AlanPototsky
2011-01-16, 04:22
I have two problems that Spybot can not fix.
Here is the DDS:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Alan Pototsky at 20:23:36.06 on Sat 01/15/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3582.2182 [GMT -5:00]
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Pantone\hueyPRO\hueyPROTray.exe
C:\Program Files\Webshots\3.1.5.7619\webshots.scr
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Alan Pototsky\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://my.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\users\alan pototsky\appdata\local\windows
update\scvhost.exe,
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital
imaging\smart web printing\hpswp_printenhancer.dll
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common
files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files
\doubletwist\IEPodcastPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search
enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files
\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files
\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program
files\windows live\companion\companioncore.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae
\BAE.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar
\platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files
\java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome
frame\application\8.0.552.237\npchrome_frame.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital
imaging\smart web printing\hpswp_BHO.dll
TB: {F1DEB0E5-B1EC-403E-BCFF-E71EFE1F18D7} - No File
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-
8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital
imaging\smart web printing\hpswp_bho.dll
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\alanpo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup
\webshots.lnk - c:\program files\webshots\3.1.5.7619\Launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hueypr~1.lnk - c:\program
files\pantone\hueypro\hueyPROTray.exe
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: StartMenuFavorites = 0 (0x0)
uPolicies-explorer: StartMenuRun = 1 (0x1)
uPolicies-system: HideLogonScripts = 0 (0x0)
uPolicies-system: HideShutdownScripts = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: EnableLUA = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program
files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program
files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:
\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:
\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program
files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} -
hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23
-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07
-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23
-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23
-windows-i586.cab
DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor
\system\BAVoilaX.dll
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame
\application\8.0.552.237\npchrome_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft
office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\xobni
\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo
gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files
\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\wvUkKdax
mASetup: {045GL6SO-45VS-M612-P7N4-74X16U807888} - c:\windows\system32\system32\svchost.exe
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\alanpo~1\appdata\roaming\mozilla\firefox\profiles\8rvys74v.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\users\alan pototsky\appdata\roaming\mozilla\firefox\profiles\8rvys74v.default
\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\alan pototsky\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\alan pototsky\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\alan pototsky\appdata\roaming\mozilla\firefox\profiles\8rvys74v.default
\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\users\alan pototsky\appdata\roaming\mozilla\firefox\profiles\8rvys74v.default
\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\alan pototsky\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\alan pototsky\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\alan pototsky\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox
\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla
firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Exif Viewer: exif_viewer@mozilla.doslash.org - %profile%\extensions
\exif_viewer@mozilla.doslash.org
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions
\firebug@software.joehewitt.com
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: PhotoME Extension: {01c29d60-f7f0-416c-844a-ec8b2e1841d0} - %profile%\extensions
\{01c29d60-f7f0-416c-844a-ec8b2e1841d0}
FF - Ext: FxIF: {11483926-db67-4190-91b1-ef20fcec5f33} - %profile%\extensions\{11483926-db67-
4190-91b1-ef20fcec5f33}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%
\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - %profile%\extensions\{3e0e7d2a-070f-
4a47-b019-91fe5385ba79}
FF - Ext: Opanda IExif: {6FF4E2E4-FB2E-4f50-8F65-CFF2777413D5} - %profile%\extensions\{6FF4E2E4-
FB2E-4f50-8F65-CFF2777413D5}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions
\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-
f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions
\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Map with Google: {74591c01-3a7f-469e-ad4e-5d8d708dc4c5} - %profile%\extensions
\{74591c01-3a7f-469e-ad4e-5d8d708dc4c5}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:
\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.ssl - true
FF - user.js: network.http.pipelining.maxrequests - 8
============= SERVICES / DRIVERS ===============
