Cards1968
Members-
Posts
15 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Cards1968
-
Couldn't really plug anything in wrong. Static not a problem. Pulled the RAM stick, turned on, no beeps at all. Then unplugged the HD, same thing, no beeps.
-
MBAM scan won't finish, machine reboots
Cards1968 replied to Cards1968's topic in Resolved Malware Removal Logs
I completed all steps in your last post, all is well. Thank you very much for your help. -
I have a low-end E-Machines Desktop (yeah, I know that's redundant ) that was working perfectly. I have another almost identical machine that failed. I removed the power supply from the machine in question to troubleshoot the other one. It was the power supply, so I left it in and purchased a new one for this one. Upon startup I got "No Signal" to the monitor. I have reseated everything three-plus times: RAM, power plugs, IDE cables... I put the original power supply back in, still no signal. Tried a known good monitor, no signal. The motherboard power LED comes on, both CPU and case fan come on, hard drive clicks a little. Is there anything I missing? What are the odds of the motherboard failing when the new power supply was put in? Want to be pretty sure what problem is before buying a new MB.
-
MBAM scan won't finish, machine reboots
Cards1968 replied to Cards1968's topic in Resolved Malware Removal Logs
It ran good, found nothing. Maybe all is clean now? Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4262 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 6/30/2010 6:42:33 PM mbam-log-2010-06-30 (18-42-33).txt Scan type: Quick scan Objects scanned: 133034 Time elapsed: 6 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -
MBAM scan won't finish, machine reboots
Cards1968 replied to Cards1968's topic in Resolved Malware Removal Logs
Seems okay. I guess I need to update Malwarebytes and see if it runs, that's been main problem lately. -
MBAM scan won't finish, machine reboots
Cards1968 replied to Cards1968's topic in Resolved Malware Removal Logs
Well I finally got it into safe mode with networking. Updated and ran combofix. But I forgot to disable avira, hope that doesn't mess anything uo too bad. ComboFix 10-06-29.02 - Owner 06/29/2010 18:48:42.2.1 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.718 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Thumbs.db c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job c:\windows\xpsp1hfm.log D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-29 ))))))))))))))))))))))))))))))) . 2010-06-25 18:08 . 2010-06-25 18:08 -------- d-sha-w- c:\windows\Repair 2010-06-25 18:08 . 2010-06-25 18:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira 2010-06-25 18:06 . 2010-06-25 18:06 -------- d-----w- c:\program files\Common Files\Java 2010-06-25 18:06 . 2010-06-25 18:06 -------- d-----w- c:\program files\Java 2010-06-22 21:19 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-22 21:19 . 2010-06-25 18:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-22 21:19 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-17 17:00 . 2010-06-29 17:03 -------- d-----w- c:\windows\system32\NtmsData 2010-06-17 00:25 . 2010-06-17 00:25 -------- d-----w- c:\program files\Avira 2010-06-17 00:25 . 2010-06-17 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-06-17 00:25 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-06-17 00:25 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-06-17 00:25 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-06-17 00:25 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-06-13 19:36 . 2010-06-13 19:36 -------- d-----w- c:\windows\system32\wbem\Repository 2010-06-08 04:13 . 2010-06-25 18:08 -------- d-----w- c:\program files\a-squared Free 2010-06-03 19:47 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll 2010-06-03 19:47 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-25 18:08 . 2009-01-02 05:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2010-06-25 18:08 . 2009-01-02 05:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-25 18:08 . 2008-07-20 02:22 -------- d-----w- c:\program files\Microsoft Works 2010-06-25 18:07 . 2008-09-25 15:12 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-25 18:06 . 2008-07-20 02:34 -------- d-----w- c:\program files\BigFix 2010-06-25 18:06 . 2008-07-20 02:21 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-25 18:02 . 2008-07-20 02:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Spare Backup 2010-06-25 14:01 . 2010-06-25 14:01 439816 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\setup.exe 2010-06-16 19:38 . 2008-08-03 20:46 -------- d-----w- c:\program files\LogMeIn 2010-06-07 23:14 . 2008-07-20 23:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-05-04 17:20 . 2006-05-07 00:24 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:20 . 2008-07-20 03:55 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:20 . 2008-07-20 03:54 17408 ------w- c:\windows\system32\corpol.dll 2010-05-02 05:22 . 2006-05-07 00:24 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:30 . 2008-07-20 03:54 285696 ----a-w- c:\windows\system32\atmfd.dll 2009-11-02 20:36 . 