Jonkincy
2010-10-26, 07:43
Hi Everyone,
I am having the same exact as the post in this link that was done a year ago ( http://forums.spybot.info/showthread.php?t=57442 ). Though the techie in me wanted to just follow the same instructions and get this resolved right way, I understand that there may be a some differences in each case. So here the two files as requested. Thank you in advance for your help.
Jonkincy
DDS (Ver_10-10-21.02) - NTFSx86
Run by Jonkincy at 21:45:37.20 on Mon 10/25/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.2003 [GMT -4:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
============== Running Processes ===============
C:\Windows\SYSTEM32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Windows\system32\atashost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tether\TBService.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\vmnat.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\regedit.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jonkincy\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page =
uSearch Bar = Preserve
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
mURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB1.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB1.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\youtube downloader toolbar\SearchSettings.dll
BHO: {f3fee66e-e034-436a-86e4-9690573bee8a} - YouTube Downloader Toolbar
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\webscout toolbar\tbcore3.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Mirar: {dc35b57a-a1a3-4155-9e9c-df16a5c64d9f} -
TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB1.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} -
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
TB: WebScout Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\webscout toolbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C)" -"http://wonkacandy.tripod.com/history.htm"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\windows\system32\AVSAntiSpamLSP.dll
LSP: c:\program files\vmware\vmware player\vsocklib.dll
Trusted Zone: yahoo.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {4F4AFEA9-A159-4C47-B0BA-C729190B34FC} = 208.67.222.222,208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\jonkincy\appdata\roaming\mozilla\firefox\profiles\msjr9npl.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jonkincy\appdata\local\yahoo!\browserplus\2.9.2\plugins\npybrowserplus_2.9.2.dll
FF - HiddenExtension: Firefox security: No Registry Reference - c:\program files\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-9 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-9 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-9 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-6-9 73728]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-2-19 380928]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-9-24 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-9-24 234888]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-2-4 20376]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 Tether;Tether;c:\program files\tether\TBService.exe [2010-4-29 49080]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-22 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2009-10-22 563760]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S2 TabQuery Service;TabQuery Service; [x]
S3 dopewars-server;dopewars server;c:\program files\dopewars-1.5.12\dopewars.exe -n --> c:\program files\dopewars-1.5.12\dopewars.exe -N [?]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-25 39272]
S3 LBHJN;LBHJN;c:\users\jonkincy\appdata\local\temp\LBHJN.exe [2010-10-24 449408]
S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [2010-4-29 45608]
S3 Rx2Agent;Rx2Agent;c:\program files\raxco\perfectspeed20\Rx2Agent.exe [2010-1-21 779528]
S3 Rx2Engine;Rx2Engine;c:\program files\raxco\perfectspeed20\Rx2Engine.exe [2010-1-21 947464]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S3 SWYOQLCRV;SWYOQLCRV;c:\users\jonkincy\appdata\local\temp\SWYOQLCRV.exe [2010-10-24 588672]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
=============== Created Last 30 ================
2010-10-25 21:15:38 -------- d-----w- c:\windows\en
2010-10-25 21:15:19 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-25 21:09:14 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-25 21:09:14 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-25 21:09:13 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-25 20:17:57 15712 ----a-w- c:\program files\common files\windows live\.cache\b6822d631cb748120\MeshBetaRemover.exe
2010-10-25 20:17:20 94040 ----a-w- c:\program files\common files\windows live\.cache\9ff3f2431cb748118\DSETUP.dll
2010-10-25 20:17:20 525656 ----a-w- c:\program files\common files\windows live\.cache\9ff3f2431cb748118\DXSETUP.exe
2010-10-25 20:17:20 1691480 ----a-w- c:\program files\common files\windows live\.cache\9ff3f2431cb748118\dsetup32.dll
2010-10-25 20:17:17 94040 ----a-w- c:\program files\common files\windows live\.cache\9cb1e6a31cb748117\DSETUP.dll
2010-10-25 20:17:17 525656 ----a-w- c:\program files\common files\windows live\.cache\9cb1e6a31cb748117\DXSETUP.exe
2010-10-25 20:17:17 1691480 ----a-w- c:\program files\common files\windows live\.cache\9cb1e6a31cb748117\dsetup32.dll
2010-10-25 20:15:33 -------- d-----w- c:\users\jonkincy\appdata\local\Windows Live
2010-10-25 20:14:26 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-25 15:57:31 -------- d-sh--w- C:\$RECYCLE.BIN
2010-10-24 20:54:57 -------- d-----w- c:\program files\Free Window Registry Repair
2010-10-24 20:17:22 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-24 20:17:22 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-24 20:17:12 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-24 20:17:12 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-24 20:17:01 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-24 20:16:55 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-24 20:16:55 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-24 20:16:55 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-24 20:16:53 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-24 20:16:53 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-24 20:16:38 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-24 20:16:26 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-24 20:16:24 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-24 20:15:50 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-24 20:15:48 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-24 20:15:48 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-24 20:15:46 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-24 20:12:50 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-10-24 20:12:34 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-09-28 00:32:49 -------- d-----w- C:\.jagex_cache_32
2010-09-27 02:55:25 834048 ----a-w- c:\windows\system32\wininet.dll
2010-09-27 02:55:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-27 02:55:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-09-27 02:18:43 73728 ---ha-w- c:\users\jonkincy\appdata\roaming\RBRegEx550.dll
2010-09-27 02:18:43 39936 ---ha-w- c:\users\jonkincy\appdata\roaming\RBShell555.dll
2010-09-26 23:30:24 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-26 23:30:22 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-26 23:30:20 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-26 23:30:19 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-09-26 23:29:45 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-26 22:03:49 -------- d-----w- c:\program files\Feedback Tool
2010-09-26 21:59:12 -------- d-----w- c:\users\jonkincy\appdata\local\Mozilla
==================== Find3M ====================
2010-09-25 08:19:48 268435456 --sha-w- C:\WinPEpge.sys
2010-09-23 04:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-23 04:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-15 08:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
============= FINISH: 21:46:42.32 ===============
I am having the same exact as the post in this link that was done a year ago ( http://forums.spybot.info/showthread.php?t=57442 ). Though the techie in me wanted to just follow the same instructions and get this resolved right way, I understand that there may be a some differences in each case. So here the two files as requested. Thank you in advance for your help.
Jonkincy
DDS (Ver_10-10-21.02) - NTFSx86
Run by Jonkincy at 21:45:37.20 on Mon 10/25/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.2003 [GMT -4:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
============== Running Processes ===============
C:\Windows\SYSTEM32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Windows\system32\atashost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tether\TBService.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\vmnat.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\regedit.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jonkincy\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page =
uSearch Bar = Preserve
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
mURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB1.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB1.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\youtube downloader toolbar\SearchSettings.dll
BHO: {f3fee66e-e034-436a-86e4-9690573bee8a} - YouTube Downloader Toolbar
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\webscout toolbar\tbcore3.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Mirar: {dc35b57a-a1a3-4155-9e9c-df16a5c64d9f} -
TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB1.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} -
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
TB: WebScout Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\webscout toolbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C)" -"http://wonkacandy.tripod.com/history.htm"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\windows\system32\AVSAntiSpamLSP.dll
LSP: c:\program files\vmware\vmware player\vsocklib.dll
Trusted Zone: yahoo.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {4F4AFEA9-A159-4C47-B0BA-C729190B34FC} = 208.67.222.222,208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\jonkincy\appdata\roaming\mozilla\firefox\profiles\msjr9npl.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jonkincy\appdata\local\yahoo!\browserplus\2.9.2\plugins\npybrowserplus_2.9.2.dll
FF - HiddenExtension: Firefox security: No Registry Reference - c:\program files\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-9 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-9 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-9 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-6-9 73728]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-2-19 380928]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-9-24 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-9-24 234888]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-2-4 20376]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 Tether;Tether;c:\program files\tether\TBService.exe [2010-4-29 49080]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-22 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2009-10-22 563760]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S2 TabQuery Service;TabQuery Service; [x]
S3 dopewars-server;dopewars server;c:\program files\dopewars-1.5.12\dopewars.exe -n --> c:\program files\dopewars-1.5.12\dopewars.exe -N [?]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-25 39272]
S3 LBHJN;LBHJN;c:\users\jonkincy\appdata\local\temp\LBHJN.exe [2010-10-24 449408]
S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [2010-4-29 45608]
S3 Rx2Agent;Rx2Agent;c:\program files\raxco\perfectspeed20\Rx2Agent.exe [2010-1-21 779528]
S3 Rx2Engine;Rx2Engine;c:\program files\raxco\perfectspeed20\Rx2Engine.exe [2010-1-21 947464]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S3 SWYOQLCRV;SWYOQLCRV;c:\users\jonkincy\appdata\local\temp\SWYOQLCRV.exe [2010-10-24 588672]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
=============== Created Last 30 ================
2010-10-25 21:15:38 -------- d-----w- c:\windows\en
2010-10-25 21:15:19 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-25 21:09:14 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-25 21:09:14 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-25 21:09:13 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-25 20:17:57 15712 ----a-w- c:\program files\common files\windows live\.cache\b6822d631cb748120\MeshBetaRemover.exe
2010-10-25 20:17:20 94040 ----a-w- c:\program files\common files\windows live\.cache\9ff3f2431cb748118\DSETUP.dll
2010-10-25 20:17:20 525656 ----a-w- c:\program files\common files\windows live\.cache\9ff3f2431cb748118\DXSETUP.exe
2010-10-25 20:17:20 1691480 ----a-w- c:\program files\common files\windows live\.cache\9ff3f2431cb748118\dsetup32.dll
2010-10-25 20:17:17 94040 ----a-w- c:\program files\common files\windows live\.cache\9cb1e6a31cb748117\DSETUP.dll
2010-10-25 20:17:17 525656 ----a-w- c:\program files\common files\windows live\.cache\9cb1e6a31cb748117\DXSETUP.exe
2010-10-25 20:17:17 1691480 ----a-w- c:\program files\common files\windows live\.cache\9cb1e6a31cb748117\dsetup32.dll
2010-10-25 20:15:33 -------- d-----w- c:\users\jonkincy\appdata\local\Windows Live
2010-10-25 20:14:26 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-25 15:57:31 -------- d-sh--w- C:\$RECYCLE.BIN
2010-10-24 20:54:57 -------- d-----w- c:\program files\Free Window Registry Repair
2010-10-24 20:17:22 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-24 20:17:22 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-24 20:17:12 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-24 20:17:12 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-24 20:17:01 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-24 20:16:55 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-24 20:16:55 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-24 20:16:55 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-24 20:16:53 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-24 20:16:53 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-24 20:16:38 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-24 20:16:26 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-24 20:16:24 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-24 20:15:50 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-24 20:15:48 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-24 20:15:48 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-24 20:15:46 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-24 20:12:50 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-10-24 20:12:34 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-09-28 00:32:49 -------- d-----w- C:\.jagex_cache_32
2010-09-27 02:55:25 834048 ----a-w- c:\windows\system32\wininet.dll
2010-09-27 02:55:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-27 02:55:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-09-27 02:18:43 73728 ---ha-w- c:\users\jonkincy\appdata\roaming\RBRegEx550.dll
2010-09-27 02:18:43 39936 ---ha-w- c:\users\jonkincy\appdata\roaming\RBShell555.dll
2010-09-26 23:30:24 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-26 23:30:22 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-26 23:30:20 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-26 23:30:19 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-09-26 23:29:45 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-26 22:03:49 -------- d-----w- c:\program files\Feedback Tool
2010-09-26 21:59:12 -------- d-----w- c:\users\jonkincy\appdata\local\Mozilla
==================== Find3M ====================
2010-09-25 08:19:48 268435456 --sha-w- C:\WinPEpge.sys
2010-09-23 04:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-23 04:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-15 08:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
============= FINISH: 21:46:42.32 ===============