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-
10-24 165264]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-10-16 160792]
R2 AGCoreService;AG Core Services;c:\program files\agi\core\4.2.0.10753\AGCoreService.exe [2010-
11-24 20480]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-6-6
20376]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync
\FreeAgentService.exe [2009-9-25 189736]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-11-4 6656]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows
\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010
-4-30 136176]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy
\SDWinSec.exe [2009-5-16 1153368]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2010-4-29 26112]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers
\b57nd60x.sys [2009-7-13 229888]
S3 DYUSB;DYMO DiscPainter USB Status Monitor Driver;c:\windows\system32\drivers\dyusb.sys [2009-
12-2 39936]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-29 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety
\fsssvc.exe [2010-9-22 1493352]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\androidusb.sys [2010-4-29 26112]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys
[2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10
-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware
\NisSrv.exe [2010-11-11 206360]
S3 VundoFixSvc;VundoFix Service;VundoFixSVC.exe --> VundoFixSVC.exe [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe
[2010-3-29 1343400]
S4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-1-15 57344]
S4 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe
[2010-2-19 517096]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh
\wlcrasvc.exe [2010-9-22 51040]
=============== Created Last 30 ================
2011-01-16 01:23:35 98816 -c--a-w- c:\temp\4807.tmp\SED.DAT
2011-01-16 01:23:35 89088 -c--a-w- c:\temp\4807.tmp\MBR.DAT
2011-01-16 01:23:35 518144 -c--a-w- c:\temp\4807.tmp\SWREG.DAT
2011-01-16 01:23:35 256512 -c--a-w- c:\temp\4807.tmp\PEV.DAT
2011-01-16 01:00:14 24576 -c--a-w- c:\windows\system32\VundoFixSVC.exe
2011-01-16 00:32:58 -------- dc----w- C:\VundoFix Backups
2011-01-15 23:51:21 -------- dc----w- c:\program files\Microsoft Security
Client
2011-01-15 23:51:18 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-15 22:18:37 -------- dc----w- c:\progra~2\PC Tools
2011-01-15 15:07:32 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-15 15:07:27 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-01-15 15:07:27 -------- dc----w- c:\program files\Malwarebytes' Anti-
Malware
2011-01-15 05:21:48 77824 -csha-r- c:\windows\system32\hpbpropsm.dll
2011-01-14 10:34:57 987136 ----a-w- c:\program files\common files\system\ado
\msado15.dll
2011-01-14 10:34:57 573440 ----a-w- c:\windows\system32\odbc32.dll
2011-01-14 10:34:57 372736 ----a-w- c:\program files\common files\system\ado
\msadox.dll
2011-01-14 10:34:57 352256 ----a-w- c:\program files\common files\system\ado
\msadomd.dll
2011-01-14 10:34:56 208896 ----a-w- c:\program files\common files\system\msadc
\msadco.dll
2011-01-01 12:46:03 176488 ----a-w- c:\progra~2\microsoft\windows\sqm\manifest
\Sqm10136.bin
2010-12-27 03:05:02 -------- dc----w- c:\program files\TabletPlugins
2010-12-23 19:44:48 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition
updates\{57c49194-5af2-45b5-8050-3ad4e55c1306}\mpengine.dll
2010-12-23 18:46:35 -------- dc----w- C:\DTUpdates
2010-12-21 17:32:22 53248 -c--a-r- c:\users\alanpo~1\appdata\roaming\microsoft
\installer\{6ba13efc-e8d0-4d37-af04-42796cf0e8f5}\ARPPRODUCTICON.exe
==================== Find3M ====================
2010-12-21 17:31:30 256 -c--a-w- c:\windows\system32\pool.bin
2010-12-21 02:31:57 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2010-12-20 16:15:03 111012 -c--a-w- c:\windows\News Rover Uninstaller.exe
2010-12-16 08:12:29 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 08:12:14 978944 ----a-w- c:\windows\system32\wininet.dll
2010-12-16 08:12:14 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-16 08:12:14 386048 ----a-w- c:\windows\system32\html.iec
2010-12-16 08:12:13 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-16 08:12:00 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-16 08:12:00 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-12-16 08:12:00 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-16 08:12:00 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-16 08:12:00 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-12-16 08:12:00 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-12-16 08:11:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-16 08:11:56 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-16 08:11:54 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-16 08:11:08 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-16 08:01:17 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-02 03:35:18 4280320 -c--a-w- c:\windows\system32\GPhotos.scr
2010-11-29 22:38:30 94208 -c--a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 -c--a-w- c:\windows\system32\QuickTime.qts
2010-11-19 14:35:30 695901 -c--a-w- c:\windows\system32\unins000.exe
2010-10-29 15:18:07 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-10-29 15:18:06 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2010-10-27 07:02:19 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 07:02:19 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 07:02:18 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 07:02:18 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-21 01:44:38 3181568 ----a-w- c:\windows\system32\mf.dll
2010-10-21 01:44:38 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-10-21 01:44:38 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-10-19 15:41:44 222080 -c----w- c:\windows\system32\MpSigStub.exe