2008-07-27 20:30 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="NA" [X] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944] "nwiz"="nwiz.exe" [2006-10-31 1622016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016] "RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800] "SkyTel"="SkyTel.EXE" [2007-08-03 1826816] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-11-29 58928] "BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 2348584] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-20 185896] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-02 30192] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-7-19 2348584] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 17:32 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [6/16/2010 8:55 PM 1872320] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/16/2010 7:25 PM 135336] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 3:09 PM 12856] S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [7/19/2008 11:03 PM 69692] S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/27/2008 3:30 PM 30192] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/22/2010 4:19 PM 38224] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644 uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xkw1drda.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedengine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFxViewer.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) AddRemove-Lexmark Z700-P700 Series - c:\windows\system32\spool\drivers\w32x86\3\LXBLUN5C.EXE AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-29 18:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(656) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'explorer.exe'(2284) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\LogMeIn\x86\LMIGuardian.exe . ************************************************************************** . Completion time: 2010-06-29 19:08:49 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-30 00:08 Pre-Run: 131,346,026,496 bytes free Post-Run: 133,344,059,392 bytes free - - End Of File - - 90493B0F9EBC23151BA45750087210CE -
MBAM scan won't finish, machine reboots
Cards1968 replied to Cards1968's topic in Resolved Malware Removal Logs
Nothing there, all empty. Should I run again? -
MBAM scan won't finish, machine reboots
Cards1968 replied to Cards1968's topic in Resolved Malware Removal Logs
Searched for "Combo-Fix.txt", "ComboFix.txt", "BUG.txt", found nothing. Tried *.txt created in last week...nothing. Where do we go from here? -
MBAM scan won't finish, machine reboots
Cards1968 replied to Cards1968's topic in Resolved Malware Removal Logs
Did the ComboFix as directed. Everything seemed to run okay, but no report. It just rebooted when finished. I tried searching for the .txt file you want but can't find it. Suggestions? -
MBAM scan won't finish, machine reboots
Cards1968 replied to Cards1968's topic in Resolved Malware Removal Logs
It is not a laptop. It's a desktop. -
MBAM scan won't finish, machine reboots
Cards1968 replied to Cards1968's topic in Resolved Malware Removal Logs
Avira AntiVir Personal Report file date: Friday, June 25, 2010 19:24 Scanning for 2270810 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : EMACH2 Version information: BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 18:37:38 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04 LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 00:29:43 VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 00:31:07 VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 00:31:07 VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 00:31:08 VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 00:31:08 VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 00:31:08 VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 00:31:09 VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 00:31:09 VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 00:31:17 VBASE014.VDF : 7.10.8.69 138752 Bytes 6/14/2010 00:31:22 VBASE015.VDF : 7.10.8.102 130560 Bytes 6/16/2010 03:27:30 VBASE016.VDF : 7.10.8.135 152064 Bytes 6/21/2010 03:42:17 VBASE017.VDF : 7.10.8.163 432128 Bytes 6/23/2010 17:54:12 VBASE018.VDF : 7.10.8.164 2048 Bytes 6/23/2010 17:54:12 VBASE019.VDF : 7.10.8.165 2048 Bytes 6/23/2010 17:54:13 VBASE020.VDF : 7.10.8.166 2048 Bytes 6/23/2010 17:54:13 VBASE021.VDF : 7.10.8.167 2048 Bytes 6/23/2010 17:54:13 VBASE022.VDF : 7.10.8.168 2048 Bytes 6/23/2010 17:54:13 VBASE023.VDF : 7.10.8.169 2048 Bytes 6/23/2010 17:54:13 VBASE024.VDF : 7.10.8.170 2048 Bytes 6/23/2010 17:54:14 VBASE025.VDF : 7.10.8.171 2048 Bytes 6/23/2010 17:54:14 VBASE026.VDF : 7.10.8.172 2048 Bytes 6/23/2010 17:54:14 VBASE027.VDF : 7.10.8.173 2048 Bytes 6/23/2010 17:54:14 VBASE028.VDF : 7.10.8.174 2048 Bytes 6/23/2010 17:54:14 VBASE029.VDF : 7.10.8.175 2048 Bytes 6/23/2010 17:54:14 VBASE030.VDF : 7.10.8.176 2048 Bytes 6/23/2010 17:54:15 VBASE031.VDF : 7.10.8.190 129024 Bytes 6/25/2010 00:23:03 Engineversion : 8.2.4.2 AEVDF.DLL : 8.1.2.0 106868 Bytes 6/17/2010 00:33:27 AESCRIPT.DLL : 8.1.3.33 1356155 Bytes 6/24/2010 17:54:38 AESCN.DLL : 8.1.6.1 127347 Bytes 6/17/2010 00:33:05 AESBX.DLL : 8.1.3.1 254324 Bytes 6/17/2010 00:33:31 AERDL.DLL : 8.1.4.6 541043 Bytes 6/17/2010 00:33:02 AEPACK.DLL : 8.2.2.5 430453 Bytes 6/24/2010 17:54:34 AEOFFICE.DLL : 8.1.1.0 201081 Bytes 6/17/2010 00:32:52 AEHEUR.DLL : 8.1.1.38 2724214 Bytes 6/24/2010 17:54:31 AEHELP.DLL : 8.1.11.6 242038 Bytes 6/24/2010 17:54:19 AEGEN.DLL : 8.1.3.12 377204 Bytes 6/24/2010 17:54:18 AEEMU.DLL : 8.1.2.0 393588 Bytes 6/17/2010 00:31:49 AECORE.DLL : 8.1.15.3 192886 Bytes 6/17/2010 00:31:45 AEBB.DLL : 8.1.1.0 53618 Bytes 6/17/2010 00:31:41 AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 18:35:46 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 18:39:51 AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 18:22:13 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20 RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 20:14:29 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Friday, June 25, 2010 19:24 Starting search for hidden objects. HKEY_USERS\S-1-5-21-2738492756-3300531255-322722883-1003\Software\Google\Google Desktop\rlz_failure_count [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\RNG\seed [NOTE] The registry entry is invisible. The scan of running processes will be started Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '59' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '48' Module(s) have been scanned Scan process 'avscan.exe' - '70' Module(s) have been scanned Scan process 'avcenter.exe' - '69' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'LMIGuardian.exe' - '18' Module(s) have been scanned Scan process 'ctfmon.exe' - '25' Module(s) have been scanned Scan process 'msmsgs.exe' - '45' Module(s) have been scanned Scan process 'avgnt.exe' - '50' Module(s) have been scanned Scan process 'LogMeInSystray.exe' - '38' Module(s) have been scanned Scan process 'GoogleDesktop.exe' - '78' Module(s) have been scanned Scan process 'realsched.exe' - '27' Module(s) have been scanned Scan process 'bigfix.exe' - '42' Module(s) have been scanned Scan process 'PDVDServ.exe' - '24' Module(s) have been scanned Scan process 'RTHDCPL.EXE' - '36' Module(s) have been scanned Scan process 'RUNDLL32.EXE' - '28' Module(s) have been scanned Scan process 'wscntfy.exe' - '18' Module(s) have been scanned Scan process 'alg.exe' - '33' Module(s) have been scanned Scan process 'avshadow.exe' - '26' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'RichVideo.exe' - '22' Module(s) have been scanned Scan process 'PRISMXL.SYS' - '13' Module(s) have been scanned Scan process 'nvsvc32.exe' - '37' Module(s) have been scanned Scan process 'avguard.exe' - '53' Module(s) have been scanned Scan process 'a2service.exe' - '28' Module(s) have been scanned Scan process 'svchost.exe' - '33' Module(s) have been scanned Scan process 'sched.exe' - '45' Module(s) have been scanned Scan process 'LEXPPS.EXE' - '24' Module(s) have been scanned Scan process 'spoolsv.exe' - '62' Module(s) have been scanned Scan process 'LEXBCES.EXE' - '23' Module(s) have been scanned Scan process 'Explorer.EXE' - '93' Module(s) have been scanned Scan process 'svchost.exe' - '42' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '163' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'svchost.exe' - '53' Module(s) have been scanned Scan process 'lsass.exe' - '58' Module(s) have been scanned Scan process 'services.exe' - '27' Module(s) have been scanned Scan process 'winlogon.exe' - '68' Module(s) have been scanned Scan process 'csrss.exe' - '12' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '457' files ). Starting the file scan: Begin scan in 'C:\' Begin scan in 'D:\' <RECOVERY> End of the scan: Friday, June 25, 2010 20:27 Used time: 1:03:23 Hour(s) The scan has been done completely. 6572 Scanned directories 305015 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 305015 Files not concerned 13275 Archives were scanned 0 Warnings 0 Notes 326154 Objects were scanned with rootkit scan 2 Hidden objects were found -
MBAM scan won't finish, machine reboots
Cards1968 replied to Cards1968's topic in Resolved Malware Removal Logs
I tried 9 times to get into safe mode, but F8 has no effect whatsoever, tried at many different stages of boot process. Is there another way? Also, to clarify, when I finally get in safe mode do I need to do another uninstall/reinstall of MBAM, or just run a quick scan with the version I installed yesterday? -
MBAM scan won't finish, machine reboots
Cards1968 replied to Cards1968's topic in Resolved Malware Removal Logs
Completed all steps as directed, new MBAM installed and updated fine. But when I ran Quick Scan it hung at 2 min 87 sec while scanning C:\WINDOWS\System32\mouse.drv. I let it sit and after about two minutes it rebooted itself. MBAM log file is empty. Fresh DDS: DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 16:38:29.89 on Tue 06/22/2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.479 [GMT -5:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\program files\Bigfix\bigfix.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe svchost.exe C:\WINDOWS\system32\zshp1020.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644 mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644 uInternet Settings,ProxyOverride = <local> mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644 BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [Power2GoExpress] NA uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RTHDCPL] RTHDCPL.EXE mRun: [skyTel] SkyTel.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe" mRun: [bigFix] c:\program files\bigfix\bigfix.exe /atstartup mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab Notify: LMIinit - LMIinit.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\xkw1drda.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedengine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-16 11608] R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-6-16 1872320] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-16 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-16 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-16 60936] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-8-3 45848] S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2008-7-19 69692] S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-27 30192] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-6-22 38224] S4 LMIRfsClientNP;LMIRfsClientNP; [x] =============== Created Last 30 ================ 2010-06-22 21:19:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-22 21:19:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-22 21:19:41 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-21 03:37:56 0 ----a-w- c:\documents and settings\owner\defogger_reenable 2010-06-17 17:00:39 0 d-sha-w- c:\windows\Repair 2010-06-17 17:00:39 0 d-----w- c:\windows\system32\NtmsData 2010-06-17 00:37:15 0 d-----w- c:\docume~1\owner\applic~1\Avira 2010-06-17 00:25:29 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-06-17 00:25:29 0 d-----w- c:\program files\Avira 2010-06-17 00:25:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-06-13 19:39:39 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-06-13 19:39:39 215920 ----a-w- c:\windows\system32\muweb.dll 2010-06-13 19:36:35 0 d-----w- c:\windows\system32\wbem\Repository 2010-06-08 04:13:28 0 d-----w- c:\program files\a-squared Free 2010-06-03 19:47:02 16736 ----a-w- c:\windows\system32\mucltui.dll.mui ==================== Find3M ==================== 2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:20:32 17408 ------w- c:\windows\system32\corpol.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll 2008-07-20 02:52:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat 2008-09-04 16:44:52 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat 2008-07-20 03:02:33 16384 --sha-w- c:\windows\temp\cookies\index.dat 2008-07-20 03:02:33 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat 2008-07-20 03:02:33 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 16:39:05.75 =============== -
The first problem was we couldn't access our most frequently visited websites. I hadn't run MBAM on this machine in a while, so I tried to update , but couldn't. Tried to run without update, couldn't. Tried to update/run Avira, couldn't. While I was out of town my wife did a Sysytem Restore (or something like that, she's not really sure). Things started working again for the most part. Avira will update/ run. MBAM will update, but still not complete a scan. It stops somewhere, reboots computer, and nothing at all shows in log. I've done some preliminary things as directed elsewhere in this forum, and am pasting/attaching them Thanks. DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 22:45:06.23 on Sun 06/20/2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.478 [GMT -5:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\program files\Bigfix\bigfix.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644 mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644 uInternet Settings,ProxyOverride = <local> mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644 BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [Power2GoExpress] NA uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RTHDCPL] RTHDCPL.EXE mRun: [skyTel] SkyTel.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe" mRun: [bigFix] c:\program files\bigfix\bigfix.exe /atstartup mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab Notify: LMIinit - LMIinit.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\xkw1drda.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedengine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-16 11608] R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-6-16 1872320] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-16 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-16 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-16 60936] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-8-3 45848] S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2008-7-19 69692] S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-27 30192] S4 LMIRfsClientNP;LMIRfsClientNP; [x] =============== Created Last 30 ================ 2010-06-21 03:37:56 0 ----a-w- c:\documents and settings\owner\defogger_reenable 2010-06-17 17:00:39 0 d-sha-w- c:\windows\Repair 2010-06-17 17:00:39 0 d-----w- c:\windows\system32\NtmsData 2010-06-17 03:18:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-17 03:18:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-17 03:18:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-17 00:37:15 0 d-----w- c:\docume~1\owner\applic~1\Avira 2010-06-17 00:25:29 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-06-17 00:25:29 0 d-----w- c:\program files\Avira 2010-06-17 00:25:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-06-13 19:39:39 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-06-13 19:39:39 215920 ----a-w- c:\windows\system32\muweb.dll 2010-06-13 19:36:35 0 d-----w- c:\windows\system32\wbem\Repository 2010-06-08 04:13:28 0 d-----w- c:\program files\a-squared Free 2010-06-03 19:47:02 16736 ----a-w- c:\windows\system32\mucltui.dll.mui ==================== Find3M ==================== 2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:20:32 17408 ------w- c:\windows\system32\corpol.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll 2008-07-20 02:52:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat 2008-09-04 16:44:52 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat 2008-07-20 03:02:33 16384 --sha-w- c:\windows\temp\cookies\index.dat 2008-07-20 03:02:33 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat 2008-07-20 03:02:33 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 22:45:33.54 =============== Last good scan: Malwarebytes' Anti-Malware 1.44 Database version: 3850 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 3/10/2010 11:41:09 PM mbam-log-2010-03-10 (23-41-09).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 209161 Time elapsed: 40 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Last scan: Malwarebytes' Anti-Malware 1.44 Database version: 3850 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 6/8/2010 7:47:22 PM mbam-log-2010-06-08 (19-47-22).txt Scan type: Quick Scan Objects scanned: 834 Time elapsed: 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ark.zip Attach.zip
-
First sign of trouble was when access was denied for our two most-visited websites. I use Firefox, wife IE. Hadn't run MBAM for a while on this machine, and when I tried to update it wouldn't. Uh-ohh, here we go again. My wife did a system restore (or something like that, she really doesn't know, and is even less tech-savvy than me, and I don't know much). Everything seemed to work again, including MBAM update, Except somewhere during a full scan it would stop, machine reboot, and nothing shows in log. I suspect we still have a problem lurking. I have run the requested stuff to get started on fixing this. Hopefully I'll get it all pasted and attached properly. Thanks. DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 22:45:06.23 on Sun 06/20/2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.478 [GMT -5:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\program files\Bigfix\bigfix.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644 mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644 uInternet Settings,ProxyOverride = <local> mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644 BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [Power2GoExpress] NA uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RTHDCPL] RTHDCPL.EXE mRun: [skyTel] SkyTel.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe" mRun: [bigFix] c:\program files\bigfix\bigfix.exe /atstartup mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab Notify: LMIinit - LMIinit.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\xkw1drda.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedengine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-16 11608] R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-6-16 1872320] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-16 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-16 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-16 60936] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-8-3 45848] S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2008-7-19 69692] S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-27 30192] S4 LMIRfsClientNP;LMIRfsClientNP; [x] =============== Created Last 30 ================ 2010-06-21 03:37:56 0 ----a-w- c:\documents and settings\owner\defogger_reenable 2010-06-17 17:00:39 0 d-sha-w- c:\windows\Repair 2010-06-17 17:00:39 0 d-----w- c:\windows\system32\NtmsData 2010-06-17 03:18:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-17 03:18:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-17 03:18:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-17 00:37:15 0 d-----w- c:\docume~1\owner\applic~1\Avira 2010-06-17 00:25:29 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-06-17 00:25:29 0 d-----w- c:\program files\Avira 2010-06-17 00:25:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-06-13 19:39:39 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-06-13 19:39:39 215920 ----a-w- c:\windows\system32\muweb.dll 2010-06-13 19:36:35 0 d-----w- c:\windows\system32\wbem\Repository 2010-06-08 04:13:28 0 d-----w- c:\program files\a-squared Free 2010-06-03 19:47:02 16736 ----a-w- c:\windows\system32\mucltui.dll.mui ==================== Find3M ==================== 2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:20:32 17408 ------w- c:\windows\system32\corpol.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll 2008-07-20 02:52:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat 2008-09-04 16:44:52 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat 2008-07-20 03:02:33 16384 --sha-w- c:\windows\temp\cookies\index.dat 2008-07-20 03:02:33 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat 2008-07-20 03:02:33 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 22:45:33.54 =============== Malwarebytes' Anti-Malware 1.44 Database version: 3850 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 6/8/2010 7:47:22 PM mbam-log-2010-06-08 (19-47-22).txt Scan type: Quick Scan Objects scanned: 834 Time elapsed: 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Last good scan: Malwarebytes' Anti-Malware 1.44 Database version: 3850 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 3/10/2010 11:41:09 PM mbam-log-2010-03-10 (23-41-09).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 209161 Time elapsed: 40 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ark.zip Attach.zip