Hi there guys,
As the title says I'm having real trouble getting rid of this deep dug in, ever replicating virus. I have a feeling I will just have to bite the reformat bullet but on reading your hugely helpful forums I realised there may be hope yet!
Any help would be greatly appreciated- many thanks.
Here is the info your 8 steps asks for.....
AVG overview:-
"Scan ""Scan whole computer"" completed."
"Infections";"14";"14";"0"
"Warnings";"4";"4";"0"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"12 October 2010, 14:39:29"
"Scan finished:";"12 October 2010, 15:13:40 (34 minute(s) 10 second(s))"
"Total object scanned:";"330576"
"User who launched the scan:";"Owner"
"Infections"
"File";"Infection";"Result"
"C:\Program Files\Webteh\BSplayer\bsplay.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Webteh\BSplayer\bslib\bslib.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Webteh\BSplayer\bplay.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Sonic\Sonic Solutions Product CD\RecordNow!\RecordNow.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Real\RealPlayer\rpplugins\rjbdll.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Java\jre6\bin\client\jvm.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Barbie\Barbie(TM) Sparkling Ice Show(TM)\fmod.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Barbie(TM)\Barbie(TM) Horse Adventures(TM)\fmod.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Analog Devices\Core\smax4pnp.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\DELL\drivers\R94481\SMAXWDM\W2K_XP\SMax4PNP.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\DELL\drivers\R94481\SM_Sensa\Sys\virtear.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\DELL\drivers\R106458\Win2000\iglicd32.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\DELL\drivers\R106458\Win2000\igfxress.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"Warnings"
"File";"Infection";"Result"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SoundMAXPnP";"Found registry key with reference to infected file C:\Program Files\Analog Devices\Core\smax4pnp.exe";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt";"Found Tracking cookie.Yieldmanager";"Healed"
Malwarebytes Anti-Malware log:-
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4800
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
12/10/2010 15:53:59
mbam-log-2010-10-12 (15-53-59).txt
Scan type: Quick scan
Objects scanned: 139398
Time elapsed: 6 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER Log:-
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-12 18:19:59
Windows 5.1.2600 Service Pack 3
Running: r2tzoqpu.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kfxdrkob.sys
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xBA499F80]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \FileSystem\Fastfat \Fat B108FD20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
DDS Logs: (Attach.txt is attached):-
DDS (Ver_10-10-10.03) - NTFSx86
Run by Owner at 18:21:26.26 on 12/10/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
============== Pseudo HJT Report ===============
uStart Page = about:blank
uSearch Page = about:blank
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
uPolicies-explorer: StartMenuLogOff = 1 (0x1)
dPolicies-explorer: DisallowRun = 1 (0x1)
dPolicies-disallowrun: 1 = firefox.exe
dPolicies-disallowrun: 2 = opera.exe
dPolicies-disallowrun: 3 = chrome.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236285704328
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\bnhagsq3.default\
FF - prefs.js: browser.search.selectedEngine - Mininova
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {64DE1CB1-F90D-4F18-A58F-5D7C48B3D017} - c:\documents and settings\owner\local settings\application data\{64DE1CB1-F90D-4F18-A58F-5D7C48B3D017}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2010-10-11 21:56:08 -------- d-----w- c:\program files\Trend Micro
2010-10-11 21:04:31 23512 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2010-10-11 21:04:31 138712 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2010-10-11 20:09:21 -------- d-----w- c:\program files\tmp
2010-10-11 20:08:49 -------- d-----w- c:\program files\windows
2010-10-11 15:28:21 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-10-11 15:28:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 15:28:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-11 15:28:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-11 15:28:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-11 13:52:39 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-10-11 13:52:39 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-11 08:06:56 64000 -c--a-w- c:\windows\system32\dllcache\wmplayer.exe
2010-10-11 08:06:56 243712 -c--a-w- c:\windows\system32\dllcache\mpvis.dll
2010-10-11 08:06:55 215552 -c--a-w- c:\windows\system32\dllcache\wordpad.exe
2010-10-10 15:13:54 -------- d-----w- c:\program files\Microsoft
2010-10-03 00:09:35 -------- d-----w- c:\docume~1\owner\applic~1\Xaly
==================== Find3M ====================
2010-09-26 10:37:20 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2010-09-26 10:37:17 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-08-31 17:30:00 286720 ----a-w- c:\windows\iun507.exe
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 04:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 04:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-07-27 01:51:09 3615 ----a-w- c:\windows\esamuqob.dll
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 15:49:37 12536 ----a-w- c:\windows\system32\avgrsstx.dll
============= FINISH: 18:22:05.96 ===============
Fingers crossed an Thanks again!
