Cards1968

Couldn't really plug anything in wrong. Static not a problem. Pulled the RAM stick, turned on, no beeps at all. Then unplugged the HD, same thing, no beeps.

I completed all steps in your last post, all is well. Thank you very much for your help.

I have a low-end E-Machines Desktop (yeah, I know that's redundant ) that was working perfectly. I have another almost identical machine that failed. I removed the power supply from the machine in question to troubleshoot the other one. It was the power supply, so I left it in and purchased a new one for this one. Upon startup I got "No Signal" to the monitor. I have reseated everything three-plus times: RAM, power plugs, IDE cables... I put the original power supply back in, still no signal. Tried a known good monitor, no signal. The motherboard power LED comes on, both CPU and case fan come on, hard drive clicks a little. Is there anything I missing? What are the odds of the motherboard failing when the new power supply was put in? Want to be pretty sure what problem is before buying a new MB.

It ran good, found nothing. Maybe all is clean now? Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4262 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 6/30/2010 6:42:33 PM mbam-log-2010-06-30 (18-42-33).txt Scan type: Quick scan Objects scanned: 133034 Time elapsed: 6 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Seems okay. I guess I need to update Malwarebytes and see if it runs, that's been main problem lately.

Well I finally got it into safe mode with networking. Updated and ran combofix. But I forgot to disable avira, hope that doesn't mess anything uo too bad. ComboFix 10-06-29.02 - Owner 06/29/2010 18:48:42.2.1 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.718 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Thumbs.db c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job c:\windows\xpsp1hfm.log D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-29 ))))))))))))))))))))))))))))))) . 2010-06-25 18:08 . 2010-06-25 18:08 -------- d-sha-w- c:\windows\Repair 2010-06-25 18:08 . 2010-06-25 18:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira 2010-06-25 18:06 . 2010-06-25 18:06 -------- d-----w- c:\program files\Common Files\Java 2010-06-25 18:06 . 2010-06-25 18:06 -------- d-----w- c:\program files\Java 2010-06-22 21:19 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-22 21:19 . 2010-06-25 18:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-22 21:19 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-17 17:00 . 2010-06-29 17:03 -------- d-----w- c:\windows\system32\NtmsData 2010-06-17 00:25 . 2010-06-17 00:25 -------- d-----w- c:\program files\Avira 2010-06-17 00:25 . 2010-06-17 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-06-17 00:25 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-06-17 00:25 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-06-17 00:25 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-06-17 00:25 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-06-13 19:36 . 2010-06-13 19:36 -------- d-----w- c:\windows\system32\wbem\Repository 2010-06-08 04:13 . 2010-06-25 18:08 -------- d-----w- c:\program files\a-squared Free 2010-06-03 19:47 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll 2010-06-03 19:47 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-25 18:08 . 2009-01-02 05:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2010-06-25 18:08 . 2009-01-02 05:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-25 18:08 . 2008-07-20 02:22 -------- d-----w- c:\program files\Microsoft Works 2010-06-25 18:07 . 2008-09-25 15:12 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-25 18:06 . 2008-07-20 02:34 -------- d-----w- c:\program files\BigFix 2010-06-25 18:06 . 2008-07-20 02:21 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-25 18:02 . 2008-07-20 02:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Spare Backup 2010-06-25 14:01 . 2010-06-25 14:01 439816 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\setup.exe 2010-06-16 19:38 . 2008-08-03 20:46 -------- d-----w- c:\program files\LogMeIn 2010-06-07 23:14 . 2008-07-20 23:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-05-04 17:20 . 2006-05-07 00:24 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:20 . 2008-07-20 03:55 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:20 . 2008-07-20 03:54 17408 ------w- c:\windows\system32\corpol.dll 2010-05-02 05:22 . 2006-05-07 00:24 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:30 . 2008-07-20 03:54 285696 ----a-w- c:\windows\system32\atmfd.dll 2009-11-02 20:36 . 2008-07-27 20:30 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="NA" [X] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944] "nwiz"="nwiz.exe" [2006-10-31 1622016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016] "RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800] "SkyTel"="SkyTel.EXE" [2007-08-03 1826816] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-11-29 58928] "BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 2348584] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-20 185896] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-02 30192] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-7-19 2348584] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 17:32 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [6/16/2010 8:55 PM 1872320] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/16/2010 7:25 PM 135336] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 3:09 PM 12856] S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [7/19/2008 11:03 PM 69692] S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/27/2008 3:30 PM 30192] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/22/2010 4:19 PM 38224] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644 uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xkw1drda.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedengine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFxViewer.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) AddRemove-Lexmark Z700-P700 Series - c:\windows\system32\spool\drivers\w32x86\3\LXBLUN5C.EXE AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-29 18:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(656) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'explorer.exe'(2284) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\LogMeIn\x86\LMIGuardian.exe . ************************************************************************** . Completion time: 2010-06-29 19:08:49 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-30 00:08 Pre-Run: 131,346,026,496 bytes free Post-Run: 133,344,059,392 bytes free - - End Of File - - 90493B0F9EBC23151BA45750087210CE

Nothing there, all empty. Should I run again?

Searched for "Combo-Fix.txt", "ComboFix.txt", "BUG.txt", found nothing. Tried *.txt created in last week...nothing. Where do we go from here?

Did the ComboFix as directed. Everything seemed to run okay, but no report. It just rebooted when finished. I tried searching for the .txt file you want but can't find it. Suggestions?

It is not a laptop. It's a desktop.

Avira AntiVir Personal Report file date: Friday, June 25, 2010 19:24 Scanning for 2270810 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : EMACH2 Version information: BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 18:37:38 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04 LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 00:29:43 VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 00:31:07 VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 00:31:07 VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 00:31:08 VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 00:31:08 VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 00:31:08 VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 00:31:09 VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 00:31:09 VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 00:31:17 VBASE014.VDF : 7.10.8.69 138752 Bytes 6/14/2010 00:31:22 VBASE015.VDF : 7.10.8.102 130560 Bytes 6/16/2010 03:27:30 VBASE016.VDF : 7.10.8.135 152064 Bytes 6/21/2010 03:42:17 VBASE017.VDF : 7.10.8.163 432128 Bytes 6/23/2010 17:54:12 VBASE018.VDF : 7.10.8.164 2048 Bytes 6/23/2010 17:54:12 VBASE019.VDF : 7.10.8.165 2048 Bytes 6/23/2010 17:54:13 VBASE020.VDF : 7.10.8.166 2048 Bytes 6/23/2010 17:54:13 VBASE021.VDF : 7.10.8.167 2048 Bytes 6/23/2010 17:54:13 VBASE022.VDF : 7.10.8.168 2048 Bytes 6/23/2010 17:54:13 VBASE023.VDF : 7.10.8.169 2048 Bytes 6/23/2010 17:54:13 VBASE024.VDF : 7.10.8.170 2048 Bytes 6/23/2010 17:54:14 VBASE025.VDF : 7.10.8.171 2048 Bytes 6/23/2010 17:54:14 VBASE026.VDF : 7.10.8.172 2048 Bytes 6/23/2010 17:54:14 VBASE027.VDF : 7.10.8.173 2048 Bytes 6/23/2010 17:54:14 VBASE028.VDF : 7.10.8.174 2048 Bytes 6/23/2010 17:54:14 VBASE029.VDF : 7.10.8.175 2048 Bytes 6/23/2010 17:54:14 VBASE030.VDF : 7.10.8.176 2048 Bytes 6/23/2010 17:54:15 VBASE031.VDF : 7.10.8.190 129024 Bytes 6/25/2010 00:23:03 Engineversion : 8.2.4.2 AEVDF.DLL : 8.1.2.0 106868 Bytes 6/17/2010 00:33:27 AESCRIPT.DLL : 8.1.3.33 1356155 Bytes 6/24/2010 17:54:38 AESCN.DLL : 8.1.6.1 127347 Bytes 6/17/2010 00:33:05 AESBX.DLL : 8.1.3.1 254324 Bytes 6/17/2010 00:33:31 AERDL.DLL : 8.1.4.6 541043 Bytes 6/17/2010 00:33:02 AEPACK.DLL : 8.2.2.5 430453 Bytes 6/24/2010 17:54:34 AEOFFICE.DLL : 8.1.1.0 201081 Bytes 6/17/2010 00:32:52 AEHEUR.DLL : 8.1.1.38 2724214 Bytes 6/24/2010 17:54:31 AEHELP.DLL : 8.1.11.6 242038 Bytes 6/24/2010 17:54:19 AEGEN.DLL : 8.1.3.12 377204 Bytes 6/24/2010 17:54:18 AEEMU.DLL : 8.1.2.0 393588 Bytes 6/17/2010 00:31:49 AECORE.DLL : 8.1.15.3 192886 Bytes 6/17/2010 00:31:45 AEBB.DLL : 8.1.1.0 53618 Bytes 6/17/2010 00:31:41 AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 18:35:46 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 18:39:51 AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 18:22:13 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20 RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 20:14:29 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Friday, June 25, 2010 19:24 Starting search for hidden objects. HKEY_USERS\S-1-5-21-2738492756-3300531255-322722883-1003\Software\Google\Google Desktop\rlz_failure_count [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\RNG\seed [NOTE] The registry entry is invisible. The scan of running processes will be started Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '59' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '48' Module(s) have been scanned Scan process 'avscan.exe' - '70' Module(s) have been scanned Scan process 'avcenter.exe' - '69' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'LMIGuardian.exe' - '18' Module(s) have been scanned Scan process 'ctfmon.exe' - '25' Module(s) have been scanned Scan process 'msmsgs.exe' - '45' Module(s) have been scanned Scan process 'avgnt.exe' - '50' Module(s) have been scanned Scan process 'LogMeInSystray.exe' - '38' Module(s) have been scanned Scan process 'GoogleDesktop.exe' - '78' Module(s) have been scanned Scan process 'realsched.exe' - '27' Module(s) have been scanned Scan process 'bigfix.exe' - '42' Module(s) have been scanned Scan process 'PDVDServ.exe' - '24' Module(s) have been scanned Scan process 'RTHDCPL.EXE' - '36' Module(s) have been scanned Scan process 'RUNDLL32.EXE' - '28' Module(s) have been scanned Scan process 'wscntfy.exe' - '18' Module(s) have been scanned Scan process 'alg.exe' - '33' Module(s) have been scanned Scan process 'avshadow.exe' - '26' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'RichVideo.exe' - '22' Module(s) have been scanned Scan process 'PRISMXL.SYS' - '13' Module(s) have been scanned Scan process 'nvsvc32.exe' - '37' Module(s) have been scanned Scan process 'avguard.exe' - '53' Module(s) have been scanned Scan process 'a2service.exe' - '28' Module(s) have been scanned Scan process 'svchost.exe' - '33' Module(s) have been scanned Scan process 'sched.exe' - '45' Module(s) have been scanned Scan process 'LEXPPS.EXE' - '24' Module(s) have been scanned Scan process 'spoolsv.exe' - '62' Module(s) have been scanned Scan process 'LEXBCES.EXE' - '23' Module(s) have been scanned Scan process 'Explorer.EXE' - '93' Module(s) have been scanned Scan process 'svchost.exe' - '42' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '163' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'svchost.exe' - '53' Module(s) have been scanned Scan process 'lsass.exe' - '58' Module(s) have been scanned Scan process 'services.exe' - '27' Module(s) have been scanned Scan process 'winlogon.exe' - '68' Module(s) have been scanned Scan process 'csrss.exe' - '12' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '457' files ). Starting the file scan: Begin scan in 'C:\' Begin scan in 'D:\' <RECOVERY> End of the scan: Friday, June 25, 2010 20:27 Used time: 1:03:23 Hour(s) The scan has been done completely. 6572 Scanned directories 305015 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 305015 Files not concerned 13275 Archives were scanned 0 Warnings 0 Notes 326154 Objects were scanned with rootkit scan 2 Hidden objects were found

I tried 9 times to get into safe mode, but F8 has no effect whatsoever, tried at many different stages of boot process. Is there another way? Also, to clarify, when I finally get in safe mode do I need to do another uninstall/reinstall of MBAM, or just run a quick scan with the version I installed yesterday?

Completed all steps as directed, new MBAM installed and updated fine. But when I ran Quick Scan it hung at 2 min 87 sec while scanning C:\WINDOWS\System32\mouse.drv. I let it sit and after about two minutes it rebooted itself. MBAM log file is empty. Fresh DDS: DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 16:38:29.89 on Tue 06/22/2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.479 [GMT -5:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\program files\Bigfix\bigfix.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe svchost.exe C:\WINDOWS\system32\zshp1020.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644 mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644 uInternet Settings,ProxyOverride = <local> mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644 BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [Power2GoExpress] NA uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RTHDCPL] RTHDCPL.EXE mRun: [skyTel] SkyTel.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe" mRun: [bigFix] c:\program files\bigfix\bigfix.exe /atstartup mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab Notify: LMIinit - LMIinit.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\xkw1drda.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedengine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-16 11608] R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-6-16 1872320] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-16 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-16 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-16 60936] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-8-3 45848] S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2008-7-19 69692] S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-27 30192] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-6-22 38224] S4 LMIRfsClientNP;LMIRfsClientNP; [x] =============== Created Last 30 ================ 2010-06-22 21:19:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-22 21:19:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-22 21:19:41 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-21 03:37:56 0 ----a-w- c:\documents and settings\owner\defogger_reenable 2010-06-17 17:00:39 0 d-sha-w- c:\windows\Repair 2010-06-17 17:00:39 0 d-----w- c:\windows\system32\NtmsData 2010-06-17 00:37:15 0 d-----w- c:\docume~1\owner\applic~1\Avira 2010-06-17 00:25:29 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-06-17 00:25:29 0 d-----w- c:\program files\Avira 2010-06-17 00:25:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-06-13 19:39:39 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-06-13 19:39:39 215920 ----a-w- c:\windows\system32\muweb.dll 2010-06-13 19:36:35 0 d-----w- c:\windows\system32\wbem\Repository 2010-06-08 04:13:28 0 d-----w- c:\program files\a-squared Free 2010-06-03 19:47:02 16736 ----a-w- c:\windows\system32\mucltui.dll.mui ==================== Find3M ==================== 2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:20:32 17408 ------w- c:\windows\system32\corpol.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll 2008-07-20 02:52:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat 2008-09-04 16:44:52 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat 2008-07-20 03:02:33 16384 --sha-w- c:\windows\temp\cookies\index.dat 2008-07-20 03:02:33 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat 2008-07-20 03:02:33 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 16:39:05.75 ===============

The first problem was we couldn't access our most frequently visited websites. I hadn't run MBAM on this machine in a while, so I tried to update , but couldn't. Tried to run without update, couldn't. Tried to update/run Avira, couldn't. While I was out of town my wife did a Sysytem Restore (or something like that, she's not really sure). Things started working again for the most part. Avira will update/ run. MBAM will update, but still not complete a scan. It stops somewhere, reboots computer, and nothing at all shows in log. I've done some preliminary things as directed elsewhere in this forum, and am pasting/attaching them Thanks. DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 22:45:06.23 on Sun 06/20/2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.478 [GMT -5:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\program files\Bigfix\bigfix.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644 mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644 uInternet Settings,ProxyOverride = <local> mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644 BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [Power2GoExpress] NA uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RTHDCPL] RTHDCPL.EXE mRun: [skyTel] SkyTel.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe" mRun: [bigFix] c:\program files\bigfix\bigfix.exe /atstartup mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab Notify: LMIinit - LMIinit.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\xkw1drda.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedengine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-16 11608] R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-6-16 1872320] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-16 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-16 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-16 60936] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-8-3 45848] S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2008-7-19 69692] S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-27 30192] S4 LMIRfsClientNP;LMIRfsClientNP; [x] =============== Created Last 30 ================ 2010-06-21 03:37:56 0 ----a-w- c:\documents and settings\owner\defogger_reenable 2010-06-17 17:00:39 0 d-sha-w- c:\windows\Repair 2010-06-17 17:00:39 0 d-----w- c:\windows\system32\NtmsData 2010-06-17 03:18:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-17 03:18:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-17 03:18:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-17 00:37:15 0 d-----w- c:\docume~1\owner\applic~1\Avira 2010-06-17 00:25:29 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-06-17 00:25:29 0 d-----w- c:\program files\Avira 2010-06-17 00:25:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-06-13 19:39:39 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-06-13 19:39:39 215920 ----a-w- c:\windows\system32\muweb.dll 2010-06-13 19:36:35 0 d-----w- c:\windows\system32\wbem\Repository 2010-06-08 04:13:28 0 d-----w- c:\program files\a-squared Free 2010-06-03 19:47:02 16736 ----a-w- c:\windows\system32\mucltui.dll.mui ==================== Find3M ==================== 2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:20:32 17408 ------w- c:\windows\system32\corpol.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll 2008-07-20 02:52:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat 2008-09-04 16:44:52 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat 2008-07-20 03:02:33 16384 --sha-w- c:\windows\temp\cookies\index.dat 2008-07-20 03:02:33 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat 2008-07-20 03:02:33 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 22:45:33.54 =============== Last good scan: Malwarebytes' Anti-Malware 1.44 Database version: 3850 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 3/10/2010 11:41:09 PM mbam-log-2010-03-10 (23-41-09).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 209161 Time elapsed: 40 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Last scan: Malwarebytes' Anti-Malware 1.44 Database version: 3850 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 6/8/2010 7:47:22 PM mbam-log-2010-06-08 (19-47-22).txt Scan type: Quick Scan Objects scanned: 834 Time elapsed: 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ark.zip Attach.zip

First sign of trouble was when access was denied for our two most-visited websites. I use Firefox, wife IE. Hadn't run MBAM for a while on this machine, and when I tried to update it wouldn't. Uh-ohh, here we go again. My wife did a system restore (or something like that, she really doesn't know, and is even less tech-savvy than me, and I don't know much). Everything seemed to work again, including MBAM update, Except somewhere during a full scan it would stop, machine reboot, and nothing shows in log. I suspect we still have a problem lurking. I have run the requested stuff to get started on fixing this. Hopefully I'll get it all pasted and attached properly. Thanks. DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 22:45:06.23 on Sun 06/20/2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.478 [GMT -5:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\program files\Bigfix\bigfix.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644 mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644 uInternet Settings,ProxyOverride = <local> mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644 BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [Power2GoExpress] NA uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RTHDCPL] RTHDCPL.EXE mRun: [skyTel] SkyTel.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe" mRun: [bigFix] c:\program files\bigfix\bigfix.exe /atstartup mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab Notify: LMIinit - LMIinit.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\xkw1drda.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedengine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-16 11608] R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-6-16 1872320] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-16 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-16 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-16 60936] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-8-3 45848] S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2008-7-19 69692] S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-27 30192] S4 LMIRfsClientNP;LMIRfsClientNP; [x] =============== Created Last 30 ================ 2010-06-21 03:37:56 0 ----a-w- c:\documents and settings\owner\defogger_reenable 2010-06-17 17:00:39 0 d-sha-w- c:\windows\Repair 2010-06-17 17:00:39 0 d-----w- c:\windows\system32\NtmsData 2010-06-17 03:18:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-17 03:18:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-17 03:18:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-17 00:37:15 0 d-----w- c:\docume~1\owner\applic~1\Avira 2010-06-17 00:25:29 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-06-17 00:25:29 0 d-----w- c:\program files\Avira 2010-06-17 00:25:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-06-13 19:39:39 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-06-13 19:39:39 215920 ----a-w- c:\windows\system32\muweb.dll 2010-06-13 19:36:35 0 d-----w- c:\windows\system32\wbem\Repository 2010-06-08 04:13:28 0 d-----w- c:\program files\a-squared Free 2010-06-03 19:47:02 16736 ----a-w- c:\windows\system32\mucltui.dll.mui ==================== Find3M ==================== 2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:20:32 17408 ------w- c:\windows\system32\corpol.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll 2008-07-20 02:52:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat 2008-09-04 16:44:52 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat 2008-07-20 03:02:33 16384 --sha-w- c:\windows\temp\cookies\index.dat 2008-07-20 03:02:33 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat 2008-07-20 03:02:33 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 22:45:33.54 =============== Malwarebytes' Anti-Malware 1.44 Database version: 3850 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 6/8/2010 7:47:22 PM mbam-log-2010-06-08 (19-47-22).txt Scan type: Quick Scan Objects scanned: 834 Time elapsed: 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Last good scan: Malwarebytes' Anti-Malware 1.44 Database version: 3850 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 3/10/2010 11:41:09 PM mbam-log-2010-03-10 (23-41-09).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 209161 Time elapsed: 40 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ark.zip Attach.zip