Jump to content

Packman Jones

Honorary Members
  • Posts

    32
  • Joined

  • Last visited

Reputation

0 Neutral
  1. bitorrent was uninstalled previously. here are my logs: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=f591d5ab5e084f4b9a1998294a824dbe # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-09-19 12:39:26 # local_time=2010-09-18 07:39:26 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1797 16775141 100 93 84457 42997934 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=98889 # found=2 # cleaned=2 # scan_time=5123 C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\pci.sys.vir Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1560\A0387321.sys Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C Results of screen317's Security Check version 0.99.5 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Avira AntiVir Personal - Free Antivirus ESET Online Scanner v3 Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware Malwarebytes' Anti-Malware CCleaner Duplicate Cleaner 1.4.5 Java 6 Update 21 Adobe Flash Player 10.0.42.34 Adobe Reader 9.3 Mozilla Firefox (3.6.9) ```````````````````````````````` Process Check: objlist.exe by Laurent Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! Avira Antivir avgnt.exe Avira Antivir avguard.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log```````````` system seems to be running about 100% better now. Thanks again!
  2. ComboFix 10-09-16.04 - Kim Lowe 09/16/2010 19:15:34.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.252 [GMT -5:00] Running from: c:\documents and settings\Kim Lowe\Desktop\Combo-Fix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf Infected copy of c:\windows\system32\drivers\pci.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-08-17 to 2010-09-17 ))))))))))))))))))))))))))))))) . 2010-09-15 22:44 . 2010-09-16 03:03 -------- dc----w- C:\dce 2010-09-15 01:28 . 2010-09-15 01:30 -------- d-----w- c:\program files\ERUNT 2010-09-12 05:29 . 2010-09-15 04:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2010-09-07 05:19 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-09-05 07:56 . 2010-09-05 07:56 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-09-01 12:59 . 2010-09-01 12:59 -------- d-----w- c:\documents and settings\Kim Lowe\Local Settings\Application Data\Sunbelt Software 2010-09-01 04:48 . 2010-09-01 04:49 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70} 2010-09-01 04:46 . 2010-09-04 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-09-01 04:46 . 2010-09-01 04:46 -------- d-----w- c:\program files\Lavasoft 2010-08-29 05:08 . 2010-09-12 05:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-08-22 01:50 . 2010-08-22 01:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities 2010-08-18 20:32 . 2010-08-18 20:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-16 00:50 . 2010-08-17 04:06 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-09-12 13:04 . 2010-04-14 19:09 -------- d-----w- c:\documents and settings\Kim Lowe\Application Data\MechCAD 2010-09-12 12:58 . 2010-04-24 13:54 -------- d-----w- c:\documents and settings\Kim Lowe\Application Data\BitTorrent 2010-09-12 01:33 . 2010-01-24 02:53 1 ----a-w- c:\documents and settings\Kim Lowe\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-09-10 11:52 . 2010-09-10 11:52 1421 ----a-w- c:\documents and settings\Kim Lowe\Application Data\WinFF\ff100910065223.bat 2010-09-10 11:52 . 2010-05-09 01:54 -------- d-----w- c:\documents and settings\Kim Lowe\Application Data\WinFF 2010-09-06 21:42 . 2010-07-04 15:10 -------- d-----w- c:\documents and settings\Kim Lowe\Application Data\vlc 2010-09-04 01:49 . 2007-12-19 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell 2010-08-31 16:17 . 2010-08-31 16:17 700 ----a-w- c:\documents and settings\Kim Lowe\Application Data\WinFF\ff100831111711.bat 2010-08-30 19:34 . 2010-09-08 02:55 1496064 ----a-w- c:\documents and settings\Kim Lowe\Application Data\Mozilla\Firefox\Profiles\b58bjj77.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-08-30 19:33 . 2010-09-08 02:55 43008 ----a-w- c:\documents and settings\Kim Lowe\Application Data\Mozilla\Firefox\Profiles\b58bjj77.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-08-30 19:33 . 2010-09-08 02:55 338944 ----a-w- c:\documents and settings\Kim Lowe\Application Data\Mozilla\Firefox\Profiles\b58bjj77.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-08-30 19:33 . 2010-09-08 02:55 346112 ----a-w- c:\documents and settings\Kim Lowe\Application Data\Mozilla\Firefox\Profiles\b58bjj77.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-08-24 22:11 . 2010-08-13 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks 2010-08-17 18:10 . 2010-09-01 02:37 372736 ------w- c:\documents and settings\All Users\Application Data\Dell\DSL\DSLCheck.exe 2010-08-17 00:43 . 2010-08-02 02:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-13 23:05 . 2009-08-18 02:44 62776 ----a-w- c:\documents and settings\Kim Lowe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-13 21:28 . 2010-08-13 21:12 -------- d-----w- c:\program files\Linksys 2010-08-13 21:12 . 2010-08-14 12:53 188176 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat 2010-08-13 20:00 . 2010-08-13 20:00 -------- d-----w- c:\program files\Pure Networks 2010-08-13 19:59 . 2010-08-13 19:59 -------- d-----w- c:\program files\WebEx 2010-08-13 19:59 . 2010-08-13 19:59 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi 2010-08-13 19:57 . 2010-08-13 19:57 -------- d-----w- c:\program files\Common Files\Pure Networks Shared 2010-08-12 13:11 . 2010-05-09 13:38 -------- d-----w- c:\program files\iTunes 2010-08-12 13:07 . 2005-08-30 21:56 -------- d-----w- c:\program files\iPod 2010-08-12 13:07 . 2010-05-09 01:14 -------- d-----w- c:\program files\Common Files\Apple 2010-08-12 13:00 . 2010-05-12 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-08-12 13:00 . 2010-05-13 12:53 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-08-12 12:48 . 2010-08-12 12:48 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-08-12 12:48 . 2010-05-12 22:16 -------- d-----w- c:\program files\DivX 2010-08-12 12:48 . 2010-08-12 12:48 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe 2010-08-12 12:45 . 2010-08-12 12:45 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe 2010-08-12 12:43 . 2010-08-12 12:43 -------- d-----w- c:\program files\Bonjour 2010-08-12 12:38 . 2010-05-13 12:53 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-08-12 12:16 . 2010-09-01 04:48 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe 2010-08-12 11:49 . 2010-08-12 11:49 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe 2010-07-09 14:26 . 2010-09-01 02:38 475136 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\RMCCreationInfo.exe 2010-07-07 18:30 . 2010-05-13 12:53 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-07-03 13:24 . 2010-07-03 13:24 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2010-07-03 13:24 . 2010-07-03 13:24 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe 2010-07-03 13:23 . 2010-07-03 13:23 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe 2010-07-03 13:23 . 2010-07-03 13:23 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe 2010-07-03 13:22 . 2010-07-03 13:22 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe 2010-07-02 14:25 . 2010-09-01 02:38 1118208 ------w- c:\documents and settings\All Users\Application Data\Dell\RMC\Libxml2.dll 2010-07-02 14:25 . 2010-09-01 02:38 60416 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\ZLib1.dll 2010-06-30 12:31 . 2004-08-11 22:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-29 22:39 . 2010-06-29 22:31 103193 ----a-w- c:\windows\hpoins08.dat 2010-06-24 12:30 . 2010-06-24 12:30 5686272 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19153-191714.dll 2010-06-24 12:29 . 2010-06-24 12:29 2812928 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191916-191106.dll 2010-06-24 12:28 . 2010-06-24 12:28 7032320 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191222-191319.dll 2010-06-24 12:28 . 2010-06-24 12:28 2844160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191714-19188.dll 2010-06-24 12:28 . 2010-06-24 12:28 243032 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE 2010-06-24 12:28 . 2010-06-24 12:28 6301696 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191127-191222.dll 2010-06-24 12:27 . 2010-06-24 12:27 7410688 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll 2010-06-24 12:27 . 2010-06-24 12:27 5487616 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19188-191916.dll 2010-06-24 12:26 . 2010-06-24 12:26 2776576 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191429-19153.dll 2010-06-24 12:25 . 2010-06-24 12:25 230752 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll 2010-06-24 12:25 . 2010-06-24 12:25 956 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd 2010-06-24 12:22 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 11:56 . 2010-06-24 11:56 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys 2010-06-24 11:56 . 2010-06-24 11:56 441760 -c--a-w- c:\windows\system32\drivers\timntr.sys 2010-06-24 11:56 . 2010-06-24 11:56 132224 -c--a-w- c:\windows\system32\drivers\snapman.sys 2010-06-24 11:56 . 2010-06-24 11:56 368480 -c--a-w- c:\windows\system32\drivers\tdrpman.sys 2010-06-23 13:44 . 2004-08-11 22:00 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2005-08-22 22:46 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2008-04-27 06:13 . 2008-04-27 06:13 0 ----a-w- c:\program files\temp01 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PMX Daemon"="ICO.EXE" [2006-06-09 47104] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-13 344064] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "SunJavaUpdateSched"="c:\progra~1\JavaSoft\JRE\1.4.2_03\bin\jusched.exe" [2003-11-19 32881] "AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-16 904840] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-8-22 24576] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^REALTEK USB Wireless LAN Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\REALTEK USB Wireless LAN Utility.lnk backup=c:\windows\pss\REALTEK USB Wireless LAN Utility.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Kim Lowe^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] path=c:\documents and settings\Kim Lowe\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DACSMiniApp] 2008-03-13 18:05 128256 ----a-w- c:\program files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe] 2009-10-16 23:37 1325936 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate] 2009-10-28 03:40 257440 ----a-w- c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-01-09 02:27 135664 ----atw- c:\documents and settings\Kim Lowe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service] 2009-10-16 23:39 136544 ----a-w- c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1132732177\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1132732177\\ee\\aim6.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/25/2010 7:04 AM 135336] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [5/19/2010 5:28 PM 38144] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 7:15 AM 1355928] R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 6:39 PM 431456] S3 DCALEXICO;DCALEXICO;c:\windows\system32\drivers\DCalexico.sys --> c:\windows\system32\drivers\DCalexico.sys [?] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 7:15 AM 15008] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [5/19/2010 4:39 PM 185344] S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [8/24/2006 6:44 AM 488960] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2010-09-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 07:56] 2010-09-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-219612428-2456359044-841806917-1006Core.job - c:\documents and settings\Kim Lowe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-09 02:27] 2010-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-219612428-2456359044-841806917-1006UA.job - c:\documents and settings\Kim Lowe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-09 02:27] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:6522 DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab FF - ProfilePath - c:\documents and settings\Kim Lowe\Application Data\Mozilla\Firefox\Profiles\b58bjj77.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - component: c:\documents and settings\Kim Lowe\Application Data\Mozilla\Firefox\Profiles\b58bjj77.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\documents and settings\Kim Lowe\Application Data\Mozilla\plugins\np-mswmp.dll FF - plugin: c:\documents and settings\Kim Lowe\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\progra~1\JavaSoft\JRE\1.4.2_03\bin\NPJPI142_03.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.homepage.dontask, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-16 19:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(780) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(836) c:\windows\system32\relog_ap.dll . Completion time: 2010-09-16 19:46:43 ComboFix-quarantined-files.txt 2010-09-17 00:46 ComboFix2.txt 2010-02-28 22:02 Pre-Run: 1,023,864,832 bytes free Post-Run: 1,084,788,736 bytes free - - End Of File - - C2A23A71C90B3D4FE67AE747FF2946B2
  3. Just finished the sysclean, but the system does seem to be responding better. Again, I can't thank you enough! Here is my logs: /--------------------------------------------------------------\ | Trend Micro System Cleaner | | Copyright 2009-2010, Trend Micro, Inc. | | http://www.trendmicro.com | \--------------------------------------------------------------/ 2010-09-15, 17:51:39, Auto-clean mode specified. 2010-09-15, 17:52:07, Initialized Rootkit Driver version 2.2.0.1004. 2010-09-15, 17:52:07, Running scanner "C:\dce\TSC.BIN"... 2010-09-15, 17:55:06, Scanner "C:\dce\TSC.BIN" has finished running. 2010-09-15, 17:55:06, TSC Log:
  4. Very very sorry. I forgot my protocol. Thank you for taking the time to assist me. I am using: Windows XP Professional SP 3 MY defogger log: defogger_disable by jpshortstuff (23.02.10.1) Log created at 11:41 on 12/09/2010 (Kim Lowe) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- My Mbam Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4438 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 9/12/2010 10:36:38 AM mbam-log-2010-09-12 (10-36-38).txt Scan type: Quick scan Objects scanned: 157837 Time elapsed: 38 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) My DDS Log: DDS (Ver_10-03-17.01) - NTFSx86 Run by Kim Lowe at 11:44:41.89 on Sun 09/12/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.89 [GMT -5:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint\Apoint.exe C:\Progra~1\JavaSoft\JRE\1.4.2_03\bin\jusched.exe C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Documents and Settings\Kim Lowe\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Kim Lowe\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.ask.com?o=15438&l=dis uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:6522 uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll {555d4d79-4bd2-4094-a395-cfc534424a05} mRun: [PMX Daemon] ICO.EXE mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] c:\progra~1\javasoft\jre\1.4.2_03\bin\jusched.exe mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe" mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\PartyPoker.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=48835 DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159218937906 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - hxxp://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 relog_ap ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\kimlow~1\applic~1\mozilla\firefox\profiles\b58bjj77.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - component: c:\documents and settings\kim lowe\application data\mozilla\firefox\profiles\b58bjj77.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\documents and settings\kim lowe\application data\mozilla\plugins\np-mswmp.dll FF - plugin: c:\documents and settings\kim lowe\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\progra~1\javasoft\jre\1.4.2_03\bin\NPJPI142_03.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.homepage.dontask, truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-25 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-25 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-25 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-25 60936] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-5-19 38144] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355928] R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-10-16 431456] S3 DCALEXICO;DCALEXICO;c:\windows\system32\drivers\dcalexico.sys --> c:\windows\system32\drivers\DCalexico.sys [?] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008] S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-4-25 644096] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [2010-5-19 185344] S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [2006-8-24 488960] =============== Created Last 30 ================ 2010-09-12 16:41:33 0 ----a-w- c:\documents and settings\kim lowe\defogger_reenable 2010-09-07 05:19:15 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-09-05 07:56:29 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-09-01 04:48:47 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70} 2010-09-01 04:46:15 0 d-----w- c:\program files\Lavasoft 2010-08-17 04:06:14 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-13 21:12:52 0 d-----w- c:\program files\Linksys 2010-08-13 20:00:39 0 d-----w- c:\program files\Pure Networks 2010-08-13 19:59:29 0 d-----w- c:\program files\WebEx 2010-08-13 19:58:15 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys 2010-08-13 19:57:57 26672 ----a-w- c:\windows\system32\drivers\purendis.sys 2010-08-13 19:57:31 0 d-----w- c:\program files\common files\Pure Networks Shared 2010-08-13 19:56:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Pure Networks ==================== Find3M ==================== 2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll 2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll 2010-06-29 22:39:07 103193 ----a-w- c:\windows\hpoins08.dat 2010-06-24 22:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll 2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 12:22:03 916480 ------w- c:\windows\system32\dllcache\wininet.dll 2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll 2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll 2010-06-24 12:22:01 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll 2010-06-24 12:22:01 206848 ------w- c:\windows\system32\dllcache\occache.dll 2010-06-24 12:21:59 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll 2010-06-24 12:21:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll 2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll 2010-06-24 12:21:58 184320 ------w- c:\windows\system32\dllcache\iepeers.dll 2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll 2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys 2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys 2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2008-04-27 06:13:09 0 ----a-w- c:\program files\temp01 2008-09-11 04:41:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091020080911\index.dat ============= FINISH: 11:49:05.40 =============== And the ARK and Attach logs are zipped and attached Attach.zip
  5. I embarrassed to be back here as I came here for help some time ago and thought I was being very safe since then. Somehow, I don't know how, I got a fake antivirus malware program. I used malware bytes to remove it, but since then I continue to get google search redirects, and My computer sometimes becomes unresponsive for no reason at all. My startup time is now like 10 minutes, whereas before it was only about 1 min. I know I may have irreversibly damaged my computer, but any help here would be greatly appreciated. I have run complete scans with malware bytes, ad-aware, and Avira, but since the initial issue they turn up nothing.
  6. This appears to have cleared the symptoms. Thank You! V VV ComboFix 10-02-27.04 - Kim Lowe 02/28/2010 15:39:21.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.256 [GMT -6:00] Running from: c:\documents and settings\Kim Lowe\Desktop\Combo-Fix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Kim Lowe\Local Settings\Application Data\av.exe c:\documents and settings\Kim Lowe\Local Settings\Temporary Internet Files\pse_350_enu.exe c:\documents and settings\Kim Lowe\Local Settings\Temporary Internet Files\udDownload[1].tmp C:\mtwb.dat c:\program files\Fast Browser Search c:\program files\Fast Browser Search\IE\1.bat c:\program files\Fast Browser Search\IE\about.html c:\program files\Fast Browser Search\IE\affid.dat c:\program files\Fast Browser Search\IE\basis.xml c:\program files\Fast Browser Search\IE\basis_br.xml c:\program files\Fast Browser Search\IE\basis_de.xml c:\program files\Fast Browser Search\IE\basis_en.xml c:\program files\Fast Browser Search\IE\basis_es.xml c:\program files\Fast Browser Search\IE\basis_fr.xml c:\program files\Fast Browser Search\IE\basis_it.xml c:\program files\Fast Browser Search\IE\basis_nr.xml c:\program files\Fast Browser Search\IE\basis_pt.xml c:\program files\Fast Browser Search\IE\basis_ru.xml c:\program files\Fast Browser Search\IE\basis_tr.xml c:\program files\Fast Browser Search\IE\BHO.dll c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe c:\program files\Fast Browser Search\IE\error.html c:\program files\Fast Browser Search\IE\FBSPlugin.dll c:\program files\Fast Browser Search\IE\fbsSearchProvider.xml c:\program files\Fast Browser Search\IE\search_fr.bmp c:\program files\Fast Browser Search\IE\search_it.bmp c:\program files\Fast Browser Search\IE\search_pt.bmp c:\program files\Fast Browser Search\IE\search_ru.bmp c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico c:\program files\Fast Browser Search\IE\SGPU.ico c:\program files\Fast Browser Search\IE\sgpUpdater.exe c:\program files\Fast Browser Search\IE\sgpUpdater.xml c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe c:\program files\Fast Browser Search\IE\tbhelper.dll c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js c:\program files\Fast Browser Search\IE\Toolbar Help.htm c:\program files\Fast Browser Search\IE\uninstall.exe c:\program files\Fast Browser Search\IE\uninstalSGP.exe c:\program files\Fast Browser Search\IE\uninstalSGPU.exe c:\program files\Fast Browser Search\IE\update.exe c:\program files\Fast Browser Search\IE\version.txt c:\program files\FunWebProducts c:\program files\FunWebProducts\Shared\02580875.dat c:\program files\Search Guard Plus c:\program files\Search Guard Plus\fbsSearchProvider.xml c:\program files\Search Guard Plus\SearchGuardPlus.exe c:\program files\Search Guard Plus\SearchGuardPlus.ico c:\program files\Search Guard Plus\uninstalSGP.exe c:\program files\Search Guard PlusU c:\program files\Search Guard PlusU\SGPU.ico c:\program files\Search Guard PlusU\sgpUpdater.exe c:\program files\Search Guard PlusU\sgpUpdater.xml c:\program files\Search Guard PlusU\sgpUpdaters.exe c:\program files\Search Guard PlusU\uninstalSGPU.exe c:\program files\SGPSA c:\program files\SGPSA\BHO.dll c:\program files\Uninstall Fun Web Products.dll c:\windows\system32\bszip.dll c:\windows\system32\hjjlm.bak1 c:\windows\system32\hjjlm.bak2 c:\windows\system32\hjjlm.ini c:\windows\system32\hjjlm.ini2 c:\windows\system32\hjjlm.tmp c:\windows\system32\mcrh.tmp c:\windows\system32\pqtss.ini . ((((((((((((((((((((((((( Files Created from 2010-01-28 to 2010-02-28 ))))))))))))))))))))))))))))))) . 2010-02-14 21:43 . 2010-02-14 21:43 -------- d-----w- c:\documents and settings\Kim Lowe\Application Data\Fisher-Price 2010-02-14 21:41 . 2010-02-14 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Fisher-Price 2010-02-14 21:38 . 2007-03-05 18:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll 2010-02-07 01:05 . 2010-02-07 01:07 -------- d-----w- c:\program files\iTunes 2010-02-07 01:05 . 2010-02-07 01:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-02-07 01:03 . 2010-02-07 01:04 -------- d-----w- c:\program files\QuickTime 2010-02-07 00:19 . 2010-02-07 00:19 -------- d-----w- c:\program files\Windows Installer Clean Up 2010-02-07 00:19 . 2010-02-07 00:19 -------- d-----w- c:\program files\MSECACHE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-28 17:31 . 2005-08-22 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2010-02-28 17:12 . 2005-12-19 02:46 -------- d-----w- c:\program files\Yahoo! 2010-02-28 17:10 . 2005-09-01 00:35 -------- d-----w- c:\program files\Common Files\Adobe 2010-02-24 21:58 . 2008-06-07 18:10 50496 ---ha-w- c:\windows\system32\mlfcache.dat 2010-02-14 21:42 . 2010-02-14 21:41 7158518 ----a-w- c:\documents and settings\All Users\Application Data\Fisher-Price\DACS\Download\setup.exe 2010-02-14 21:41 . 2009-10-06 00:56 1516 ----a-w- c:\documents and settings\Kim Lowe\Application Data\wklnhst.dat 2010-02-14 21:39 . 2010-02-14 21:39 -------- d-----w- c:\program files\Fisher-Price 2010-02-07 01:17 . 2010-01-01 03:04 -------- d-----w- c:\documents and settings\Kim Lowe\Application Data\Apple Computer 2010-02-07 01:06 . 2005-08-30 21:56 -------- d-----w- c:\program files\iPod 2010-02-07 01:06 . 2007-09-23 17:59 -------- d-----w- c:\program files\Common Files\Apple 2010-02-07 00:19 . 2010-02-07 00:19 3584 ----a-r- c:\documents and settings\Kim Lowe\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe 2010-01-27 16:37 . 2010-01-24 02:53 1 ----a-w- c:\documents and settings\Kim Lowe\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-01-24 03:12 . 2010-01-24 03:12 -------- d-----w- c:\documents and settings\Kim Lowe\Application Data\ElevatedDiagnostics 2010-01-24 03:08 . 2010-01-24 03:08 -------- d-----w- c:\program files\Microsoft ATS 2010-01-24 03:08 . 2009-08-18 02:44 68800 ----a-w- c:\documents and settings\Kim Lowe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-24 02:52 . 2010-01-24 02:52 -------- d-----w- c:\documents and settings\Kim Lowe\Application Data\OpenOffice.org 2010-01-24 01:44 . 2010-01-24 01:44 -------- d-----w- c:\program files\JRE 2010-01-24 01:44 . 2010-01-24 01:43 -------- d-----w- c:\program files\OpenOffice.org 3 2010-01-24 01:42 . 2009-08-18 02:55 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-23 01:51 . 2010-01-23 01:51 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-01-22 12:08 . 2009-03-16 03:37 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-17 20:31 . 2010-01-17 20:31 -------- d-----w- c:\documents and settings\Kim Lowe\Application Data\StreamTorrent 2010-01-17 20:31 . 2010-01-17 20:31 -------- d-----w- c:\program files\StreamTorrent 1.0 2010-01-17 20:07 . 2010-01-17 20:07 -------- d-----w- c:\program files\Veetle 2010-01-09 03:58 . 2008-05-21 01:16 -------- d-----w- c:\program files\HP 2010-01-09 03:16 . 2008-05-21 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2010-01-09 01:41 . 2010-01-09 01:41 -------- d-----w- c:\program files\Windows Media Connect 2 2010-01-08 00:49 . 2010-01-08 00:49 1924744 ----a-w- c:\documents and settings\Kim Lowe\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2010-01-03 23:07 . 2010-01-03 23:03 -------- d-----w- c:\program files\TVAnts 2010-01-02 02:53 . 2010-01-02 02:53 -------- d-----w- c:\documents and settings\Kim Lowe\Application Data\CyberLink 2010-01-01 21:41 . 2010-01-01 21:41 -------- d-----w- c:\program files\Intel Corporation 2009-12-31 16:50 . 2005-08-22 22:46 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 19:14 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-16 22:05 . 2010-01-01 05:47 347136 ----a-w- c:\documents and settings\Kim Lowe\Application Data\Mozilla\Firefox\Profiles\b58bjj77.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-12-16 22:05 . 2010-01-01 05:47 340992 ----a-w- c:\documents and settings\Kim Lowe\Application Data\Mozilla\Firefox\Profiles\b58bjj77.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-12-16 22:05 . 2010-01-01 05:47 471040 ----a-w- c:\documents and settings\Kim Lowe\Application Data\Mozilla\Firefox\Profiles\b58bjj77.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll 2009-12-16 22:05 . 2010-01-01 05:47 43008 ----a-w- c:\documents and settings\Kim Lowe\Application Data\Mozilla\Firefox\Profiles\b58bjj77.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-12-16 22:05 . 2010-01-01 05:47 1452032 ----a-w- c:\documents and settings\Kim Lowe\Application Data\Mozilla\Firefox\Profiles\b58bjj77.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-12-16 18:43 . 2004-08-11 22:11 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08 . 2004-08-11 22:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 19:27 . 2004-08-11 22:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 18:43 . 2004-08-04 03:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-07 01:05 . 2009-12-07 01:03 23101 ----a-w- c:\windows\hpqins15.dat 2009-12-07 00:57 . 2009-12-07 00:49 19521 ----a-w- c:\windows\hpqins13.dat 2009-12-04 18:22 . 2005-08-22 22:46 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2008-04-27 06:13 . 2008-04-27 06:13 0 ----a-w- c:\program files\temp01 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "Google Update"="c:\documents and settings\Kim Lowe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-09 135664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-13 344064] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "PMX Daemon"="ICO.EXE" [2006-06-09 47104] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608] "DACSMiniApp"="c:\program files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe" [2008-03-13 128256] c:\documents and settings\Nic\Start Menu\Programs\Startup\ wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-9-16 15360] c:\documents and settings\Kim Lowe\Start Menu\Programs\Startup\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-8-22 156784] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-8-22 24576] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1132732177\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1132732177\\ee\\aim6.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\TVAnts\\Tvants.exe"= "c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [8/24/2006 5:44 AM 477696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2010-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34] 2010-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-219612428-2456359044-841806917-1006Core.job - c:\documents and settings\Kim Lowe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-09 02:27] 2010-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-219612428-2456359044-841806917-1006UA.job - c:\documents and settings\Kim Lowe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-09 02:27] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab FF - ProfilePath - c:\documents and settings\Kim Lowe\Application Data\Mozilla\Firefox\Profiles\b58bjj77.default\ FF - component: c:\documents and settings\Kim Lowe\Application Data\Mozilla\Firefox\Profiles\b58bjj77.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll FF - component: c:\documents and settings\Kim Lowe\Application Data\Mozilla\Firefox\Profiles\b58bjj77.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\documents and settings\Kim Lowe\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - BHO-{F0626A63-410B-45E2-99A1-3F2475B2D695} - c:\program files\SGPSA\BHO.dll WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe HKLM-Run-SGPUpdater - c:\program files\Search Guard PlusU\sgpUpdaters.exe HKLM-Run-FBSearch - c:\program files\Search Guard Plus\SearchGuardPlus.exe AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb AddRemove-{AAC4FC36-8F89-4587-8DD3-EBC57C83374D} - c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-28 15:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run SGPUpdater = c:\program files\Search Guard PlusU\sgpUpdaters.exe??o?LUDE_CUSTOM_XML id="customxml_19" name="custo FBSearch = c:\program files\Search Guard Plus\SearchGuardPlus.exe?LUDE_CUSTOM_XML id="customxml_19" name="custo scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(984) c:\windows\system32\Ati2evxx.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll . Completion time: 2010-02-28 16:02:26 ComboFix-quarantined-files.txt 2010-02-28 22:02 Pre-Run: 30,570,561,536 bytes free Post-Run: 33,072,431,104 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 208810FDFB5E71277ED3E5F520890164
  7. "In case Malwarebytes doesn't open, search for the folder mbam-installer on your desktop, open it and doubleclick the file winlogon.exe which will be present in there. This should launch Malwarebytes." It wouldn't open normally, and that method wouldn't work either
  8. I'm sorry, but I found the winlogon.exe file, but nothing happens when I double click it. the program still won't run.
  9. Thank You! Here are the logs: JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Feb 28 11:20:27 2010 Found and removed: SOFTWARE\Classes\JavaPlugin.142_03 Found and removed: Software\Classes\JavaPlugin.160_02 ------------------------------------ Finished reporting. This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as Kim Lowe on 02/28/2010 at 11:39:53. Processes terminated by Rkill or while it was running: C:\Documents and Settings\Kim Lowe\Local Settings\Application Data\av.exe C:\Documents and Settings\Kim Lowe\Local Settings\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Kim Lowe\Desktop\rkill.exe Rkill completed on 02/28/2010 at 11:39:56.
  10. Bad infection on my Dell 6000. XP Antivirus 2010. I can't install mbam (installer will not open, even with randomly named file) I've posted mt Defogger disable, DDS log, and attached dds attach, and GMER log Here is my defogger-disable log: defogger_disable by jpshortstuff (23.02.10.1) Log created at 01:16 on 27/02/2010 (Kim Lowe) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- My DDS log: DDS (Ver_09-12-01.01) - NTFSx86 Run by Kim Lowe at 1:25:33.60 on Sat 02/27/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.113 [GMT -6:00] ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Documents and Settings\Kim Lowe\Local Settings\Application Data\av.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Search Guard PlusU\sgpUpdaters.exe C:\Program Files\Search Guard Plus\SearchGuardPlus.exe C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Documents and Settings\Kim Lowe\Local Settings\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Kim Lowe\Desktop\dds.scr ============== Pseudo HJT Report =============== uDefault_Page_URL = hxxp://www.dell4me.com/myway uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html uInternet Connection Wizard,ShellNext = iexplore mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: H - No File uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\2.bin\MWSSRCAS.DLL uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\2.bin\MWSSRCAS.DLL BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\2.bin\MWSSRCAS.DLL BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: Search Assistant: {f0626a63-410b-45e2-99a1-3f2475b2d695} - c:\program files\sgpsa\BHO.dll TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File {555d4d79-4bd2-4094-a395-cfc534424a05} uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [Google Update] "c:\documents and settings\kim lowe\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [intelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\2.bin\mwsoemon.exe mRun: [PMX Daemon] ICO.EXE mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\2.bin\m3SrchMn.exe" /m=2 /w mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [sGPUpdater] c:\program files\search guard plusu\sgpUpdaters.exe mRun: [FBSearch] c:\program files\search guard plus\SearchGuardPlus.exe mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [DACSMiniApp] c:\program files\fisher-price\dacs\miniapp\DACSMiniApp.exe StartupFolder: c:\docume~1\kimlow~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\PartyPoker.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=48835 DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159218937906 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - hxxp://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\kimlow~1\applic~1\mozilla\firefox\profiles\b58bjj77.default\ FF - component: c:\documents and settings\kim lowe\application data\mozilla\firefox\profiles\b58bjj77.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll FF - component: c:\documents and settings\kim lowe\application data\mozilla\firefox\profiles\b58bjj77.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\documents and settings\kim lowe\local settings\application data\google\update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-4-22 24652] S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [2006-8-24 477696] =============== Created Last 30 ================ 2010-02-27 07:16:25 0 ----a-w- c:\documents and settings\kim lowe\defogger_reenable 2010-02-14 21:43:51 0 d-----w- c:\docume~1\kimlow~1\applic~1\Fisher-Price 2010-02-14 21:41:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Fisher-Price 2010-02-14 21:39:50 0 d-----w- c:\program files\Fisher-Price 2010-02-14 21:39:18 266088 ----a-w- c:\windows\system32\xactengine2_8.dll 2010-02-14 21:39:18 18280 ----a-w- c:\windows\system32\x3daudio1_2.dll 2010-02-14 21:39:16 443752 ----a-w- c:\windows\system32\d3dx10_34.dll 2010-02-14 21:39:15 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll 2010-02-14 21:39:13 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll 2010-02-14 21:39:11 81768 ----a-w- c:\windows\system32\xinput1_3.dll 2010-02-14 21:39:07 261480 ----a-w- c:\windows\system32\xactengine2_7.dll 2010-02-14 21:39:05 443752 ----a-w- c:\windows\system32\d3dx10_33.dll 2010-02-14 21:39:05 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll 2010-02-14 21:39:01 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll 2010-02-14 21:39:00 255848 ----a-w- c:\windows\system32\xactengine2_6.dll 2010-02-14 21:39:00 251672 ----a-w- c:\windows\system32\xactengine2_5.dll 2010-02-07 01:05:47 0 d-----w- c:\program files\iTunes 2010-02-07 01:05:47 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-02-07 00:19:35 0 d-----w- c:\program files\Windows Installer Clean Up 2010-02-07 00:19:08 0 d-----w- c:\program files\MSECACHE ==================== Find3M ==================== 2010-02-24 21:58:44 50496 ---ha-w- c:\windows\system32\mlfcache.dat 2010-02-14 21:41:31 1516 ----a-w- c:\docume~1\kimlow~1\applic~1\wklnhst.dat 2010-01-24 01:42:38 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-01 01:57:47 12288 ----a-w- C:\mtwb.dat 2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys 2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe 2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll 2009-12-09 05:53:44 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll 2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll 2009-12-07 01:05:29 23101 ----a-w- c:\windows\hpqins15.dat 2009-12-07 00:57:09 19521 ----a-w- c:\windows\hpqins13.dat 2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2008-04-27 06:13:09 0 ----a-w- c:\program files\temp01 2005-12-23 03:40:56 403199 --sh--w- c:\windows\system32\hjjlm.bak1 2005-12-23 20:43:05 404926 --sh--w- c:\windows\system32\hjjlm.bak2 2005-12-24 01:42:07 405585 --sh--w- c:\windows\system32\hjjlm.ini2 2008-09-11 04:41:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091020080911\index.dat ============= FINISH: 1:27:00.46 =============== GMER and DDS attach are attached I would really appreciate any help! thank you! ark.txt Attach.txt
  11. Really?.... I was trying to play a game with my kids and I downloaded the plug in. The game never worked and about 10 minutes later I started getting the fake warnings, redirects, and constant pop ups. I just tried playing one of the games and it worked without making me download anything. I'm just not sure how that happened. I hadn't used Ares or Limewire in months and hadn't downloaded anything else in recent memory.
  12. I followed all your directions, thanks a million times. I have noticed one remaining issue. the original Firefox add-on that I downloaded remains on firefox and won't uninstall. it creates a button to link to this website: http://www.playsushi.com/Home.ps It's an extremely professional knock off of addictinggames.com, but trying to play the games gets a person in quite a bit of trouble as happened to me. Should I be concerned about the add-on remaining in Firefox?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.