Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Firefox Web redirects

  1. #1
    Junior Member
    Join Date
    Sep 2010
    Posts
    5

    Default Firefox Web redirects

    Folks

    When I use Firefox so search Google I find the result get re-directed to porn sites or other such sites

    e.g Google search British Airways , click on British Airways and Redirects else where.

    System info
    Windows XP Pro , fully patched up to yesterday.
    Anti Virus - Free AVG
    SpyBot installed to day and it did find some issues but sill seem to have the redirects

    Attached is a copy of dds attach (ziped)

    DDS Log as below.

    Hope some kind sole can help.

    Matt


    DDS (Ver_10-03-17.01) - FAT32x86
    Run by Matt and Wendy Mob at 21:30:53.85 on Fri 09/10/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.57 [GMT 2:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    SVCHOST.EXE
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    SVCHOST.EXE
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    SVCHOST.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Citrix\ICA Client\ssonsvr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    SVCHOST.EXE
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE
    C:\Program Files\Citrix\ICA Client\PNAMAIN.EXE
    C:\Documents and Settings\Matt and Wendy Mob\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Documents and Settings\Matt and Wendy Mob\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyServer = 127.0.0.1:8080
    uInternet Settings,ProxyOverride = <local>
    BHO: {27e10b60-07bf-473c-99a3-86c6ade76bd9} -
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: 443340a3: {bd8bba30-1768-fbab-141d-b1d7f463702a} -
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [S3TRAY2] S3Tray2.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
    mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
    mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [tgcmd] "c:\program files\support.com\bin\tgcmd.exe" /server
    mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mExplorerRun: [RTHDBPL] c:\documents and settings\matt and wendy mob\application data\systemproc\lsass.exe
    StartupFolder: c:\docume~1\mattan~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\matt and wendy mob\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\online~1.lnk - c:\windows\installer\{7681a1a9-d865-4dc0-a319-41a49f5e78db}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283378027670
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: 344010f61003 - c:\windows\system32\camocx32.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: LMIinit - LMIinit.dll
    AppInit_DLLs: c:\windows\system32\camocx32.dll
    SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
    LSA: Authentication Packages = msv1_0 relog_ap
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\mattan~1\applic~1\mozilla\firefox\profiles\neq3omyd.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
    FF - prefs.js: network.proxy.gopher - 127.0.0.1
    FF - prefs.js: network.proxy.gopher_port - 8080
    FF - prefs.js: network.proxy.socks - 127.0.0.1
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\matt and wendy mob\application data\mozilla\firefox\profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\matt and wendy mob\application data\mozilla\firefox\profiles\neq3omyd.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-2 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-2 29584]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-2 243024]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-16 65584]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-2 308136]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-9-2 47640]
    S3 cpuz132;cpuz132;\??\c:\docume~1\mattan~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\mattan~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]

    =============== Created Last 30 ================


    ==================== Find3M ====================

    2010-09-01 22:56:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
    2010-09-01 22:55:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    2010-07-27 06:30:36 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
    2010-06-30 12:31:36 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-30 12:31:36 149504 ------w- c:\windows\system32\dllcache\schannel.dll
    2010-06-24 15:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
    2010-06-24 12:22:04 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 12:22:04 916480 ------w- c:\windows\system32\dllcache\wininet.dll
    2010-06-24 12:22:04 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2010-06-24 12:22:02 611840 ------w- c:\windows\system32\dllcache\mstime.dll
    2010-06-24 12:22:02 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll
    2010-06-24 12:22:02 206848 ------w- c:\windows\system32\dllcache\occache.dll
    2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll
    2010-06-24 12:22:00 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2010-06-24 12:22:00 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-06-24 12:22:00 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
    2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
    2010-06-24 12:21:58 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
    2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2010-06-24 12:21:56 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
    2010-06-23 12:08:10 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 07:41:46 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-14 07:41:46 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

    ============= FINISH: 21:32:06.17 ===============

  2. #2
    Senior Member
    Join Date
    Feb 2010
    Location
    Port Hedland, Western Australia
    Posts
    155

    Default

    Hello & Welcome to Safer-Networking

    Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

    In the meantime please note the following:
    • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
    • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
      1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
      2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
    • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
    • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
    Please note that the forum is very busy and if I don't hear from you within four days this thread will be closed.
    If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.

    Thanks

    Disable Spybot's TeaTimer 1.5 & 1.6
    • If you have version 1.5, right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol)
    • Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless
    • Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy
    • Click on Mode > Advanced Mode. When it prompts you, click Yes
    • On the left hand side, click on Tools
    • Check this box if it is not yet ticked: Resident
    • You will notice that Resident is now added under Tools. Click on Resident
    • Uncheck this box: Resident "TeaTimer" (Protection of over-all system settings) active
    • Exit Spybot Search & Destroy
    • Restart your computer for the changes to take effect
    Leave TeaTimer disabled until we're done here.

    Create a System Restore Point
    You have no System Restore Points. We need to create a new System Restore point which we can use in case of system problems while we're working:
    Press Start->All Programs->Accessories->System Tools->System Restore
    Select Create a restore point, then Next, type a name like Pre-Clean then press the Create button. Once it's done press Close

    GooredFix
    Download GooredFix from one of the locations below & save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed
    • To run the tool, double-click it (XP), or right-click & select Run As Administrator (Vista)
    • When prompted to run the scan, click Yes
    • GooredFix will check for infections, then a log will appear. Post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt)
    Rootkit Unhooker
    Download Rootkit Unhooker from Here & save it on your desktop.
    • Disable your security programs
    • Double click RKUnhookerLE.exe to run it
    • Click the Report tab, then click Scan
    • Check Drivers and Stealth Code, uncheck the rest, then click OK
    • When prompted to Select Disks for Scan, make sure C:\ is checked then click OK
    • Wait till the scanner has finished then go File > Save Report
    • Save the report somewhere you can find it such as your desktop then click Close
    • Copy/paste the entire contents of the report & post it in your next reply
    Note - You may get the following warning - it is ok - just ignore it:
    "Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?"


    Gmer
    Download GMER Rootkit Scanner from here & save it to your desktop.
    • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO


      Click the image to enlarge it
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
    • Save it where you can easily find it, such as your desktop, and post it in reply
    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

    Do not run any programs while Gmer is running.

    NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.
    • Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
    • Double click the gmer.exe file
    • The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
    • After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your reply


    To post in next reply:
    Contents of DDS log
    Contents of Attach.txt
    Contents of Gmer log
    Last edited by jmw3; 2010-09-11 at 14:55.

  3. #3
    Junior Member
    Join Date
    Sep 2010
    Posts
    5

    Default

    JMW Thankyou for offering to help.

    Item: Disable Spybot TeaTimer and reboot - Done

    Item Create System Restore - Done

    Item Goored Fix - Done
    GooredFix by jpshortstuff (03.07.10.1)
    Log created at 15:35 on 11/09/2010 (Matt and Wendy Mob)
    Firefox version 3.6.9 (en-US)

    ========== GooredScan ==========

    Deleting "C:\Documents and Settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{472cf6fd-5ef7-476c-b9cd-0ea0d0d31f18}" -> Success!

    ========== GooredLog ==========

    C:\Program Files\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [02:30 02/09/2010]
    {AB2CE124-6272-4b12-94A9-7303C7397BD1} [10:32 02/09/2010]

    C:\Documents and Settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\
    identity-cloaker@identitycloaker.com [11:43 02/09/2010]
    {B17C1C5A-04B1-11DB-9804-B622A1EF5492} [08:06 03/09/2010]
    LogMeInClient@logmein.com [18:12 08/09/2010]
    {3112ca9c-de6d-4884-a869-9855de68056c} [20:14 09/09/2010]

    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [20:25 02/09/2010]
    "{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG9\Firefox" [20:50 02/09/2010]

