Results 1 to 7 of 7

Thread: remnants of the fake avplus program

  1. #1
    Junior Member
    Join Date
    Jul 2010
    Location
    san jose, california
    Posts
    15

    Default remnants of the fake avplus program

    thank you for your excellent software. though i managed to regain the use of my computer before i installed your software, i still get browser hijacks when searching in yahoo. when running your program, i am left with security risks (the source of the hijacking) which i cannot remove.

    i get an error message as follows:
    C:\windows\system32\drivers\etc\hosts "access denied"

    and when i look at the files noted as malware by spybot, a few examples are:

    microsoft.windows.redirectedhosts
    securesoftwarebill.com
    and
    paysoftbillsolution.com

    in fraud.windowsprotectionsuite
    getantivirusplusnow
    secure-plus-payments.com
    and
    getavplusnow.com

    the browser hijacking is a minor pain, but i would like to be able to clean my system of the remains of this scam. as a good will gesture, ill go to donate $10 dollars now to the spybot community in hopes of keeping this forum alive and active to help others with more severe and debilitation problems.

    thank you kindly!
    P.

  2. #2
    Junior Member
    Join Date
    Jul 2010
    Location
    san jose, california
    Posts
    15

    Default

    Transaction ID: 1JS80660MW130584S

    thanks!

  3. #3
    Junior Member
    Join Date
    Jul 2010
    Location
    san jose, california
    Posts
    15

    Default

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/13/2009 11:32:47 AM
    System Uptime: 7/15/2010 9:01:17 AM (45 hours ago)

    Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | G31M3(MS-7529)
    Processor: Intel Pentium III Xeon processor | CPU 1 | 2520/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 39 GiB total, 32.867 GiB free.
    D: is CDROM ()
    E: is Removable
    P: is FIXED (NTFS) - 110 GiB total, 104.1 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description: BlackBerry
    Device ID: USB\VID_0FCA&PID_8004&MI_00\6&2899E2EF&0&0000
    Manufacturer:
    Name: BlackBerry
    PNP Device ID: USB\VID_0FCA&PID_8004&MI_00\6&2899E2EF&0&0000
    Service:

    ==== System Restore Points ===================

    RP193: 4/19/2010 4:15:15 AM - System Checkpoint
    RP194: 4/20/2010 6:09:28 AM - System Checkpoint
    RP195: 4/21/2010 7:17:07 AM - System Checkpoint
    RP196: 4/22/2010 7:18:53 AM - System Checkpoint
    RP197: 4/23/2010 7:37:04 AM - System Checkpoint
    RP198: 4/24/2010 8:20:31 AM - System Checkpoint
    RP199: 4/26/2010 3:53:14 AM - System Checkpoint
    RP200: 4/27/2010 5:03:05 AM - System Checkpoint
    RP201: 4/28/2010 5:43:53 AM - System Checkpoint
    RP202: 4/29/2010 6:16:02 AM - System Checkpoint
    RP203: 4/30/2010 7:20:58 AM - System Checkpoint
    RP204: 5/1/2010 9:37:54 AM - System Checkpoint
    RP205: 5/3/2010 1:54:12 AM - System Checkpoint
    RP206: 5/4/2010 2:26:02 AM - System Checkpoint
    RP207: 5/5/2010 3:09:43 AM - System Checkpoint
    RP208: 5/6/2010 3:30:55 AM - System Checkpoint
    RP209: 5/7/2010 4:42:09 AM - System Checkpoint
    RP210: 5/8/2010 5:23:58 AM - System Checkpoint
    RP211: 5/9/2010 6:23:59 AM - System Checkpoint
    RP212: 5/10/2010 7:00:35 AM - System Checkpoint
    RP213: 5/11/2010 7:32:37 AM - System Checkpoint
    RP214: 5/12/2010 8:23:58 AM - System Checkpoint
    RP215: 5/13/2010 8:45:04 AM - System Checkpoint
    RP216: 5/14/2010 9:39:07 AM - System Checkpoint
    RP217: 5/15/2010 9:54:47 AM - System Checkpoint
    RP218: 5/16/2010 10:54:46 AM - System Checkpoint
    RP219: 5/17/2010 11:01:03 AM - System Checkpoint
    RP220: 5/18/2010 12:00:41 PM - System Checkpoint
    RP221: 5/19/2010 12:59:35 PM - System Checkpoint
    RP222: 5/20/2010 1:59:36 PM - System Checkpoint
    RP223: 5/21/2010 2:59:32 PM - System Checkpoint
    RP224: 5/22/2010 2:59:36 PM - System Checkpoint
    RP225: 5/23/2010 3:59:36 PM - System Checkpoint
    RP226: 5/24/2010 4:59:36 PM - System Checkpoint
    RP227: 5/25/2010 5:59:35 PM - System Checkpoint
    RP228: 5/26/2010 6:59:36 PM - System Checkpoint
    RP229: 5/27/2010 7:59:39 PM - System Checkpoint
    RP230: 5/28/2010 8:59:36 PM - System Checkpoint
    RP231: 5/29/2010 9:59:36 PM - System Checkpoint
    RP232: 5/30/2010 10:59:38 PM - System Checkpoint
    RP233: 5/31/2010 11:59:36 PM - System Checkpoint
    RP234: 6/2/2010 12:59:39 AM - System Checkpoint
    RP235: 6/3/2010 1:59:38 AM - System Checkpoint
    RP236: 6/4/2010 2:14:30 AM - System Checkpoint
    RP237: 6/5/2010 2:17:38 AM - System Checkpoint
    RP238: 6/7/2010 3:33:28 AM - System Checkpoint
    RP239: 6/8/2010 4:03:46 AM - System Checkpoint
    RP240: 6/9/2010 4:09:42 AM - System Checkpoint
    RP241: 6/10/2010 4:53:08 AM - System Checkpoint
    RP242: 6/11/2010 5:50:48 AM - System Checkpoint
    RP243: 6/12/2010 7:02:42 AM - System Checkpoint
    RP244: 6/13/2010 7:15:37 AM - System Checkpoint
    RP245: 6/14/2010 7:16:45 AM - System Checkpoint
    RP246: 6/15/2010 8:19:25 AM - System Checkpoint
    RP247: 6/16/2010 8:53:09 AM - System Checkpoint
    RP248: 6/17/2010 9:16:46 AM - System Checkpoint
    RP249: 6/18/2010 9:25:29 AM - System Checkpoint
    RP250: 6/19/2010 10:15:40 AM - System Checkpoint
    RP251: 6/20/2010 11:15:51 AM - System Checkpoint
    RP252: 6/21/2010 11:16:49 AM - System Checkpoint
    RP253: 6/22/2010 12:15:40 PM - System Checkpoint
    RP254: 6/23/2010 1:15:44 PM - System Checkpoint
    RP255: 6/24/2010 2:20:11 PM - System Checkpoint
    RP256: 6/25/2010 3:15:47 PM - System Checkpoint
    RP257: 6/26/2010 4:15:44 PM - System Checkpoint
    RP258: 6/27/2010 5:15:43 PM - System Checkpoint
    RP259: 6/28/2010 6:15:43 PM - System Checkpoint
    RP260: 6/29/2010 7:15:45 PM - System Checkpoint
    RP261: 6/30/2010 8:15:46 PM - System Checkpoint
    RP262: 7/1/2010 9:15:46 PM - System Checkpoint
    RP263: 7/2/2010 10:15:47 PM - System Checkpoint
    RP264: 7/3/2010 11:15:44 PM - System Checkpoint
    RP265: 7/5/2010 12:15:43 AM - System Checkpoint
    RP266: 7/6/2010 1:15:44 AM - System Checkpoint
    RP267: 7/7/2010 2:51:41 AM - System Checkpoint
    RP268: 7/8/2010 3:20:37 AM - System Checkpoint
    RP269: 7/9/2010 3:37:40 AM - System Checkpoint
    RP270: 7/10/2010 4:15:48 AM - System Checkpoint
    RP271: 7/11/2010 5:15:48 AM - System Checkpoint
    RP272: 7/12/2010 7:13:29 AM - System Checkpoint
    RP273: 7/13/2010 7:16:57 AM - System Checkpoint
    RP274: 7/14/2010 8:26:07 AM - System Checkpoint
    RP275: 7/15/2010 8:51:54 AM - System Checkpoint
    RP276: 7/16/2010 9:30:11 AM - System Checkpoint

    ==== Hosts File Hijack ======================

    Hosts: 74.125.45.100 4-open-davinci.com
    Hosts: 74.125.45.100 securitysoftwarepayments.com
    Hosts: 74.125.45.100 privatesecuredpayments.com
    Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    Hosts: 74.125.45.100 getantivirusplusnow.com
    Hosts: 74.125.45.100 secure-plus-payments.com
    Hosts: 74.125.45.100 www.getantivirusplusnow.com
    Hosts: 74.125.45.100 www.secure-plus-payments.com
    Hosts: 74.125.45.100 www.getavplusnow.com
    Hosts: 74.125.45.100 safebrowsing-cache.google.com
    Hosts: 74.125.45.100 urs.microsoft.com
    Hosts: 74.125.45.100 www.securesoftwarebill.com
    Hosts: 74.125.45.100 secure.paysecuresystem.com
    Hosts: 74.125.45.100 paysoftbillsolution.com
    Hosts: 74.125.45.100 protected.maxisoftwaremart.com
    Hosts: 74.82.216.3 www.google.com
    Hosts: 74.82.216.3 google.com
    Hosts: 74.82.216.3 google.com.au
    Hosts: 74.82.216.3 www.google.com.au
    Hosts: 74.82.216.3 google.be
    Hosts: 74.82.216.3 www.google.be
    Hosts: 74.82.216.3 google.com.br
    Hosts: 74.82.216.3 www.google.com.br
    Hosts: 74.82.216.3 google.ca
    Hosts: 74.82.216.3 www.google.ca
    Hosts: 74.82.216.3 google.ch
    Hosts: 74.82.216.3 www.google.ch
    Hosts: 74.82.216.3 google.de
    Hosts: 74.82.216.3 www.google.de
    Hosts: 74.82.216.3 google.dk
    Hosts: 74.82.216.3 www.google.dk
    Hosts: 74.82.216.3 google.fr
    Hosts: 74.82.216.3 www.google.fr
    Hosts: 74.82.216.3 google.ie
    Hosts: 74.82.216.3 www.google.ie
    Hosts: 74.82.216.3 google.it
    Hosts: 74.82.216.3 www.google.it
    Hosts: 74.82.216.3 google.co.jp
    Hosts: 74.82.216.3 www.google.co.jp
    Hosts: 74.82.216.3 google.nl
    Hosts: 74.82.216.3 www.google.nl
    Hosts: 74.82.216.3 google.no
    Hosts: 74.82.216.3 www.google.no
    Hosts: 74.82.216.3 google.co.nz
    Hosts: 74.82.216.3 www.google.co.nz
    Hosts: 74.82.216.3 google.pl
    Hosts: 74.82.216.3 www.google.pl
    Hosts: 74.82.216.3 google.se
    Hosts: 74.82.216.3 www.google.se
    Hosts: 74.82.216.3 google.co.uk
    Hosts: 74.82.216.3 www.google.co.uk
    Hosts: 74.82.216.3 google.co.za
    Hosts: 74.82.216.3 www.google.co.za
    Hosts: 74.82.216.3 www.google-analytics.com
    Hosts: 74.82.216.3 www.bing.com
    Hosts: 74.82.216.3 search.yahoo.com
    Hosts: 74.82.216.3 www.search.yahoo.com
    Hosts: 74.82.216.3 uk.search.yahoo.com
    Hosts: 74.82.216.3 ca.search.yahoo.com
    Hosts: 74.82.216.3 de.search.yahoo.com
    Hosts: 74.82.216.3 fr.search.yahoo.com
    Hosts: 74.82.216.3 au.search.yahoo.com

    ==== Installed Programs ======================

    Ad-Aware
    Adobe Flash Player 10 Plugin
    BOINC
    Genie Backup Assistant
    High Definition Audio Driver Package - KB888111
    Hotfix for Windows XP (KB952287)
    Intel(R) Graphics Media Accelerator Driver
    LiveReg (Symantec Corporation)
    LiveUpdate 1.6 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Mozilla Firefox (3.6.6)
    Realtek High Definition Audio Driver
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    Spybot - Search & Destroy
    Symantec pcAnywhere
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows XP Service Pack 3

    ==== Event Viewer Messages From Past Week ========

    7/16/2010 2:44:56 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    7/14/2010 9:47:10 PM, error: Dhcp [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 0024212C8012 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/14/2010 9:30:55 AM, error: ParVdm [2] - Unable to get device object pointer for port object.
    7/14/2010 9:30:42 AM, error: Service Control Manager [7023] - The Microsoft Center service terminated with the following error: The specified module could not be found.
    7/14/2010 9:30:34 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
    7/14/2010 9:30:34 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Genie-Soft\GBALite8LaCie\Microsoft.VC80.MFC\MFC80U.DLL. Reference error message: The operation completed successfully. .
    7/14/2010 9:30:34 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
    7/12/2010 8:12:59 AM, error: Dhcp [1002] - The IP address lease 192.168.1.107 for the Network Card with network address 0024212C8012 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

    ==== End Of File ===========================

  4. #4
    Junior Member
    Join Date
    Jul 2010
    Location
    san jose, california
    Posts
    15

    Default

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Server at 6:41:25.54 on Sat 07/17/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.176 [GMT -7:00]

    AV: Security Master AV *On-access scanning enabled* (Updated) {4D967657-6CFE-4F52-8CE5-D323F723F56F}
    FW: Security Master AV *enabled* {7ABA141A-3247-427B-BADD-20DB941ABC3E}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\BOINC\boincmgr.exe
    C:\Program Files\BOINC\boinctray.exe
    C:\WINDOWS\system32\ctfmon.exe
    svchost.exe
    C:\Program Files\BOINC\boinc.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Documents and Settings\All Users\Application Data\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_2.14_windows_intelx86.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\All Users\Application Data\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_2.14_windows_intelx86.exe
    C:\Documents and Settings\Server\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [GBMLite8AgentLaCie] c:\program files\genie-soft\gbalite8lacie\GBMAgent.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [GBMLite8AgentLaCie] c:\program files\genie-soft\gbalite8lacie\GBMAgent.exe
    mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
    mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
    StartupFolder: c:\documents and settings\all users\start menu\programs\startup\setmodes.bat
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247514061687
    Notify: igfxcui - igfxdev.dll
    Notify: PCANotify - PCANotify.dll
    IFEO: image file execution options - svchost.exe
    Hosts: 74.125.45.100 4-open-davinci.com
    Hosts: 74.125.45.100 securitysoftwarepayments.com
    Hosts: 74.125.45.100 privatesecuredpayments.com
    Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    Hosts: 74.125.45.100 getantivirusplusnow.com

    Note: multiple HOSTS entries found. Please refer to Attach.txt

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\server\applic~1\mozilla\firefox\profiles\ftn6sws9.default\
    FF - prefs.js: browser.search.selectedEngine - search
    FF - prefs.js: browser.startup.homepage - www.yahoo.com

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-4 64288]
    R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2001-10-22 31192]
    R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.SYS [2000-9-11 10816]
    R1 siigpar;SIIG Parallel port driver;c:\windows\system32\drivers\siigpar.sys [2009-7-13 81920]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
    S2 bzsvjag;Microsoft Center;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
    S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\AWHOST32.EXE [2001-11-2 110651]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

    =============== Created Last 30 ================

    2010-07-15 16:41:08 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-07-15 16:41:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

    ==================== Find3M ====================

    2010-06-18 14:22:33 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-06-04 14:16:37 95024 ------w- c:\windows\system32\drivers\SBREDrv.sys
    2010-06-04 14:15:48 64288 ------w- c:\windows\system32\drivers\Lbd.sys

    ============= FINISH: 6:41:40.10 ===============

  5. #5
    Junior Member
    Join Date
    Jul 2010
    Location
    san jose, california
    Posts
    15

    Default Gmer

    if needed:

  6. #6
    Junior Member
    Join Date
    Jul 2010
    Location
    san jose, california
    Posts
    15

    Default Gmer

    oops. sorry bout that.

  7. #7
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •