We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

HELP!!! 'Man in the browser' Virus UPDATED!

245

Comments

  • geminibabe
    geminibabe Posts: 491 Forumite
    marleyboy wrote: »
    Aside from the infection, can you be absolutely sure it was Natwest who contacted you?

    I have never heard of them doing this before, and cannot understand how Natwest could be capable of seeing your computer in this way. Did you contact them directly via the phone to confirm this was Natwest?

    We received a letter from Natwest asking us to contact them on the phone number given on the letter. We subsequently checked out the telephone number on google and it is a RBS fraud prevention section number.

    http://www.rbs.co.uk/global/f/security/security-advice/report-resolve-fraud/suspicious-emails.ashx

    We had to then run through full security confirmation that it was us calling them. They said that somebody was using our login details from a different location than normal at the same time as us. Dont know how they know this, perhaps there are some Natwest employees or fraud prevention lurkers here who may be able to answer that one.

    We were just shocked to hear it and acted accordingly, disabling our internet banking with both Natwest and Lloyds until we have cleared this 'thing' in our PC.

    Cheers
    :heart2::heart2::heart2: I LOVE MY BEAGLE! :heart2::heart2::heart2:
  • geminibabe
    geminibabe Posts: 491 Forumite
    aliEnRIK wrote: »
    Im just posting so I get a 'bump' once combofix has been run :p

    I would ask that you please run hijack this first ~

    Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
    http://www.filehippo.com/download_hijackthis/
    REBOOT
    Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
    (do NOT do anything else with Hijack but scan and post the FULL log)

    then run combofix as Browntoa asked

    OK, have downloaded hijackthis, what do you mean by REBOOT? Is that restart the system or am I misunderstanding - sorry??

    Cheers
    :heart2::heart2::heart2: I LOVE MY BEAGLE! :heart2::heart2::heart2:
  • marleyboy
    marleyboy Posts: 16,698 Forumite
    10,000 Posts Combo Breaker
    Yes reboot is restart - sounds freaky, I hope you get it resolved - thumbs up to natwest for noticing it
    :A:dance:1+1+1=1:dance::A
    "Marleyboy you are a legend!"
    MarleyBoy "You are the Greatest"
    Marleyboy You Are A Legend!
    Marleyboy speaks sense
    marleyboy (total legend)
    Marleyboy - You are, indeed, a legend.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    geminibabe wrote: »

    Files Infected:
    C:\Program Files\MemoriesOnTV\msvcirt.dll (Malware.Packer.Gen) -> No action taken.
    C:\Program Files\MemoriesOnTV\msvcrt.dll (Malware.Packer.Gen) -> No action taken.
    C:\Users\Heath & Lia\Documents\BullGuard Backups\backuptoday\C\Program Files\MemoriesOnTV\msvcirt.dll (Malware.Packer.Gen) -> No action taken.
    C:\Users\Heath & Lia\Documents\BullGuard Backups\backuptoday\C\Program Files\MemoriesOnTV\msvcrt.dll (Malware.Packer.Gen) -> No action taken

    Thanks for all your help everybody, but I am getting confused with all the suggestions to download this and that. Am I right in saying that I need to run Hijackthis now?

    Thanks for your time :)

    If you havnt already you need to TICK those and REMOVE them (No action taken means its done nothing but scan)
    :idea:
  • geminibabe
    geminibabe Posts: 491 Forumite
    OK have tried to run scan and make log as advised but keep getting this message;

    (sorry, couldnt copy and paste it had to print it and scan it back in as a text file)

    [FONT=&quot]For some reason your system denied write access to the HOis:ts; file. If any hijacked domains: are in this fHe,. HijackThis, may NOT he able to fix this,. [/FONT]
    [FONT=&quot] [/FONT]
    [FONT=&quot]If that ha ppens:~ you need to edit th e file yours,elf. To do this click Start Run and type: [/FONT]
    [FONT=&quot] [/FONT]
    [FONT=&quot]and press. Enter. Find the line(s) HijackThis: reports; and delete then,. Save the file as 'hosts.' (VY'ith quotes;)~ an d rehoot. [/FONT]
    [FONT=&quot] [/FONT]
    [FONT=&quot]FOr Vista: simply exit HijackThis; right click on the HijackThis icon choose 'Run as administrator'.
    [/FONT]


    Unable to do the above as when we right click we do not have the option to run as administrator. We think the trojan maybe blocking the install?? As we are running as the administrator!
    [FONT=&quot]    [/FONT]
    [FONT=&quot] [/FONT]


    [IMG]file:///C:/Users/HEATH&%7E1/AppData/Local/Temp/moz-screenshot.png[/IMG]
    :heart2::heart2::heart2: I LOVE MY BEAGLE! :heart2::heart2::heart2:
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Whilst pressing the SHIFT key, RIGHT CLICK the exe file and select RUN AS
    :idea:
  • geminibabe
    geminibabe Posts: 491 Forumite
    Thanks aliEnRIK!! Here is the log;

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 22:05:47, on 28/03/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v7.00 (7.00.6002.18005)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\PDF Complete\pdfsty.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Radio Downloader\Radio Downloader.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Logitech\Logitech Vid\Vid.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
    O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [Radio Downloader] "C:\Program Files\Radio Downloader\Radio Downloader.exe" /hidemainwindow
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OneNote Table Of Contents.onetoc2
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
    O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

    --
    End of file - 9398 bytes
    :heart2::heart2::heart2: I LOVE MY BEAGLE! :heart2::heart2::heart2:
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    TICK and FIX these ~
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - [URL]file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx[/URL]
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx
    :idea:
  • geminibabe
    geminibabe Posts: 491 Forumite
    aliEnRIK wrote: »
    TICK and FIX these ~
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - [URL]file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx[/URL]
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx

    Hiya, how do I get back to this log on Hijackthis to make changes?? Cant seem to find it again.

    I have run the combofix and have the log for you as follows;

    ComboFix 10-03-28.01 - Heath & Lia 28/03/2010 22:21:43.1.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1918.791 [GMT 1:00]
    Running from: c:\users\Heath & Lia\Downloads\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-1146512327-3141319117-2111703485-500
    c:\programdata\Microsoft\Windows\Start Menu\Programs\PlayMP3z
    c:\users\Heath & Lia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    c:\windows\COUPON~1.OCX
    c:\windows\CouponPrinter.ocx
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-28 )))))))))))))))))))))))))))))))
    .