    -=E.O.F=-

    Item Rootkit Unhooker - Done

    RkU Version: 3.8.388.590, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 3)
    Number of processors #1
    ==============================================
    >Drivers
    ==============================================
    0xBF0B1000 C:\WINDOWS\System32\ati3duag.dll 2297856 bytes (ATI Technologies Inc. , ati3duag.dll)
    0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
    0x804D7000 PnpManager 2189952 bytes
    0x804D7000 RAW 2189952 bytes
    0x804D7000 WMIxWDM 2189952 bytes
    0xBF800000 Win32k 1855488 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xF7F8A000 C:\WINDOWS\System32\DRIVERS\AGRSM.sys 1200128 bytes (Agere Systems, SoftModem Device Driver)
    0xF82E5000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1073152 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
    0xBF2E2000 C:\WINDOWS\System32\ativvaxx.dll 610304 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
    0xF80EB000 C:\WINDOWS\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
    0xF81D8000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
    0xBA4CF000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xF8569000 timntr.sys 393216 bytes (Acronis, Acronis True Image Backup Archive Explorer)
    0xF7E1D000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
    0xBA63C000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xB7864000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
    0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0xB7000000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 241664 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
    0xF8249000 C:\WINDOWS\System32\DRIVERS\SynTP.sys 241664 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
    0xBA602000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
    0xBA487000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
    0xBF04D000 C:\WINDOWS\System32\ati2cqag.dll 204800 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
    0xBF07F000 C:\WINDOWS\System32\atikvmag.dll 204800 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
    0xF7EA3000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
    0xF8726000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
    0xB7B8B000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xF85C9000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0xF8663000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
    0xBA567000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xF8284000 C:\WINDOWS\System32\DRIVERS\e1000325.sys 167936 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 5.1 deserialized driver)
    0xBA5B4000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xBA5DC000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
    0xF860D000 Fastfat.sys 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
    0xF80C7000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xF82AD000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xF8179000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xBA592000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0xF8643000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xF86D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
    0xF86F7000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
    0xBA469000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
    0xF854E000 snapman.sys 110592 bytes (Acronis, Acronis Snapshot API)
    0xF8534000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xF868F000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
    0xF80AF000 C:\WINDOWS\system32\drivers\aeaudio.sys 98304 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
    0xF86A8000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xBA429000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
    0xF86C0000 C:\WINDOWS\System32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
    0xF85F6000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xF7F73000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xB8193000 C:\WINDOWS\System32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
    0xB7CF6000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xBA4BB000 C:\WINDOWS\system32\DRIVERS\ctxusbm.sys 81920 bytes (Citrix Systems, Inc., Citrix USB Filter Driver)
    0xF81C4000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
    0xF82D1000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0x806EE000 ACPI_HAL 81152 bytes
    0x806EE000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xBA735000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xF8631000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
    0xF8715000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xF843B000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xF8915000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xF88F5000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
    0xF8935000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xF8925000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
    0xBA715000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xF847B000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
    0xF89C5000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xF87D5000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
    0xF87A5000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
    0xF88E5000 C:\WINDOWS\System32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
    0xF8835000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xF88D5000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
    0xF8945000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xF8795000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0xF8815000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
    0xF8805000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
    0xF8965000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xF8865000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
    0xF8895000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
    0xF8875000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
    0xF8885000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
    0xF848B000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
    0xF8905000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xF8785000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xF8955000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xF8845000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
    0xF8775000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0xB7933000 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
    0xF8995000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xF87F5000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
    0xF87C5000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
    0xF8855000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
    0xF8975000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    0xF8825000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xF845B000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
    0xF88C5000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
    0xF846B000 C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys 36864 bytes (Windows (R) Codename Longhorn DDK provider, KMWDFilter Driver from UASSOFT.COM)
    0xF84CB000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xF84AB000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xB7159000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
    0xF87B5000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
    0xF87E5000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
    0xF84BB000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xF8AE5000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
    0xF8B3D000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xF8A25000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
    0xF8A35000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
    0xF8B75000 C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 32768 bytes (Acronis, Acronis True Image File System Filter)
    0xF8B5D000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0xF8ABD000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xF8A0D000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
    0xF8AD5000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
    0xF8B25000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0xF8A5D000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
    0xF8ADD000 C:\WINDOWS\System32\DRIVERS\nscirda.sys 28672 bytes (National Semiconductor Corporation, NSC Fast Infrared Driver.)
    0xF89F5000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xF8A55000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
    0xF8A2D000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
    0xF8B65000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
    0xF8B55000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
    0xF8A3D000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
    0xF8A45000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
    0xF8B4D000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
    0xF8AC5000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
    0xF8ACD000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
    0xF8AB5000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0xF8B2D000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xF8A4D000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
    0xF8A1D000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
    0xF8A15000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
    0xF8B35000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xF89FD000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xF8AFD000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xF8AED000 C:\WINDOWS\System32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
    0xF8B05000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
    0xF8A05000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
    0xF8AF5000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xF8B45000 C:\WINDOWS\System32\drivers\TSMAPIP.SYS 20480 bytes
    0xF8B6D000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xF8B99000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
    0xF8BA9000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
    0xF8B8D000 C:\WINDOWS\System32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
    0xF8BB1000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
    0xF8C71000 C:\WINDOWS\System32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
    0xF8B95000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
    0xF8BA1000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
    0xF8510000 C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys 16384 bytes (Lenovo., ThinkPad Power Management Driver)
    0xF8BAD000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
    0xF7E8F000 C:\WINDOWS\System32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0xF8433000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xB82CD000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
    0xF8C65000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
    0xF8B9D000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
    0xF8B91000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
    0xF8BA5000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
    0xF8B85000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xF8B89000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
    0xBA7E8000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xF81A4000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0xF83FB000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
    0xF8C69000 C:\WINDOWS\System32\DRIVERS\irenum.sys 12288 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)
    0xF7E93000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0xF84F8000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xF83F3000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xF8C79000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
    0xF8C8F000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xF8C83000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
    0xF8C81000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
    0xF8C95000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
    0xF8C8D000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xF8C7B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
    0xF8C75000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xF8C91000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xF8D09000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
    0xF8C85000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
    0xF8D27000 C:\Program Files\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)
    0xF8C93000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xF8C89000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xF8C7D000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
    0xF8C87000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xF8C7F000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0xF8C77000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xF8D6F000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xF8E10000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xF8D6E000 C:\WINDOWS\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
    0xF8DCF000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0xF8D3E000 C:\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
    0xF8D3D000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    ==============================================
    >Stealth
    ==============================================


    Item GMER - Done
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-09-11 15:47:59
    Windows 5.1.2600 Service Pack 3
    Running: 4y4tcf5p.exe; Driver: C:\DOCUME~1\MATTAN~1\LOCALS~1\Temp\kxtoiaod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----


    You all so asked at the last Email , at the bootom for Copies of DDS.log
    Which has been re-run


    DDS (Ver_10-03-17.01) - FAT32x86
    Run by Matt and Wendy Mob at 15:49:07.02 on Sat 09/11/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.146 [GMT 2:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    SVCHOST.EXE
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    SVCHOST.EXE
    C:\Program Files\Citrix\ICA Client\ssonsvr.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    SVCHOST.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    SVCHOST.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Documents and Settings\Matt and Wendy Mob\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Citrix\ICA Client\PNAMAIN.EXE
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Documents and Settings\Matt and Wendy Mob\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyServer = 127.0.0.1:8080
    uInternet Settings,ProxyOverride = <local>
    BHO: {27e10b60-07bf-473c-99a3-86c6ade76bd9} -
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: 443340a3: {bd8bba30-1768-fbab-141d-b1d7f463702a} -
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [S3TRAY2] S3Tray2.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
    mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
    mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [tgcmd] "c:\program files\support.com\bin\tgcmd.exe" /server
    mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    StartupFolder: c:\docume~1\mattan~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\matt and wendy mob\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\online~1.lnk - c:\windows\installer\{7681a1a9-d865-4dc0-a319-41a49f5e78db}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283378027670
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: LMIinit - LMIinit.dll
    SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
    LSA: Authentication Packages = msv1_0 relog_ap
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\mattan~1\applic~1\mozilla\firefox\profiles\neq3omyd.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
    FF - prefs.js: network.proxy.gopher - 127.0.0.1
    FF - prefs.js: network.proxy.gopher_port - 8080
    FF - prefs.js: network.proxy.socks - 127.0.0.1
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\matt and wendy mob\application data\mozilla\firefox\profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\matt and wendy mob\application data\mozilla\firefox\profiles\neq3omyd.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-2 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-2 29584]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-2 243024]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-16 65584]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-2 308136]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-9-2 47640]
    S3 cpuz132;cpuz132;\??\c:\docume~1\mattan~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\mattan~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]

    =============== Created Last 30 ================

    2010-09-11 05:39:17 0 d-----w- c:\docume~1\mattan~1\applic~1\Malwarebytes
    2010-09-11 05:38:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-11 05:38:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-09-11 05:38:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-11 05:38:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-10 16:18:10 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-09-10 16:18:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-09-10 16:14:59 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat
    2010-09-10 07:32:56 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2010-09-08 16:07:43 38 ----a-w- c:\windows\system32\64c017f1
    2010-09-08 11:47:20 0 d-----w- c:\windows\system32\Logfiles
    2010-09-08 11:47:20 0 d-----w- C:\Inetpub
    2010-09-08 07:34:55 0 ---ha-w- c:\documents and settings\matt and wendy mob\fjpavxqfur.tmp
    2010-09-08 07:32:32 0 d-----w- c:\docume~1\mattan~1\applic~1\Dropbox
    2010-09-07 18:22:59 0 d--h--w- C:\$AVG
    2010-09-07 18:22:28 1185 ----a-w- c:\windows\system32\1144679306
    2010-09-07 18:19:07 203776 --sh--w- c:\windows\system32\unrar.exe
    2010-09-07 18:19:07 0 d-----w- c:\windows\system32\108165009
    2010-09-07 17:15:40 0 d-----w- c:\docume~1\mattan~1\applic~1\Gygan
    2010-09-07 17:15:30 0 d-----w- c:\program files\Xenocode
    2010-09-07 17:14:58 0 d-----w- c:\program files\Gygan BETA
    2010-09-07 15:32:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Citrix
    2010-09-07 15:31:44 0 d-----w- c:\docume~1\mattan~1\applic~1\ICAClient
    2010-09-07 15:31:33 0 d-----w- c:\program files\Citrix
    2010-09-06 17:32:25 0 d-----w- C:\PMAIL
    2010-09-06 16:57:14 754 ----a-w- c:\windows\WORDPAD.INI
    2010-09-06 16:34:51 0 d-----w- c:\docume~1\mattan~1\applic~1\Foxit Software
    2010-09-05 20:43:41 0 d-----w- C:\wamp
    2010-09-05 20:26:37 0 d-----w- c:\documents and settings\matt and wendy mob\.gconfd
    2010-09-05 20:26:37 0 d-----w- c:\documents and settings\matt and wendy mob\.gconf
    2010-09-05 20:26:36 0 d-----w- c:\documents and settings\matt and wendy mob\.gnome2_private
    2010-09-05 20:26:36 0 d-----w- c:\documents and settings\matt and wendy mob\.gnome2
    2010-09-05 20:26:29 0 d-----w- c:\documents and settings\matt and wendy mob\.gnucash
    2010-09-05 20:24:30 0 d-----w- c:\program files\gnucash
    2010-09-05 19:50:08 0 d-----w- c:\docume~1\mattan~1\applic~1\Canon Easy-WebPrint EX
    2010-09-05 19:47:53 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2010-09-05 19:47:53 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
    2010-09-05 19:47:16 223744 ----a-w- c:\windows\system32\CNMLM8F.DLL
    2010-09-05 19:24:27 4608 ------w- c:\windows\system32\drivers\TSMAPIP.SYS
    2010-09-05 19:24:00 0 d-----w- c:\program files\Lenovo
    2010-09-05 19:21:28 0 d-----w- c:\program files\CCleaner
    2010-09-05 19:07:31 0 d-----w- c:\docume~1\mattan~1\applic~1\ParetoLogic
    2010-09-05 19:07:31 0 d-----w- c:\docume~1\mattan~1\applic~1\DriverCure
    2010-09-05 19:07:19 0 d-----w- c:\program files\ParetoLogic
    2010-09-05 19:07:19 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
    2010-09-05 18:40:07 0 d-----w- c:\program files\Support.com
    2010-09-05 18:39:53 0 d-----w- C:\temp
    2010-09-05 18:39:42 0 d-----w- c:\docume~1\alluse~1\applic~1\IBM
    2010-09-03 12:40:26 0 d--h--w- c:\program files\MB
    2010-09-03 08:54:29 0 d-----w- c:\program files\USBDeview
    2010-09-03 08:47:24 0 d-----w- c:\program files\Foxit Software
    2010-09-02 23:22:56 69 ----a-w- c:\windows\NeroDigital.ini
    2010-09-02 23:20:44 121787 ----a-w- c:\windows\system32\AdobeFnt.lst
    2010-09-02 23:18:44 0 d-----w- c:\docume~1\mattan~1\applic~1\ZoomBrowser EX
    2010-09-02 23:12:34 0 d-----w- c:\docume~1\alluse~1\applic~1\ZoomBrowser
    2010-09-02 23:01:04 196 ----a-w- c:\windows\_delis32.ini
    2010-09-02 23:00:07 0 d-----w- c:\program files\common files\FotoNation
    2010-09-02 22:59:14 0 d-----w- c:\documents and settings\matt and wendy mob\WINDOWS
    2010-09-02 22:52:36 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
    2010-09-02 22:52:36 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
    2010-09-02 22:52:17 476320 ------w- c:\windows\system32\ImagXpr7.dll
    2010-09-02 22:52:17 471040 ------w- c:\windows\system32\ImagXRA7.dll
    2010-09-02 22:52:17 262144 ------w- c:\windows\system32\ImagXR7.dll
    2010-09-02 22:52:17 1568768 ------w- c:\windows\system32\ImagX7.dll
    2010-09-02 22:52:17 106496 ----a-w- c:\windows\system32\TwnLib20.dll
    2010-09-02 22:52:16 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    2010-09-02 22:44:51 0 d-----w- c:\program files\Canon
    2010-09-02 22:44:43 0 d-----w- c:\program files\common files\Canon
    2010-09-02 21:36:21 392320 ----a-w- c:\windows\system32\drivers\timntr.sys
    2010-09-02 21:36:21 37888 ----a-w- c:\windows\system32\setupnt.dll
    2010-09-02 21:36:21 32768 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
    2010-09-02 21:36:21 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
    2010-09-02 20:52:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-09-02 20:52:33 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-09-02 20:52:24 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-09-02 20:52:14 0 d-----w- c:\windows\system32\drivers\Avg
    2010-09-02 20:48:22 0 d-----w- c:\program files\AVG
    2010-09-02 20:47:59 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
    2010-09-02 20:24:10 0 d-----w- c:\windows\system32\XPSViewer
    2010-09-02 20:23:27 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2010-09-02 20:23:27 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2010-09-02 20:23:27 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2010-09-02 20:23:27 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
    2010-09-02 20:23:27 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2010-09-02 20:23:27 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
    2010-09-02 20:23:27 117760 ------w- c:\windows\system32\prntvpt.dll
    2010-09-02 20:23:26 0 d-----w- C:\ee36f06e900b8a1207225a94f13f3a
    2010-09-02 20:20:49 0 d-----w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
    2010-09-02 18:20:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Driver Boost
    2010-09-02 11:32:04 0 d-----w- c:\program files\2Remember
    2010-09-02 11:26:24 0 d-----w- c:\docume~1\mattan~1\applic~1\TeamViewer
    2010-09-02 11:26:13 0 d-----w- c:\program files\TeamViewer
    2010-09-02 11:11:15 0 d-----w- c:\program files\VideoLAN
    2010-09-02 10:48:40 0 d-----w- C:\Identity Cloaker
    2010-09-02 10:36:49 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2010-09-02 10:32:37 0 d-----r- c:\program files\Skype
    2010-09-02 10:27:04 8192 ----a-w- c:\windows\REGLOCS.OLD
    2010-09-02 09:23:57 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cb4a8091edd550.mof
    2010-09-02 09:13:32 16384 ----a-w- c:\windows\system32\ipsink.ax
    2010-09-02 09:13:32 16384 ----a-w- c:\windows\system32\dllcache\ipsink.ax
    2010-09-02 09:13:32 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
    2010-09-02 09:13:32 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys
    2010-09-02 09:10:25 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
    2010-09-02 09:10:25 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
    2010-09-02 09:09:55 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
    2010-09-02 09:09:55 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
    2010-09-02 09:07:48 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
    2010-09-02 09:07:48 17024 ----a-w- c:\windows\system32\dllcache\ccdecode.sys
    2010-09-02 09:07:15 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
    2010-09-02 09:07:15 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
    2010-09-02 09:06:48 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
    2010-09-02 09:06:48 85248 ----a-w- c:\windows\system32\dllcache\nabtsfec.sys
    2010-09-02 09:06:24 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
    2010-09-02 09:06:24 11136 ----a-w- c:\windows\system32\dllcache\slip.sys
    2010-09-02 09:05:41 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2010-09-02 09:05:41 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
    2010-09-02 09:04:59 91136 ----a-w- c:\windows\system32\kswdmcap.ax
    2010-09-02 09:04:59 91136 ----a-w- c:\windows\system32\dllcache\kswdmcap.ax
    2010-09-02 09:04:59 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
    2010-09-02 09:04:59 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
    2010-09-02 09:04:59 43008 ----a-w- c:\windows\system32\ksxbar.ax
    2010-09-02 09:04:59 43008 ----a-w- c:\windows\system32\dllcache\ksxbar.ax
    2010-09-02 09:04:58 61952 ----a-w- c:\windows\system32\kstvtune.ax
    2010-09-02 09:04:58 61952 ----a-w- c:\windows\system32\dllcache\kstvtune.ax
    2010-09-02 09:04:58 20992 ----a-w- c:\windows\system32\dshowext.ax
    2010-09-02 09:04:58 20992 ----a-w- c:\windows\system32\dllcache\dshowext.ax
    2010-09-02 08:14:48 376 ----a-w- c:\windows\ODBC.INI
    2010-09-02 08:14:43 28040 ----a-w- c:\windows\system32\mdimon.dll
    2010-09-02 08:12:54 0 d-----w- c:\program files\Microsoft ActiveSync
    2010-09-02 08:12:08 0 d-----w- c:\windows\SHELLNEW
    2010-09-02 06:34:24 0 d-----w- c:\docume~1\alluse~1\applic~1\LogMeIn
    2010-09-02 06:34:16 29568 ----a-w- c:\windows\system32\LMIport.dll
    2010-09-02 06:34:15 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2010-09-02 06:34:15 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
    2010-09-02 06:34:04 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2010-09-02 06:33:59 1024 ----a-w- C:\.rnd
    2010-09-02 06:33:43 0 d-----w- c:\program files\LogMeIn
    2010-09-02 02:37:55 0 d--h--w- c:\windows\system32\GroupPolicy
    2010-09-02 02:33:23 0 d-sh--w- C:\Recycled
    2010-09-02 02:20:36 272 ----a-w- c:\windows\system32\drivers\sfi.dat
    2010-09-02 02:18:22 0 d-----w- c:\windows\system32\appmgmt
    2010-09-02 01:53:35 0 d--h--w- C:\VritualRoot
    2010-09-01 23:23:08 0 d-----w- c:\windows\system32\scripting
    2010-09-01 23:23:06 0 d-----w- c:\windows\system32\en
    2010-09-01 23:23:06 0 d-----w- c:\windows\system32\bits
    2010-09-01 23:23:06 0 d-----w- c:\windows\l2schemas
    2010-09-01 23:18:39 0 d-----w- c:\windows\network diagnostic
    2010-09-01 23:09:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader
    2010-09-01 23:02:19 0 d-sh--w- c:\documents and settings\matt and wendy mob\IECompatCache
    2010-09-01 23:00:48 0 d-sh--w- c:\documents and settings\matt and wendy mob\PrivacIE
    2010-09-01 22:49:35 0 d--h--w- c:\windows\ie8
    2010-09-01 22:47:08 712704 ------w- c:\windows\system32\windowscodecs.dll
    2010-09-01 22:47:08 1372672 ------w- c:\windows\system32\msxml6.dll
    2010-09-01 22:47:08 1372672 ------w- c:\windows\system32\dllcache\msxml6.dll
    2010-09-01 22:47:05 346112 ------w- c:\windows\system32\windowscodecsext.dll
    2010-09-01 22:47:04 650752 ------w- c:\windows\system32\dot3ui.dll
    2010-09-01 22:47:03 290304 ------w- c:\windows\system32\rhttpaa.dll
    2010-09-01 22:47:03 276992 ------w- c:\windows\system32\wmphoto.dll
    2010-09-01 22:47:02 397312 ------w- c:\windows\system32\mmcex.dll
    2010-09-01 22:47:01 291328 ------w- c:\windows\system32\qagentrt.dll
    2010-09-01 22:47:00 233472 ------w- c:\windows\system32\azroles.dll
    2010-09-01 22:45:58 8677 ------w- c:\windows\system32\dllcache\wm7.gif
    2010-09-01 22:27:18 354304 ------w- c:\windows\system32\dllcache\srv.sys
    2010-09-01 22:26:56 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
    2010-09-01 22:26:56 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
    2010-09-01 22:26:55 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-09-01 22:26:51 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2010-09-01 22:26:50 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
    2010-09-01 22:25:43 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
    2010-09-01 22:25:43 153088 ------w- c:\windows\system32\dllcache\triedit.dll
    2010-09-01 22:25:38 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
    2010-09-01 22:07:24 0 d-sh--w- C:\FOUND.000
    2010-09-01 22:05:09 0 d-----w- c:\program files\Synaptics
    2010-09-01 13:23:21 331776 ------w- c:\windows\system32\dllcache\msadce.dll
    2010-09-01 13:21:51 2560 ------w- c:\windows\system32\xpsp4res.dll
    2010-09-01 13:21:51 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
    2010-09-01 13:21:51 1206508 ------w- c:\windows\system32\dllcache\sysmain.sdb
    2010-09-01 13:18:26 0 d-----w- c:\windows\system32\PreInstall
    2010-09-01 13:18:24 0 d--h--w- c:\windows\$hf_mig$
    2010-09-01 13:11:15 0 d-----w- c:\windows\system32\wbem\AutoRecover
    2010-09-01 13:05:33 316640 ----a-w- c:\windows\WMSysPr9.prx
    2010-09-01 13:03:59 79872 ----a-w- c:\windows\system32\dllcache\iislog51.dll
    2010-09-01 13:02:14 456192 ----a-w- c:\windows\system32\dllcache\smtpsvc.dll
    2010-09-01 13:02:06 331264 ----a-w- c:\windows\system32\dllcache\aqueue.dll
    2010-09-01 13:02:04 0 d-----w- c:\windows\ServicePackFiles
    2010-09-01 13:00:15 2897920 ------w- c:\windows\system32\xpsp2res.dll
    2010-09-01 12:59:40 19528 ----a-w- c:\windows\002147_.tmp
    2010-09-01 12:59:29 26144 ----a-w- c:\windows\system32\spupdsvc.exe
    2010-09-01 12:57:38 0 d-----w- c:\windows\EHome
    2010-09-01 12:54:42 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
    2010-09-01 12:54:42 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2010-09-01 12:54:42 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2010-09-01 12:54:42 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
    2010-09-01 12:54:42 0 d-----w- c:\windows\system32\SoftwareDistribution
    2010-09-01 12:37:14 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2010-09-01 12:37:14 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
    2010-09-01 12:36:32 21504 ----a-w- c:\windows\system32\hidserv.dll
    2010-09-01 12:36:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2010-09-01 12:34:13 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2010-09-01 12:34:13 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
    2010-09-01 12:33:55 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2010-09-01 12:25:32 7168 ----a-w- c:\windows\system32\hccoin.dll
    2010-09-01 12:25:32 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2010-09-01 12:23:28 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2010-09-01 12:23:28 59520 ----a-w- c:\windows\system32\dllcache\usbhub.sys
    2010-09-01 12:22:34 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
    2010-09-01 12:22:34 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
    2010-09-01 12:22:34 141056 ----a-w- c:\windows\system32\drivers\ks.sys
    2010-09-01 12:22:33 49408 ----a-w- c:\windows\system32\drivers\stream.sys
    2010-09-01 12:22:33 4096 ----a-w- c:\windows\system32\ksuser.dll
    2010-09-01 12:22:33 23552 ----a-w- c:\windows\system32\wdmaud.drv
    2010-09-01 12:22:33 129536 ----a-w- c:\windows\system32\ksproxy.ax
    2010-09-01 12:16:38 575704 ----a-w- c:\windows\system32\dllcache\wuapi.dll
    2010-09-01 12:16:38 35552 ----a-w- c:\windows\system32\dllcache\wups.dll
    2010-09-01 12:16:38 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
    2010-09-01 12:16:38 183296 ----a-w- c:\windows\system32\wuaueng1.dll
    2010-09-01 12:16:38 165888 ----a-w- c:\windows\system32\wuauclt1.exe

