PDA

View Full Version : Firefox Web redirects



emjga
2010-09-10, 22:45
Folks

When I use Firefox so search Google I find the result get re-directed to porn sites or other such sites

e.g Google search British Airways , click on British Airways and Redirects else where.

System info
Windows XP Pro , fully patched up to yesterday.
Anti Virus - Free AVG
SpyBot installed to day and it did find some issues but sill seem to have the redirects

Attached is a copy of dds attach (ziped)

DDS Log as below.

Hope some kind sole can help.

Matt


DDS (Ver_10-03-17.01) - FAT32x86
Run by Matt and Wendy Mob at 21:30:53.85 on Fri 09/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.57 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
SVCHOST.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
SVCHOST.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files\Citrix\ICA Client\PNAMAIN.EXE
C:\Documents and Settings\Matt and Wendy Mob\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Matt and Wendy Mob\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = <local>
BHO: {27e10b60-07bf-473c-99a3-86c6ade76bd9} -
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: 443340a3: {bd8bba30-1768-fbab-141d-b1d7f463702a} -
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [S3TRAY2] S3Tray2.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [tgcmd] "c:\program files\support.com\bin\tgcmd.exe" /server
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mExplorerRun: [RTHDBPL] c:\documents and settings\matt and wendy mob\application data\systemproc\lsass.exe
StartupFolder: c:\docume~1\mattan~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\matt and wendy mob\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\online~1.lnk - c:\windows\installer\{7681a1a9-d865-4dc0-a319-41a49f5e78db}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283378027670
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: 344010f61003 - c:\windows\system32\camocx32.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: c:\windows\system32\camocx32.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mattan~1\applic~1\mozilla\firefox\profiles\neq3omyd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\matt and wendy mob\application data\mozilla\firefox\profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\matt and wendy mob\application data\mozilla\firefox\profiles\neq3omyd.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-2 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-2 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-2 243024]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-16 65584]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-2 308136]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-9-2 47640]
S3 cpuz132;cpuz132;\??\c:\docume~1\mattan~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\mattan~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================


==================== Find3M ====================

2010-09-01 22:56:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-09-01 22:55:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-27 06:30:36 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-06-30 12:31:36 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:36 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-24 15:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:04 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:04 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:02 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:02 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:00 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:22:00 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:22:00 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 12:21:56 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:10 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:46 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:46 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

============= FINISH: 21:32:06.17 ===============

jmw3
2010-09-11, 14:49
Hello & Welcome to Safer-Networking

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

In the meantime please note the following:
Any recommendations made are for your computer problems only and should NOT be used on any other computer.
Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
If you get stuck or are unsure of something please ask for a further explanation, do not guess.
It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.Please note that the forum is very busy and if I don't hear from you within four days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

Disable Spybot's TeaTimer 1.5 & 1.6
If you have version 1.5, right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol)
Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless
Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy
Click on Mode > Advanced Mode. When it prompts you, click Yes
On the left hand side, click on Tools
Check this box if it is not yet ticked: Resident
You will notice that Resident is now added under Tools. Click on Resident
Uncheck this box: Resident "TeaTimer" (Protection of over-all system settings) active
Exit Spybot Search & Destroy
Restart your computer for the changes to take effectLeave TeaTimer disabled until we're done here.

Create a System Restore Point
You have no System Restore Points. We need to create a new System Restore point which we can use in case of system problems while we're working:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like Pre-Clean then press the Create button. Once it's done press Close

GooredFix
Download GooredFix from one of the locations below & save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/GooredFix.exe)
Download Mirror #2 (http://downloads.securitycadets.com/GooredFix.exe)
Ensure all Firefox windows are closed
To run the tool, double-click it (XP), or right-click & select Run As Administrator (Vista)
When prompted to run the scan, click Yes
GooredFix will check for infections, then a log will appear. Post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt)Rootkit Unhooker
Download Rootkit Unhooker from Here (http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE) & save it on your desktop. Disable your security programs
Double click RKUnhookerLE.exe to run it
Click the Report tab, then click Scan
Check Drivers and Stealth Code, uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked then click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it such as your desktop then click Close
Copy/paste the entire contents of the report & post it in your next replyNote - You may get the following warning - it is ok - just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Gmer
Download GMER Rootkit Scanner from here (http://www.gmer.net/download.php) & save it to your desktop.
Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

http://i28.photobucket.com/albums/c227/tetonbob/gmer_th.gif (http://i28.photobucket.com/albums/c227/tetonbob/gmer_screen2-1.gif)
Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Uncheck the following ... IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in reply**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Do not run any programs while Gmer is running.

NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.
Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
Double click the gmer.exe file
The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your reply

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log

emjga
2010-09-11, 17:11
JMW Thankyou for offering to help.

Item: Disable Spybot TeaTimer and reboot - Done

Item Create System Restore - Done

Item Goored Fix - Done
GooredFix by jpshortstuff (03.07.10.1)
Log created at 15:35 on 11/09/2010 (Matt and Wendy Mob)
Firefox version 3.6.9 (en-US)

========== GooredScan ==========

Deleting "C:\Documents and Settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{472cf6fd-5ef7-476c-b9cd-0ea0d0d31f18}" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:30 02/09/2010]
{AB2CE124-6272-4b12-94A9-7303C7397BD1} [10:32 02/09/2010]

C:\Documents and Settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\
identity-cloaker@identitycloaker.com [11:43 02/09/2010]
{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [08:06 03/09/2010]
LogMeInClient@logmein.com [18:12 08/09/2010]
{3112ca9c-de6d-4884-a869-9855de68056c} [20:14 09/09/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [20:25 02/09/2010]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG9\Firefox" [20:50 02/09/2010]

-=E.O.F=-

Item Rootkit Unhooker - Done

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF0B1000 C:\WINDOWS\System32\ati3duag.dll 2297856 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7F8A000 C:\WINDOWS\System32\DRIVERS\AGRSM.sys 1200128 bytes (Agere Systems, SoftModem Device Driver)
0xF82E5000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1073152 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF2E2000 C:\WINDOWS\System32\ativvaxx.dll 610304 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xF80EB000 C:\WINDOWS\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF81D8000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xBA4CF000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF8569000 timntr.sys 393216 bytes (Acronis, Acronis True Image Backup Archive Explorer)
0xF7E1D000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xBA63C000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB7864000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB7000000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 241664 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xF8249000 C:\WINDOWS\System32\DRIVERS\SynTP.sys 241664 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0xBA602000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xBA487000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xBF04D000 C:\WINDOWS\System32\ati2cqag.dll 204800 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF07F000 C:\WINDOWS\System32\atikvmag.dll 204800 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xF7EA3000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF8726000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB7B8B000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF85C9000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF8663000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xBA567000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF8284000 C:\WINDOWS\System32\DRIVERS\e1000325.sys 167936 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 5.1 deserialized driver)
0xBA5B4000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xBA5DC000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF860D000 Fastfat.sys 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF80C7000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF82AD000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF8179000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xBA592000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF8643000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF86D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF86F7000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xBA469000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
0xF854E000 snapman.sys 110592 bytes (Acronis, Acronis Snapshot API)
0xF8534000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF868F000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xF80AF000 C:\WINDOWS\system32\drivers\aeaudio.sys 98304 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
0xF86A8000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xBA429000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF86C0000 C:\WINDOWS\System32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF85F6000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7F73000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB8193000 C:\WINDOWS\System32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xB7CF6000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xBA4BB000 C:\WINDOWS\system32\DRIVERS\ctxusbm.sys 81920 bytes (Citrix Systems, Inc., Citrix USB Filter Driver)
0xF81C4000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF82D1000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EE000 ACPI_HAL 81152 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xBA735000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF8631000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF8715000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF843B000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF8915000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF88F5000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF8935000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8925000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xBA715000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF847B000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xF89C5000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF87D5000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xF87A5000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xF88E5000 C:\WINDOWS\System32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xF8835000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF88D5000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF8945000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8795000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8815000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF8805000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF8965000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8865000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF8895000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xF8875000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xF8885000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xF848B000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF8905000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8785000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8955000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8845000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF8775000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB7933000 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0xF8995000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF87F5000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF87C5000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xF8855000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF8975000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8825000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF845B000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF88C5000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF846B000 C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys 36864 bytes (Windows (R) Codename Longhorn DDK provider, KMWDFilter Driver from UASSOFT.COM)
0xF84CB000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF84AB000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB7159000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF87B5000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF87E5000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xF84BB000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8AE5000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF8B3D000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF8A25000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xF8A35000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xF8B75000 C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 32768 bytes (Acronis, Acronis True Image File System Filter)
0xF8B5D000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF8ABD000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF8A0D000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xF8AD5000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF8B25000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF8A5D000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xF8ADD000 C:\WINDOWS\System32\DRIVERS\nscirda.sys 28672 bytes (National Semiconductor Corporation, NSC Fast Infrared Driver.)
0xF89F5000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF8A55000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xF8A2D000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xF8B65000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF8B55000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF8A3D000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xF8A45000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xF8B4D000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF8AC5000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF8ACD000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF8AB5000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF8B2D000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF8A4D000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xF8A1D000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xF8A15000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xF8B35000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF89FD000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8AFD000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8AED000 C:\WINDOWS\System32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xF8B05000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF8A05000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xF8AF5000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF8B45000 C:\WINDOWS\System32\drivers\TSMAPIP.SYS 20480 bytes
0xF8B6D000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8B99000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xF8BA9000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xF8B8D000 C:\WINDOWS\System32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF8BB1000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xF8C71000 C:\WINDOWS\System32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF8B95000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xF8BA1000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xF8510000 C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys 16384 bytes (Lenovo., ThinkPad Power Management Driver)
0xF8BAD000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xF7E8F000 C:\WINDOWS\System32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF8433000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB82CD000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8C65000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF8B9D000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xF8B91000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF8BA5000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xF8B85000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8B89000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xBA7E8000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF81A4000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF83FB000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF8C69000 C:\WINDOWS\System32\DRIVERS\irenum.sys 12288 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)
0xF7E93000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF84F8000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF83F3000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8C79000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF8C8F000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8C83000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xF8C81000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xF8C95000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8C8D000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8C7B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8C75000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8C91000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8D09000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8C85000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xF8D27000 C:\Program Files\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)
0xF8C93000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8C89000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8C7D000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xF8C87000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8C7F000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF8C77000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8D6F000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8E10000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8D6E000 C:\WINDOWS\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
0xF8DCF000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8D3E000 C:\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF8D3D000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================


Item GMER - Done
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-11 15:47:59
Windows 5.1.2600 Service Pack 3
Running: 4y4tcf5p.exe; Driver: C:\DOCUME~1\MATTAN~1\LOCALS~1\Temp\kxtoiaod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


You all so asked at the last Email , at the bootom for Copies of DDS.log
Which has been re-run


DDS (Ver_10-03-17.01) - FAT32x86
Run by Matt and Wendy Mob at 15:49:07.02 on Sat 09/11/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.146 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
SVCHOST.EXE
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
SVCHOST.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
SVCHOST.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Documents and Settings\Matt and Wendy Mob\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Citrix\ICA Client\PNAMAIN.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Matt and Wendy Mob\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = <local>
BHO: {27e10b60-07bf-473c-99a3-86c6ade76bd9} -
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: 443340a3: {bd8bba30-1768-fbab-141d-b1d7f463702a} -
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [S3TRAY2] S3Tray2.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [tgcmd] "c:\program files\support.com\bin\tgcmd.exe" /server
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\docume~1\mattan~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\matt and wendy mob\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\online~1.lnk - c:\windows\installer\{7681a1a9-d865-4dc0-a319-41a49f5e78db}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283378027670
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mattan~1\applic~1\mozilla\firefox\profiles\neq3omyd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\matt and wendy mob\application data\mozilla\firefox\profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\matt and wendy mob\application data\mozilla\firefox\profiles\neq3omyd.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-2 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-2 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-2 243024]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-16 65584]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-2 308136]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-9-2 47640]
S3 cpuz132;cpuz132;\??\c:\docume~1\mattan~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\mattan~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-09-11 05:39:17 0 d-----w- c:\docume~1\mattan~1\applic~1\Malwarebytes
2010-09-11 05:38:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-11 05:38:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-11 05:38:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-11 05:38:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-10 16:18:10 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-09-10 16:18:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-09-10 16:14:59 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat
2010-09-10 07:32:56 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-09-08 16:07:43 38 ----a-w- c:\windows\system32\64c017f1
2010-09-08 11:47:20 0 d-----w- c:\windows\system32\Logfiles
2010-09-08 11:47:20 0 d-----w- C:\Inetpub
2010-09-08 07:34:55 0 ---ha-w- c:\documents and settings\matt and wendy mob\fjpavxqfur.tmp
2010-09-08 07:32:32 0 d-----w- c:\docume~1\mattan~1\applic~1\Dropbox
2010-09-07 18:22:59 0 d--h--w- C:\$AVG
2010-09-07 18:22:28 1185 ----a-w- c:\windows\system32\1144679306
2010-09-07 18:19:07 203776 --sh--w- c:\windows\system32\unrar.exe
2010-09-07 18:19:07 0 d-----w- c:\windows\system32\108165009
2010-09-07 17:15:40 0 d-----w- c:\docume~1\mattan~1\applic~1\Gygan
2010-09-07 17:15:30 0 d-----w- c:\program files\Xenocode
2010-09-07 17:14:58 0 d-----w- c:\program files\Gygan BETA
2010-09-07 15:32:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Citrix
2010-09-07 15:31:44 0 d-----w- c:\docume~1\mattan~1\applic~1\ICAClient
2010-09-07 15:31:33 0 d-----w- c:\program files\Citrix
2010-09-06 17:32:25 0 d-----w- C:\PMAIL
2010-09-06 16:57:14 754 ----a-w- c:\windows\WORDPAD.INI
2010-09-06 16:34:51 0 d-----w- c:\docume~1\mattan~1\applic~1\Foxit Software
2010-09-05 20:43:41 0 d-----w- C:\wamp
2010-09-05 20:26:37 0 d-----w- c:\documents and settings\matt and wendy mob\.gconfd
2010-09-05 20:26:37 0 d-----w- c:\documents and settings\matt and wendy mob\.gconf
2010-09-05 20:26:36 0 d-----w- c:\documents and settings\matt and wendy mob\.gnome2_private
2010-09-05 20:26:36 0 d-----w- c:\documents and settings\matt and wendy mob\.gnome2
2010-09-05 20:26:29 0 d-----w- c:\documents and settings\matt and wendy mob\.gnucash
2010-09-05 20:24:30 0 d-----w- c:\program files\gnucash
2010-09-05 19:50:08 0 d-----w- c:\docume~1\mattan~1\applic~1\Canon Easy-WebPrint EX
2010-09-05 19:47:53 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-09-05 19:47:53 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2010-09-05 19:47:16 223744 ----a-w- c:\windows\system32\CNMLM8F.DLL
2010-09-05 19:24:27 4608 ------w- c:\windows\system32\drivers\TSMAPIP.SYS
2010-09-05 19:24:00 0 d-----w- c:\program files\Lenovo
2010-09-05 19:21:28 0 d-----w- c:\program files\CCleaner
2010-09-05 19:07:31 0 d-----w- c:\docume~1\mattan~1\applic~1\ParetoLogic
2010-09-05 19:07:31 0 d-----w- c:\docume~1\mattan~1\applic~1\DriverCure
2010-09-05 19:07:19 0 d-----w- c:\program files\ParetoLogic
2010-09-05 19:07:19 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2010-09-05 18:40:07 0 d-----w- c:\program files\Support.com
2010-09-05 18:39:53 0 d-----w- C:\temp
2010-09-05 18:39:42 0 d-----w- c:\docume~1\alluse~1\applic~1\IBM
2010-09-03 12:40:26 0 d--h--w- c:\program files\MB
2010-09-03 08:54:29 0 d-----w- c:\program files\USBDeview
2010-09-03 08:47:24 0 d-----w- c:\program files\Foxit Software
2010-09-02 23:22:56 69 ----a-w- c:\windows\NeroDigital.ini
2010-09-02 23:20:44 121787 ----a-w- c:\windows\system32\AdobeFnt.lst
2010-09-02 23:18:44 0 d-----w- c:\docume~1\mattan~1\applic~1\ZoomBrowser EX
2010-09-02 23:12:34 0 d-----w- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2010-09-02 23:01:04 196 ----a-w- c:\windows\_delis32.ini
2010-09-02 23:00:07 0 d-----w- c:\program files\common files\FotoNation
2010-09-02 22:59:14 0 d-----w- c:\documents and settings\matt and wendy mob\WINDOWS
2010-09-02 22:52:36 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2010-09-02 22:52:36 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2010-09-02 22:52:17 476320 ------w- c:\windows\system32\ImagXpr7.dll
2010-09-02 22:52:17 471040 ------w- c:\windows\system32\ImagXRA7.dll
2010-09-02 22:52:17 262144 ------w- c:\windows\system32\ImagXR7.dll
2010-09-02 22:52:17 1568768 ------w- c:\windows\system32\ImagX7.dll
2010-09-02 22:52:17 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-09-02 22:52:16 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-09-02 22:44:51 0 d-----w- c:\program files\Canon
2010-09-02 22:44:43 0 d-----w- c:\program files\common files\Canon
2010-09-02 21:36:21 392320 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-09-02 21:36:21 37888 ----a-w- c:\windows\system32\setupnt.dll
2010-09-02 21:36:21 32768 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-09-02 21:36:21 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-09-02 20:52:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-02 20:52:33 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-02 20:52:24 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-02 20:52:14 0 d-----w- c:\windows\system32\drivers\Avg
2010-09-02 20:48:22 0 d-----w- c:\program files\AVG
2010-09-02 20:47:59 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-09-02 20:24:10 0 d-----w- c:\windows\system32\XPSViewer
2010-09-02 20:23:27 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-09-02 20:23:27 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-09-02 20:23:27 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-09-02 20:23:27 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-09-02 20:23:27 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-09-02 20:23:27 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-09-02 20:23:27 117760 ------w- c:\windows\system32\prntvpt.dll
2010-09-02 20:23:26 0 d-----w- C:\ee36f06e900b8a1207225a94f13f3a
2010-09-02 20:20:49 0 d-----w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-02 18:20:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Driver Boost
2010-09-02 11:32:04 0 d-----w- c:\program files\2Remember
2010-09-02 11:26:24 0 d-----w- c:\docume~1\mattan~1\applic~1\TeamViewer
2010-09-02 11:26:13 0 d-----w- c:\program files\TeamViewer
2010-09-02 11:11:15 0 d-----w- c:\program files\VideoLAN
2010-09-02 10:48:40 0 d-----w- C:\Identity Cloaker
2010-09-02 10:36:49 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-09-02 10:32:37 0 d-----r- c:\program files\Skype
2010-09-02 10:27:04 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-09-02 09:23:57 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cb4a8091edd550.mof
2010-09-02 09:13:32 16384 ----a-w- c:\windows\system32\ipsink.ax
2010-09-02 09:13:32 16384 ----a-w- c:\windows\system32\dllcache\ipsink.ax
2010-09-02 09:13:32 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-09-02 09:13:32 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys
2010-09-02 09:10:25 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-09-02 09:10:25 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2010-09-02 09:09:55 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-09-02 09:09:55 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-09-02 09:07:48 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-09-02 09:07:48 17024 ----a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-09-02 09:07:15 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-09-02 09:07:15 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2010-09-02 09:06:48 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-09-02 09:06:48 85248 ----a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-09-02 09:06:24 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-09-02 09:06:24 11136 ----a-w- c:\windows\system32\dllcache\slip.sys
2010-09-02 09:05:41 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-09-02 09:05:41 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-09-02 09:04:59 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2010-09-02 09:04:59 91136 ----a-w- c:\windows\system32\dllcache\kswdmcap.ax
2010-09-02 09:04:59 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-09-02 09:04:59 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-09-02 09:04:59 43008 ----a-w- c:\windows\system32\ksxbar.ax
2010-09-02 09:04:59 43008 ----a-w- c:\windows\system32\dllcache\ksxbar.ax
2010-09-02 09:04:58 61952 ----a-w- c:\windows\system32\kstvtune.ax
2010-09-02 09:04:58 61952 ----a-w- c:\windows\system32\dllcache\kstvtune.ax
2010-09-02 09:04:58 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-09-02 09:04:58 20992 ----a-w- c:\windows\system32\dllcache\dshowext.ax
2010-09-02 08:14:48 376 ----a-w- c:\windows\ODBC.INI
2010-09-02 08:14:43 28040 ----a-w- c:\windows\system32\mdimon.dll
2010-09-02 08:12:54 0 d-----w- c:\program files\Microsoft ActiveSync
2010-09-02 08:12:08 0 d-----w- c:\windows\SHELLNEW
2010-09-02 06:34:24 0 d-----w- c:\docume~1\alluse~1\applic~1\LogMeIn
2010-09-02 06:34:16 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-09-02 06:34:15 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-09-02 06:34:15 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2010-09-02 06:34:04 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-09-02 06:33:59 1024 ----a-w- C:\.rnd
2010-09-02 06:33:43 0 d-----w- c:\program files\LogMeIn
2010-09-02 02:37:55 0 d--h--w- c:\windows\system32\GroupPolicy
2010-09-02 02:33:23 0 d-sh--w- C:\Recycled
2010-09-02 02:20:36 272 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-09-02 02:18:22 0 d-----w- c:\windows\system32\appmgmt
2010-09-02 01:53:35 0 d--h--w- C:\VritualRoot
2010-09-01 23:23:08 0 d-----w- c:\windows\system32\scripting
2010-09-01 23:23:06 0 d-----w- c:\windows\system32\en
2010-09-01 23:23:06 0 d-----w- c:\windows\system32\bits
2010-09-01 23:23:06 0 d-----w- c:\windows\l2schemas
2010-09-01 23:18:39 0 d-----w- c:\windows\network diagnostic
2010-09-01 23:09:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader
2010-09-01 23:02:19 0 d-sh--w- c:\documents and settings\matt and wendy mob\IECompatCache
2010-09-01 23:00:48 0 d-sh--w- c:\documents and settings\matt and wendy mob\PrivacIE
2010-09-01 22:49:35 0 d--h--w- c:\windows\ie8
2010-09-01 22:47:08 712704 ------w- c:\windows\system32\windowscodecs.dll
2010-09-01 22:47:08 1372672 ------w- c:\windows\system32\msxml6.dll
2010-09-01 22:47:08 1372672 ------w- c:\windows\system32\dllcache\msxml6.dll
2010-09-01 22:47:05 346112 ------w- c:\windows\system32\windowscodecsext.dll
2010-09-01 22:47:04 650752 ------w- c:\windows\system32\dot3ui.dll
2010-09-01 22:47:03 290304 ------w- c:\windows\system32\rhttpaa.dll
2010-09-01 22:47:03 276992 ------w- c:\windows\system32\wmphoto.dll
2010-09-01 22:47:02 397312 ------w- c:\windows\system32\mmcex.dll
2010-09-01 22:47:01 291328 ------w- c:\windows\system32\qagentrt.dll
2010-09-01 22:47:00 233472 ------w- c:\windows\system32\azroles.dll
2010-09-01 22:45:58 8677 ------w- c:\windows\system32\dllcache\wm7.gif
2010-09-01 22:27:18 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-09-01 22:26:56 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-09-01 22:26:56 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-09-01 22:26:55 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-01 22:26:51 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-01 22:26:50 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-09-01 22:25:43 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-09-01 22:25:43 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-09-01 22:25:38 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2010-09-01 22:07:24 0 d-sh--w- C:\FOUND.000
2010-09-01 22:05:09 0 d-----w- c:\program files\Synaptics
2010-09-01 13:23:21 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-09-01 13:21:51 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-09-01 13:21:51 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-09-01 13:21:51 1206508 ------w- c:\windows\system32\dllcache\sysmain.sdb
2010-09-01 13:18:26 0 d-----w- c:\windows\system32\PreInstall
2010-09-01 13:18:24 0 d--h--w- c:\windows\$hf_mig$
2010-09-01 13:11:15 0 d-----w- c:\windows\system32\wbem\AutoRecover
2010-09-01 13:05:33 316640 ----a-w- c:\windows\WMSysPr9.prx
2010-09-01 13:03:59 79872 ----a-w- c:\windows\system32\dllcache\iislog51.dll
2010-09-01 13:02:14 456192 ----a-w- c:\windows\system32\dllcache\smtpsvc.dll
2010-09-01 13:02:06 331264 ----a-w- c:\windows\system32\dllcache\aqueue.dll
2010-09-01 13:02:04 0 d-----w- c:\windows\ServicePackFiles
2010-09-01 13:00:15 2897920 ------w- c:\windows\system32\xpsp2res.dll
2010-09-01 12:59:40 19528 ----a-w- c:\windows\002147_.tmp
2010-09-01 12:59:29 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-09-01 12:57:38 0 d-----w- c:\windows\EHome
2010-09-01 12:54:42 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2010-09-01 12:54:42 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2010-09-01 12:54:42 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-09-01 12:54:42 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-09-01 12:54:42 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-09-01 12:37:14 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-09-01 12:37:14 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-09-01 12:36:32 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-09-01 12:36:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-09-01 12:34:13 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-09-01 12:34:13 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2010-09-01 12:33:55 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-09-01 12:25:32 7168 ----a-w- c:\windows\system32\hccoin.dll
2010-09-01 12:25:32 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-09-01 12:23:28 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-09-01 12:23:28 59520 ----a-w- c:\windows\system32\dllcache\usbhub.sys
2010-09-01 12:22:34 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2010-09-01 12:22:34 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2010-09-01 12:22:34 141056 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-01 12:22:33 49408 ----a-w- c:\windows\system32\drivers\stream.sys
2010-09-01 12:22:33 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-09-01 12:22:33 23552 ----a-w- c:\windows\system32\wdmaud.drv
2010-09-01 12:22:33 129536 ----a-w- c:\windows\system32\ksproxy.ax
2010-09-01 12:16:38 575704 ----a-w- c:\windows\system32\dllcache\wuapi.dll
2010-09-01 12:16:38 35552 ----a-w- c:\windows\system32\dllcache\wups.dll
2010-09-01 12:16:38 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2010-09-01 12:16:38 183296 ----a-w- c:\windows\system32\wuaueng1.dll
2010-09-01 12:16:38 165888 ----a-w- c:\windows\system32\wuauclt1.exe

==================== Find3M ====================

2010-09-01 22:56:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-09-01 22:55:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-27 06:30:36 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-06-30 12:31:36 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:36 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-24 15:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:04 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:04 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:02 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:02 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:00 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:22:00 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:22:00 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 12:21:56 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:10 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:46 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:46 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

============= FINISH: 15:49:44.65 ===============


Yours

Matthew

jmw3
2010-09-12, 08:24
Hi

TFC (Temp File Cleaner)
Download TFC (Temp File Cleaner) by Old Timer Here (http://oldtimer.geekstogo.com/TFC.exe) & save it to your desktop.
Save any unsaved work. TFC Cleaner will close all open application windows
Double-click TFC.exe to run the program, your desktop will temporarily disappear
If prompted, click Yes to rebootNote: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
A guide to do this can be found here (http://www.bleepingcomputer.com/forums/topic114351.html)
Double click on ComboFix.exe & follow the prompts
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Consolehttp://img.photobucket.com/albums/v666/sUBs/Query_RC.gif
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next replyA word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

To post in next reply:
ComboFix log
Update on how the computer is running

emjga
2010-09-12, 14:19
JMW3

Item : TFC Done with promoted reboot.

Item : ComboFix Done see below
AVG Anti Virus Disabled
Windows Recovery Console installed

Did get the following error
PEV.exe has encounted a proplem and needs to close.
Do you want to send to Microsoft
Replied No
ComboFix carried on to the end

Log file
ComboFix 10-09-11.03 - Matt and Wendy Mob 09/12/2010 12:49:51.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.106 [GMT 2:00]
Running from: c:\documents and settings\Matt and Wendy Mob\Desktop\Anti-Virus 2nd try\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Matt and Wendy Mob\Application Data\020000001ad81f511003C.manifest
c:\documents and settings\Matt and Wendy Mob\Application Data\020000001ad81f511003O.manifest
c:\documents and settings\Matt and Wendy Mob\Application Data\020000001ad81f511003P.manifest
c:\documents and settings\Matt and Wendy Mob\Application Data\020000001ad81f511003S.manifest
c:\windows\system32\108165009
c:\windows\system32\Cache
c:\windows\system32\unrar.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-12 to 2010-09-12 )))))))))))))))))))))))))))))))
.

2010-09-11 21:43 . 2010-09-11 21:43 114272 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-11 21:16 . 2010-09-11 21:16 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\CANON INC
2010-09-11 21:15 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-09-11 21:15 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-09-11 21:15 . 2001-08-17 20:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-09-11 21:15 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-09-11 06:34 . 2010-09-11 06:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-11 05:39 . 2010-09-11 05:39 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Malwarebytes
2010-09-11 05:38 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-11 05:38 . 2010-09-11 05:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-11 05:38 . 2010-09-11 05:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-11 05:38 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-10 16:18 . 2010-09-10 16:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-10 16:18 . 2010-09-10 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-10 07:43 . 2010-09-10 07:43 -------- d-----w- c:\program files\ERUNT
2010-09-10 07:32 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-09-09 20:14 . 2010-08-30 12:33 43008 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-09 20:14 . 2010-08-30 12:33 338944 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-09 20:14 . 2010-08-30 12:34 1496064 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-09 20:14 . 2010-08-30 12:33 346112 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-08 18:12 . 2010-01-25 09:58 462848 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
2010-09-08 18:12 . 2010-01-15 12:25 864256 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianDll.dll
2010-09-08 18:12 . 2010-01-15 12:25 315392 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianEvt.dll
2010-09-08 18:12 . 2010-01-15 12:25 372736 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe
2010-09-08 18:12 . 2010-06-01 09:44 3907584 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
2010-09-08 18:12 . 2010-01-15 12:26 70984 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
2010-09-08 11:47 . 2010-09-08 11:47 -------- d-----w- c:\windows\system32\Logfiles
2010-09-08 11:47 . 2010-09-08 11:47 -------- d-----w- C:\Inetpub
2010-09-08 07:33 . 2010-09-08 07:33 89831 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox\bin\Uninstall.exe
2010-09-08 07:32 . 2010-09-08 07:32 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox
2010-09-07 18:22 . 2010-09-07 18:23 -------- d-----w- C:\$AVG
2010-09-07 18:17 . 2010-09-07 18:17 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Apple Computer
2010-09-07 18:12 . 2010-09-07 18:12 -------- d-----w- c:\program files\QuickTime
2010-09-07 18:12 . 2010-09-07 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-09-07 18:11 . 2010-09-07 18:12 -------- d-----w- c:\program files\Common Files\Apple
2010-09-07 18:11 . 2010-09-07 18:11 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\Apple
2010-09-07 18:11 . 2010-09-07 18:11 -------- d-----w- c:\program files\Apple Software Update
2010-09-07 18:11 . 2010-09-07 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-09-07 18:11 . 2010-09-07 18:11 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\Apple Computer
2010-09-07 17:15 . 2010-09-07 17:15 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Gygan
2010-09-07 17:15 . 2010-09-07 17:15 -------- d-----w- c:\program files\Xenocode
2010-09-07 17:15 . 2010-09-07 17:15 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\Xenocode
2010-09-07 17:14 . 2010-09-07 17:15 -------- d-----w- c:\program files\Gygan BETA
2010-09-07 15:32 . 2010-05-12 14:55 1050040 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpress.exe
2010-09-07 15:32 . 2010-05-12 14:38 71096 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_ko.dll
2010-09-07 15:32 . 2010-05-12 14:38 75192 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_fr.dll
2010-09-07 15:32 . 2010-05-12 14:38 71096 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_zh-TW.dll
2010-09-07 15:32 . 2010-05-12 14:38 71096 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_ja.dll
2010-09-07 15:32 . 2010-05-12 14:38 75192 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_ru.dll
2010-09-07 15:32 . 2010-05-12 14:38 75192 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_es.dll
2010-09-07 15:32 . 2010-05-12 14:38 75192 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_en.dll
2010-09-07 15:32 . 2010-05-12 14:38 71096 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_zh-CN.dll
2010-09-07 15:32 . 2010-05-12 14:38 75192 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_de.dll
2010-09-07 15:32 . 2010-09-07 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-09-07 15:31 . 2010-09-07 15:31 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\Citrix
2010-09-07 15:31 . 2010-09-07 15:31 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\ICAClient
2010-09-07 15:31 . 2010-09-07 15:31 -------- d-----w- c:\program files\Citrix
2010-09-06 17:32 . 2010-09-06 17:32 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\Help
2010-09-06 17:32 . 2010-09-06 17:32 -------- d-----w- C:\PMAIL
2010-09-06 16:34 . 2010-09-06 16:34 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Foxit Software
2010-09-05 20:43 . 2010-09-05 20:43 -------- d-----w- C:\wamp
2010-09-05 20:33 . 2010-09-05 20:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\PhotoParade
2010-09-05 20:26 . 2010-09-05 20:26 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\.gconfd
2010-09-05 20:26 . 2010-09-05 20:26 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\.gconf
2010-09-05 20:26 . 2010-09-05 20:26 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\.gnome2_private
2010-09-05 20:26 . 2010-09-05 20:26 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\.gnome2
2010-09-05 20:26 . 2010-09-05 20:26 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\.gnucash
2010-09-05 20:24 . 2010-09-05 20:24 -------- d-----w- c:\program files\gnucash
2010-09-05 19:50 . 2010-09-05 19:50 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Canon Easy-WebPrint EX
2010-09-05 19:47 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-09-05 19:47 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2010-09-05 19:47 . 2010-09-05 19:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2010-09-05 19:47 . 2008-02-23 03:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP8F.DLL
2010-09-05 19:47 . 2008-02-23 03:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD8F.DLL
2010-09-05 19:47 . 2008-02-23 03:00 223744 ----a-w- c:\windows\system32\CNMLM8F.DLL
2010-09-05 19:47 . 2010-09-05 19:47 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2010-09-05 19:46 . 2010-09-05 19:46 -------- d--h--w- c:\program files\CanonBJ
2010-09-05 19:24 . 2010-03-26 02:08 4608 ------w- c:\windows\system32\drivers\TSMAPIP.SYS
2010-09-05 19:24 . 2010-09-05 19:24 -------- d-----w- c:\program files\Lenovo
2010-09-05 19:21 . 2010-09-05 19:21 -------- d-----w- c:\program files\CCleaner
2010-09-05 19:07 . 2010-09-05 19:07 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\ParetoLogic
2010-09-05 19:07 . 2010-09-05 19:07 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\DriverCure
2010-09-05 19:07 . 2010-09-05 19:07 -------- d-----w- c:\program files\ParetoLogic
2010-09-05 19:07 . 2010-09-05 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-09-05 19:01 . 2010-09-11 17:32 0 ----a-w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\prvlcl.dat
2010-09-05 18:40 . 2010-09-05 18:40 -------- d-----w- c:\program files\Support.com
2010-09-05 18:40 . 2010-09-05 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Support.com
2010-09-05 18:39 . 2010-09-05 18:39 -------- d-----w- C:\temp
2010-09-05 18:39 . 2010-09-05 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\IBM
2010-09-03 12:40 . 2010-09-03 12:40 -------- d--h--w- c:\program files\MB
2010-09-03 12:02 . 2010-09-03 12:02 -------- d-----w- c:\documents and settings\LogMeInRemoteUser\Local Settings\Application Data\LogMeIn
2010-09-03 08:54 . 2010-09-03 08:54 -------- d-----w- c:\program files\USBDeview
2010-09-03 08:47 . 2010-09-03 08:47 -------- d-----w- c:\program files\Foxit Software
2010-09-02 23:18 . 2010-09-02 23:18 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\ZoomBrowser EX
2010-09-02 23:12 . 2010-09-02 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-09-02 22:59 . 2010-09-02 22:59 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\WINDOWS
2010-09-02 22:52 . 2004-03-02 14:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2010-09-02 22:52 . 2004-03-02 14:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2010-09-02 22:52 . 2004-07-26 14:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2010-09-02 22:52 . 2004-07-26 14:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2010-09-02 22:52 . 2004-07-26 14:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2010-09-02 22:52 . 2004-07-26 14:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2010-09-02 22:52 . 2000-06-26 08:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-09-02 22:52 . 2010-09-02 22:52 -------- d-----w- c:\program files\Common Files\Ahead
2010-09-02 22:52 . 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-09-02 22:52 . 2010-09-02 22:52 -------- d-----w- c:\program files\Ahead
2010-09-02 22:44 . 2010-09-02 22:44 -------- d-----w- c:\program files\Canon
2010-09-02 22:44 . 2010-09-02 22:44 -------- d-----w- c:\program files\Common Files\Canon
2010-09-02 21:42 . 2010-09-02 21:42 -------- d-----w- c:\program files\Common Files\Acronis
2010-09-02 21:42 . 2010-09-02 21:42 -------- d-----w- c:\program files\Acronis
2010-09-02 21:36 . 2010-09-02 21:42 392320 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-09-02 21:36 . 2010-09-02 21:42 32768 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-09-02 21:36 . 2010-09-02 21:42 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-09-02 21:36 . 2010-09-02 21:36 37888 ----a-w- c:\windows\system32\setupnt.dll
2010-09-02 20:52 . 2010-09-02 20:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-02 20:52 . 2010-09-02 20:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-02 20:52 . 2010-09-02 20:52 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-02 20:52 . 2010-09-02 20:52 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-02 20:52 . 2010-09-02 20:52 -------- d-----w- c:\windows\system32\drivers\Avg
2010-09-02 20:48 . 2010-09-02 20:48 -------- d-----w- c:\program files\AVG
2010-09-02 20:47 . 2010-09-02 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-09-02 20:24 . 2010-09-02 20:24 -------- d-----w- c:\windows\system32\XPSViewer
2010-09-02 20:24 . 2010-09-02 20:24 -------- d-----w- c:\program files\MSBuild
2010-09-02 20:23 . 2010-09-02 20:24 -------- d-----w- c:\program files\Reference Assemblies
2010-09-02 20:23 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 07:34 . 2010-09-08 07:34 0 ---ha-w- c:\documents and settings\Matt and Wendy Mob\fjpavxqfur.tmp
2010-09-02 23:00 . 2010-09-02 23:00 -------- d-----w- c:\program files\Common Files\FotoNation
2010-09-02 23:00 . 2010-09-02 23:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-02 21:32 . 2010-09-01 22:59 42944 ----a-w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-01 23:26 . 2003-02-20 07:12 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-09-01 22:56 . 2010-09-01 22:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-09-01 22:55 . 2010-09-01 22:55 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-30 12:31 . 1980-01-01 07:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 1980-01-01 07:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 1979-12-31 22:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 1979-12-31 22:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2003-02-20 07:10 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\HelpSvc.exe
2010-04-14 11:55 . 2010-04-14 11:55 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-05-12 14:42 . 2010-05-12 14:42 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-05-12 14:42 . 2010-05-12 14:42 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-05-12 14:42 . 2010-05-12 14:42 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-05-12 14:41 . 2010-05-12 14:41 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-05-12 14:42 . 2010-05-12 14:42 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-05-12 14:42 . 2010-05-12 14:42 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-05-12 15:22 . 2010-05-12 15:22 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-05-12 14:43 . 2010-05-12 14:43 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2010-05-12 14:43 . 2010-05-12 14:43 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-11 69632]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 88363]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-02 2065760]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 1169776]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 1945960]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2002-10-16 1622016]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

c:\documents and settings\Matt and Wendy Mob\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Online plug-in.lnk - c:\windows\Installer\{7681A1A9-D865-4DC0-A319-41A49F5E78DB}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2010-9-7 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-02 20:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-02 14:06 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Support.com\\Bin\\tgcmd.exe"=
"c:\\Program Files\\gnucash\\bin\\gnucash-bin.exe"=
"c:\\Program Files\\gnucash\\bin\\gconfd-2.exe"=
"c:\\Documents and Settings\\Matt and Wendy Mob\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/2/2010 10:52 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/2/2010 10:52 PM 243024]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/16/2010 4:22 PM 65584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [9/2/2010 10:50 PM 308136]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/27/2010 12:22 PM 12856]
.
Contents of the 'Scheduled Tasks' folder

2010-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{27E10B60-07BF-473C-99A3-86C6ADE76BD9} - (no file)
BHO-{BD8BBA30-1768-FBAB-141D-B1D7F463702A} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
Notify-344010f61003 - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-12 12:56
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'lsass.exe'(612)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-09-12 12:58:22
ComboFix-quarantined-files.txt 2010-09-12 10:58

Pre-Run: 9,154,002,944 bytes free
Post-Run: 9,107,505,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 5C58EDA01ABFBF08EC405B321B9CEB00


Item Update on how computer is running.
Firefox seems to be fine with no Re-directs
IE 8 seems to be fine with no Re-directs

On the whole I would say a good job.
However I will let you have a read of the ComboFix log.

Note AVG has been Turned back on.
SpyBot TeeTimer is still disabled

Matthew

jmw3
2010-09-12, 15:23
Hi

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:


File::
c:\documents and settings\Matt and Wendy Mob\fjpavxqfur.tmp
DDS::
BHO: 443340a3: {bd8bba30-1768-fbab-141d-b1d7f463702a} -
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
Save this as CFScript.txt, in the same location as ComboFix.exe

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
If prompted by ComboFix to update, please do so
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

ESET Online Scanner
Go here (http://www.eset.com/onlinescan/) to run an online scannner from ESET.
Note: You will need to use Internet explorer for this scan
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topicTo post in next reply:
ComboFix log
Eset Online Scan log

emjga
2010-09-13, 08:34
JMW3

Item: CFScript / Combofix - Done

ComboFix 10-09-12.01 - Matt and Wendy Mob 09/12/2010 23:27:34.2.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.287 [GMT 2:00]
Running from: c:\documents and settings\Matt and Wendy Mob\Desktop\Anti-Virus 2nd try\ComboFix.exe
Command switches used :: c:\documents and settings\Matt and Wendy Mob\Desktop\Anti-Virus 2nd try\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Matt and Wendy Mob\fjpavxqfur.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Matt and Wendy Mob\fjpavxqfur.tmp

.
((((((((((((((((((((((((( Files Created from 2010-08-12 to 2010-09-12 )))))))))))))))))))))))))))))))
.

2010-09-11 21:43 . 2010-09-11 21:43 114272 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-11 21:16 . 2010-09-11 21:16 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\CANON INC
2010-09-11 21:15 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-09-11 21:15 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-09-11 21:15 . 2001-08-17 20:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-09-11 21:15 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-09-11 06:34 . 2010-09-11 06:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-11 05:39 . 2010-09-11 05:39 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Malwarebytes
2010-09-11 05:38 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-11 05:38 . 2010-09-11 05:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-11 05:38 . 2010-09-11 05:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-11 05:38 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-10 16:18 . 2010-09-10 16:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-10 16:18 . 2010-09-10 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-10 07:43 . 2010-09-10 07:43 -------- d-----w- c:\program files\ERUNT
2010-09-10 07:32 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-09-09 20:14 . 2010-08-30 12:33 43008 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-09 20:14 . 2010-08-30 12:33 338944 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-09 20:14 . 2010-08-30 12:34 1496064 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-09 20:14 . 2010-08-30 12:33 346112 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-08 18:12 . 2010-01-25 09:58 462848 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
2010-09-08 18:12 . 2010-01-15 12:25 864256 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianDll.dll
2010-09-08 18:12 . 2010-01-15 12:25 315392 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianEvt.dll
2010-09-08 18:12 . 2010-01-15 12:25 372736 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe
2010-09-08 18:12 . 2010-06-01 09:44 3907584 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
2010-09-08 18:12 . 2010-01-15 12:26 70984 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
2010-09-08 11:47 . 2010-09-08 11:47 -------- d-----w- c:\windows\system32\Logfiles
2010-09-08 11:47 . 2010-09-08 11:47 -------- d-----w- C:\Inetpub
2010-09-08 07:33 . 2010-09-08 07:33 89831 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox\bin\Uninstall.exe
2010-09-08 07:32 . 2010-09-08 07:32 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox
2010-09-07 18:22 . 2010-09-07 18:23 -------- d-----w- C:\$AVG
2010-09-07 18:17 . 2010-09-07 18:17 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Apple Computer
2010-09-07 18:12 . 2010-09-07 18:12 -------- d-----w- c:\program files\QuickTime
2010-09-07 18:12 . 2010-09-07 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-09-07 18:11 . 2010-09-07 18:12 -------- d-----w- c:\program files\Common Files\Apple
2010-09-07 18:11 . 2010-09-07 18:11 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\Apple
2010-09-07 18:11 . 2010-09-07 18:11 -------- d-----w- c:\program files\Apple Software Update
2010-09-07 18:11 . 2010-09-07 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-09-07 18:11 . 2010-09-07 18:11 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\Apple Computer
2010-09-07 17:15 . 2010-09-07 17:15 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Gygan
2010-09-07 17:15 . 2010-09-07 17:15 -------- d-----w- c:\program files\Xenocode
2010-09-07 17:15 . 2010-09-07 17:15 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\Xenocode
2010-09-07 17:14 . 2010-09-07 17:15 -------- d-----w- c:\program files\Gygan BETA
2010-09-07 15:32 . 2010-05-12 14:55 1050040 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpress.exe
2010-09-07 15:32 . 2010-05-12 14:38 71096 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_ko.dll
2010-09-07 15:32 . 2010-05-12 14:38 75192 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_fr.dll
2010-09-07 15:32 . 2010-05-12 14:38 71096 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_zh-TW.dll
2010-09-07 15:32 . 2010-05-12 14:38 71096 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_ja.dll
2010-09-07 15:32 . 2010-05-12 14:38 75192 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_ru.dll
2010-09-07 15:32 . 2010-05-12 14:38 75192 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_es.dll
2010-09-07 15:32 . 2010-05-12 14:38 75192 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_en.dll
2010-09-07 15:32 . 2010-05-12 14:38 71096 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_zh-CN.dll
2010-09-07 15:32 . 2010-05-12 14:38 75192 ----a-w- c:\documents and settings\All Users\Application Data\Citrix\Citrix online plug-in\TrolleyExpressUI_de.dll
2010-09-07 15:32 . 2010-09-07 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-09-07 15:31 . 2010-09-07 15:31 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\Citrix
2010-09-07 15:31 . 2010-09-07 15:31 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\ICAClient
2010-09-07 15:31 . 2010-09-07 15:31 -------- d-----w- c:\program files\Citrix
2010-09-06 17:32 . 2010-09-06 17:32 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\Help
2010-09-06 17:32 . 2010-09-06 17:32 -------- d-----w- C:\PMAIL
2010-09-06 16:34 . 2010-09-06 16:34 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Foxit Software
2010-09-05 20:43 . 2010-09-05 20:43 -------- d-----w- C:\wamp
2010-09-05 20:33 . 2010-09-05 20:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\PhotoParade
2010-09-05 20:26 . 2010-09-05 20:26 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\.gconfd
2010-09-05 20:26 . 2010-09-05 20:26 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\.gconf
2010-09-05 20:26 . 2010-09-05 20:26 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\.gnome2_private
2010-09-05 20:26 . 2010-09-05 20:26 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\.gnome2
2010-09-05 20:26 . 2010-09-05 20:26 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\.gnucash
2010-09-05 20:24 . 2010-09-05 20:24 -------- d-----w- c:\program files\gnucash
2010-09-05 19:50 . 2010-09-05 19:50 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\Canon Easy-WebPrint EX
2010-09-05 19:47 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-09-05 19:47 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2010-09-05 19:47 . 2010-09-05 19:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2010-09-05 19:47 . 2008-02-23 03:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP8F.DLL
2010-09-05 19:47 . 2008-02-23 03:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD8F.DLL
2010-09-05 19:47 . 2008-02-23 03:00 223744 ----a-w- c:\windows\system32\CNMLM8F.DLL
2010-09-05 19:47 . 2010-09-05 19:47 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2010-09-05 19:46 . 2010-09-05 19:46 -------- d--h--w- c:\program files\CanonBJ
2010-09-05 19:24 . 2010-03-26 02:08 4608 ------w- c:\windows\system32\drivers\TSMAPIP.SYS
2010-09-05 19:24 . 2010-09-05 19:24 -------- d-----w- c:\program files\Lenovo
2010-09-05 19:21 . 2010-09-05 19:21 -------- d-----w- c:\program files\CCleaner
2010-09-05 19:07 . 2010-09-05 19:07 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\ParetoLogic
2010-09-05 19:07 . 2010-09-05 19:07 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\DriverCure
2010-09-05 19:07 . 2010-09-05 19:07 -------- d-----w- c:\program files\ParetoLogic
2010-09-05 19:07 . 2010-09-05 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-09-05 19:01 . 2010-09-12 21:17 0 ----a-w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\prvlcl.dat
2010-09-05 18:40 . 2010-09-05 18:40 -------- d-----w- c:\program files\Support.com
2010-09-05 18:40 . 2010-09-05 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Support.com
2010-09-05 18:39 . 2010-09-05 18:39 -------- d-----w- C:\temp
2010-09-05 18:39 . 2010-09-05 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\IBM
2010-09-03 12:40 . 2010-09-03 12:40 -------- d--h--w- c:\program files\MB
2010-09-03 12:02 . 2010-09-03 12:02 -------- d-----w- c:\documents and settings\LogMeInRemoteUser\Local Settings\Application Data\LogMeIn
2010-09-03 08:54 . 2010-09-03 08:54 -------- d-----w- c:\program files\USBDeview
2010-09-03 08:47 . 2010-09-03 08:47 -------- d-----w- c:\program files\Foxit Software
2010-09-02 23:18 . 2010-09-02 23:18 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\Application Data\ZoomBrowser EX
2010-09-02 23:12 . 2010-09-02 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-09-02 22:59 . 2010-09-02 22:59 -------- d-----w- c:\documents and settings\Matt and Wendy Mob\WINDOWS
2010-09-02 22:52 . 2004-03-02 14:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2010-09-02 22:52 . 2004-03-02 14:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2010-09-02 22:52 . 2004-07-26 14:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2010-09-02 22:52 . 2004-07-26 14:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2010-09-02 22:52 . 2004-07-26 14:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2010-09-02 22:52 . 2004-07-26 14:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2010-09-02 22:52 . 2000-06-26 08:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-09-02 22:52 . 2010-09-02 22:52 -------- d-----w- c:\program files\Common Files\Ahead
2010-09-02 22:52 . 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-09-02 22:52 . 2010-09-02 22:52 -------- d-----w- c:\program files\Ahead
2010-09-02 22:44 . 2010-09-02 22:44 -------- d-----w- c:\program files\Canon
2010-09-02 22:44 . 2010-09-02 22:44 -------- d-----w- c:\program files\Common Files\Canon
2010-09-02 21:42 . 2010-09-02 21:42 -------- d-----w- c:\program files\Common Files\Acronis
2010-09-02 21:42 . 2010-09-02 21:42 -------- d-----w- c:\program files\Acronis
2010-09-02 21:36 . 2010-09-02 21:42 392320 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-09-02 21:36 . 2010-09-02 21:42 32768 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-09-02 21:36 . 2010-09-02 21:42 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-09-02 21:36 . 2010-09-02 21:36 37888 ----a-w- c:\windows\system32\setupnt.dll
2010-09-02 20:52 . 2010-09-02 20:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-02 20:52 . 2010-09-02 20:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-02 20:52 . 2010-09-02 20:52 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-02 20:52 . 2010-09-02 20:52 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-02 20:52 . 2010-09-02 20:52 -------- d-----w- c:\windows\system32\drivers\Avg
2010-09-02 20:48 . 2010-09-02 20:48 -------- d-----w- c:\program files\AVG
2010-09-02 20:47 . 2010-09-02 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-09-02 20:24 . 2010-09-02 20:24 -------- d-----w- c:\windows\system32\XPSViewer
2010-09-02 20:24 . 2010-09-02 20:24 -------- d-----w- c:\program files\MSBuild
2010-09-02 20:23 . 2010-09-02 20:24 -------- d-----w- c:\program files\Reference Assemblies
2010-09-02 20:23 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 23:00 . 2010-09-02 23:00 -------- d-----w- c:\program files\Common Files\FotoNation
2010-09-02 23:00 . 2010-09-02 23:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-02 21:32 . 2010-09-01 22:59 42944 ----a-w- c:\documents and settings\Matt and Wendy Mob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-01 23:26 . 2003-02-20 07:12 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-09-01 22:56 . 2010-09-01 22:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-09-01 22:55 . 2010-09-01 22:55 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-30 12:31 . 1980-01-01 07:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 1980-01-01 07:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 1979-12-31 22:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 1979-12-31 22:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-04-14 11:55 . 2010-04-14 11:55 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-05-12 14:42 . 2010-05-12 14:42 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-05-12 14:42 . 2010-05-12 14:42 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-05-12 14:42 . 2010-05-12 14:42 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-05-12 14:41 . 2010-05-12 14:41 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-05-12 14:42 . 2010-05-12 14:42 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-05-12 14:42 . 2010-05-12 14:42 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-05-12 15:22 . 2010-05-12 15:22 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-05-12 14:43 . 2010-05-12 14:43 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2010-05-12 14:43 . 2010-05-12 14:43 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-11 69632]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 88363]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-02 2065760]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 1169776]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 1945960]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2002-10-16 1622016]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

c:\documents and settings\Matt and Wendy Mob\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Matt and Wendy Mob\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Online plug-in.lnk - c:\windows\Installer\{7681A1A9-D865-4DC0-A319-41A49F5E78DB}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2010-9-7 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-02 20:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-02 14:06 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Support.com\\Bin\\tgcmd.exe"=
"c:\\Program Files\\gnucash\\bin\\gnucash-bin.exe"=
"c:\\Program Files\\gnucash\\bin\\gconfd-2.exe"=
"c:\\Documents and Settings\\Matt and Wendy Mob\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/2/2010 10:52 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/2/2010 10:52 PM 243024]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/16/2010 4:22 PM 65584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [9/2/2010 10:50 PM 308136]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/27/2010 12:22 PM 12856]
.
Contents of the 'Scheduled Tasks' folder

2010-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-12 23:33
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-09-12 23:36:15
ComboFix-quarantined-files.txt 2010-09-12 21:36
ComboFix2.txt 2010-09-12 10:58

Pre-Run: 8,971,943,936 bytes free
Post-Run: 8,966,701,056 bytes free

- - End Of File - - 8E1C5C763D4B6AFEF523C946FF9AFE62


Item : EsET Online Scanner run via IE

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f086c2627d214d4889eb329f8bc5f5ae
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-09-12 10:53:18
# local_time=2010-09-13 12:53:18 (+0100, W. Europe Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777191 100 0 867221 867221 0 0
# compatibility_mode=8192 67108863 100 0 225 225 0 0
# scanned=69969
# found=2
# cleaned=0
# scan_time=4273
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinProlacop.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Documents and Settings\Matt and Wendy Mob\Desktop\GooredFix Backups\C\Documents and Settings\Matt and Wendy Mob\Application Data\Mozilla\Firefox\Profiles\neq3omyd.default\extensions\{472cf6fd-5ef7-476c-b9cd-0ea0d0d31f18}\chrome\xulcache.jar JS/Agent.NCP trojan 00000000000000000000000000000000 I


Matthew

jmw3
2010-09-13, 15:12
Hi

Looks good.

Clean Up
Now we need to clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.
Remove ComboFix
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run then copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall
OTC
Download OTC by Old Timer here (http://oldtimer.geekstogo.com/OTC.exe) & save it to your desktop.
Double click on OTC.exe. Click on CleanUp!.
You will receive a prompt that it needs to restart the computer to remove the files. Click Yes.
It will restart your computer automatically. If it doesn't, please restart your computer manually.
You can delete the following from your desktop:
TFC.exe
RKUnhookerLE.exe
GooredFix.exe
GooredFix Backups folder
The Gmer.exe file (it will be randomly named .exe file)
Any logs that may have been saved to your desktop

You can re-enable Spybot's TeaTimer now if you like.

All Clean
Now that your system is safe we would like you to keep it that way.
Take the time to follow these recommendations & it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

Create a Clean System Restore Point
Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and click OK
Ensure the boxes for Temporary Files & Temporary Internet Files are checked. You can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore click Clean up... and click Yes to the prompt
Click OK and Yes to confirm.

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates

Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
You can find a tutorial here (http://thespykiller.co.uk/index.php/topic,5946.0.html). Keep it updated & run it regularly.

SpywareBlaster
Download and install Javacools SpywareBlaster from here (http://www.javacoolsoftware.com/spywareblaster.html)
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.
Install MVPS Hosts File From Here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE (http://www.mvps.org/winhelp2002/hosts2.htm)

Install WinPatrol
Download it here (http://www.winpatrol.com/download.html)
You can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)

Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) on how to prevent Malware.

Hopefully these steps will help keep your computer clean.

emjga
2010-09-14, 00:21
JMW3

Clean completed and will read your advise about tools / malware

Thank you very much for all your help.
With a bit of luck and better planning (on my part) you will not find me back hear again.

Matthew

jmw3
2010-09-14, 00:24
No problem at all.... Glad I could help

Good Luck & Surf Safe

jmw3
2010-09-15, 13:44
Since this issue appears to be resolved ... this Topic has been closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include fresh DDS & Attach logs and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or Moderator a private message (pm). A valid, working link to the closed topic is also required.