As the title says I'm having real trouble getting rid of this deep dug in, ever replicating virus. I have a feeling I will just have to bite the reformat bullet but on reading your hugely helpful forums I realised there may be hope yet!
Any help would be greatly appreciated- many thanks.
Here is the info your 8 steps asks for.....
AVG overview:-
"Scan ""Scan whole computer"" completed."
"Infections";"14";"14";"0"
"Warnings";"4";"4";"0"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"12 October 2010, 14:39:29"
"Scan finished:";"12 October 2010, 15:13:40 (34 minute(s) 10 second(s))"
"Total object scanned:";"330576"
"User who launched the scan:";"Owner"
"Infections"
"File";"Infection";"Result"
"C:\Program Files\Webteh\BSplayer\bsplay.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Webteh\BSplayer\bslib\bslib.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Webteh\BSplayer\bplay.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Sonic\Sonic Solutions Product CD\RecordNow!\RecordNow.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Real\RealPlayer\rpplugins\rjbdll.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Java\jre6\bin\client\jvm.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Barbie\Barbie(TM) Sparkling Ice Show(TM)\fmod.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Barbie(TM)\Barbie(TM) Horse Adventures(TM)\fmod.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Analog Devices\Core\smax4pnp.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\DELL\drivers\R94481\SMAXWDM\W2K_XP\SMax4PNP.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\DELL\drivers\R94481\SM_Sensa\Sys\virtear.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\DELL\drivers\R106458\Win2000\iglicd32.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\DELL\drivers\R106458\Win2000\igfxress.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"Warnings"
"File";"Infection";"Result"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SoundMAXPnP";"Found registry key with reference to infected file C:\Program Files\Analog Devices\Core\smax4pnp.exe";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt";"Found Tracking cookie.Yieldmanager";"Healed"
Malwarebytes Anti-Malware log:-
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4800
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
12/10/2010 15:53:59
mbam-log-2010-10-12 (15-53-59).txt
Scan type: Quick scan
Objects scanned: 139398
Time elapsed: 6 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER Log:-
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-12 18:19:59
Windows 5.1.2600 Service Pack 3
Running: r2tzoqpu.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kfxdrkob.sys
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xBA499F80]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \FileSystem\Fastfat \Fat B108FD20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
DDS Logs: (Attach.txt is attached):-
DDS (Ver_10-10-10.03) - NTFSx86
Run by Owner at 18:21:26.26 on 12/10/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
============== Pseudo HJT Report ===============
uStart Page = about:blank
uSearch Page = about:blank
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
uPolicies-explorer: StartMenuLogOff = 1 (0x1)
dPolicies-explorer: DisallowRun = 1 (0x1)
dPolicies-disallowrun: 1 = firefox.exe
dPolicies-disallowrun: 2 = opera.exe
dPolicies-disallowrun: 3 = chrome.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236285704328
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\bnhagsq3.default\
FF - prefs.js: browser.search.selectedEngine - Mininova
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {64DE1CB1-F90D-4F18-A58F-5D7C48B3D017} - c:\documents and settings\owner\local settings\application data\{64DE1CB1-F90D-4F18-A58F-5D7C48B3D017}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2010-10-11 21:56:08 -------- d-----w- c:\program files\Trend Micro
2010-10-11 21:04:31 23512 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2010-10-11 21:04:31 138712 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2010-10-11 20:09:21 -------- d-----w- c:\program files\tmp
2010-10-11 20:08:49 -------- d-----w- c:\program files\windows
2010-10-11 15:28:21 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-10-11 15:28:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 15:28:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-11 15:28:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-11 15:28:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-11 13:52:39 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-10-11 13:52:39 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-11 08:06:56 64000 -c--a-w- c:\windows\system32\dllcache\wmplayer.exe
2010-10-11 08:06:56 243712 -c--a-w- c:\windows\system32\dllcache\mpvis.dll
2010-10-11 08:06:55 215552 -c--a-w- c:\windows\system32\dllcache\wordpad.exe
2010-10-10 15:13:54 -------- d-----w- c:\program files\Microsoft
2010-10-03 00:09:35 -------- d-----w- c:\docume~1\owner\applic~1\Xaly
==================== Find3M ====================
2010-09-26 10:37:20 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2010-09-26 10:37:17 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-08-31 17:30:00 286720 ----a-w- c:\windows\iun507.exe
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 04:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 04:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-07-27 01:51:09 3615 ----a-w- c:\windows\esamuqob.dll
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 15:49:37 12536 ----a-w- c:\windows\system32\avgrsstx.dll
============= FINISH: 18:22:05.96 ===============
Fingers crossed an Thanks again!