    ==================== Find3M ====================

    2010-09-01 22:56:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
    2010-09-01 22:55:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    2010-07-27 06:30:36 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
    2010-06-30 12:31:36 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-30 12:31:36 149504 ------w- c:\windows\system32\dllcache\schannel.dll
    2010-06-24 15:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
    2010-06-24 12:22:04 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 12:22:04 916480 ------w- c:\windows\system32\dllcache\wininet.dll
    2010-06-24 12:22:04 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2010-06-24 12:22:02 611840 ------w- c:\windows\system32\dllcache\mstime.dll
    2010-06-24 12:22:02 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll
    2010-06-24 12:22:02 206848 ------w- c:\windows\system32\dllcache\occache.dll
    2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll
    2010-06-24 12:22:00 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2010-06-24 12:22:00 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-06-24 12:22:00 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
    2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
    2010-06-24 12:21:58 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
    2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2010-06-24 12:21:56 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
    2010-06-23 12:08:10 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 07:41:46 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-14 07:41:46 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

    ============= FINISH: 15:49:44.65 ===============


    Yours

    Matthew

  4. #4
    Senior Member
    Join Date
    Feb 2010
    Location
    Port Hedland, Western Australia
    Posts
    155

    Default

    Hi

    TFC (Temp File Cleaner)
    Download TFC (Temp File Cleaner) by Old Timer Here & save it to your desktop.
    • Save any unsaved work. TFC Cleaner will close all open application windows
    • Double-click TFC.exe to run the program, your desktop will temporarily disappear
    • If prompted, click Yes to reboot
    Note: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.

    ComboFix
    Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
    Link 1
    Link 2

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
      A guide to do this can be found here
    • Double click on ComboFix.exe & follow the prompts
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    • Click on Yes, to continue scanning for malware.
    • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
    A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper


    To post in next reply:
    ComboFix log
    Update on how the computer is running

  5. #5
    Junior Member
    Join Date
    Sep 2010
    Posts
    5

    Default

    JMW3

    Item : TFC Done with promoted reboot.

    Item : ComboFix Done see below
    AVG Anti Virus Disabled
    Windows Recovery Console installed

    Did get the following error
    PEV.exe has encounted a proplem and needs to close.
    Do you want to send to Microsoft
    Replied No
    ComboFix carried on to the end

    Log file
    ComboFix 10-09-11.03 - Matt and Wendy Mob 09/12/2010 12:49:51.1.1 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.106 [GMT 2:00]
    Running from: c:\documents and settings\Matt and Wendy Mob\Desktop\Anti-Virus 2nd try\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Matt and Wendy Mob\Application Data\020000001ad81f511003C.manifest
    c:\documents and settings\Matt and Wendy Mob\Application Data\020000001ad81f511003O.manifest
    c:\documents and settings\Matt and Wendy Mob\Application Data\020000001ad81f511003P.manifest
    c:\documents and settings\Matt and Wendy Mob\Application Data\020000001ad81f511003S.manifest
    c:\windows\system32\108165009
    c:\windows\system32\Cache
    c:\windows\system32\unrar.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-08-12 to 2010-09-12 )))))))))))))))))))))))))))))))
    .

    2010-09-11 21:43 . 2010-09-11 21:43 114272 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-09-11 21:16 . 2010-09-11 21:16 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\CANON INC
    2010-09-11 21:15 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2010-09-11 21:15 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
    2010-09-11 21:15 . 2001-08-17 20:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2010-09-11 21:15 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2010-09-11 06:34 . 2010-09-11 06:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2010-09-11 05:39 . 2010-09-11 05:39 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Malwarebytes
    2010-09-11 05:38 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-11 05:38 . 2010-09-11 05:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-09-11 05:38 . 2010-09-11 05:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-11 05:38 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-10 16:18 . 2010-09-10 16:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-09-10 16:18 . 2010-09-10 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-09-10 07:43 . 2010-09-10 07:43 -------- d-----w- c:\program files\ERUNT
    2010-09-10 07:32 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2010-09-09 20:14 . 2010-08-30 12:33 43008 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2010-09-09 20:14 . 2010-08-30 12:33 338944 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2010-09-09 20:14 . 2010-08-30 12:34 1496064 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2010-09-09 20:14 . 2010-08-30 12:33 346112 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2010-09-08 18:12 . 2010-01-25 09:58 462848 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
    2010-09-08 18:12 . 2010-01-15 12:25 864256 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianDll.dll
    2010-09-08 18:12 . 2010-01-15 12:25 315392 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianEvt.dll
    2010-09-08 18:12 . 2010-01-15 12:25 372736 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe
    2010-09-08 18:12 . 2010-06-01 09:44 3907584 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
    2010-09-08 18:12 . 2010-01-15 12:26 70984 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
    2010-09-08 11:47 . 2010-09-08 11:47 -------- d-----w- c:\windows\system32\Logfiles
    2010-09-08 11:47 . 2010-09-08 11:47 -------- d-----w- C:\Inetpub
    2010-09-08 07:33 . 2010-09-08 07:33 89831 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox\bin\Uninstall.exe
    2010-09-08 07:32 . 2010-09-08 07:32 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox
    2010-09-07 18:22 . 2010-09-07 18:23 -------- d-----w- C:\$AVG
    2010-09-07 18:17 . 2010-09-07 18:17 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Apple Computer
    2010-09-07 18:12 . 2010-09-07 18:12 -------- d-----w- c:\program files\QuickTime
    2010-09-07 18:12 . 2010-09-07 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2010-09-07 18:11 . 2010-09-07 18:12 -------- d-----w- c:\program files\Common Files\Apple
    2010-09-07 18:11 . 2010-09-07 18:11 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\Apple
    2010-09-07 18:11 . 2010-09-07 18:11 -------- d-----w- c:\program files\Apple Software Update
    2010-09-07 18:11 . 2010-09-07 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2010-09-07 18:11 . 2010-09-07 18:11 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\Apple Computer
    2010-09-07 17:15 . 2010-09-07 17:15 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Gygan
    2010-09-07 17:15 . 2010-09-07 17:15 -------- d-----w- c:\program files\Xenocode
    2010-09-07 17:15 . 2010-09-07 17:15 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\Xenocode
    2010-09-07 17:14 . 2010-09-07 17:15 -------- d-----w- c:\program files\Gygan BETA
    2010-09-07 15:32 . 2010-05-12 14:55 1050040 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpress.exe
    2010-09-07 15:32 . 2010-05-12 14:38 71096 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_ko.dll
    2010-09-07 15:32 . 2010-05-12 14:38 75192 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_fr.dll
    2010-09-07 15:32 . 2010-05-12 14:38 71096 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_zh-TW.dll
    2010-09-07 15:32 . 2010-05-12 14:38 71096 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_ja.dll
    2010-09-07 15:32 . 2010-05-12 14:38 75192 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_ru.dll
    2010-09-07 15:32 . 2010-05-12 14:38 75192 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_es.dll
    2010-09-07 15:32 . 2010-05-12 14:38 75192 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_en.dll
    2010-09-07 15:32 . 2010-05-12 14:38 71096 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_zh-CN.dll
    2010-09-07 15:32 . 2010-05-12 14:38 75192 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_de.dll
    2010-09-07 15:32 . 2010-09-07 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
    2010-09-07 15:31 . 2010-09-07 15:31 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\Citrix
    2010-09-07 15:31 . 2010-09-07 15:31 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\ICAClient
    2010-09-07 15:31 . 2010-09-07 15:31 -------- d-----w- c:\program files\Citrix
    2010-09-06 17:32 . 2010-09-06 17:32 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\Help
    2010-09-06 17:32 . 2010-09-06 17:32 -------- d-----w- C:\PMAIL
    2010-09-06 16:34 . 2010-09-06 16:34 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Foxit Software
    2010-09-05 20:43 . 2010-09-05 20:43 -------- d-----w- C:\wamp
    2010-09-05 20:33 . 2010-09-05 20:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\PhotoParade
    2010-09-05 20:26 . 2010-09-05 20:26 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\.gconfd
    2010-09-05 20:26 . 2010-09-05 20:26 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\.gconf
    2010-09-05 20:26 . 2010-09-05 20:26 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\.gnome2_private
    2010-09-05 20:26 . 2010-09-05 20:26 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\.gnome2
    2010-09-05 20:26 . 2010-09-05 20:26 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\.gnucash
    2010-09-05 20:24 . 2010-09-05 20:24 -------- d-----w- c:\program files\gnucash
    2010-09-05 19:50 . 2010-09-05 19:50 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Canon Easy-WebPrint EX
    2010-09-05 19:47 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2010-09-05 19:47 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
    2010-09-05 19:47 . 2010-09-05 19:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
    2010-09-05 19:47 . 2008-02-23 03:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP8F.DLL
    2010-09-05 19:47 . 2008-02-23 03:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD8F.DLL
    2010-09-05 19:47 . 2008-02-23 03:00 223744 ----a-w- c:\windows\system32\CNMLM8F.DLL
    2010-09-05 19:47 . 2010-09-05 19:47 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2010-09-05 19:46 . 2010-09-05 19:46 -------- d--h--w- c:\program files\CanonBJ
    2010-09-05 19:24 . 2010-03-26 02:08 4608 ------w- c:\windows\system32\drivers\TSMAPIP.SYS
    2010-09-05 19:24 . 2010-09-05 19:24 -------- d-----w- c:\program files\Lenovo
    2010-09-05 19:21 . 2010-09-05 19:21 -------- d-----w- c:\program files\CCleaner
    2010-09-05 19:07 . 2010-09-05 19:07 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\ParetoLogic
    2010-09-05 19:07 . 2010-09-05 19:07 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\DriverCure
    2010-09-05 19:07 . 2010-09-05 19:07 -------- d-----w- c:\program files\ParetoLogic
    2010-09-05 19:07 . 2010-09-05 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
    2010-09-05 19:01 . 2010-09-11 17:32 0 ----a-w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\prvlcl.dat
    2010-09-05 18:40 . 2010-09-05 18:40 -------- d-----w- c:\program files\Support.com
    2010-09-05 18:40 . 2010-09-05 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Support.com
    2010-09-05 18:39 . 2010-09-05 18:39 -------- d-----w- C:\temp
    2010-09-05 18:39 . 2010-09-05 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\IBM
    2010-09-03 12:40 . 2010-09-03 12:40 -------- d--h--w- c:\program files\MB
    2010-09-03 12:02 . 2010-09-03 12:02 -------- d-----w- c:\documents and settings\LogMeInRemoteUser\Local Settings\Application Data\LogMeIn
    2010-09-03 08:54 . 2010-09-03 08:54 -------- d-----w- c:\program files\USBDeview
    2010-09-03 08:47 . 2010-09-03 08:47 -------- d-----w- c:\program files\Foxit Software
    2010-09-02 23:18 . 2010-09-02 23:18 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\ZoomBrowser EX
    2010-09-02 23:12 . 2010-09-02 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
    2010-09-02 22:59 . 2010-09-02 22:59 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\WINDOWS
    2010-09-02 22:52 . 2004-03-02 14:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
    2010-09-02 22:52 . 2004-03-02 14:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
    2010-09-02 22:52 . 2004-07-26 14:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
    2010-09-02 22:52 . 2004-07-26 14:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
    2010-09-02 22:52 . 2004-07-26 14:16 262144 ------w- c:\windows\system32\ImagXR7.dll
    2010-09-02 22:52 . 2004-07-26 14:16 1568768 ------w- c:\windows\system32\ImagX7.dll
    2010-09-02 22:52 . 2000-06-26 08:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
    2010-09-02 22:52 . 2010-09-02 22:52 -------- d-----w- c:\program files\Common Files\Ahead
    2010-09-02 22:52 . 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    2010-09-02 22:52 . 2010-09-02 22:52 -------- d-----w- c:\program files\Ahead
    2010-09-02 22:44 . 2010-09-02 22:44 -------- d-----w- c:\program files\Canon
    2010-09-02 22:44 . 2010-09-02 22:44 -------- d-----w- c:\program files\Common Files\Canon
    2010-09-02 21:42 . 2010-09-02 21:42 -------- d-----w- c:\program files\Common Files\Acronis
    2010-09-02 21:42 . 2010-09-02 21:42 -------- d-----w- c:\program files\Acronis
    2010-09-02 21:36 . 2010-09-02 21:42 392320 ----a-w- c:\windows\system32\drivers\timntr.sys
    2010-09-02 21:36 . 2010-09-02 21:42 32768 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
    2010-09-02 21:36 . 2010-09-02 21:42 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
    2010-09-02 21:36 . 2010-09-02 21:36 37888 ----a-w- c:\windows\system32\setupnt.dll
    2010-09-02 20:52 . 2010-09-02 20:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-09-02 20:52 . 2010-09-02 20:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-09-02 20:52 . 2010-09-02 20:52 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-09-02 20:52 . 2010-09-02 20:52 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-09-02 20:52 . 2010-09-02 20:52 -------- d-----w- c:\windows\system32\drivers\Avg
    2010-09-02 20:48 . 2010-09-02 20:48 -------- d-----w- c:\program files\AVG
    2010-09-02 20:47 . 2010-09-02 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-09-02 20:24 . 2010-09-02 20:24 -------- d-----w- c:\windows\system32\XPSViewer
    2010-09-02 20:24 . 2010-09-02 20:24 -------- d-----w- c:\program files\MSBuild
    2010-09-02 20:23 . 2010-09-02 20:24 -------- d-----w- c:\program files\Reference Assemblies
    2010-09-02 20:23 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-08 07:34 . 2010-09-08 07:34 0 ---ha-w- c:\documents and settings\Matt and Wendy Mob\fjpavxqfur.tmp
    2010-09-02 23:00 . 2010-09-02 23:00 -------- d-----w- c:\program files\Common Files\FotoNation
    2010-09-02 23:00 . 2010-09-02 23:00 -------- d-----w- c:\program files\Common Files\Adobe
    2010-09-02 21:32 . 2010-09-01 22:59 42944 ----a-w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-09-01 23:26 . 2003-02-20 07:12 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
    2010-09-01 22:56 . 2010-09-01 22:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
    2010-09-01 22:55 . 2010-09-01 22:55 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    2010-06-30 12:31 . 1980-01-01 07:00 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44 . 1980-01-01 07:00 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 1979-12-31 22:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 1979-12-31 22:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2003-02-20 07:10 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\HelpSvc.exe
    2010-04-14 11:55 . 2010-04-14 11:55 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2010-05-12 14:42 . 2010-05-12 14:42 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
    2010-05-12 14:42 . 2010-05-12 14:42 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2010-05-12 14:42 . 2010-05-12 14:42 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2010-05-12 14:41 . 2010-05-12 14:41 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2010-05-12 14:42 . 2010-05-12 14:42 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2010-05-12 14:42 . 2010-05-12 14:42 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2010-05-12 15:22 . 2010-05-12 15:22 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2010-05-12 14:43 . 2010-05-12 14:43 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2010-05-12 14:43 . 2010-05-12 14:43 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "S3TRAY2"="S3Tray2.exe" [2001-10-11 69632]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 88363]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
    "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-02 2065760]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 1169776]
    "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 1945960]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2002-10-16 1622016]
    "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

    c:\documents and settings\Matt and Wendy Mob\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Online plug-in.lnk - c:\windows\Installer\{7681A1A9-D865-4DC0-A319-41A49F5E78DB}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2010-9-7 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-09-02 20:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2010-06-02 14:06 87424 ----a-w- c:\windows\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "c:\\Program Files\\Support.com\\Bin\\tgcmd.exe"=
    "c:\\Program Files\\gnucash\\bin\\gnucash-bin.exe"=
    "c:\\Program Files\\gnucash\\bin\\gconfd-2.exe"=
    "c:\\Documents and Settings\\Matt and Wendy Mob\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/2/2010 10:52 PM 216400]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/2/2010 10:52 PM 243024]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/16/2010 4:22 PM 65584]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [9/2/2010 10:50 PM 308136]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/27/2010 12:22 PM 12856]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyServer = 127.0.0.1:8080
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
    FF - prefs.js: network.proxy.gopher - 127.0.0.1
    FF - prefs.js: network.proxy.gopher_port - 8080
    FF - prefs.js: network.proxy.socks - 127.0.0.1
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
    FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{27E10B60-07BF-473C-99A3-86C6ADE76BD9} - (no file)
    BHO-{BD8BBA30-1768-FBAB-141D-B1D7F463702A} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
    Notify-344010f61003 - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-12 12:56
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(556)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\LMIinit.dll

    - - - - - - - > 'lsass.exe'(612)
    c:\windows\system32\relog_ap.dll
    .
    Completion time: 2010-09-12 12:58:22
    ComboFix-quarantined-files.txt 2010-09-12 10:58

    Pre-Run: 9,154,002,944 bytes free
    Post-Run: 9,107,505,152 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

    - - End Of File - - 5C58EDA01ABFBF08EC405B321B9CEB00


    Item Update on how computer is running.
    Firefox seems to be fine with no Re-directs
    IE 8 seems to be fine with no Re-directs

    On the whole I would say a good job.
    However I will let you have a read of the ComboFix log.

    Note AVG has been Turned back on.
    SpyBot TeeTimer is still disabled

    Matthew

  6. #6
    Senior Member
    Join Date
    Feb 2010
    Location
    Port Hedland, Western Australia
    Posts
    155

    Default

    Hi

    CFScript
    Close any open browsers.
    Open notepad and copy/paste the text in the code box below into it:

    Code:
    File::
    c:\documents and settings\Matt and Wendy Mob\fjpavxqfur.tmp
    DDS::
    BHO: 443340a3: {bd8bba30-1768-fbab-141d-b1d7f463702a} -
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    Save this as CFScript.txt, in the same location as ComboFix.exe



    Referring to the picture above, drag CFScript into ComboFix.exe
    If prompted by ComboFix to update, please do so
    When finished, it shall produce a log for you at "C:\ComboFix.txt"
    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
    A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper


    ESET Online Scanner
    Go here to run an online scannner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked
    • Click Scan
    • Wait for the scan to finish
    • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
    • Copy and paste that log as a reply to this topic
    To post in next reply:
    ComboFix log
    Eset Online Scan log

  7. #7
    Junior Member
    Join Date
    Sep 2010
    Posts
    5

    Default

    JMW3

    Item: CFScript / Combofix - Done

    ComboFix 10-09-12.01 - Matt and Wendy Mob 09/12/2010 23:27:34.2.1 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.287 [GMT 2:00]
    Running from: c:\documents and settings\Matt and Wendy Mob\Desktop\Anti-Virus 2nd try\ComboFix.exe
    Command switches used :: c:\documents and settings\Matt and Wendy Mob\Desktop\Anti-Virus 2nd try\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    FILE ::
    "c:\documents and settings\Matt and Wendy Mob\fjpavxqfur.tmp"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Matt and Wendy Mob\fjpavxqfur.tmp

    .
    ((((((((((((((((((((((((( Files Created from 2010-08-12 to 2010-09-12 )))))))))))))))))))))))))))))))
    .

    2010-09-11 21:43 . 2010-09-11 21:43 114272 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-09-11 21:16 . 2010-09-11 21:16 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\CANON INC
    2010-09-11 21:15 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2010-09-11 21:15 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
    2010-09-11 21:15 . 2001-08-17 20:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2010-09-11 21:15 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2010-09-11 06:34 . 2010-09-11 06:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2010-09-11 05:39 . 2010-09-11 05:39 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Malwarebytes
    2010-09-11 05:38 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-11 05:38 . 2010-09-11 05:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-09-11 05:38 . 2010-09-11 05:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-11 05:38 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-10 16:18 . 2010-09-10 16:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-09-10 16:18 . 2010-09-10 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-09-10 07:43 . 2010-09-10 07:43 -------- d-----w- c:\program files\ERUNT
    2010-09-10 07:32 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2010-09-09 20:14 . 2010-08-30 12:33 43008 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2010-09-09 20:14 . 2010-08-30 12:33 338944 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2010-09-09 20:14 . 2010-08-30 12:34 1496064 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2010-09-09 20:14 . 2010-08-30 12:33 346112 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2010-09-08 18:12 . 2010-01-25 09:58 462848 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
    2010-09-08 18:12 . 2010-01-15 12:25 864256 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianDll.dll
    2010-09-08 18:12 . 2010-01-15 12:25 315392 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianEvt.dll
    2010-09-08 18:12 . 2010-01-15 12:25 372736 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe
    2010-09-08 18:12 . 2010-06-01 09:44 3907584 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
    2010-09-08 18:12 . 2010-01-15 12:26 70984 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
    2010-09-08 11:47 . 2010-09-08 11:47 -------- d-----w- c:\windows\system32\Logfiles
    2010-09-08 11:47 . 2010-09-08 11:47 -------- d-----w- C:\Inetpub
    2010-09-08 07:33 . 2010-09-08 07:33 89831 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox\bin\Uninstall.exe
    2010-09-08 07:32 . 2010-09-08 07:32 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox
    2010-09-07 18:22 . 2010-09-07 18:23 -------- d-----w- C:\$AVG
    2010-09-07 18:17 . 2010-09-07 18:17 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Apple Computer
    2010-09-07 18:12 . 2010-09-07 18:12 -------- d-----w- c:\program files\QuickTime
    2010-09-07 18:12 . 2010-09-07 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2010-09-07 18:11 . 2010-09-07 18:12 -------- d-----w- c:\program files\Common Files\Apple
    2010-09-07 18:11 . 2010-09-07 18:11 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\Apple
    2010-09-07 18:11 . 2010-09-07 18:11 -------- d-----w- c:\program files\Apple Software Update
    2010-09-07 18:11 . 2010-09-07 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2010-09-07 18:11 . 2010-09-07 18:11 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\Apple Computer
    2010-09-07 17:15 . 2010-09-07 17:15 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Gygan
    2010-09-07 17:15 . 2010-09-07 17:15 -------- d-----w- c:\program files\Xenocode
    2010-09-07 17:15 . 2010-09-07 17:15 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\Xenocode
    2010-09-07 17:14 . 2010-09-07 17:15 -------- d-----w- c:\program files\Gygan BETA
    2010-09-07 15:32 . 2010-05-12 14:55 1050040 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpress.exe
    2010-09-07 15:32 . 2010-05-12 14:38 71096 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_ko.dll
    2010-09-07 15:32 . 2010-05-12 14:38 75192 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_fr.dll
    2010-09-07 15:32 . 2010-05-12 14:38 71096 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_zh-TW.dll
    2010-09-07 15:32 . 2010-05-12 14:38 71096 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_ja.dll
    2010-09-07 15:32 . 2010-05-12 14:38 75192 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_ru.dll
    2010-09-07 15:32 . 2010-05-12 14:38 75192 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_es.dll
    2010-09-07 15:32 . 2010-05-12 14:38 75192 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_en.dll
    2010-09-07 15:32 . 2010-05-12 14:38 71096 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_zh-CN.dll
    2010-09-07 15:32 . 2010-05-12 14:38 75192 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_de.dll
    2010-09-07 15:32 . 2010-09-07 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
    2010-09-07 15:31 . 2010-09-07 15:31 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\Citrix
    2010-09-07 15:31 . 2010-09-07 15:31 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\ICAClient
    2010-09-07 15:31 . 2010-09-07 15:31 -------- d-----w- c:\program files\Citrix
    2010-09-06 17:32 . 2010-09-06 17:32 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\Help
    2010-09-06 17:32 . 2010-09-06 17:32 -------- d-----w- C:\PMAIL
    2010-09-06 16:34 . 2010-09-06 16:34 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Foxit Software
    2010-09-05 20:43 . 2010-09-05 20:43 -------- d-----w- C:\wamp
    2010-09-05 20:33 . 2010-09-05 20:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\PhotoParade
    2010-09-05 20:26 . 2010-09-05 20:26 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\.gconfd
    2010-09-05 20:26 . 2010-09-05 20:26 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\.gconf
    2010-09-05 20:26 . 2010-09-05 20:26 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\.gnome2_private
    2010-09-05 20:26 . 2010-09-05 20:26 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\.gnome2
    2010-09-05 20:26 . 2010-09-05 20:26 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\.gnucash
    2010-09-05 20:24 . 2010-09-05 20:24 -------- d-----w- c:\program files\gnucash
    2010-09-05 19:50 . 2010-09-05 19:50 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Canon Easy-WebPrint EX
    2010-09-05 19:47 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2010-09-05 19:47 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
    2010-09-05 19:47 . 2010-09-05 19:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
    2010-09-05 19:47 . 2008-02-23 03:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP8F.DLL
    2010-09-05 19:47 . 2008-02-23 03:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD8F.DLL
    2010-09-05 19:47 . 2008-02-23 03:00 223744 ----a-w- c:\windows\system32\CNMLM8F.DLL
    2010-09-05 19:47 . 2010-09-05 19:47 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2010-09-05 19:46 . 2010-09-05 19:46 -------- d--h--w- c:\program files\CanonBJ
    2010-09-05 19:24 . 2010-03-26 02:08 4608 ------w- c:\windows\system32\drivers\TSMAPIP.SYS
    2010-09-05 19:24 . 2010-09-05 19:24 -------- d-----w- c:\program files\Lenovo
    2010-09-05 19:21 . 2010-09-05 19:21 -------- d-----w- c:\program files\CCleaner
    2010-09-05 19:07 . 2010-09-05 19:07 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\ParetoLogic
    2010-09-05 19:07 . 2010-09-05 19:07 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\DriverCure
    2010-09-05 19:07 . 2010-09-05 19:07 -------- d-----w- c:\program files\ParetoLogic
    2010-09-05 19:07 . 2010-09-05 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
    2010-09-05 19:01 . 2010-09-12 21:17 0 ----a-w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\prvlcl.dat
    2010-09-05 18:40 . 2010-09-05 18:40 -------- d-----w- c:\program files\Support.com
    2010-09-05 18:40 . 2010-09-05 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Support.com
    2010-09-05 18:39 . 2010-09-05 18:39 -------- d-----w- C:\temp
    2010-09-05 18:39 . 2010-09-05 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\IBM
    2010-09-03 12:40 . 2010-09-03 12:40 -------- d--h--w- c:\program files\MB
    2010-09-03 12:02 . 2010-09-03 12:02 -------- d-----w- c:\documents and settings\LogMeInRemoteUser\Local Settings\Application Data\LogMeIn
    2010-09-03 08:54 . 2010-09-03 08:54 -------- d-----w- c:\program files\USBDeview
    2010-09-03 08:47 . 2010-09-03 08:47 -------- d-----w- c:\program files\Foxit Software
    2010-09-02 23:18 . 2010-09-02 23:18 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\ZoomBrowser EX
    2010-09-02 23:12 . 2010-09-02 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
    2010-09-02 22:59 . 2010-09-02 22:59 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\WINDOWS
    2010-09-02 22:52 . 2004-03-02 14:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
    2010-09-02 22:52 . 2004-03-02 14:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
    2010-09-02 22:52 . 2004-07-26 14:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
    2010-09-02 22:52 . 2004-07-26 14:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
    2010-09-02 22:52 . 2004-07-26 14:16 262144 ------w- c:\windows\system32\ImagXR7.dll
    2010-09-02 22:52 . 2004-07-26 14:16 1568768 ------w- c:\windows\system32\ImagX7.dll
    2010-09-02 22:52 . 2000-06-26 08:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
    2010-09-02 22:52 . 2010-09-02 22:52 -------- d-----w- c:\program files\Common Files\Ahead
    2010-09-02 22:52 . 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    2010-09-02 22:52 . 2010-09-02 22:52 -------- d-----w- c:\program files\Ahead
    2010-09-02 22:44 . 2010-09-02 22:44 -------- d-----w- c:\program files\Canon
    2010-09-02 22:44 . 2010-09-02 22:44 -------- d-----w- c:\program files\Common Files\Canon
    2010-09-02 21:42 . 2010-09-02 21:42 -------- d-----w- c:\program files\Common Files\Acronis
    2010-09-02 21:42 . 2010-09-02 21:42 -------- d-----w- c:\program files\Acronis
    2010-09-02 21:36 . 2010-09-02 21:42 392320 ----a-w- c:\windows\system32\drivers\timntr.sys
    2010-09-02 21:36 . 2010-09-02 21:42 32768 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
    2010-09-02 21:36 . 2010-09-02 21:42 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
    2010-09-02 21:36 . 2010-09-02 21:36 37888 ----a-w- c:\windows\system32\setupnt.dll
    2010-09-02 20:52 . 2010-09-02 20:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-09-02 20:52 . 2010-09-02 20:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-09-02 20:52 . 2010-09-02 20:52 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-09-02 20:52 . 2010-09-02 20:52 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-09-02 20:52 . 2010-09-02 20:52 -------- d-----w- c:\windows\system32\drivers\Avg
    2010-09-02 20:48 . 2010-09-02 20:48 -------- d-----w- c:\program files\AVG
    2010-09-02 20:47 . 2010-09-02 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-09-02 20:24 . 2010-09-02 20:24 -------- d-----w- c:\windows\system32\XPSViewer
    2010-09-02 20:24 . 2010-09-02 20:24 -------- d-----w- c:\program files\MSBuild
    2010-09-02 20:23 . 2010-09-02 20:24 -------- d-----w- c:\program files\Reference Assemblies
    2010-09-02 20:23 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-02 23:00 . 2010-09-02 23:00 -------- d-----w- c:\program files\Common Files\FotoNation
    2010-09-02 23:00 . 2010-09-02 23:00 -------- d-----w- c:\program files\Common Files\Adobe
    2010-09-02 21:32 . 2010-09-01 22:59 42944 ----a-w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-09-01 23:26 . 2003-02-20 07:12 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
    2010-09-01 22:56 . 2010-09-01 22:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
    2010-09-01 22:55 . 2010-09-01 22:55 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    2010-06-30 12:31 . 1980-01-01 07:00 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44 . 1980-01-01 07:00 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 1979-12-31 22:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 1979-12-31 22:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-04-14 11:55 . 2010-04-14 11:55 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2010-05-12 14:42 . 2010-05-12 14:42 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
    2010-05-12 14:42 . 2010-05-12 14:42 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2010-05-12 14:42 . 2010-05-12 14:42 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2010-05-12 14:41 . 2010-05-12 14:41 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2010-05-12 14:42 . 2010-05-12 14:42 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2010-05-12 14:42 . 2010-05-12 14:42 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2010-05-12 15:22 . 2010-05-12 15:22 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2010-05-12 14:43 . 2010-05-12 14:43 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2010-05-12 14:43 . 2010-05-12 14:43 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "S3TRAY2"="S3Tray2.exe" [2001-10-11 69632]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 88363]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
    "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-02 2065760]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 1169776]
    "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 1945960]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2002-10-16 1622016]
    "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

    c:\documents and settings\Matt and Wendy Mob\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Online plug-in.lnk - c:\windows\Installer\{7681A1A9-D865-4DC0-A319-41A49F5E78DB}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2010-9-7 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-09-02 20:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2010-06-02 14:06 87424 ----a-w- c:\windows\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "c:\\Program Files\\Support.com\\Bin\\tgcmd.exe"=
    "c:\\Program Files\\gnucash\\bin\\gnucash-bin.exe"=
    "c:\\Program Files\\gnucash\\bin\\gconfd-2.exe"=
    "c:\\Documents and Settings\\Matt and Wendy Mob\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/2/2010 10:52 PM 216400]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/2/2010 10:52 PM 243024]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/16/2010 4:22 PM 65584]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [9/2/2010 10:50 PM 308136]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/27/2010 12:22 PM 12856]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyServer = 127.0.0.1:8080
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
    FF - prefs.js: network.proxy.gopher - 127.0.0.1
    FF - prefs.js: network.proxy.gopher_port - 8080
    FF - prefs.js: network.proxy.socks - 127.0.0.1
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
    FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-12 23:33
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(584)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\LMIinit.dll

    - - - - - - - > 'lsass.exe'(640)
    c:\windows\system32\relog_ap.dll
    .
    Completion time: 2010-09-12 23:36:15
    ComboFix-quarantined-files.txt 2010-09-12 21:36
    ComboFix2.txt 2010-09-12 10:58

    Pre-Run: 8,971,943,936 bytes free
    Post-Run: 8,966,701,056 bytes free

    - - End Of File - - 8E1C5C763D4B6AFEF523C946FF9AFE62


    Item : EsET Online Scanner run via IE

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=f086c2627d214d4889eb329f8bc5f5ae
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2010-09-12 10:53:18
    # local_time=2010-09-13 12:53:18 (+0100, W. Europe Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=1024 16777191 100 0 867221 867221 0 0
    # compatibility_mode=8192 67108863 100 0 225 225 0 0
    # scanned=69969
    # found=2
    # cleaned=0
    # scan_time=4273
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinProlacop.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
    C:\Documents and Settings\Matt and Wendy Mob\Desktop\GooredFix Backups\C\Documents and Settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{472cf6fd-5ef7-476c-b9cd-0ea0d0d31f18}\chrome\xulcache.jar JS/Agent.NCP trojan 00000000000000000000000000000000 I


    Matthew

  8. #8
    Senior Member
    Join Date
    Feb 2010
    Location
    Port Hedland, Western Australia
    Posts
    155

    Default

    Hi

    Looks good.

    Clean Up
    Now we need to clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.
    Remove ComboFix
    The following will implement some cleanup procedures as well as reset System Restore points:
    Click Start > Run then copy/paste the following bolded text into the Run box and click OK:
    ComboFix /Uninstall
    OTC
    Download OTC by Old Timer here & save it to your desktop.
    Double click on OTC.exe. Click on CleanUp!.
    You will receive a prompt that it needs to restart the computer to remove the files. Click Yes.
    It will restart your computer automatically. If it doesn't, please restart your computer manually.
    You can delete the following from your desktop:
    TFC.exe
    RKUnhookerLE.exe
    GooredFix.exe
    GooredFix Backups folder
    The Gmer.exe file (it will be randomly named .exe file)
    Any logs that may have been saved to your desktop


    You can re-enable Spybot's TeaTimer now if you like.

    All Clean
    Now that your system is safe we would like you to keep it that way.
    Take the time to follow these recommendations & it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

    Create a Clean System Restore Point
    Create a new, clean System Restore point which you can use in case of future system problems:
    Press Start->All Programs->Accessories->System Tools->System Restore
    Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
    Now remove old, infected System Restore points:
    Next click Start->Run and type cleanmgr in the box and click OK
    Ensure the boxes for Temporary Files & Temporary Internet Files are checked. You can choose to check other boxes if you wish but they are not required.
    Select the More Options tab, under System Restore click Clean up... and click Yes to the prompt
    Click OK and Yes to confirm.

    Microsoft Windows Update
    Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
    To update Windows
    Go to Start > All Programs > Windows Update
    To update Office
    Open up any Office program.
    Go to Help > Check for Updates

    Malwarebytes' Anti-Malware
    Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
    You can find a tutorial here. Keep it updated & run it regularly.

    SpywareBlaster
    Download and install Javacools SpywareBlaster from here
    SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

    Download and Install a HOSTS File
    A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.
    Install MVPS Hosts File From Here
    The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    You can Find the Tutorial HERE

    Install WinPatrol
    Download it here
    You can find information about how WinPatrol works here

    Read some information here on how to prevent Malware.

    Hopefully these steps will help keep your computer clean.

  9. #9
    Junior Member
    Join Date
    Sep 2010
    Posts
    5

    Default

    JMW3

    Clean completed and will read your advise about tools / malware

    Thank you very much for all your help.
    With a bit of luck and better planning (on my part) you will not find me back hear again.

    Matthew

  10. #10
    Senior Member
    Join Date
    Feb 2010
    Location
    Port Hedland, Western Australia
    Posts
    155

    Default

    No problem at all.... Glad I could help

    Good Luck & Surf Safe

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •