PDA

View Full Version : remnants of the fake avplus program



schumacher62
2010-07-16, 14:20
thank you for your excellent software. though i managed to regain the use of my computer before i installed your software, i still get browser hijacks when searching in yahoo. when running your program, i am left with security risks (the source of the hijacking) which i cannot remove.

i get an error message as follows:
C:\windows\system32\drivers\etc\hosts "access denied"

and when i look at the files noted as malware by spybot, a few examples are:

microsoft.windows.redirectedhosts
securesoftwarebill.com
and
paysoftbillsolution.com

in fraud.windowsprotectionsuite
getantivirusplusnow
secure-plus-payments.com
and
getavplusnow.com

the browser hijacking is a minor pain, but i would like to be able to clean my system of the remains of this scam. as a good will gesture, ill go to donate $10 dollars now to the spybot community in hopes of keeping this forum alive and active to help others with more severe and debilitation problems.

thank you kindly!
P.

schumacher62
2010-07-16, 14:23
Transaction ID: 1JS80660MW130584S

thanks!

schumacher62
2010-07-19, 16:16
DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/13/2009 11:32:47 AM
System Uptime: 7/15/2010 9:01:17 AM (45 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | G31M3(MS-7529)
Processor: Intel Pentium III Xeon processor | CPU 1 | 2520/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 39 GiB total, 32.867 GiB free.
D: is CDROM ()
E: is Removable
P: is FIXED (NTFS) - 110 GiB total, 104.1 GiB free.

==== Disabled Device Manager Items =============

Class GUID:
Description: BlackBerry
Device ID: USB\VID_0FCA&PID_8004&MI_00\6&2899E2EF&0&0000
Manufacturer:
Name: BlackBerry
PNP Device ID: USB\VID_0FCA&PID_8004&MI_00\6&2899E2EF&0&0000
Service:

==== System Restore Points ===================

RP193: 4/19/2010 4:15:15 AM - System Checkpoint
RP194: 4/20/2010 6:09:28 AM - System Checkpoint
RP195: 4/21/2010 7:17:07 AM - System Checkpoint
RP196: 4/22/2010 7:18:53 AM - System Checkpoint
RP197: 4/23/2010 7:37:04 AM - System Checkpoint
RP198: 4/24/2010 8:20:31 AM - System Checkpoint
RP199: 4/26/2010 3:53:14 AM - System Checkpoint
RP200: 4/27/2010 5:03:05 AM - System Checkpoint
RP201: 4/28/2010 5:43:53 AM - System Checkpoint
RP202: 4/29/2010 6:16:02 AM - System Checkpoint
RP203: 4/30/2010 7:20:58 AM - System Checkpoint
RP204: 5/1/2010 9:37:54 AM - System Checkpoint
RP205: 5/3/2010 1:54:12 AM - System Checkpoint
RP206: 5/4/2010 2:26:02 AM - System Checkpoint
RP207: 5/5/2010 3:09:43 AM - System Checkpoint
RP208: 5/6/2010 3:30:55 AM - System Checkpoint
RP209: 5/7/2010 4:42:09 AM - System Checkpoint
RP210: 5/8/2010 5:23:58 AM - System Checkpoint
RP211: 5/9/2010 6:23:59 AM - System Checkpoint
RP212: 5/10/2010 7:00:35 AM - System Checkpoint
RP213: 5/11/2010 7:32:37 AM - System Checkpoint
RP214: 5/12/2010 8:23:58 AM - System Checkpoint
RP215: 5/13/2010 8:45:04 AM - System Checkpoint
RP216: 5/14/2010 9:39:07 AM - System Checkpoint
RP217: 5/15/2010 9:54:47 AM - System Checkpoint
RP218: 5/16/2010 10:54:46 AM - System Checkpoint
RP219: 5/17/2010 11:01:03 AM - System Checkpoint
RP220: 5/18/2010 12:00:41 PM - System Checkpoint
RP221: 5/19/2010 12:59:35 PM - System Checkpoint
RP222: 5/20/2010 1:59:36 PM - System Checkpoint
RP223: 5/21/2010 2:59:32 PM - System Checkpoint
RP224: 5/22/2010 2:59:36 PM - System Checkpoint
RP225: 5/23/2010 3:59:36 PM - System Checkpoint
RP226: 5/24/2010 4:59:36 PM - System Checkpoint
RP227: 5/25/2010 5:59:35 PM - System Checkpoint
RP228: 5/26/2010 6:59:36 PM - System Checkpoint
RP229: 5/27/2010 7:59:39 PM - System Checkpoint
RP230: 5/28/2010 8:59:36 PM - System Checkpoint
RP231: 5/29/2010 9:59:36 PM - System Checkpoint
RP232: 5/30/2010 10:59:38 PM - System Checkpoint
RP233: 5/31/2010 11:59:36 PM - System Checkpoint
RP234: 6/2/2010 12:59:39 AM - System Checkpoint
RP235: 6/3/2010 1:59:38 AM - System Checkpoint
RP236: 6/4/2010 2:14:30 AM - System Checkpoint
RP237: 6/5/2010 2:17:38 AM - System Checkpoint
RP238: 6/7/2010 3:33:28 AM - System Checkpoint
RP239: 6/8/2010 4:03:46 AM - System Checkpoint
RP240: 6/9/2010 4:09:42 AM - System Checkpoint
RP241: 6/10/2010 4:53:08 AM - System Checkpoint
RP242: 6/11/2010 5:50:48 AM - System Checkpoint
RP243: 6/12/2010 7:02:42 AM - System Checkpoint
RP244: 6/13/2010 7:15:37 AM - System Checkpoint
RP245: 6/14/2010 7:16:45 AM - System Checkpoint
RP246: 6/15/2010 8:19:25 AM - System Checkpoint
RP247: 6/16/2010 8:53:09 AM - System Checkpoint
RP248: 6/17/2010 9:16:46 AM - System Checkpoint
RP249: 6/18/2010 9:25:29 AM - System Checkpoint
RP250: 6/19/2010 10:15:40 AM - System Checkpoint
RP251: 6/20/2010 11:15:51 AM - System Checkpoint
RP252: 6/21/2010 11:16:49 AM - System Checkpoint
RP253: 6/22/2010 12:15:40 PM - System Checkpoint
RP254: 6/23/2010 1:15:44 PM - System Checkpoint
RP255: 6/24/2010 2:20:11 PM - System Checkpoint
RP256: 6/25/2010 3:15:47 PM - System Checkpoint
RP257: 6/26/2010 4:15:44 PM - System Checkpoint
RP258: 6/27/2010 5:15:43 PM - System Checkpoint
RP259: 6/28/2010 6:15:43 PM - System Checkpoint
RP260: 6/29/2010 7:15:45 PM - System Checkpoint
RP261: 6/30/2010 8:15:46 PM - System Checkpoint
RP262: 7/1/2010 9:15:46 PM - System Checkpoint
RP263: 7/2/2010 10:15:47 PM - System Checkpoint
RP264: 7/3/2010 11:15:44 PM - System Checkpoint
RP265: 7/5/2010 12:15:43 AM - System Checkpoint
RP266: 7/6/2010 1:15:44 AM - System Checkpoint
RP267: 7/7/2010 2:51:41 AM - System Checkpoint
RP268: 7/8/2010 3:20:37 AM - System Checkpoint
RP269: 7/9/2010 3:37:40 AM - System Checkpoint
RP270: 7/10/2010 4:15:48 AM - System Checkpoint
RP271: 7/11/2010 5:15:48 AM - System Checkpoint
RP272: 7/12/2010 7:13:29 AM - System Checkpoint
RP273: 7/13/2010 7:16:57 AM - System Checkpoint
RP274: 7/14/2010 8:26:07 AM - System Checkpoint
RP275: 7/15/2010 8:51:54 AM - System Checkpoint
RP276: 7/16/2010 9:30:11 AM - System Checkpoint

==== Hosts File Hijack ======================

Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.getantivirusplusnow.com
Hosts: 74.125.45.100 www.secure-plus-payments.com
Hosts: 74.125.45.100 www.getavplusnow.com
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 secure.paysecuresystem.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 74.125.45.100 protected.maxisoftwaremart.com
Hosts: 74.82.216.3 www.google.com
Hosts: 74.82.216.3 google.com
Hosts: 74.82.216.3 google.com.au
Hosts: 74.82.216.3 www.google.com.au
Hosts: 74.82.216.3 google.be
Hosts: 74.82.216.3 www.google.be
Hosts: 74.82.216.3 google.com.br
Hosts: 74.82.216.3 www.google.com.br
Hosts: 74.82.216.3 google.ca
Hosts: 74.82.216.3 www.google.ca
Hosts: 74.82.216.3 google.ch
Hosts: 74.82.216.3 www.google.ch
Hosts: 74.82.216.3 google.de
Hosts: 74.82.216.3 www.google.de
Hosts: 74.82.216.3 google.dk
Hosts: 74.82.216.3 www.google.dk
Hosts: 74.82.216.3 google.fr
Hosts: 74.82.216.3 www.google.fr
Hosts: 74.82.216.3 google.ie
Hosts: 74.82.216.3 www.google.ie
Hosts: 74.82.216.3 google.it
Hosts: 74.82.216.3 www.google.it
Hosts: 74.82.216.3 google.co.jp
Hosts: 74.82.216.3 www.google.co.jp
Hosts: 74.82.216.3 google.nl
Hosts: 74.82.216.3 www.google.nl
Hosts: 74.82.216.3 google.no
Hosts: 74.82.216.3 www.google.no
Hosts: 74.82.216.3 google.co.nz
Hosts: 74.82.216.3 www.google.co.nz
Hosts: 74.82.216.3 google.pl
Hosts: 74.82.216.3 www.google.pl
Hosts: 74.82.216.3 google.se
Hosts: 74.82.216.3 www.google.se
Hosts: 74.82.216.3 google.co.uk
Hosts: 74.82.216.3 www.google.co.uk
Hosts: 74.82.216.3 google.co.za
Hosts: 74.82.216.3 www.google.co.za
Hosts: 74.82.216.3 www.google-analytics.com
Hosts: 74.82.216.3 www.bing.com
Hosts: 74.82.216.3 search.yahoo.com
Hosts: 74.82.216.3 www.search.yahoo.com
Hosts: 74.82.216.3 uk.search.yahoo.com
Hosts: 74.82.216.3 ca.search.yahoo.com
Hosts: 74.82.216.3 de.search.yahoo.com
Hosts: 74.82.216.3 fr.search.yahoo.com
Hosts: 74.82.216.3 au.search.yahoo.com

==== Installed Programs ======================

Ad-Aware
Adobe Flash Player 10 Plugin
BOINC
Genie Backup Assistant
High Definition Audio Driver Package - KB888111
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
Mozilla Firefox (3.6.6)
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Spybot - Search & Destroy
Symantec pcAnywhere
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

7/16/2010 2:44:56 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/14/2010 9:47:10 PM, error: Dhcp [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 0024212C8012 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/14/2010 9:30:55 AM, error: ParVdm [2] - Unable to get device object pointer for port object.
7/14/2010 9:30:42 AM, error: Service Control Manager [7023] - The Microsoft Center service terminated with the following error: The specified module could not be found.
7/14/2010 9:30:34 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
7/14/2010 9:30:34 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Genie-Soft\GBALite8LaCie\Microsoft.VC80.MFC\MFC80U.DLL. Reference error message: The operation completed successfully. .
7/14/2010 9:30:34 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
7/12/2010 8:12:59 AM, error: Dhcp [1002] - The IP address lease 192.168.1.107 for the Network Card with network address 0024212C8012 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

schumacher62
2010-07-19, 16:17
DDS (Ver_10-03-17.01) - NTFSx86
Run by Server at 6:41:25.54 on Sat 07/17/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.176 [GMT -7:00]

AV: Security Master AV *On-access scanning enabled* (Updated) {4D967657-6CFE-4F52-8CE5-D323F723F56F}
FW: Security Master AV *enabled* {7ABA141A-3247-427B-BADD-20DB941ABC3E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\BOINC\boinc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\All Users\Application Data\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_2.14_windows_intelx86.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\All Users\Application Data\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_2.14_windows_intelx86.exe
C:\Documents and Settings\Server\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [GBMLite8AgentLaCie] c:\program files\genie-soft\gbalite8lacie\GBMAgent.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [GBMLite8AgentLaCie] c:\program files\genie-soft\gbalite8lacie\GBMAgent.exe
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\setmodes.bat
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247514061687
Notify: igfxcui - igfxdev.dll
Notify: PCANotify - PCANotify.dll
IFEO: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\server\applic~1\mozilla\firefox\profiles\ftn6sws9.default\
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: browser.startup.homepage - www.yahoo.com

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-4 64288]
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2001-10-22 31192]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.SYS [2000-9-11 10816]
R1 siigpar;SIIG Parallel port driver;c:\windows\system32\drivers\siigpar.sys [2009-7-13 81920]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
S2 bzsvjag;Microsoft Center;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\AWHOST32.EXE [2001-11-2 110651]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2010-07-15 16:41:08 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-15 16:41:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2010-06-18 14:22:33 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-04 14:16:37 95024 ------w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-04 14:15:48 64288 ------w- c:\windows\system32\drivers\Lbd.sys

============= FINISH: 6:41:40.10 ===============

schumacher62
2010-07-19, 16:21
if needed:

schumacher62
2010-07-19, 16:22
oops. sorry bout that.

tashi
2010-07-23, 17:58
New topic: http://forums.spybot.info/showthread.php?p=378207#post378207 :)