

2011-01-17 02:46:00 -------- d-----w- C:\Users\greg\AppData\Local\{987FACC1-2372-4E9C-8489-E56943000822}

2011-01-16 13:04:57 -------- d-----w- C:\Users\greg\AppData\Local\{3B0DA4BB-3B18-480A-A2B1-A8745B7D8194}

2011-01-16 01:04:45 -------- d-----w- C:\Users\greg\AppData\Local\{B43834A7-B7D1-4B43-9D50-C55CC3E96678}

2011-01-16 00:21:36 -------- d-----w- C:\Program Files (x86)\Software Informer

2011-01-15 21:52:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-01-15 21:47:35 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-01-15 21:09:25 -------- d-----w- C:\Malwarebytes

2011-01-15 13:04:33 -------- d-----w- C:\Users\greg\AppData\Local\{0E5EC1DD-A51E-406B-A816-2A3459F2910A}

2011-01-15 12:59:43 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-01-15 12:59:29 38848 ----a-w- C:\Windows\avastSS.scr

2011-01-15 02:47:10 17816 ----a-w- C:\PROGRA~3\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-01-15 01:10:40 -------- d--h--w- C:\Program Files (x86)\InstallJammer Registry

2011-01-15 01:10:36 -------- d-----w- C:\Program Files (x86)\GmailDefaultMaker

2011-01-15 01:04:08 -------- d-----w- C:\Users\greg\AppData\Local\{161838AA-0801-4A6A-9781-2038AF3CAA14}

2011-01-15 01:04:07 -------- d-----w- C:\Users\greg\AppData\Local\{9CBED043-0EEA-4E47-B98C-503B9B4030BC}

2011-01-14 12:17:21 -------- d-----w- C:\Users\greg\AppData\Local\{3DAA4812-E61E-4202-AA70-68CDB3F060B2}

2011-01-14 00:17:09 -------- d-----w- C:\Users\greg\AppData\Local\{F5F787D0-846F-4F20-9E5C-DE660F853897}

2011-01-13 11:52:21 -------- d-----w- C:\Users\greg\AppData\Local\{86025D2E-4BCD-4C22-8E76-5F980FF675CA}

2011-01-13 11:34:10 -------- d-----w- C:\PROGRA~3\ProcessLasso

2011-01-13 11:33:45 -------- d-----w- C:\Users\greg\AppData\Roaming\ProcessLasso

2011-01-13 11:33:44 -------- d-----w- C:\Program Files\Process Lasso

2011-01-12 23:51:56 -------- d-----w- C:\Users\greg\AppData\Local\{29CF5BC7-EE78-4A61-A0E2-CB9F32756217}

2011-01-12 12:07:25 -------- d-----w- C:\Program Files (x86)\Wise Registry Cleaner

2011-01-12 11:51:39 -------- d-----w- C:\Users\greg\AppData\Local\{F5138517-1927-42EF-8D06-A80B860CA272}

2011-01-11 23:51:27 -------- d-----w- C:\Users\greg\AppData\Local\{698B50E2-EB78-4C0E-803F-83C38A117822}

2011-01-11 11:51:02 -------- d-----w- C:\Users\greg\AppData\Local\{7CC6C46E-32BE-45FF-9311-80590403BA84}

2011-01-10 23:50:38 -------- d-----w- C:\Users\greg\AppData\Local\{9A5A81ED-421D-4E38-9B86-6A358C55B6AA}

2011-01-10 12:01:45 -------- d-----w- C:\Program Files (x86)\WinUtilities

2011-01-10 11:02:27 -------- d-----w- C:\Users\greg\AppData\Local\{FDCFB807-0AC5-43E0-B920-67F9D536979C}

2011-01-09 21:34:48 -------- d-----w- C:\Users\greg\AppData\Local\{226A08D2-6EF9-43CE-9F52-FAAC7752C6DB}

2011-01-09 15:00:28 -------- d-----w- C:\Users\greg\AppData\Local\{19DFAAF0-2D37-4B3B-AD13-7F5053FB04DB}

2011-01-08 14:32:44 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-01-08 12:28:45 -------- d-----w- C:\Users\greg\AppData\Local\{3740FA85-5582-4B52-9438-9CB15CDFD976}

2011-01-08 12:01:47 -------- d-----w- C:\Windows\en

2011-01-08 11:57:50 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2011-01-08 11:53:20 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys

2011-01-08 11:51:37 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2011-01-08 11:51:37 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2011-01-08 11:51:33 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2011-01-08 11:51:33 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2011-01-08 11:49:56 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll

2011-01-08 11:49:56 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll

2011-01-08 11:49:55 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll

2011-01-08 11:49:55 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll

2011-01-08 11:49:26 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1918f3c01cbaf2a08\MeshBetaRemover.exe

2011-01-08 11:49:20 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\159216f01cbaf2a07\DSETUP.dll

2011-01-08 11:49:20 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\159216f01cbaf2a07\DXSETUP.exe

2011-01-08 11:49:20 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\159216f01cbaf2a07\dsetup32.dll

2011-01-08 11:49:15 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\11f31e401cbaf2a06\DSETUP.dll

2011-01-08 11:49:15 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\11f31e401cbaf2a06\DXSETUP.exe

2011-01-08 11:49:15 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\11f31e401cbaf2a06\dsetup32.dll

2011-01-03 03:24:43 -------- d-----w- C:\PROGRA~3\{23D58E70-3B83-4B83-A227-68770F84F5EC}

2011-01-03 03:23:00 -------- d---a-w- C:\swsetup

2011-01-03 03:22:56 -------- d--h--w- C:\SYSTEM.SAV

2011-01-01 16:50:31 -------- d-----w- C:\Program Files (x86)\ZoneAlarm_Security

2011-01-01 16:50:21 -------- d-----w- C:\Program Files\CheckPoint

2011-01-01 16:50:02 1238528 ----a-w- C:\Windows\SysWow64\zpeng25.dll

2011-01-01 16:50:02 -------- d-----w- C:\Windows\SysWow64\ZoneLabs

2011-01-01 16:49:57 458840 ------w- C:\Windows\System32\drivers\vsdatant.sys

2011-01-01 16:49:57 -------- d-----w- C:\Program Files (x86)\Zone Labs

2011-01-01 16:49:21 -------- d-----w- C:\PROGRA~3\CheckPoint

2010-12-30 11:57:37 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2010-12-30 11:57:37 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy

2010-12-24 02:37:06 -------- d-----w- C:\Users\greg\AppData\Local\Secunia PSI

2010-12-24 02:33:33 -------- d-----w- C:\Program Files (x86)\Secunia

==================== Find3M ====================

2010-12-28 00:23:40 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-12-09 11:17:05 673280 ----a-w- C:\Windows\is-TIFH6.exe

2010-11-13 00:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2010-11-10 08:54:18 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2010-11-10 08:28:46 301936 ----a-w- C:\Windows\WLXPGSS.SCR

2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll

2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec

2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-11-02 05:21:51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2010-11-02 05:18:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2010-11-02 05:18:59 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll

2010-11-02 05:18:58 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll

2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll

2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll

2010-11-02 05:12:53 1133568 ----a-w- C:\Windows\System32\FntCache.dll

2010-11-02 05:12:25 1540608 ----a-w- C:\Windows\System32\DWrite.dll

2010-11-02 05:12:08 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll

2010-11-02 05:12:07 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

2010-11-02 05:12:06 902656 ----a-w- C:\Windows\System32\d2d1.dll

2010-11-02 05:12:06 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe

2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe

2010-11-02 04:59:08 144384 ----a-w- C:\Windows\System32\cdd.dll

2010-11-02 04:41:36 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2010-11-02 04:41:36 283648 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2010-11-02 04:41:36 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll

2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll

2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll

2010-11-02 04:35:51 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2010-11-02 04:35:35 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2010-11-02 04:35:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2010-11-02 04:35:34 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2010-11-02 04:35:34 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe

2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe

2010-11-02 02:50:58 258048 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll

2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

============= FINISH: 6:45:44.47 ===============

Share this post


Link to post
Share on other sites

2 post , missed keeping together.

DDS (Ver_10-12-12.02) - NTFS_AMD64

Run by greg at 21:36:22.37 on Sat 01/22/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.1253 [GMT -6:00]

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files (x86)\Norton DNS\NortonDNSTray.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Norton DNS\NortonDNSSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Preton\PretonSaver\PretonClientService.exe

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Windows\system32\notepad.exe

C:\Program Files (x86)\Avant Browser\avant.exe

C:\Program Files (x86)\Avant Browser\ybrowser.exe

C:\Program Files (x86)\Avant Browser\ybrowser.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\greg\Desktop\dds.scr

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com

uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll

mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

uRun: [F.lux] "C:\Users\greg\Local Settings\Apps\F.lux\flux.exe" /noshow

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

mRun: [HP Software Update] "c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"

mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Norton DNS Tray Icon.lnk - C:\Program Files (x86)\Norton DNS\NortonDNSTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: NoResolveTrack = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} - hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB

DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} - hxxp://www.superadblocker.com/activex/sabminf.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {B9911001-CBCB-4BCD-81B0-24A4815D702C} = 198.153.192.1,198.153.194.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO-X64: ZoneAlarm Security Engine Registrar - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File

TB-X64: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File

mRun-x64: [PC-Doctor for Windows localizer] "C:\Program Files\PC-Doctor for Windows\localizer.exe"

mRun-x64: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

mRun-x64: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

mRun-x64: [PretonClient] C:\Program Files\Preton\PretonSaver\PretonClient.exe

mRun-x64: [(Default)]

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\pdja30py.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll

FF - component: C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\pdja30py.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\FFExternalAlert.dll

FF - component: C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\pdja30py.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCore.dll

FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll

FF - plugin: C:\Users\greg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Proxy Tool: proxytool@proxylist.co - %profile%\extensions\proxytool@proxylist.co

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}

FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]

R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2010-5-26 37456]

R0 ssfs0bbc;ssfs0bbc;C:\Windows\System32\drivers\ssfs0bbc.sys [2009-11-6 37488]

R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2010-5-8 48216]

R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-5-8 14720]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-1-15 273488]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]

R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2010-5-27 49752]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-1-15 20560]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-1-15 62032]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-15 40384]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-5 33528]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2010-11-5 822264]

R2 Norton DNS;Norton DNS;C:\Program Files (x86)\Norton DNS\NortonDNSSvc.exe [2010-10-13 97664]

R2 PretonClientService;PretonSaver;C:\Program Files\Preton\PretonSaver\PretonClientService.exe [2010-10-26 91136]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-30 1153368]

R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416]

R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [2009-11-6 4048240]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]

S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2010-5-8 84752]

S3 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2010-5-8 2850296]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-8 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]

S3 Paragon System Backup Service;Paragon System Backup Service;C:\Program Files (x86)\Paragon Software\System Backup 9.5\program\dbhservice.exe [2010-5-6 150096]

S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]

S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe [2010-10-3 93848]

S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2010-12-21 987704]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-8 1255736]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-9-24 306416]

S3 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [2010-9-30 1201640]

S3 ZentimoService;Zentimo Assistant;C:\Program Files (x86)\Zentimo\ZentimoService.exe [2010-12-2 524248]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2011-01-23 03:02:54 98816 ----a-w- C:\Windows\sed.exe

2011-01-23 03:02:54 89088 ----a-w- C:\Windows\MBR.exe

2011-01-23 03:02:54 256512 ----a-w- C:\Windows\PEV.exe

2011-01-23 03:02:54 161792 ----a-w- C:\Windows\SWREG.exe

2011-01-23 01:02:51 -------- d-----w- C:\Users\greg\AppData\Local\{184146E2-0D1B-4EB0-A44D-8632E59388A0}

2011-01-22 17:35:06 -------- d-----w- C:\Program Files (x86)\Norton DNS

2011-01-22 12:33:48 -------- d-----w- C:\Users\greg\AppData\Local\{16A7EB70-A058-4BA5-88DD-3F6D9BC16881}

2011-01-22 00:45:56 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{140D1CB5-3709-43C2-A8E5-325FC41EB6F9}\mpengine.dll

2011-01-22 00:33:22 -------- d-----w- C:\Users\greg\AppData\Local\{20704E36-74A2-4FDE-9288-4F2AAA7367C5}

2011-01-21 15:26:44 66552 ----a-w- C:\Windows\System32\drivers\mozy.sys

2011-01-21 15:26:43 -------- d-----w- C:\Program Files\MozyHome

2011-01-21 14:57:39 -------- d-----w- C:\Users\greg\AppData\Roaming\Auslogics

2011-01-21 10:18:29 -------- d-----w- C:\Users\greg\AppData\Local\{5C65A4DD-204E-4474-9905-32FA61133B94}

2011-01-20 14:59:22 -------- d-----w- C:\Users\greg\AppData\Local\{8D32EEDE-F06F-447B-884A-8A7C27CDBA32}

2011-01-20 11:23:51 -------- d-----w- C:\Users\greg\AppData\Local\AnVir

2011-01-20 11:15:42 7168 ----a-w- C:\Windows\SysWow64\temp.015

2011-01-20 11:15:42 172032 ----a-w- C:\Windows\SysWow64\temp.016

2011-01-20 11:15:42 1386496 ----a-w- C:\Windows\SysWow64\temp.017

2011-01-20 11:15:39 76288 ----a-w- C:\Windows\SysWow64\temp.014

2011-01-20 11:15:39 219136 ----a-w- C:\Windows\SysWow64\sqlite3_engine.dll

2011-01-20 02:58:55 -------- d-----w- C:\Users\greg\AppData\Local\{21ED94FD-5C65-45ED-B183-17A7A717284A}

2011-01-20 02:54:40 -------- d-----w- C:\Users\greg\AppData\Local\{D9C63B57-2301-43C6-AB82-C7BF08C295E2}

2011-01-19 15:05:32 -------- d-----w- C:\Users\greg\AppData\Roaming\QuickScan

2011-01-19 14:47:41 -------- d-----w- C:\Users\greg\AppData\Local\{4A00451D-BC52-4098-A128-90809030761F}

2011-01-19 12:00:08 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-19 03:35:03 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys

2011-01-19 03:35:02 -------- d-----w- C:\Program Files\Prevx

2011-01-19 03:34:40 -------- d-----w- C:\PROGRA~3\PrevxCSI

2011-01-19 02:47:16 -------- d-----w- C:\Users\greg\AppData\Local\{2C7A9B98-7444-4CB4-A82A-E51E5500A8DF}

2011-01-18 23:14:23 -------- d-----w- C:\Users\greg\AppData\Local\Preton_Ltd

2011-01-18 23:14:08 -------- d-----w- C:\Users\greg\AppData\Local\IsolatedStorage

2011-01-18 23:13:47 -------- d-----w- C:\Program Files\Preton

2011-01-18 14:47:03 -------- d-----w- C:\Users\greg\AppData\Local\{A0806E67-EDE7-4565-80F1-15F010022A63}

2011-01-18 11:38:00 -------- d-----w- C:\Users\greg\AppData\Local\360Amigo

2011-01-18 10:49:14 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-01-18 02:46:37 -------- d-----w- C:\Users\greg\AppData\Local\{9099572D-C039-48B4-B2BE-07E4FBC4A696}

2011-01-17 14:46:25 -------- d-----w- C:\Users\greg\AppData\Local\{65399AD4-91FD-4B28-9A74-0232951144AE}

2011-01-17 02:46:00 -------- d-----w- C:\Users\greg\AppData\Local\{987FACC1-2372-4E9C-8489-E56943000822}

2011-01-16 13:04:57 -------- d-----w- C:\Users\greg\AppData\Local\{3B0DA4BB-3B18-480A-A2B1-A8745B7D8194}

2011-01-16 01:04:45 -------- d-----w- C:\Users\greg\AppData\Local\{B43834A7-B7D1-4B43-9D50-C55CC3E96678}

2011-01-16 00:21:36 -------- d-----w- C:\Program Files (x86)\Software Informer

2011-01-15 21:52:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-01-15 21:47:35 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-01-15 21:09:25 -------- d-----w- C:\Malwarebytes

2011-01-15 13:04:33 -------- d-----w- C:\Users\greg\AppData\Local\{0E5EC1DD-A51E-406B-A816-2A3459F2910A}

2011-01-15 12:59:43 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-01-15 12:59:29 38848 ----a-w- C:\Windows\avastSS.scr

2011-01-15 02:47:10 17816 ----a-w- C:\PROGRA~3\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-01-15 01:10:40 -------- d--h--w- C:\Program Files (x86)\InstallJammer Registry

2011-01-15 01:10:36 -------- d-----w- C:\Program Files (x86)\GmailDefaultMaker

2011-01-15 01:04:08 -------- d-----w- C:\Users\greg\AppData\Local\{161838AA-0801-4A6A-9781-2038AF3CAA14}

2011-01-15 01:04:07 -------- d-----w- C:\Users\greg\AppData\Local\{9CBED043-0EEA-4E47-B98C-503B9B4030BC}

2011-01-14 12:17:21 -------- d-----w- C:\Users\greg\AppData\Local\{3DAA4812-E61E-4202-AA70-68CDB3F060B2}

2011-01-14 00:17:09 -------- d-----w- C:\Users\greg\AppData\Local\{F5F787D0-846F-4F20-9E5C-DE660F853897}

2011-01-13 11:52:21 -------- d-----w- C:\Users\greg\AppData\Local\{86025D2E-4BCD-4C22-8E76-5F980FF675CA}

2011-01-13 11:34:10 -------- d-----w- C:\PROGRA~3\ProcessLasso

2011-01-13 11:33:45 -------- d-----w- C:\Users\greg\AppData\Roaming\ProcessLasso

2011-01-13 11:33:44 -------- d-----w- C:\Program Files\Process Lasso

2011-01-12 23:51:56 -------- d-----w- C:\Users\greg\AppData\Local\{29CF5BC7-EE78-4A61-A0E2-CB9F32756217}

2011-01-12 12:07:25 -------- d-----w- C:\Program Files (x86)\Wise Registry Cleaner

2011-01-12 11:51:39 -------- d-----w- C:\Users\greg\AppData\Local\{F5138517-1927-42EF-8D06-A80B860CA272}

2011-01-11 23:51:27 -------- d-----w- C:\Users\greg\AppData\Local\{698B50E2-EB78-4C0E-803F-83C38A117822}

2011-01-11 11:51:02 -------- d-----w- C:\Users\greg\AppData\Local\{7CC6C46E-32BE-45FF-9311-80590403BA84}

2011-01-10 23:50:38 -------- d-----w- C:\Users\greg\AppData\Local\{9A5A81ED-421D-4E38-9B86-6A358C55B6AA}

2011-01-10 12:01:45 -------- d-----w- C:\Program Files (x86)\WinUtilities

2011-01-10 11:02:27 -------- d-----w- C:\Users\greg\AppData\Local\{FDCFB807-0AC5-43E0-B920-67F9D536979C}

2011-01-09 21:34:48 -------- d-----w- C:\Users\greg\AppData\Local\{226A08D2-6EF9-43CE-9F52-FAAC7752C6DB}

2011-01-09 15:00:28 -------- d-----w- C:\Users\greg\AppData\Local\{19DFAAF0-2D37-4B3B-AD13-7F5053FB04DB}

2011-01-08 14:32:44 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-01-08 12:28:45 -------- d-----w- C:\Users\greg\AppData\Local\{3740FA85-5582-4B52-9438-9CB15CDFD976}

2011-01-08 12:01:47 -------- d-----w- C:\Windows\en

2011-01-08 11:57:50 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2011-01-08 11:53:20 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys

2011-01-08 11:51:37 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2011-01-08 11:51:37 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2011-01-08 11:51:33 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2011-01-08 11:51:33 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2011-01-08 11:49:56 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll

2011-01-08 11:49:56 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll

2011-01-08 11:49:55 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll

2011-01-08 11:49:55 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll

2011-01-08 11:49:26 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1918f3c01cbaf2a08\MeshBetaRemover.exe

2011-01-08 11:49:20 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\159216f01cbaf2a07\DSETUP.dll

2011-01-08 11:49:20 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\159216f01cbaf2a07\DXSETUP.exe

2011-01-08 11:49:20 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\159216f01cbaf2a07\dsetup32.dll

2011-01-08 11:49:15 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\11f31e401cbaf2a06\DSETUP.dll

2011-01-08 11:49:15 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\11f31e401cbaf2a06\DXSETUP.exe

2011-01-08 11:49:15 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\11f31e401cbaf2a06\dsetup32.dll

2011-01-03 03:24:43 -------- d-----w- C:\PROGRA~3\{23D58E70-3B83-4B83-A227-68770F84F5EC}

2011-01-03 03:23:00 -------- d---a-w- C:\swsetup

2011-01-03 03:22:56 -------- d-----w- C:\SYSTEM.SAV

2011-01-01 16:50:31 -------- d-----w- C:\Program Files (x86)\ZoneAlarm_Security

2011-01-01 16:50:21 -------- d-----w- C:\Program Files\CheckPoint

2011-01-01 16:50:02 1238528 ----a-w- C:\Windows\SysWow64\zpeng25.dll

2011-01-01 16:50:02 -------- d-----w- C:\Windows\SysWow64\ZoneLabs

2011-01-01 16:49:57 458840 ------w- C:\Windows\System32\drivers\vsdatant.sys

2011-01-01 16:49:57 -------- d-----w- C:\Program Files (x86)\Zone Labs

2011-01-01 16:49:21 -------- d-----w- C:\PROGRA~3\CheckPoint

2010-12-30 11:57:37 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2010-12-30 11:57:37 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy

==================== Find3M ====================

2010-12-28 00:23:40 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-12-09 11:17:05 673280 ----a-w- C:\Windows\is-TIFH6.exe

2010-11-13 00:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2010-11-10 08:54:18 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2010-11-10 08:28:46 301936 ----a-w- C:\Windows\WLXPGSS.SCR

2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll

2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec

2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-11-02 05:21:51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2010-11-02 05:18:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2010-11-02 05:18:59 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll

2010-11-02 05:18:58 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll

2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll

2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll

2010-11-02 05:12:53 1133568 ----a-w- C:\Windows\System32\FntCache.dll

2010-11-02 05:12:25 1540608 ----a-w- C:\Windows\System32\DWrite.dll

2010-11-02 05:12:08 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll

2010-11-02 05:12:07 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

2010-11-02 05:12:06 902656 ----a-w- C:\Windows\System32\d2d1.dll

2010-11-02 05:12:06 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe

2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe

2010-11-02 04:59:08 144384 ----a-w- C:\Windows\System32\cdd.dll

2010-11-02 04:41:36 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2010-11-02 04:41:36 283648 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2010-11-02 04:41:36 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll

2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll

2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll

2010-11-02 04:35:51 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2010-11-02 04:35:35 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2010-11-02 04:35:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2010-11-02 04:35:34 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2010-11-02 04:35:34 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe

2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe

2010-11-02 02:50:58 258048 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll

2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

============= FINISH: 21:37:53.06 ===============

Share this post


Link to post
Share on other sites

omboFix 11-01-22.02 - greg 01/22/2011 21:05:11.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.1618 [GMT -6:00]

Running from: c:\users\greg\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Install.exe

c:\users\greg\GoToAssistDownloadHelper.exe

c:\windows\system32\Ijl11.dll

c:\windows\SysWow64\Ijl11.dll

.

((((((((((((((((((((((((( Files Created from 2010-12-23 to 2011-01-23 )))))))))))))))))))))))))))))))

.

2011-01-23 03:25 . 2011-01-23 03:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-23 01:02 . 2011-01-23 01:03 -------- d-----w- c:\users\greg\AppData\Local\{184146E2-0D1B-4EB0-A44D-8632E59388A0}

2011-01-22 17:35 . 2011-01-22 17:35 -------- d-----w- c:\program files (x86)\Norton DNS

2011-01-22 12:33 . 2011-01-22 12:33 -------- d-----w- c:\users\greg\AppData\Local\{16A7EB70-A058-4BA5-88DD-3F6D9BC16881}

2011-01-22 00:45 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{140D1CB5-3709-43C2-A8E5-325FC41EB6F9}\mpengine.dll

2011-01-22 00:33 . 2011-01-22 00:33 -------- d-----w- c:\users\greg\AppData\Local\{20704E36-74A2-4FDE-9288-4F2AAA7367C5}

2011-01-21 15:26 . 2010-11-08 22:06 66552 ----a-w- c:\windows\system32\drivers\mozy.sys

2011-01-21 15:26 . 2011-01-21 15:26 -------- d-----w- c:\program files\MozyHome

2011-01-21 14:57 . 2011-01-21 14:57 -------- d-----w- c:\users\greg\AppData\Roaming\Auslogics

2011-01-21 10:18 . 2011-01-21 10:18 -------- d-----w- c:\users\greg\AppData\Local\{5C65A4DD-204E-4474-9905-32FA61133B94}

2011-01-20 14:59 . 2011-01-20 14:59 -------- d-----w- c:\users\greg\AppData\Local\{8D32EEDE-F06F-447B-884A-8A7C27CDBA32}

2011-01-20 11:23 . 2011-01-20 11:24 -------- d-----w- c:\users\greg\AppData\Local\AnVir

2011-01-20 11:15 . 2009-07-14 10:15 1386496 ----a-w- c:\windows\SysWow64\temp.017

2011-01-20 11:15 . 2008-05-10 06:53 172032 ----a-w- c:\windows\SysWow64\temp.016

2011-01-20 11:15 . 2003-04-01 07:00 7168 ----a-w- c:\windows\SysWow64\temp.015

2011-01-20 11:15 . 2008-04-14 19:12 76288 ----a-w- c:\windows\SysWow64\temp.014

2011-01-20 11:15 . 2007-06-18 23:57 219136 ----a-w- c:\windows\SysWow64\sqlite3_engine.dll

2011-01-20 02:58 . 2011-01-20 02:59 -------- d-----w- c:\users\greg\AppData\Local\{21ED94FD-5C65-45ED-B183-17A7A717284A}

2011-01-20 02:54 . 2011-01-20 02:54 -------- d-----w- c:\users\greg\AppData\Local\{D9C63B57-2301-43C6-AB82-C7BF08C295E2}

2011-01-19 15:05 . 2011-01-19 15:05 -------- d-----w- c:\users\greg\AppData\Roaming\QuickScan

2011-01-19 14:47 . 2011-01-19 14:47 -------- d-----w- c:\users\greg\AppData\Local\{4A00451D-BC52-4098-A128-90809030761F}

2011-01-19 12:00 . 2010-12-21 00:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-19 03:35 . 2011-01-19 03:35 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys

2011-01-19 03:35 . 2011-01-19 03:35 -------- d-----w- c:\program files\Prevx

2011-01-19 03:34 . 2011-01-19 11:30 -------- d-----w- c:\programdata\PrevxCSI

2011-01-19 02:47 . 2011-01-19 02:47 -------- d-----w- c:\users\greg\AppData\Local\{2C7A9B98-7444-4CB4-A82A-E51E5500A8DF}

2011-01-18 23:14 . 2011-01-22 12:27 -------- d-----w- c:\users\greg\AppData\Local\Preton_Ltd

2011-01-18 23:14 . 2011-01-18 23:14 -------- d-----w- c:\users\greg\AppData\Local\IsolatedStorage

2011-01-18 23:13 . 2011-01-18 23:13 -------- d-----w- c:\program files\Preton

2011-01-18 14:47 . 2011-01-18 14:47 -------- d-----w- c:\users\greg\AppData\Local\{A0806E67-EDE7-4565-80F1-15F010022A63}

2011-01-18 11:38 . 2011-01-20 00:29 -------- d-----w- c:\users\greg\AppData\Local\360Amigo

2011-01-18 02:46 . 2011-01-18 02:46 -------- d-----w- c:\users\greg\AppData\Local\{9099572D-C039-48B4-B2BE-07E4FBC4A696}

2011-01-17 14:46 . 2011-01-17 14:46 -------- d-----w- c:\users\greg\AppData\Local\{65399AD4-91FD-4B28-9A74-0232951144AE}

2011-01-17 02:46 . 2011-01-17 02:46 -------- d-----w- c:\users\greg\AppData\Local\{987FACC1-2372-4E9C-8489-E56943000822}

2011-01-16 13:04 . 2011-01-16 13:05 -------- d-----w- c:\users\greg\AppData\Local\{3B0DA4BB-3B18-480A-A2B1-A8745B7D8194}

2011-01-16 01:04 . 2011-01-16 01:04 -------- d-----w- c:\users\greg\AppData\Local\{B43834A7-B7D1-4B43-9D50-C55CC3E96678}

2011-01-16 00:21 . 2011-01-16 00:21 -------- d-----w- c:\program files (x86)\Software Informer

2011-01-15 21:52 . 2011-01-19 12:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-01-15 21:47 . 2011-01-15 21:47 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-01-15 21:09 . 2011-01-15 21:10 -------- d-----w- C:\Malwarebytes

2011-01-15 13:04 . 2011-01-15 13:04 -------- d-----w- c:\users\greg\AppData\Local\{0E5EC1DD-A51E-406B-A816-2A3459F2910A}

2011-01-15 12:59 . 2011-01-13 08:37 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-01-15 12:59 . 2011-01-13 08:41 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-01-15 12:59 . 2011-01-13 08:40 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-01-15 12:59 . 2011-01-13 08:37 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-01-15 12:59 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe

2011-01-15 12:59 . 2011-01-13 08:37 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-01-15 12:59 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr

2011-01-15 12:59 . 2011-01-13 08:47 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-01-15 12:59 . 2011-01-15 12:59 -------- d-----w- c:\program files\Alwil Software

2011-01-15 02:47 . 2011-01-15 02:47 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-01-15 01:10 . 2011-01-15 01:10 -------- d--h--w- c:\program files (x86)\InstallJammer Registry

2011-01-15 01:10 . 2011-01-15 12:51 -------- d-----w- c:\program files (x86)\GmailDefaultMaker

2011-01-15 01:04 . 2011-01-15 01:09 -------- d-----w- c:\users\greg\AppData\Local\{161838AA-0801-4A6A-9781-2038AF3CAA14}

2011-01-15 01:04 . 2011-01-15 01:04 -------- d-----w- c:\users\greg\AppData\Local\{9CBED043-0EEA-4E47-B98C-503B9B4030BC}

2011-01-14 12:17 . 2011-01-14 12:17 -------- d-----w- c:\users\greg\AppData\Local\{3DAA4812-E61E-4202-AA70-68CDB3F060B2}

2011-01-14 00:17 . 2011-01-14 00:17 -------- d-----w- c:\users\greg\AppData\Local\{F5F787D0-846F-4F20-9E5C-DE660F853897}

2011-01-13 11:52 . 2011-01-13 11:52 -------- d-----w- c:\users\greg\AppData\Local\{86025D2E-4BCD-4C22-8E76-5F980FF675CA}

2011-01-13 11:34 . 2011-01-13 11:34 -------- d-----w- c:\programdata\ProcessLasso

2011-01-13 11:33 . 2011-01-15 12:51 -------- d-----w- c:\users\greg\AppData\Roaming\ProcessLasso

2011-01-13 11:33 . 2011-01-15 12:51 -------- d-----w- c:\program files\Process Lasso

2011-01-12 23:51 . 2011-01-12 23:52 -------- d-----w- c:\users\greg\AppData\Local\{29CF5BC7-EE78-4A61-A0E2-CB9F32756217}

2011-01-12 12:07 . 2011-01-15 12:51 -------- d-----w- c:\program files (x86)\Wise Registry Cleaner

2011-01-12 11:51 . 2011-01-12 11:51 -------- d-----w- c:\users\greg\AppData\Local\{F5138517-1927-42EF-8D06-A80B860CA272}

2011-01-11 23:51 . 2011-01-11 23:51 -------- d-----w- c:\users\greg\AppData\Local\{698B50E2-EB78-4C0E-803F-83C38A117822}

2011-01-11 11:51 . 2011-01-11 11:51 -------- d-----w- c:\users\greg\AppData\Local\{7CC6C46E-32BE-45FF-9311-80590403BA84}

2011-01-10 23:50 . 2011-01-10 23:50 -------- d-----w- c:\users\greg\AppData\Local\{9A5A81ED-421D-4E38-9B86-6A358C55B6AA}

2011-01-10 12:01 . 2011-01-10 12:15 -------- d-----w- c:\program files (x86)\WinUtilities

2011-01-10 11:02 . 2011-01-10 11:02 -------- d-----w- c:\users\greg\AppData\Local\{FDCFB807-0AC5-43E0-B920-67F9D536979C}

2011-01-10 00:36 . 2011-01-10 03:14 -------- d-----w- c:\program files (x86)\Windows Live Safety Center

2011-01-09 21:34 . 2011-01-09 21:35 -------- d-----w- c:\users\greg\AppData\Local\{226A08D2-6EF9-43CE-9F52-FAAC7752C6DB}

2011-01-09 15:00 . 2011-01-09 15:00 -------- d-----w- c:\users\greg\AppData\Local\{19DFAAF0-2D37-4B3B-AD13-7F5053FB04DB}

2011-01-08 14:32 . 2011-01-08 14:32 -------- d-----w- c:\program files (x86)\Trend Micro

2011-01-08 12:28 . 2011-01-08 12:28 -------- d-----w- c:\users\greg\AppData\Local\{3740FA85-5582-4B52-9438-9CB15CDFD976}

2011-01-08 12:01 . 2011-01-08 12:01 -------- d-----w- c:\windows\en

2011-01-08 11:57 . 2011-01-08 11:57 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2011-01-08 11:53 . 2010-09-23 06:36 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2011-01-08 11:52 . 2011-01-08 11:53 -------- d-----w- c:\program files\Windows Live

2011-01-08 11:51 . 2009-09-04 23:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll

2011-01-08 11:51 . 2009-09-04 23:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll

2011-01-08 11:51 . 2009-09-04 23:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2011-01-08 11:51 . 2009-09-04 23:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-01-08 11:49 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2011-01-08 11:49 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll

2011-01-08 11:49 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll

2011-01-08 11:49 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll

2011-01-08 11:49 . 2011-01-08 11:49 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1918f3c01cbaf2a08\MeshBetaRemover.exe

2011-01-08 11:49 . 2011-01-08 11:49 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\159216f01cbaf2a07\DSETUP.dll

2011-01-08 11:49 . 2011-01-08 11:49 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\159216f01cbaf2a07\DXSETUP.exe

2011-01-08 11:49 . 2011-01-08 11:49 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\159216f01cbaf2a07\dsetup32.dll

2011-01-08 11:49 . 2011-01-08 11:49 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\11f31e401cbaf2a06\DSETUP.dll

2011-01-08 11:49 . 2011-01-08 11:49 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\11f31e401cbaf2a06\DXSETUP.exe

2011-01-08 11:49 . 2011-01-08 11:49 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\11f31e401cbaf2a06\dsetup32.dll

2011-01-03 03:24 . 2011-01-15 02:08 -------- d-----w- c:\programdata\{23D58E70-3B83-4B83-A227-68770F84F5EC}

2011-01-03 03:23 . 2011-01-03 03:23 -------- d---a-w- C:\swsetup

2011-01-03 03:22 . 2011-01-03 03:23 -------- d-----w- C:\SYSTEM.SAV

2011-01-01 16:50 . 2011-01-01 16:50 -------- d-----w- c:\program files (x86)\ZoneAlarm_Security

2011-01-01 16:50 . 2011-01-01 16:50 -------- d-----w- c:\program files\CheckPoint

2011-01-01 16:50 . 2010-11-16 23:45 69120 ----a-w- c:\windows\SysWow64\zlcomm.dll

2011-01-01 16:50 . 2010-11-16 23:45 104448 ----a-w- c:\windows\SysWow64\zlcommdb.dll

2011-01-01 16:50 . 2011-01-01 16:51 -------- d-----w- c:\windows\SysWow64\ZoneLabs

2011-01-01 16:50 . 2010-11-16 23:45 1238528 ----a-w- c:\windows\SysWow64\zpeng25.dll

2011-01-01 16:49 . 2011-01-01 16:49 -------- d-----w- c:\program files (x86)\Zone Labs

2011-01-01 16:49 . 2010-05-15 22:30 458840 ------w- c:\windows\system32\drivers\vsdatant.sys

2011-01-01 16:49 . 2011-01-01 16:49 -------- d-----w- c:\programdata\CheckPoint

2010-12-30 11:57 . 2011-01-21 00:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2010-12-30 11:57 . 2010-12-30 12:01 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-28 00:23 . 2010-05-27 09:49 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-12-21 00:08 . 2010-05-08 01:13 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-09 11:17 . 2010-12-09 11:17 673280 ----a-w- c:\windows\is-TIFH6.exe

2010-11-13 00:53 . 2010-05-09 10:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2010-11-10 08:54 . 2010-11-10 08:54 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2010-11-10 08:28 . 2010-11-10 08:28 301936 ----a-w- c:\windows\WLXPGSS.SCR

2010-11-04 06:35 . 2010-12-15 11:47 1194496 ----a-w- c:\windows\system32\wininet.dll

2010-11-04 06:31 . 2010-12-15 11:47 57856 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-04 05:52 . 2010-12-15 11:47 978944 ----a-w- c:\windows\SysWow64\wininet.dll

2010-11-04 05:48 . 2010-12-15 11:47 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2010-11-04 05:16 . 2010-12-15 11:47 482816 ----a-w- c:\windows\system32\html.iec

2010-11-04 04:41 . 2010-12-15 11:47 386048 ----a-w- c:\windows\SysWow64\html.iec

2010-11-04 04:35 . 2010-12-15 11:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-04 04:08 . 2010-12-15 11:47 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2010-11-02 05:18 . 2010-12-15 11:47 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-02 05:17 . 2010-12-15 11:47 473600 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-02 05:17 . 2010-12-15 11:47 1169408 ----a-w- c:\windows\system32\taskschd.dll

2010-11-02 05:16 . 2010-12-15 11:47 1114624 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-02 05:10 . 2010-12-15 11:47 464384 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 05:10 . 2010-12-15 11:47 285696 ----a-w- c:\windows\system32\schtasks.exe

2010-11-02 04:40 . 2010-12-15 11:47 496128 ----a-w- c:\windows\SysWow64\taskschd.dll

2010-11-02 04:40 . 2010-12-15 11:47 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll

2010-11-02 04:34 . 2010-12-15 11:47 192000 ----a-w- c:\windows\SysWow64\taskeng.exe

2010-11-02 04:34 . 2010-12-15 11:47 179712 ----a-w- c:\windows\SysWow64\schtasks.exe

2010-10-27 05:06 . 2010-12-15 11:47 2048 ----a-w- c:\windows\system32\tzres.dll

2010-10-27 04:32 . 2010-12-15 11:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

2010-12-01 17:27 2735200 ----a-w- c:\program files (x86)\ZoneAlarm_Security\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"F.lux"="c:\users\greg\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-12-26 160328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Norton DNS Tray Icon.lnk - c:\program files (x86)\Norton DNS\NortonDNSTray.exe [2010-10-13 75136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

"ForceActiveDesktopOn"= 0 (0x0)

"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk \0sasnative64

SetupExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

@="Service"

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe"

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe"

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"a-squared"="c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2guard.exe" /d=60

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]

R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2010-10-02 84752]

R3 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-01-16 2850296]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 Paragon System Backup Service;Paragon System Backup Service;c:\program files (x86)\Paragon Software\System Backup 9.5\program\dbhservice.exe [2010-05-06 150096]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]

R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe [2009-08-10 93848]

R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2010-12-21 987704]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-08 1255736]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]

R3 WRConsumerService;Webroot Client Service;c:\program files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [2010-09-30 1201640]

R3 ZentimoService;Zentimo Assistant;c:\program files (x86)\Zentimo\ZentimoService.exe [2010-10-28 524248]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 27216]

S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-05-06 37456]

S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-11-06 37488]

S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2010-10-02 48216]

S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-08 14720]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-12-28 49752]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]

S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-05 33528]

S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-11-05 822264]

S2 Norton DNS;Norton DNS;c:\program files (x86)\Norton DNS\NortonDNSSvc.exe [2010-10-13 97664]

S2 PretonClientService;PretonSaver;c:\program files\Preton\PretonSaver\PretonClientService.exe [2010-10-26 91136]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 51600]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2011-01-16 c:\windows\Tasks\Advanced System Protector.job

- c:\program files (x86)\Systweak\Advanced System Protector\RunSchedule.exe [2010-05-08 00:38]

2011-01-23 c:\windows\Tasks\AWC Update.job

- c:\program files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-05-10 21:24]

2011-01-22 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2010-05-09 20:13]

2011-01-23 c:\windows\Tasks\Google Software Updater.job

- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-12-01 02:55]

2011-01-03 c:\windows\Tasks\HPCeeScheduleForgreg.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]

2010-12-31 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]

.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]

2010-11-08 22:06 4345144 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]

2010-11-08 22:06 4345144 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]

"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-11-05 1123320]

"PretonClient"="c:\program files\Preton\PretonSaver\PretonClient.exe" [2010-10-25 2577920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.msn.com

IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

TCP: {B9911001-CBCB-4BCD-81B0-24A4815D702C} = 198.153.192.1,198.153.194.1

DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} - hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB

DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} - hxxp://www.superadblocker.com/activex/sabminf.cab

FF - ProfilePath - c:\users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\pdja30py.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Proxy Tool: proxytool@proxylist.co - %profile%\extensions\proxytool@proxylist.co

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}

FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files (x86)\Siber Systems\AI RoboForm\Firefox

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

Toolbar-Locked - (no file)

WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)

HKLM-Run-(Default) - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-01-22 21:31:17

ComboFix-quarantined-files.txt 2011-01-23 03:31

Pre-Run: 424,451,665,920 bytes free

Post-Run: 424,588,173,312 bytes free

- - End Of File - - F6A6C16C7DB99C22E7CA5A664A5F1A9F

Share this post


Link to post
Share on other sites

these items are hidden and found in trusted sites by another prog. I do remove but come back on there own. also spywareblaster by javacool gets 13 sites unenabled when I check it after finding these sites and removing them. not sure if will help you but on comp this boot up.

IE - Trusted Sites]

[people.1gb.ru]

Items=people.1gb.ru

Description=

Publisher=

Path=people.1gb.ru

[dialer.cjb.net]

Items=dialer.cjb.net

Description=

Publisher=

Path=dialer.cjb.net

[fastmp3search.com.ar]

Items=fastmp3search.com.ar

Description=

Publisher=

Path=fastmp3search.com.ar

[direct.data-line.us]

Items=direct.data-line.us

Description=

Publisher=

Path=direct.data-line.us

[getflash.hostzi.com]

Items=getflash.hostzi.com

Description=

Publisher=

Path=getflash.hostzi.com

[regi.lolso.com]

Items=regi.lolso.com

Description=

Publisher=

Path=regi.lolso.com

[karleyt.narod.ru]

Items=karleyt.narod.ru

Description=

Publisher=

Path=karleyt.narod.ru

[toolbar.push.com]

Items=toolbar.push.com

Description=

Publisher=

Path=toolbar.push.com

[search.scourweb.net]

Items=search.scourweb.net

Description=

Publisher=

Path=search.scourweb.net

[dewis.spb.ru]

Items=dewis.spb.ru

Description=

Publisher=

Path=dewis.spb.ru

[cehjbiladg.stlouismoonline.com]

Items=cehjbiladg.stlouismoonline.com

Description=

Publisher=

Path=cehjbiladg.stlouismoonline.com

[ads.tucows.com]

Items=ads.tucows.com

Description=

Publisher=

Path=ads.tucows.com

[searchmeta.webhost.ru]

Items=searchmeta.webhost.ru

Description=

Publisher=

Path=searchmeta.webhost.ru

Share this post


Link to post
Share on other sites

Hi,

these items are hidden and found in trusted sites by another prog.
By which program?
not sure if will help you but on comp this boot up.
What do you mean by this? Take a screenshot of what you see and post it here.

Share this post


Link to post
Share on other sites

hi,

Amigo 360 list them in system optimizer , startup services. trusted sites. only place can see them. not in the normal trusted sites.

That is what I meant , they came back after combofix ran. I manuallly delete and come back.

also just ran Advanced system protector and it came back with alot more . ziped the file. mbam and superantispyware do not show these items.

have not deleted the trusted sites found waiting to see if it can help you.

snap shot of the amigo 360 page.

thanks.

asp124.zip

post-24007-1295916185_thumb.png

Share this post


Link to post
Share on other sites

have a home network and these 13 startup items are also found on my vista desktop and on the laptop w7 that is used wireless. also ran asp and find the roque 2006 on them too. have disconnected the cable to desktop to keep more malware getting on it. the spywareblaster program doesnt show not protected till I remove the 13 trusted sites then it changes to 13 items not enabled/protected. been doing that for a week now since I found malware and trusted sites coming back .

THe zip file shows the 2006 roq malware and the rest have never seen till today. will have to wait to see if they come back after reboot.

greg

Share this post


Link to post
Share on other sites

avast found these 2 items, win32:vitro was found on boot scan on 1/18. picture attached. other must of been regular scan on 1/22

post-24007-1295923433_thumb.png

Share this post


Link to post
Share on other sites

Hi,

I would not recommend keeping 360Amigo and Advanced System Protector. It looks like they are giving false reports to scare you into purchasing whatever they offer. You can't find their detections because they don't really exist. I suggest uninstalling them as soon as possible.

Regarding the avast detection, can you expand the "Original Location" section so I can see exactly what is being detected?

Share this post


Link to post
Share on other sites

Not sure how to expand avast, opend chest and this info is all it shows. amigo 360 is free but I have the pro version from a giveaway. the asp is free and with no nag screens to buy the pro version with shields. but it does seem to fiind false pos as you mention. there support said run a hijack this scan and then told me spywareblaster was needing uninstalled to remove sites found in roq 2006 placed in the p3p history area by spywareblaster to block the bad sites. didnt believe them passed on removal. Never try to sell up. but only program that is saying roq 2006 on comp.

Let me know how to expand avast. can rt click and show properties but same info on line. wouldnt take pic of the pop up info.

360 is a cleaner program with no malware removal .

Share this post


Link to post
Share on other sites

Advanced System Protector

Just looked up at download.com and had a 4 star rating and very good reviews from users. My comp does run very fast and no pop ups so wondering if the asp was giving false pos on the roq 2006 find. It does seem to find it on all my comp.

Share this post


Link to post
Share on other sites

Regarding avast, looking at in the screenshot above, just click and drag the vertical line that looks like a | to the right of "Original Location" and directly left of "Last Changed" and drag it to the right so I can see the full path.

Ah I see what the issue is. There is a false positive by ASP; it's detecting SpywareBlaster's database as malicious. SpywareBlaster has been around for many years and I would recommend urging them to fix it. In the meantime, feel free to ignore the detection. ;)

Share this post


Link to post
Share on other sites

thanks, I will ask asp to fix or look into ,

here is expanded picture of avast. the auslogic boostspeed special edition I did get free download and have since uninstalled it since found virus.

post-24007-1296035167_thumb.png

Share this post


Link to post
Share on other sites

zonealarm showed these logs today. still seeing the trusted sites items come back after removing..

post-24007-1296055840_thumb.png

Share this post


Link to post
Share on other sites

I have uninstalled spywareblaster and that did remove the false pos for roq 2006. also did same for hidden trusted files in 360 prog. so that was issue in both . will reinstall see if comes back in few days. asp replied saying not false pos. it is way blaster works...

no infections found by mb or any prog I have. computer could be fixed.

Share this post


Link to post
Share on other sites

Things look good from here. Everything now look like false positives from ASP and 360..

Anything else I can help with?

Share this post


Link to post
Share on other sites

No, believe can close out.. ran all scan again and no problems. all three comp resolved.

thanks for all your time reviewing of my scans and support for mb products.

gb

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.