Jump to content

Recommended Posts

I was infected with the antivirus2010 malware from a website, after about a week of running anti-malware and spybot, antivurs ect... i can finally open the desktop without popups, but i still have redirecting when clicking on google links.

I attached the GMER scan without scanning files, as i have tried to do so every day for 5 days and it will freeze the computer each and every time.

Please help.

DDS (Ver_09-06-26.01) - NTFSx86

Run by Nick at 15:15:25.95 on Wed 02/10/2010

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.779 [GMT -7:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Cyclope Server\CyclopeServer.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\srvany.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\pvsw\bin\w3dbsmgr.exe

C:\WINDOWS\Explorer.EXE

c:\program files\common files\protexis\license service\psiservice_2.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\Dit.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Sage Software\Peachtree\peachw.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Malwarebytes' Anti-Malware\malscan.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Nick\Desktop\cwcb0ws5.exe

C:\Documents and Settings\Nick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll

BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Burn4Free Toolbar Helper: {d187a56b-a33f-4cbe-9d77-459fc0bae012} - c:\program files\burn4free toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: Burn4Free Toolbar: {4f11acbb-393f-4c86-a214-ff3d0d155cc3} - c:\program files\burn4free toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

TB: {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [RIMDeviceManager] "c:\program files\common files\research in motion\rimdevicemanager\RIMDeviceManager.exe" -RunServer

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [systemRestore] c:\windows\system32\rundll32.exe c:\windows\sysrestore\SystemRestore.dll rdl

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [PeachtreePrefetcher.exe] "c:\progra~1\sageso~1\peacht~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [Dit] Dit.exe

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"

mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"

mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload

mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digidoc.lnk - c:\progra~1\founder\mobile~1\DigiDoc.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe

mPolicies-system: EnableLUA = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll

IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

Trusted Zone: ameritrade.com

Trusted Zone: ameritrade.com\wwws

Trusted Zone: buy-internetsecurity10.com

Trusted Zone: buy-is2010.com

Trusted Zone: grimyglendale.com\www

Trusted Zone: is-software-download.com

Trusted Zone: is-software-download25.com

Trusted Zone: is10-soft-download.com

Trusted Zone: nxcore.net\bar1

Trusted Zone: nxcore.net\bar2

Trusted Zone: streamer.com

Trusted Zone: streamer.com\ameritrade01

Trusted Zone: streamer.com\ameritrade02

Trusted Zone: streamer.com\ameritrade03

Trusted Zone: streamer.com\ameritrade04

Trusted Zone: tdameritrade.com\apis

Trusted Zone: buy-internetsecurity10.com

Trusted Zone: buy-is2010.com

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176756738906

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E3CF5F1B-C29E-4D21-B695-E1B0E1CB6EC9} - hxxp://192.168.1.64/codebase/NewHCNetActiveX.cab

TCP: {4128E57F-CEB2-4BD4-AFC1-0FB1A20A4493} = 204.130.255.3,209.63.0.6

Handler: ActLink - {2A0C35F4-82A3-4C80-919D-7879FEE79DF6} - c:\progra~1\act\actfor~2\plugins\actlink.dll

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nick\applic~1\mozilla\firefox\profiles\iksu3nxf.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: XULRunner: {4B7860A0-8F35-4AAF-A227-89B4D0F352F1} - c:\documents and settings\nick\local settings\application data\{4B7860A0-8F35-4AAF-A227-89B4D0F352F1}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1");

c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-4 64288]

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2006-11-30 16640]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-29 163280]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-29 19024]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-4 40384]

R2 CyclopeServer;CyclopeServer;c:\program files\cyclope server\CyclopeServer.exe [2007-2-21 155648]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-6-13 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-13 47640]

R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]

R2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [2007-3-30 8192]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-25 24652]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-4 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-4 40384]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-2-4 38224]

S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-9-28 272128]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-02-10 14:56 15,944 a------- c:\windows\system32\drivers\hitmanpro35.sys

2010-02-10 14:56 <DIR> --d----- c:\program files\Hitman Pro 3.5

2010-02-10 14:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Hitman Pro

2010-02-09 15:04 <DIR> --d----- c:\docume~1\nick\applic~1\Office Genuine Advantage

2010-02-09 12:42 89 a------- c:\windows\wininit.ini

2010-02-05 10:54 15,880 a------- c:\windows\system32\lsdelete.exe

2010-02-04 18:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Alwil Software

2010-02-04 17:44 <DIR> --d----- c:\docume~1\nick\applic~1\Malwarebytes

2010-02-04 17:33 0 a------- c:\documents and settings\nick\settings.dat

2010-02-04 17:33 0 a------- c:\windows\system32\15131.exe

2010-02-04 17:13 0 a------- c:\windows\Pvizaneya.bin

2010-02-04 17:13 120 a------- c:\windows\Bguyakiheva.dat

2010-02-04 16:11 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-04 16:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-02-04 16:11 19,160 a------- c:\windows\system32\drivers\mbam.sys

2010-02-04 16:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2010-02-04 15:59 64,288 a------- c:\windows\system32\drivers\Lbd.sys

2010-02-04 15:51 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

2010-01-24 15:56 <DIR> --d----- c:\program files\thinkTDA

2010-01-12 23:12 471,552 -c------ c:\windows\system32\dllcache\aclayers.dll

2010-01-12 16:03 <DIR> --d----- c:\docume~1\nick\applic~1\Paltalk

==================== Find3M ====================

2010-02-10 14:12 848 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys

2010-02-10 09:32 256 a------- c:\documents and settings\nick\pool.bin

2010-01-05 03:00 832,512 a------- c:\windows\system32\wininet.dll

2010-01-05 03:00 78,336 a------- c:\windows\system32\ieencode.dll

2010-01-05 03:00 17,408 a------- c:\windows\system32\corpol.dll

2009-12-31 09:50 353,792 a------- c:\windows\system32\drivers\srv.sys

2009-12-17 17:14 411,368 a------- c:\windows\system32\deploytk.dll

2009-12-16 11:43 343,040 a------- c:\windows\system32\mspaint.exe

2009-12-14 00:08 33,280 a------- c:\windows\system32\csrsrv.dll

2009-12-08 12:26 2,145,280 a------- c:\windows\system32\ntoskrnl.exe

2009-12-08 11:43 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe

2009-11-27 10:11 1,291,776 a------- c:\windows\system32\quartz.dll

2009-11-27 10:11 17,920 a------- c:\windows\system32\msyuv.dll

2009-11-27 09:07 28,672 a------- c:\windows\system32\msvidc32.dll

2009-11-27 09:07 8,704 a------- c:\windows\system32\tsbyuv.dll

2009-11-27 09:07 84,992 a------- c:\windows\system32\avifil32.dll

2009-11-27 09:07 48,128 a------- c:\windows\system32\iyuv_32.dll

2009-11-27 09:07 11,264 a------- c:\windows\system32\msrle32.dll

2009-11-21 08:51 471,552 a------- c:\windows\apppatch\aclayers.dll

2009-11-13 17:27 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll

2009-11-13 17:27 87,352 a------- c:\windows\system32\LMIinit.dll

2009-11-13 17:27 28,984 a------- c:\windows\system32\LMIport.dll

2009-11-13 17:27 25,248 a------- c:\windows\system32\LMImirr.dll

2009-11-13 17:27 11,552 a------- c:\windows\system32\LMImirr2.dll

2009-09-28 12:29 70,984 a------- c:\documents and settings\nick\g2mdlhlpx.exe

2008-07-03 15:07 88 ---shr-- c:\docume~1\alluse~1\applic~1\791F852D7E.sys

2007-07-20 16:29 60,968 a------- c:\documents and settings\nick\GoToAssistDownloadHelper.exe

2007-04-03 10:47 28,656 a------- c:\docume~1\nick\applic~1\GDIPFONTCACHEV1.DAT

2007-02-28 11:59 630,784 a------- c:\documents and settings\nick\GoToAssist_chat2way__317_en.exe

2006-11-30 18:35 630,784 a------- c:\documents and settings\nick\chatlnk.exe

============= FINISH: 15:16:28.68 ===============

ark.zip

Link to post
Share on other sites

  • 3 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.