============= FINISH: 20:31:06.87 ===============
Here is the DDS:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Alan Pototsky at 20:23:36.06 on Sat 01/15/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3582.2182 [GMT -5:00]
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Pantone\hueyPRO\hueyPROTray.exe
C:\Program Files\Webshots\3.1.5.7619\webshots.scr
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Alan Pototsky\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://my.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\users\alan pototsky\appdata\local\windows
update\scvhost.exe,
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital
imaging\smart web printing\hpswp_printenhancer.dll
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common
files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files
\doubletwist\IEPodcastPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search
enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files
\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files
\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program
files\windows live\companion\companioncore.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae
\BAE.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar
\platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files
\java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome
frame\application\8.0.552.237\npchrome_frame.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital
imaging\smart web printing\hpswp_BHO.dll
TB: {F1DEB0E5-B1EC-403E-BCFF-E71EFE1F18D7} - No File
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-
8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital
imaging\smart web printing\hpswp_bho.dll
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\alanpo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup
\webshots.lnk - c:\program files\webshots\3.1.5.7619\Launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hueypr~1.lnk - c:\program
files\pantone\hueypro\hueyPROTray.exe
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: StartMenuFavorites = 0 (0x0)
uPolicies-explorer: StartMenuRun = 1 (0x1)
uPolicies-system: HideLogonScripts = 0 (0x0)
uPolicies-system: HideShutdownScripts = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: EnableLUA = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program
files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program
files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:
\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:
\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program
files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} -
hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23
-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07
-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23
-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23
-windows-i586.cab
DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor
\system\BAVoilaX.dll
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame
\application\8.0.552.237\npchrome_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft
office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\xobni
\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo
gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files
\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\wvUkKdax
mASetup: {045GL6SO-45VS-M612-P7N4-74X16U807888} - c:\windows\system32\system32\svchost.exe
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\alanpo~1\appdata\roaming\mozilla\firefox\profiles\8rvys74v.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\users\alan pototsky\appdata\roaming\mozilla\firefox\profiles\8rvys74v.default
\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\alan pototsky\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\alan pototsky\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\alan pototsky\appdata\roaming\mozilla\firefox\profiles\8rvys74v.default
\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\users\alan pototsky\appdata\roaming\mozilla\firefox\profiles\8rvys74v.default
\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\alan pototsky\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\alan pototsky\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\alan pototsky\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox
\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla
firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Exif Viewer: exif_viewer@mozilla.doslash.org - %profile%\extensions
\exif_viewer@mozilla.doslash.org
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions
\firebug@software.joehewitt.com
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: PhotoME Extension: {01c29d60-f7f0-416c-844a-ec8b2e1841d0} - %profile%\extensions
\{01c29d60-f7f0-416c-844a-ec8b2e1841d0}
FF - Ext: FxIF: {11483926-db67-4190-91b1-ef20fcec5f33} - %profile%\extensions\{11483926-db67-
4190-91b1-ef20fcec5f33}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%
\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - %profile%\extensions\{3e0e7d2a-070f-
4a47-b019-91fe5385ba79}
FF - Ext: Opanda IExif: {6FF4E2E4-FB2E-4f50-8F65-CFF2777413D5} - %profile%\extensions\{6FF4E2E4-
FB2E-4f50-8F65-CFF2777413D5}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions
\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-
f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions
\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Map with Google: {74591c01-3a7f-469e-ad4e-5d8d708dc4c5} - %profile%\extensions
\{74591c01-3a7f-469e-ad4e-5d8d708dc4c5}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:
\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.ssl - true
FF - user.js: network.http.pipelining.maxrequests - 8
============= SERVICES / DRIVERS ===============
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-
10-24 165264]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-10-16 160792]
R2 AGCoreService;AG Core Services;c:\program files\agi\core\4.2.0.10753\AGCoreService.exe [2010-
11-24 20480]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-6-6
20376]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync
\FreeAgentService.exe [2009-9-25 189736]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-11-4 6656]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows
\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010
-4-30 136176]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy
\SDWinSec.exe [2009-5-16 1153368]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2010-4-29 26112]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers
\b57nd60x.sys [2009-7-13 229888]
S3 DYUSB;DYMO DiscPainter USB Status Monitor Driver;c:\windows\system32\drivers\dyusb.sys [2009-
12-2 39936]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-29 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety
\fsssvc.exe [2010-9-22 1493352]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\androidusb.sys [2010-4-29 26112]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys
[2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10
-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware
\NisSrv.exe [2010-11-11 206360]
S3 VundoFixSvc;VundoFix Service;VundoFixSVC.exe --> VundoFixSVC.exe [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe
[2010-3-29 1343400]
S4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-1-15 57344]
S4 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe
[2010-2-19 517096]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh
\wlcrasvc.exe [2010-9-22 51040]
=============== Created Last 30 ================
2011-01-16 01:23:35 98816 -c--a-w- c:\temp\4807.tmp\SED.DAT
2011-01-16 01:23:35 89088 -c--a-w- c:\temp\4807.tmp\MBR.DAT
2011-01-16 01:23:35 518144 -c--a-w- c:\temp\4807.tmp\SWREG.DAT
2011-01-16 01:23:35 256512 -c--a-w- c:\temp\4807.tmp\PEV.DAT
2011-01-16 01:00:14 24576 -c--a-w- c:\windows\system32\VundoFixSVC.exe
2011-01-16 00:32:58 -------- dc----w- C:\VundoFix Backups
2011-01-15 23:51:21 -------- dc----w- c:\program files\Microsoft Security
Client
2011-01-15 23:51:18 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-15 22:18:37 -------- dc----w- c:\progra~2\PC Tools
2011-01-15 15:07:32 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-15 15:07:27 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-01-15 15:07:27 -------- dc----w- c:\program files\Malwarebytes' Anti-
Malware
2011-01-15 05:21:48 77824 -csha-r- c:\windows\system32\hpbpropsm.dll
2011-01-14 10:34:57 987136 ----a-w- c:\program files\common files\system\ado
\msado15.dll
2011-01-14 10:34:57 573440 ----a-w- c:\windows\system32\odbc32.dll
2011-01-14 10:34:57 372736 ----a-w- c:\program files\common files\system\ado
\msadox.dll
2011-01-14 10:34:57 352256 ----a-w- c:\program files\common files\system\ado
\msadomd.dll
2011-01-14 10:34:56 208896 ----a-w- c:\program files\common files\system\msadc
\msadco.dll
2011-01-01 12:46:03 176488 ----a-w- c:\progra~2\microsoft\windows\sqm\manifest
\Sqm10136.bin
2010-12-27 03:05:02 -------- dc----w- c:\program files\TabletPlugins
2010-12-23 19:44:48 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition
updates\{57c49194-5af2-45b5-8050-3ad4e55c1306}\mpengine.dll
2010-12-23 18:46:35 -------- dc----w- C:\DTUpdates
2010-12-21 17:32:22 53248 -c--a-r- c:\users\alanpo~1\appdata\roaming\microsoft
\installer\{6ba13efc-e8d0-4d37-af04-42796cf0e8f5}\ARPPRODUCTICON.exe
==================== Find3M ====================
2010-12-21 17:31:30 256 -c--a-w- c:\windows\system32\pool.bin
2010-12-21 02:31:57 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2010-12-20 16:15:03 111012 -c--a-w- c:\windows\News Rover Uninstaller.exe
2010-12-16 08:12:29 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 08:12:14 978944 ----a-w- c:\windows\system32\wininet.dll
2010-12-16 08:12:14 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-16 08:12:14 386048 ----a-w- c:\windows\system32\html.iec
2010-12-16 08:12:13 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-16 08:12:00 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-16 08:12:00 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-12-16 08:12:00 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-16 08:12:00 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-16 08:12:00 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-12-16 08:12:00 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-12-16 08:11:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-16 08:11:56 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-16 08:11:54 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-16 08:11:08 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-16 08:01:17 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-02 03:35:18 4280320 -c--a-w- c:\windows\system32\GPhotos.scr
2010-11-29 22:38:30 94208 -c--a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 -c--a-w- c:\windows\system32\QuickTime.qts
2010-11-19 14:35:30 695901 -c--a-w- c:\windows\system32\unins000.exe
2010-10-29 15:18:07 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-10-29 15:18:06 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2010-10-27 07:02:19 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 07:02:19 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 07:02:18 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 07:02:18 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-21 01:44:38 3181568 ----a-w- c:\windows\system32\mf.dll
2010-10-21 01:44:38 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-10-21 01:44:38 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-10-19 15:41:44 222080 -c----w- c:\windows\system32\MpSigStub.exe
============= FINISH: 20:31:06.87 ===============