theare
2011-08-25, 18:33
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by isis at 11:32:23 on 2011-08-25
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.1216.661 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\slserv.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.5\iobitToolbarIE.dll
uURLSearchHooks: H - No File
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.5\iobitToolbarIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.5\iobitToolbarIE.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
StartupFolder: c:\users\isis\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254 192.168.0.1
TCP: Interfaces\{26E8A79F-0978-43D9-B816-75A3C529E62D} : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{7DFD0662-4948-40A9-869F-D187FE37FAB3} : DhcpNameServer = 192.168.1.254 192.168.0.1
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\isis\appdata\roaming\mozilla\firefox\profiles\q9905z3n.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z128&install_date=20110818
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20110818&q=
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\isis\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-8-17 16184]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-11 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-11 307928]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-11 328536]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-6-24 393112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-11 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-11 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-11 42184]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-8-17 820568]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-4 366640]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-12-2 483688]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-4 22712]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2009-12-2 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2009-12-2 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-12-2 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2009-12-2 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-12-2 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-8-8 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-13 15872]
S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\RegFilter.sys [2011-8-17 30600]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-13 52224]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [2011-8-17 19280]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-11 1343400]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\FileMonitor.sys [2011-8-17 18768]
.
=============== Created Last 30 ================
.
2011-08-23 18:41:53 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-22 20:12:19 -------- d-----w- c:\windows\system32\SPReview
2011-08-22 20:11:19 -------- d-----w- c:\windows\system32\EventProviders
2011-08-18 16:20:22 -------- d-----w- c:\program files\StartNow Toolbar
2011-08-17 17:42:06 29008 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-08-17 17:42:06 16184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-08-17 17:40:41 -------- d-----w- c:\program files\Application Updater
2011-08-17 17:40:40 -------- d-----w- c:\program files\IObit Toolbar
2011-08-17 17:40:40 -------- d-----w- c:\program files\common files\Spigot
2011-08-14 15:12:41 -------- d-----w- c:\users\isis\appdata\roaming\OpenOffice.org
2011-08-12 13:16:09 -------- d-----w- c:\users\isis\appdata\roaming\ParetoLogic
2011-08-12 13:16:09 -------- d-----w- c:\users\isis\appdata\roaming\DriverCure
2011-08-12 13:15:29 -------- d-----w- c:\programdata\ParetoLogic
2011-08-12 13:15:29 -------- d-----w- c:\program files\ParetoLogic
2011-08-12 13:13:32 -------- d-----w- c:\program files\OpenOffice.org 3
2011-08-12 13:13:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-12 00:39:42 -------- d-----w- c:\users\isis\appdata\local\SoftGrid Client
2011-08-12 00:39:05 -------- d-----w- c:\users\isis\appdata\roaming\SoftGrid Client
2011-08-12 00:33:48 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2011-08-12 00:32:13 -------- d-----w- c:\users\isis\appdata\roaming\TP
2011-08-11 14:52:01 -------- d-----w- c:\users\isis\appdata\local\Google
2011-08-10 21:18:18 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 21:18:18 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 21:18:03 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 21:00:46 981504 ----a-w- c:\windows\system32\wininet.dll
2011-08-10 21:00:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-10 21:00:46 163328 ----a-w- c:\program files\internet explorer\ieproxy.dll
2011-08-08 23:26:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-08 23:26:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-04 21:50:25 -------- d-----w- c:\users\isis\appdata\roaming\Malwarebytes
2011-08-04 21:50:16 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-04 21:50:15 -------- d-----w- c:\programdata\Malwarebytes
2011-08-04 21:50:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-04 21:50:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-04 21:31:51 -------- d-----w- c:\users\isis\appdata\roaming\AVG10
2011-08-04 21:30:19 -------- d--h--w- c:\programdata\Common Files
2011-08-04 21:25:13 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-04 21:25:13 -------- d-----w- c:\programdata\AVG10
2011-08-04 21:24:39 -------- d-----w- c:\program files\AVG
2011-08-04 17:41:09 -------- d-----w- c:\programdata\MFAData
2011-08-02 17:42:10 65536 --sha-r- c:\windows\system32\odbcad32Q.dll
2011-08-02 17:40:22 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e5ca2abb-aea3-456a-8e64-bbedea9f3e43}\mpengine.dll
.
==================== Find3M ====================
.
2011-08-22 20:25:12 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-12 02:55:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-11 16:22:17 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-06-11 16:21:44 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-06-11 16:21:44 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-06-11 16:21:44 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-06-11 16:21:26 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-06-11 16:21:26 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 11:44:26.40 ===============
Edit
http://forums.spybot.info/showthread.php?p=411539#post411539
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by isis at 11:32:23 on 2011-08-25
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.1216.661 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\slserv.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.5\iobitToolbarIE.dll
uURLSearchHooks: H - No File
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.5\iobitToolbarIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.5\iobitToolbarIE.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
StartupFolder: c:\users\isis\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254 192.168.0.1
TCP: Interfaces\{26E8A79F-0978-43D9-B816-75A3C529E62D} : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{7DFD0662-4948-40A9-869F-D187FE37FAB3} : DhcpNameServer = 192.168.1.254 192.168.0.1
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\isis\appdata\roaming\mozilla\firefox\profiles\q9905z3n.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z128&install_date=20110818
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20110818&q=
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\isis\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-8-17 16184]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-11 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-11 307928]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-11 328536]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-6-24 393112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-11 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-11 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-11 42184]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-8-17 820568]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-4 366640]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-12-2 483688]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-4 22712]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2009-12-2 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2009-12-2 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-12-2 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2009-12-2 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-12-2 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-8-8 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-13 15872]
S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\RegFilter.sys [2011-8-17 30600]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-13 52224]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [2011-8-17 19280]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-11 1343400]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\FileMonitor.sys [2011-8-17 18768]
.
=============== Created Last 30 ================
.
2011-08-23 18:41:53 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-22 20:12:19 -------- d-----w- c:\windows\system32\SPReview
2011-08-22 20:11:19 -------- d-----w- c:\windows\system32\EventProviders
2011-08-18 16:20:22 -------- d-----w- c:\program files\StartNow Toolbar
2011-08-17 17:42:06 29008 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-08-17 17:42:06 16184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-08-17 17:40:41 -------- d-----w- c:\program files\Application Updater
2011-08-17 17:40:40 -------- d-----w- c:\program files\IObit Toolbar
2011-08-17 17:40:40 -------- d-----w- c:\program files\common files\Spigot
2011-08-14 15:12:41 -------- d-----w- c:\users\isis\appdata\roaming\OpenOffice.org
2011-08-12 13:16:09 -------- d-----w- c:\users\isis\appdata\roaming\ParetoLogic
2011-08-12 13:16:09 -------- d-----w- c:\users\isis\appdata\roaming\DriverCure
2011-08-12 13:15:29 -------- d-----w- c:\programdata\ParetoLogic
2011-08-12 13:15:29 -------- d-----w- c:\program files\ParetoLogic
2011-08-12 13:13:32 -------- d-----w- c:\program files\OpenOffice.org 3
2011-08-12 13:13:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-12 00:39:42 -------- d-----w- c:\users\isis\appdata\local\SoftGrid Client
2011-08-12 00:39:05 -------- d-----w- c:\users\isis\appdata\roaming\SoftGrid Client
2011-08-12 00:33:48 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2011-08-12 00:32:13 -------- d-----w- c:\users\isis\appdata\roaming\TP
2011-08-11 14:52:01 -------- d-----w- c:\users\isis\appdata\local\Google
2011-08-10 21:18:18 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 21:18:18 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 21:18:03 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 21:00:46 981504 ----a-w- c:\windows\system32\wininet.dll
2011-08-10 21:00:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-10 21:00:46 163328 ----a-w- c:\program files\internet explorer\ieproxy.dll
2011-08-08 23:26:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-08 23:26:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-04 21:50:25 -------- d-----w- c:\users\isis\appdata\roaming\Malwarebytes
2011-08-04 21:50:16 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-04 21:50:15 -------- d-----w- c:\programdata\Malwarebytes
2011-08-04 21:50:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-04 21:50:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-04 21:31:51 -------- d-----w- c:\users\isis\appdata\roaming\AVG10
2011-08-04 21:30:19 -------- d--h--w- c:\programdata\Common Files
2011-08-04 21:25:13 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-04 21:25:13 -------- d-----w- c:\programdata\AVG10
2011-08-04 21:24:39 -------- d-----w- c:\program files\AVG
2011-08-04 17:41:09 -------- d-----w- c:\programdata\MFAData
2011-08-02 17:42:10 65536 --sha-r- c:\windows\system32\odbcad32Q.dll
2011-08-02 17:40:22 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e5ca2abb-aea3-456a-8e64-bbedea9f3e43}\mpengine.dll
.
==================== Find3M ====================
.
2011-08-22 20:25:12 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-12 02:55:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-11 16:22:17 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-06-11 16:21:44 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-06-11 16:21:44 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-06-11 16:21:44 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-06-11 16:21:26 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-06-11 16:21:26 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 11:44:26.40 ===============
Edit
http://forums.spybot.info/showthread.php?p=411539#post411539