Jump to content

Kevin T

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Kevin T
    Beautiful! That was much easier (with your guidance) than I'd feared. I'll look at those links. Thanks so much!
  2. Kevin T
    I quarantined, rebooted, deleted quarantine contents, had Malwarebytes perform the quick scan, and now see no infections: Malwarebytes' Anti-Malware 1.40 Database version: 2659 Windows 5.1.2600 Service Pack 2 8/19/2009 4:07:25 PM mbam-log-2009-08-19 (16-07-25).txt Scan type: Quick Scan Objects scanned: 111186 Time elapsed: 3 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Looks good! Is there anything else I should do, or does this wrap things up? Thanks!
  3. Kevin T
    I updated MBAM. The log from a full scan follows. I look forward to your thoughts. Thanks! Malwarebytes' Anti-Malware 1.40 Database version: 2658 Windows 5.1.2600 Service Pack 2 8/19/2009 2:32:41 PM mbam-log-2009-08-19 (14-32-33).txt Scan type: Full Scan (C:\|) Objects scanned: 477942 Time elapsed: 2 hour(s), 53 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 14 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 16 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{3823982D-D5D1-4198-9D26-D5E7F702A163}\RP738\A0140735.dll (Trojan.Downloader) -> No action taken. C:\System Volume Information\_restore{3823982D-D5D1-4198-9D26-D5E7F702A163}\RP742\A0141791.exe (Trojan.Downloader) -> No action taken. C:\System Volume Information\_restore{3823982D-D5D1-4198-9D26-D5E7F702A163}\RP742\A0141792.exe (Trojan.Downloader) -> No action taken. C:\System Volume Information\_restore{3823982D-D5D1-4198-9D26-D5E7F702A163}\RP742\A0141793.exe (Adware.MyWeb) -> No action taken. C:\System Volume Information\_restore{3823982D-D5D1-4198-9D26-D5E7F702A163}\RP742\A0141794.exe (Adware.MyWeb) -> No action taken. C:\System Volume Information\_restore{3823982D-D5D1-4198-9D26-D5E7F702A163}\RP742\A0141795.nfo (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{3823982D-D5D1-4198-9D26-D5E7F702A163}\RP753\A0149282.exe (Trojan.Dropper) -> No action taken. C:\System Volume Information\_restore{3823982D-D5D1-4198-9D26-D5E7F702A163}\RP753\A0149283.exe (Trojan.Dropper) -> No action taken. C:\System Volume Information\_restore{3823982D-D5D1-4198-9D26-D5E7F702A163}\RP753\A0149284.exe (Adware.MyWeb) -> No action taken. C:\System Volume Information\_restore{3823982D-D5D1-4198-9D26-D5E7F702A163}\RP755\A0149769.exe (Trojan.Downloader) -> No action taken. C:\System Volume Information\_restore{3823982D-D5D1-4198-9D26-D5E7F702A163}\RP755\A0149771.exe (Trojan.Dropper) -> No action taken. C:\System Volume Information\_restore{3823982D-D5D1-4198-9D26-D5E7F702A163}\RP755\A0149768.exe (Trojan.Downloader) -> No action taken. C:\System Volume Information\_restore{3823982D-D5D1-4198-9D26-D5E7F702A163}\RP756\A0151945.exe (Rogue.Installer) -> No action taken. C:\System Volume Information\_restore{3823982D-D5D1-4198-9D26-D5E7F702A163}\RP758\A0157172.exe (Rogue.Installer) -> No action taken. C:\System Volume Information\_restore{3823982D-D5D1-4198-9D26-D5E7F702A163}\RP758\A0157371.exe (Adware.MyWeb) -> No action taken. C:\System Volume Information\_restore{3823982D-D5D1-4198-9D26-D5E7F702A163}\RP758\A0157389.nfo (Trojan.Agent) -> No action taken.
  4. Kevin T
    Mieke, The service deletion and Combofix uninstall worked without problems. I decided to do some scanning to see if anything else was left, and here's what I've found so far. 1) GMER hung my system about eight hours (!) into its Files scan. I saw these error dialogs My mouse wouldn't work, but alt-tabbing to the dialog leg me hit Enter to click the OK button. This led me to the next dialog, Same alt-tab approach got me through two more dialogs of the same type, but with different directories, namely: After this, I had to hit the power switch in order to reboot. Next I ran Malwarebytes Quick Scan, which produced this log: Malwarebytes' Anti-Malware 1.40 Database version: 2627 Windows 5.1.2600 Service Pack 2 8/18/2009 11:08:31 PM mbam-log-2009-08-18 (23-08-26).txt Scan type: Quick Scan Objects scanned: 110079 Time elapsed: 3 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 14 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Any thoughts on actions needed at this point? I may run a Malwarebytes full scan overnight. If it succeeds, I'll post results. Thanks!
  5. Kevin T
    I followed your instructions, including deactivation of Avira's antivirus and firewall facilities. One question before getting to the results: Combofix asked if I had Windows XP Home Edition. I believe I said "No," because I have the Professional edition (SP2). However, when it installed the Recovery Console, the messages on screen referred to installation of the Recovery Console for Windows XP Home Edition. Do I need to uninstall Recovery Console for Home Edition, and manually install the version for Professional? Combofix ran without errors, and deleted and restored some files. I can quickly see these improvements: 1) GMER no longer shows the strange DLL (\\?\globalroot\Device\__max++>\289A8304.x86.dll) that had been attached to several processes, which is good. 2) I had not been able to start a command window (CMD.EXE), and now I can. 3) MS Outlook had not been able to load MS Word as my editor, and now it can. I don't know if everything is perfect, but this is a big improvement! Thanks! Combofix log follows. I look forward to your conclusions. === ComboFix Beta_09-08-18.01 - Kevin Thompson 08/18/2009 12:02.1.2 - NTFSx86 Running from: c:\program files\Combofix\sVchost.com AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6} FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Kevin Thompson\Local Settings\Temporary Internet Files\Pre11.tmp c:\documents and settings\Kevin Thompson\Local Settings\Temporary Internet Files\Pre1A.tmp c:\documents and settings\Kevin Thompson\Local Settings\Temporary Internet Files\Pre1D.tmp c:\documents and settings\Kevin Thompson\Local Settings\Temporary Internet Files\webex.ini c:\program files\FunWebProducts c:\windows\Downloaded Program Files\Install.inf c:\windows\Fonts\WPHV07NB.TTF c:\windows\Installer\19608d8.msi c:\windows\Installer\1e615.msi c:\windows\Installer\7ce8c.msi c:\windows\system32\sonhelp.htm c:\windows\system32\tapi.nfo Infected copy of c:\windows\system32\scecli.dll was found and disinfected Restored copy from - c:\windows\system32\dllcache\scecli.dll Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected Restored copy from - c:\windows\system32\dllcache\mspmsnsv.dll c:\windows\system32\proquota.exe was missing Restored copy from - c:\windows\system32\dllcache\proquota.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 ))))))))))))))))))))))))))))))) . 2009-08-18 19:05 . 2004-08-04 12:00 50176 ----a-w- c:\windows\system32\proquota.exe 2009-08-18 18:45 . 2009-08-18 18:55 -------- d-----w- c:\program files\Combofix 2009-08-16 20:27 . 2009-08-16 20:27 185344 ----a-w- c:\windows\system32\drivers\KeDetective130.sys 2009-08-16 19:56 . 2009-08-18 07:09 -------- d-----w- c:\program files\gmerprogram 2009-08-16 19:09 . 2009-08-16 20:50 -------- d-----w- c:\program files\KernDet 2009-08-16 19:07 . 2009-08-16 19:57 -------- d-----w- c:\program files\RadIns 2009-08-16 04:35 . 2009-08-18 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2009-08-16 04:05 . 2009-08-18 04:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-16 03:21 . 2009-08-16 03:23 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-08-16 02:44 . 2004-08-04 07:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll 2009-08-16 02:44 . 2001-08-18 05:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll 2009-08-16 02:44 . 2001-08-18 05:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll 2009-08-16 02:42 . 2004-08-04 05:29 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys 2009-08-16 02:41 . 2001-08-17 20:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys 2009-08-16 02:40 . 2001-08-17 19:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys 2009-08-16 02:39 . 2001-08-17 19:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys 2009-08-16 02:38 . 2001-08-17 20:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys 2009-08-16 02:37 . 2004-08-04 07:56 73796 -c--a-w- c:\windows\system32\dllcache\slserv.exe 2009-08-16 02:36 . 2001-08-17 20:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys 2009-08-16 02:35 . 2001-08-18 05:36 26624 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll 2009-08-16 02:34 . 2001-08-17 20:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys 2009-08-16 02:33 . 2001-08-17 19:11 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys 2009-08-16 02:32 . 2001-08-17 19:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys 2009-08-16 02:31 . 2001-08-17 19:11 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys 2009-08-16 02:30 . 2001-08-17 19:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys 2009-08-16 02:29 . 2001-08-18 05:36 242176 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll 2009-08-16 02:28 . 2001-08-18 05:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll 2009-08-16 02:27 . 2001-08-17 20:28 44863 -c--a-w- c:\windows\system32\dllcache\hsf_soar.sys 2009-08-16 02:26 . 2001-08-17 20:28 907456 -c--a-w- c:\windows\system32\dllcache\hcf_msft.sys 2009-08-16 02:25 . 2001-08-18 05:36 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll 2009-08-16 02:24 . 2001-08-17 21:07 20192 -c--a-w- c:\windows\system32\dllcache\dpti2o.sys 2009-08-16 02:23 . 2001-08-17 19:19 93952 -c--a-w- c:\windows\system32\dllcache\cwcwdm.sys 2009-08-16 02:22 . 2001-08-17 20:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys 2009-08-16 02:21 . 2004-08-04 05:29 30671 -c--a-w- c:\windows\system32\dllcache\ati1raxx.sys 2009-08-14 22:12 . 2009-08-16 03:13 -------- d-----w- c:\program files\RooRevealer 2009-08-14 21:33 . 2009-08-14 21:33 -------- d-----w- c:\program files\TM 2009-08-14 21:28 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-14 21:28 . 2009-08-16 22:42 -------- d-----w- c:\program files\mb 2009-08-14 21:28 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-13 02:17 . 2009-08-13 18:36 -------- d-----w- c:\program files\tool 2009-08-12 20:26 . 2009-08-12 20:26 -------- d-----w- c:\program files\RootRepeal 2009-08-12 05:15 . 2009-08-18 03:24 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} 2009-08-12 05:15 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe 2009-08-12 05:15 . 2009-08-18 03:23 -------- d-----w- c:\program files\Lavasoft 2009-08-11 09:12 . 2009-08-11 09:12 -------- d-----w- c:\documents and settings\Kevin Thompson\Application Data\Avira 2009-08-11 08:18 . 2009-05-08 21:13 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys 2009-08-11 08:18 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-08-11 08:18 . 2009-02-24 20:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys 2009-08-11 08:18 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-08-11 08:18 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-08-11 08:18 . 2009-08-14 19:46 -------- d-----w- c:\program files\Avira 2009-08-11 08:18 . 2009-08-11 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-08-11 04:15 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-10 23:07 . 2009-08-10 23:07 -------- d-----w- c:\documents and settings\Kevin Thompson\Application Data\Malwarebytes 2009-08-10 23:07 . 2009-08-10 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-10 19:12 . 2009-08-10 19:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion 2009-08-10 04:09 . 2009-08-10 04:09 -------- d-----w- c:\documents and settings\Kevin Thompson\Application Data\UClick 2009-08-10 01:12 . 2009-08-10 01:12 -------- d-----w- c:\windows\system32\wbem\Repository 2009-08-10 01:10 . 2009-08-10 01:11 -------- dc----w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}(2) 2009-08-10 00:52 . 2009-07-15 18:48 29000 ----a-w- c:\windows\system32\uxtuneup(2).dll 2009-08-10 00:52 . 2009-08-10 00:52 361288 ----a-w- c:\windows\system32\TuneUpDefragService(2).exe 2009-08-10 00:52 . 2009-08-10 00:52 -------- d-----w- c:\documents and settings\Kevin Thompson\Application Data\TuneUp Software 2009-08-10 00:51 . 2009-08-10 01:11 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-08-10 00:51 . 2009-08-10 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-08-09 23:10 . 2009-08-09 23:10 -------- d-----w- c:\documents and settings\Kevin Thompson\Application Data\URSoft 2009-08-09 23:00 . 2009-08-09 23:00 -------- d-----w- c:\program files\VS Revo Group 2009-08-09 02:13 . 2009-08-09 02:13 -------- d-----w- c:\documents and settings\Kevin Thompson\Application Data\SUPERAntiSpyware.com 2009-08-09 01:52 . 2009-08-10 01:12 -------- d-----w- c:\program files\Norton Support 2009-08-08 23:41 . 2009-08-09 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-08-08 23:41 . 2009-08-09 00:15 -------- d-----w- c:\program files\NOS 2009-08-08 07:13 . 2009-08-10 17:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Microsoft 2009-08-08 07:11 . 2009-08-08 07:11 -------- d-sh--w- C:\found.000 2009-08-04 11:03 . 2009-08-04 11:04 108945018 ----a-w- C:\F_1249383830.reg 2009-07-31 00:10 . 2009-07-31 00:12 -------- d-----w- c:\documents and settings\Kevin Thompson\Application Data\Super-Cow 2009-07-31 00:07 . 2008-10-10 11:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll 2009-07-31 00:07 . 2008-10-10 11:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll 2009-07-31 00:07 . 2008-10-10 11:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll 2009-07-31 00:07 . 2008-10-27 17:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll 2009-07-31 00:07 . 2008-10-27 17:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll 2009-07-31 00:07 . 2008-10-27 17:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll 2009-07-31 00:07 . 2008-10-27 17:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll 2009-07-31 00:02 . 2009-07-31 00:02 -------- d-----w- c:\program files\Disney Interactive Studios 2009-07-30 03:52 . 2009-07-30 03:52 -------- d-----w- c:\documents and settings\Kevin Thompson\Application Data\ERS G-Studio 2009-07-26 21:04 . 2009-07-26 21:04 -------- d-----w- c:\documents and settings\Helen Thompson\Application Data\Big Fish Games 2009-07-26 21:03 . 2009-07-26 21:03 -------- d-----w- c:\program files\Tasty Planet 2009-07-26 21:01 . 2009-07-26 21:01 -------- d-----w- c:\program files\Supercow 2009-07-26 20:55 . 2009-07-26 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Big Fish Games 2009-07-26 20:55 . 2009-07-26 20:55 -------- d-----w- c:\program files\Jigs@w Puzzle 2 2009-07-26 20:53 . 2009-07-26 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\EscapeFromParadise2 2009-07-26 20:52 . 2009-07-28 02:42 -------- d-----w- c:\program files\Escape From Paradise 2 - A Kingdom's Quest 2009-07-25 03:31 . 2009-07-26 21:52 -------- d-----w- c:\program files\Pet Pals Animal Doctor 2009-07-25 02:41 . 2009-07-25 02:41 -------- d-----w- c:\documents and settings\Helen Thompson\Application Data\ERS G-Studio 2009-07-25 01:24 . 2009-07-25 01:25 -------- d-----w- c:\program files\Many Years Ago 2009-07-21 22:19 . 2009-07-21 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy 2009-07-21 04:22 . 2009-07-21 05:42 -------- d-----w- c:\program files\World of Goo 2009-07-20 06:12 . 2009-07-20 06:12 -------- d-----w- c:\temp\org 2009-07-20 00:53 . 2009-07-20 00:53 -------- d-----w- c:\documents and settings\Helen Thompson\Application Data\UClick 2009-07-20 00:53 . 2009-07-20 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\UClick . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-18 19:09 . 2008-03-15 23:02 -------- d-----w- c:\program files\IDrive 2009-08-18 09:28 . 2007-05-22 20:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-18 05:16 . 2007-03-29 04:10 -------- d-----w- c:\program files\WinHex 2009-08-18 05:00 . 2007-11-17 17:40 -------- d-----w- c:\program files\Yahoo! 2009-08-18 03:40 . 2009-06-14 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner 2009-08-18 03:23 . 2007-09-30 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-17 06:44 . 2007-04-04 07:59 59160 ----a-w- c:\documents and settings\Kevin Thompson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-14 20:12 . 2008-11-17 20:47 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-08-14 19:25 . 2007-03-26 04:22 -------- d-----w- c:\program files\Metapad 2009-08-12 03:55 . 2008-07-05 18:40 -------- d-----w- c:\program files\Ranch Rush 2009-08-11 07:57 . 2007-03-26 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-08-11 07:52 . 2008-10-09 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-08-11 07:44 . 2007-03-29 03:35 -------- d-----w- c:\documents and settings\Kevin Thompson\Application Data\Skype 2009-08-11 07:20 . 2007-03-26 04:19 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-08-11 02:57 . 2008-12-05 23:47 -------- d-----w- c:\documents and settings\Kevin Thompson\Application Data\skypePM 2009-08-10 18:34 . 2009-02-02 05:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-10 17:47 . 2007-07-27 01:48 -------- d-----w- c:\documents and settings\Helen Thompson\Application Data\Skype 2009-08-10 17:38 . 2008-12-18 05:44 -------- d-----w- c:\documents and settings\Helen Thompson\Application Data\skypePM 2009-08-10 04:08 . 2007-05-26 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache 2009-08-10 03:37 . 2008-10-18 06:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-10 03:26 . 2008-10-09 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-08-08 23:36 . 2007-03-26 02:55 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-08 07:36 . 2008-04-10 02:16 -------- d-----w- c:\program files\NSecurityScan 2009-08-08 02:15 . 2009-05-14 21:04 -------- d-----w- c:\program files\Sony Online Entertainment 2009-08-07 22:06 . 2007-12-04 00:00 -------- d-----w- c:\documents and settings\Helen Thompson\Application Data\DivX 2009-07-31 00:02 . 2007-03-25 23:22 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-19 05:01 . 2009-07-19 03:18 -------- d-----w- c:\program files\Avalon 2009-07-18 23:49 . 2008-02-07 05:22 -------- d-----w- c:\program files\Nancy Drew - Legend of the Crystal Skull - Strategy Guide 2009-07-18 23:11 . 2007-04-05 23:36 -------- d-----w- c:\program files\The Learning Company 2009-07-17 20:48 . 2009-06-11 20:00 -------- d-----w- c:\program files\Mahjong Towers Eternity 2009-07-16 22:37 . 2007-04-14 19:47 -------- d-----w- c:\documents and settings\Helen Thompson\Application Data\PlayFirst 2009-07-10 22:15 . 2008-12-26 17:36 -------- d-----w- c:\documents and settings\Kevin Thompson\Application Data\PlayFirst 2009-07-10 22:15 . 2008-01-24 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst 2009-07-10 04:56 . 2009-07-10 04:56 -------- d-----w- c:\program files\Emerald City Confidential 2009-07-03 04:21 . 2009-07-03 04:21 -------- d-----w- c:\documents and settings\Kevin Thompson\Application Data\InstallShield 2009-06-27 19:50 . 2009-02-01 03:11 -------- d-----w- c:\program files\Hidden Secrets - The Nightmare 2009-06-27 03:01 . 2007-04-14 19:25 19 ----a-w- c:\windows\popcinfo.dat 2009-06-21 01:42 . 2007-06-30 14:20 -------- d-----w- c:\program files\Professor Fizzwizzle and the Molten Mystery 2009-06-03 05:37 . 2009-06-03 05:37 390664 ----a-w- c:\documents and settings\Kevin Thompson\Application Data\Real\RealPlayer\Update\RealPlayer11.exe 2008-06-01 16:43 . 2008-06-01 16:43 0 ----a-w- c:\program files\temp01 2009-04-30 04:05 . 2009-04-30 04:05 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2009-04-30 04:05 . 2009-04-30 04:05 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2009-04-30 04:06 . 2009-04-30 04:06 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll 2009-04-30 04:06 . 2009-04-30 04:06 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Uniblue Registry Booster2"="c:\program files\Uniblue\RegistryBooster2\RegistryBooster.exe" [2007-04-23 1645088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-05 49152] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-03-16 01:15 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] backup=c:\windows\pss\Bluetooth.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Registration.lnk] backup=c:\windows\pss\Corel Registration.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Application Director 9.LNK] backup=c:\windows\pss\Desktop Application Director 9.LNKCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk] backup=c:\windows\pss\Device Detector 3.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Directrec Configuration Tool.lnk] backup=c:\windows\pss\Directrec Configuration Tool.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Skype.lnk] backup=c:\windows\pss\Skype.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Kevin Thompson^Start Menu^Programs^Startup^IDrive Tray.lnk] backup=c:\windows\pss\IDrive Tray.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Kevin Thompson^Start Menu^Programs^Startup^QuickShelf 2000.lnk] backup=c:\windows\pss\QuickShelf 2000.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Kevin Thompson^Start Menu^Programs^Startup^SDK Tray Menu.lnk] backup=c:\windows\pss\SDK Tray Menu.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\e-Campaign 6\\eCampaign.exe"= "c:\\WINDOWS\\system32\\ftp.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x] R3 CAIQ;CAIQ;c:\docume~1\KEVINT~1\LOCALS~1\Temp\CAIQ.exe [x] R3 OTTFRYC;OTTFRYC;c:\docume~1\KEVINT~1\LOCALS~1\Temp\OTTFRYC.exe [x] R3 PNDLXZPOW;PNDLXZPOW;c:\docume~1\KEVINT~1\LOCALS~1\Temp\PNDLXZPOW.exe [x] R3 SDTHelper;Helper driver for SDT-Tool;c:\program files\RadIns\sdthlpr.sys [2009-05-22 13385] R3 WLOOTXIUDBSJWSMCL;WLOOTXIUDBSJWSMCL;c:\docume~1\KEVINT~1\LOCALS~1\Temp\WLOOTXIUDBSJWSMCL.exe [x] R4 JJLRGHIFYZEAAVXMKIE;JJLRGHIFYZEAAVXMKIE;c:\docume~1\KEVINT~1\LOCALS~1\Temp\JJLRGHIFYZEAAVXMKIE.exe [x] S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2009-05-08 97608] S2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2009-05-11 388865] S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-05-11 194817] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-05-12 434945] S2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [2008-03-14 128464] S2 Perforce;Perforce;c:\progra~1\Perforce\p4s.exe [2007-08-08 978944] S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2009-02-24 69632] . Contents of the 'Scheduled Tasks' folder 2009-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] . - - - - ORPHANS REMOVED - - - - HKLM-Run-RRT-Auto - c:\documents and settings\Kevin Thompson\Desktop\RRT.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ IE: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZRfox000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} - hxxps://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab DPF: {8ACDC08B-DC64-4613-97F2-299B65F66E1D} - hxxp://www.digimeld.com/download/digimeldOcx.CAB FF - ProfilePath - c:\documents and settings\Kevin Thompson\Application Data\Mozilla\Firefox\Profiles\wxgsy5sq.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/r/ch FF - plugin: c:\progra~1\SONYON~1\npsoe.dll FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll FF - plugin: c:\program files\Java\j2re1.4.2_14\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.2_14\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.2_14\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.2_14\bin\NPJava14.dll FF - plugin: c:\program files\Java\j2re1.4.2_14\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.2_14\bin\NPJPI142_14.dll FF - plugin: c:\program files\Java\j2re1.4.2_14\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-18 12:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1152) c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll - - - - - - - > 'lsass.exe'(1208) c:\program files\Avira\AntiVir Desktop\avsda.dll - - - - - - - > 'explorer.exe'(7896) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\dllhost.exe c:\windows\system32\CTSVCCDA.EXE c:\program files\Olympus\DeviceDetector\DM1Service.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe c:\windows\system32\nvsvc32.exe c:\program files\Perforce\p4s.exe c:\windows\system32\locator.exe c:\program files\IDrive\IDriveETray.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-08-18 12:15 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-18 19:15 Pre-Run: 243,556,720,640 bytes free Post-Run: 244,896,313,344 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 388 --- E O F --- 2009-01-14 08:18
  6. Kevin T
    I see similar posts from other people, but haven't been able to leverage them to solve my problem. Several programs (Malwarebytes, AdAware, RegistryFix, GMER, HijackThis) will not run on my XP SP2 system. Symptoms are the same in all cases: I install program, launch program, start a scan, and program closes within seconds, and cannot be re-opened unless I uninstall / reinstall. Renaming the executables and installers does not help (I've tried with all of these programs). Can anyone point me in the right direction? Thanks!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.