    2010-03-28 21:31 . 2010-03-28 21:31
    d
    w- c:\users\Default\AppData\Local\temp
    2010-03-28 21:17 . 2010-03-28 21:17 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
    2010-03-28 17:55 . 2010-03-28 17:55
    d
    w- c:\program files\TrendMicro
    2010-03-28 17:51 . 2010-03-28 17:51
    d
    w- c:\users\Heath & Lia\AppData\Roaming\AVG9
    2010-03-28 10:34 . 2010-03-28 10:34
    d
    w- c:\users\Heath & Lia\AppData\Roaming\www.nerdoftheherd.com
    2010-03-28 10:34 . 2010-03-28 10:34
    d
    w- c:\users\Heath & Lia\AppData\Local\www.nerdoftheherd.com
    2010-03-28 10:33 . 2010-03-28 10:33
    d
    w- c:\program files\Radio Downloader
    2010-03-28 09:50 . 2010-03-28 09:50
    d
    w- c:\users\Heath & Lia\AppData\Roaming\Malwarebytes
    2010-03-28 09:50 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-28 09:50 . 2010-03-28 09:53
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-03-28 09:50 . 2010-03-28 09:50
    d
    w- c:\programdata\Malwarebytes
    2010-03-28 09:50 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-26 19:34 . 2010-03-26 19:34
    d
    w- c:\users\Heath & Lia\AppData\Local\AVG Security Toolbar
    2010-03-26 18:27 . 2010-03-26 18:27
    d
    w- C:\$AVG
    2010-03-26 17:51 . 2010-03-26 17:51 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-03-26 17:51 . 2010-03-26 17:51 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2010-03-26 17:51 . 2010-03-26 17:51 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-03-26 17:51 . 2010-03-26 17:51 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-03-26 17:51 . 2010-03-26 17:51 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-03-26 17:51 . 2010-03-28 20:56
    d
    w- c:\windows\system32\drivers\Avg
    2010-03-26 17:51 . 2010-03-26 17:51
    d
    w- c:\programdata\AVG Security Toolbar
    2010-03-26 17:50 . 2010-03-26 17:50 25096 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
    2010-03-26 17:48 . 2010-03-26 17:48 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
    2010-03-26 17:47 . 2010-03-26 17:47
    d
    w- c:\program files\AVG
    2010-03-26 17:47 . 2010-03-26 17:47
    d
    w- c:\programdata\avg9
    2010-03-26 16:37 . 2010-03-26 16:51
    d
    w- c:\users\Heath & Lia\AppData\Roaming\QuickScan
    2010-03-17 19:30 . 2010-03-17 19:29 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-03-16 22:44 . 2009-05-18 14:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-03-16 22:44 . 2008-04-17 13:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2010-03-16 22:43 . 2010-03-16 22:43
    d
    w- c:\program files\iPod
    2010-03-16 22:43 . 2010-03-16 22:44
    d
    w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2010-03-16 22:43 . 2010-03-16 22:44
    d
    w- c:\program files\iTunes
    2010-03-16 22:41 . 2010-03-16 22:42
    d
    w- c:\program files\QuickTime
    2010-03-03 13:53 . 2010-03-03 13:53
    d
    w- c:\programdata\SiteAdvisor
    2010-03-03 13:48 . 2010-03-26 17:41
    d
    w- c:\program files\Common Files\McAfee
    2010-03-03 13:48 . 2010-03-26 17:41
    d
    w- c:\program files\McAfee
    2010-02-28 18:55 . 2010-02-28 18:55
    d
    w- c:\users\Heath & Lia\AppData\Local\2DBoy
    2010-02-28 18:55 . 2010-02-28 18:55
    d
    w- c:\programdata\2DBoy
    2010-02-28 18:40 . 2010-02-28 18:55
    d
    w- c:\program files\World of Goo
    2010-02-28 17:59 . 2010-02-28 17:59
    d
    w- c:\program files\bfgclient
    2010-02-28 17:57 . 2010-03-01 15:51
    d
    w- C:\BigFishGamesCache

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-28 21:42 . 2008-02-19 18:02
    d
    w- c:\programdata\Kontiki
    2010-03-28 21:37 . 2010-02-20 16:01 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
    2010-03-28 19:43 . 2010-03-28 19:43 388096 ----a-r- c:\users\Heath & Lia\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-03-28 09:52 . 2010-03-28 09:52 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-03-26 17:41 . 2008-11-19 16:31
    d
    w- c:\programdata\McAfee
    2010-03-26 14:33 . 2010-03-26 16:36 668648 ----a-w- c:\users\Heath & Lia\AppData\Roaming\Mozilla\Firefox\Profiles\d3uoongn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    2010-03-26 14:33 . 2010-03-26 16:36 830864 ----a-w- c:\users\Heath & Lia\AppData\Roaming\Mozilla\Firefox\Profiles\d3uoongn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    2010-03-17 19:29 . 2007-09-15 17:29
    d
    w- c:\program files\Java
    2010-03-17 14:04 . 2008-03-20 16:35
    d
    w- c:\program files\Mozilla Thunderbird
    2010-03-17 13:05 . 2007-12-14 17:25
    d
    w- c:\users\Heath & Lia\AppData\Roaming\Apple Computer
    2010-03-17 12:55 . 2007-12-14 22:18
    d
    w- c:\programdata\Apple
    2010-03-16 22:43 . 2007-12-14 22:18
    d
    w- c:\program files\Common Files\Apple
    2010-03-16 22:18 . 2010-03-16 22:18 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
    2010-03-16 22:00 . 2008-08-09 09:05
    d
    w- c:\program files\Safari
    2010-03-16 21:23 . 2010-03-16 21:23 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
    2010-03-16 15:53 . 2009-08-14 18:14
    d
    w- c:\users\Heath & Lia\AppData\Roaming\Spotify
    2010-03-11 03:05 . 2006-11-02 11:18
    d
    w- c:\program files\Windows Mail
    2010-03-11 03:05 . 2007-09-15 17:35
    d
    w- c:\programdata\Microsoft Help
    2010-03-03 14:22 . 2010-02-07 13:12
    d
    w- c:\programdata\Kaspersky Lab
    2010-03-01 12:51 . 2008-12-29 15:28
    d
    w- c:\users\Heath & Lia\AppData\Roaming\FrostWire
    2010-02-25 07:28 . 2007-12-13 17:31 102128 ----a-w- c:\users\Heath & Lia\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-24 09:16 . 2009-12-07 10:03 181632
    w- c:\windows\system32\MpSigStub.exe
    2010-02-23 11:13 . 2010-02-20 15:57
    d
    w- c:\programdata\LogiShrd
    2010-02-21 10:18 . 2010-02-20 15:57
    d
    w- c:\program files\Common Files\LogiShrd
    2010-02-20 16:02 . 2007-12-14 22:39
    d
    w- c:\program files\Logitech
    2010-02-20 16:02 . 2010-02-20 16:02
    d
    w- c:\users\Heath & Lia\AppData\Roaming\Leadertech
    2010-02-12 10:32 . 2010-02-25 03:01 293376 ----a-w- c:\windows\system32\browserchoice.exe
    2010-02-07 22:41 . 2008-07-04 20:35
    d
    w- c:\program files\Google
    2010-02-04 10:01 . 2010-02-28 18:54 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
    2010-02-04 10:01 . 2010-02-28 18:54 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
    2010-02-04 10:01 . 2010-02-28 18:54 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
    2010-02-04 10:01 . 2010-02-28 18:54 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
    2010-02-03 18:31 . 2007-09-15 17:31
    d--h--w- c:\program files\InstallShield Installation Information
    2010-01-31 18:25 . 2008-06-19 21:28 148961 ----a-w- c:\windows\hpoins19.dat
    2010-01-28 16:13 . 2010-01-28 16:13
    d
    w- c:\program files\Microsoft
    2010-01-28 16:13 . 2010-01-28 16:12
    d
    w- c:\program files\Windows Live
    2010-01-28 16:13 . 2010-01-28 16:13
    d
    w- c:\program files\Windows Live SkyDrive
    2010-01-28 16:00 . 2010-01-28 16:00
    d
    w- c:\program files\Common Files\Windows Live
    2010-01-25 12:00 . 2010-02-24 04:40 471552 ----a-w- c:\windows\system32\secproc_isv.dll
    2010-01-25 12:00 . 2010-02-24 04:40 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-01-25 12:00 . 2010-02-24 04:40 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
    2010-01-25 12:00 . 2010-02-24 04:40 471552 ----a-w- c:\windows\system32\secproc.dll
    2010-01-25 11:58 . 2010-02-24 04:40 332288 ----a-w- c:\windows\system32\msdrm.dll
    2010-01-25 08:21 . 2010-02-24 04:40 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2010-01-25 08:21 . 2010-02-24 04:40 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-01-25 08:21 . 2010-02-24 04:40 518144 ----a-w- c:\windows\system32\RMActivate.exe
    2010-01-25 08:21 . 2010-02-24 04:40 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-01-23 09:26 . 2010-02-24 04:41 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-01-20 00:34 . 2009-12-31 22:16 120 ----a-w- c:\users\Heath & Lia\AppData\Local\Bsaxavidifexeme.dat
    2010-01-20 00:34 . 2009-12-31 22:16 0 ----a-w- c:\users\Heath & Lia\AppData\Local\Byowasoku.bin
    2010-01-11 13:24 . 2010-02-22 12:52 51200 ----a-w- c:\users\Heath & Lia\AppData\Roaming\Mozilla\Firefox\Profiles\d3uoongn.default\extensions\kodak-companion@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
    2010-01-06 15:39 . 2010-02-24 04:40 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-01-06 15:38 . 2010-02-24 04:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-01-06 15:38 . 2010-02-24 04:40 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
    2010-01-06 15:38 . 2010-02-24 04:40 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
    2010-01-06 15:38 . 2010-02-24 04:40 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
    2010-01-06 15:38 . 2010-02-24 04:40 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
    2010-01-06 13:30 . 2010-02-24 04:40 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2008-06-30 12:44 . 2008-08-11 15:56 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
    2007-09-15 17:08 . 2007-09-15 17:07 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2010-02-23 14:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-03-13 77824]
    "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]
    "SetRefresh"="c:\program files\HP\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-17 149280]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
    "Radio Downloader"="c:\program files\Radio Downloader\Radio Downloader.exe" [2010-03-19 468320]

    c:\users\Heath & Lia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
    OneNote Table Of Contents.onetoc2 [2008-3-16 3656]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
    NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-6-13 2498560]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
    2008-02-27 17:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-02-15 18:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
    2007-01-12 19:36 323216 ----a-w- c:\program files\Napster\napster.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2008-05-06 08:42 202088 ----a-w- c:\program files\TomTom HOME 2\HOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):21,ae,86,ca,d6,79,ca,01

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
    R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-02-23 369920]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
    R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-05-14 13352]
    S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-03-26 25096]
    S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-26 52872]
    S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-03-26 24856]
    S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-03-26 216200]
    S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-03-26 242696]
    S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
    S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-26 308064]
    S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-03-26 2325816]
    S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
    S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-08-07 540184]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-07 92008]
    S3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-03-26 122376]
    S3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-03-26 30216]
    S3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-03-26 27144]
    S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-06-19 12032]
    S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-06-19 10496]
    S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-06-19 12928]
    S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2007-12-28 289280]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 22:30]

    2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 22:30]

    2010-03-28 c:\windows\Tasks\User_Feed_Synchronization-{3DFADF6F-0F30-4A49-86DB-590977DF5E24}.job
    - c:\windows\system32\msfeedssync.exe [2008-08-19 07:33]
    .
    .
    Supplementary Scan
    .
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
    FF - ProfilePath - c:\users\Heath & Lia\AppData\Roaming\Mozilla\Firefox\Profiles\d3uoongn.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxps://signin.ebay.co.uk/ws/eBayISAPI.dll?SignIn
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - component: c:\users\Heath & Lia\AppData\Roaming\Mozilla\Firefox\Profiles\d3uoongn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
    FF - plugin: c:\users\Heath & Lia\AppData\Roaming\Mozilla\Firefox\Profiles\d3uoongn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    contd............
    :heart2::heart2::heart2: I LOVE MY BEAGLE! :heart2::heart2::heart2:
  • geminibabe
    geminibabe Posts: 491 Forumite
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
    "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    LOCKED REGISTRY KEYS

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Other Running Processes
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Kontiki\KService.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PnkBstrB.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2010-03-28 22:48:01 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-03-28 21:47

    Pre-Run: 87,738,351,616 bytes free
    Post-Run: 87,813,603,328 bytes free

    - - End Of File - - 25A7FA6CCEE86D65F4AE1719C38AB936
    :heart2::heart2::heart2: I LOVE MY BEAGLE! :heart2::heart2::heart2:
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.9K Banking & Borrowing
  • 253.9K Reduce Debt & Boost Income
  • 454.7K Spending & Discounts
  • 246K Work, Benefits & Business
  • 602K Mortgages, Homes & Bills
  • 177.8K Life & Family
  • 259.9K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture