Jump to content

Recommended Posts

I'm having an intermittent problem I cannot isolate. I don't remember making any changes or installing anything that would do this.

The first symptom I noticed was that IE would have what looked like a video artifact where the address bar should be. The 'artifact' always appears in the same place on the IE window and is whatever window was underneath IE when opened. Once it happens, it's there even if the IE window is moved, minimized and restored, or resized. It will also be there in the same place if a new tab is opened from that one. See screen

shot. IE will >sometimes< lock up.

I disabled the bars, rebooted, and enabled the bars. No change.

Also, some programs' command bars now have highlighting. See screen shot.

Other than that, the programs appear to work normally.

Full Avast! A/V, Malwarebytes, and AdAware scans are clean.

Nothing new noticed in Task Manager Processes.

Avast! was disabled to run dds.com. Files are included.

While there are aspects of this that point to video hardware problems, since it is intermittent but consistent when it does happen, only affects IE, and resizes along with the IE window, I'm turning to your expertise. Suggestions not related to the video are also appreciated.

Thank you for your help.

Files follow--------

dds.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by (Personal data removed) at 5:12:40 on 2012-07-15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1186 [GMT -5:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\java.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program Files\Broadcom\BACS\BacsTray.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Linksys\WUSB600N\WUSB600N.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070910

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [hplampc] c:\windows\system32\hplampc.exe

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [bacstray] c:\program files\broadcom\bacs\BacsTray.exe

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H

mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized

mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

dRunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Gamma Loader.exe.lnk.disabled

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wusb600n\WUSB600N.exe

IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program

files\java\jre6\bin\jp2iexp.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -

hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -

hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189834977765

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340838087796

DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab

DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab

DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30155.www3.hp.com/ediags/hpfix/sj/en/check/xp/qdiagh.cab?326

TCP: DhcpNameServer = 207.243.120.10 207.243.120.20 209.55.24.10

TCP: Interfaces\{9005B918-1D03-41E1-86C8-0A7F8E50E4DB} : DhcpNameServer = 207.243.120.10 207.243.120.20 209.55.24.10

TCP: Interfaces\{B4E5467A-829D-4607-A644-E911CECC03F3} : DhcpNameServer = 207.243.120.10 207.243.120.20 209.55.24.10

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop

search\MSNLNamespaceMgr.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-9 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-3-30 353688]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-3-30 21256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-7 44808]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2012-3-19 12184]

R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-1-9 91456]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-3 2214504]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-9-2 42648]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-9-2 12184]

R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-12-14 551680]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe

[2012-4-10 250056]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs

shared\service\CTAELicensing.exe [2009-2-5 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop

search\GoogleDesktop.exe [2007-9-10 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]

S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [2007-9-15 9312]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program

files\lavasoft\ad-aware\KernExplorer.sys [?]

S3 vidcap;vidcap;c:\windows\system32\drivers\vidcap.sys --> c:\windows\system32\drivers\vidcap.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-8-16 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-07-14 17:46:50 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-07-14 17:46:50 -------- d-----w- c:\windows\system32\wbem\Repository

2012-07-08 18:30:53 -------- d-----w- c:\windows\system32\Adobe

2012-06-26 14:05:12 -------- d-----w- c:\program files\Network Monitor Experts

2012-06-25 10:47:26 -------- d-----w- c:\program files\Microsoft Network Monitor 3

.

==================== Find3M ====================

.

2012-07-12 04:03:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-12 04:03:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-11 08:23:14 26112 ----a-w- c:\windows\system32\userinit.exe

2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr

2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 22:35:26 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec

2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

============= FINISH: 5:13:01.14 ===============

attach.txt

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 9/14/2007 11:45:00 PM

System Uptime: 7/14/2012 4:56:32 PM (13 hours ago)

.

Motherboard: Dell Inc. | | 0CK520

Processor: Intel® Core™2 CPU 6700 @ 2.66GHz | Microprocessor | 2666/1066mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 926 GiB total, 852.413 GiB free.

D: is FIXED (NTFS) - 932 GiB total, 332.495 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is CDROM (CDFS)

H: is Removable

M: is Removable

N: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1749: 4/16/2012 5:19:33 PM - System Checkpoint

RP1750: 4/17/2012 5:47:45 PM - System Checkpoint

RP1751: 4/18/2012 5:48:06 PM - System Checkpoint

RP1752: 4/19/2012 7:49:25 PM - System Checkpoint

RP1753: 4/20/2012 7:50:20 PM - System Checkpoint

RP1754: 4/21/2012 9:48:18 PM - System Checkpoint

RP1755: 4/23/2012 3:20:38 AM - System Checkpoint

RP1756: 4/24/2012 5:16:42 AM - System Checkpoint

RP1757: 4/25/2012 5:48:01 AM - System Checkpoint

RP1758: 4/26/2012 6:30:03 AM - System Checkpoint

RP1759: 4/27/2012 7:06:54 AM - System Checkpoint

RP1760: 4/28/2012 7:25:37 AM - System Checkpoint

RP1761: 4/29/2012 9:06:42 AM - System Checkpoint

RP1762: 4/30/2012 10:12:36 AM - System Checkpoint

RP1763: 4/30/2012 10:17:47 PM - Software Distribution Service 3.0

RP1764: 5/1/2012 11:00:50 PM - System Checkpoint

RP1765: 5/3/2012 12:44:26 AM - System Checkpoint

RP1766: 5/4/2012 1:29:01 AM - System Checkpoint

RP1767: 5/5/2012 3:29:02 AM - System Checkpoint

RP1768: 5/6/2012 7:22:59 AM - System Checkpoint

RP1769: 5/7/2012 8:41:21 AM - System Checkpoint

RP1770: 5/8/2012 10:06:10 AM - System Checkpoint

RP1771: 5/9/2012 12:06:29 PM - System Checkpoint

RP1772: 5/10/2012 2:06:26 PM - System Checkpoint

RP1773: 5/11/2012 4:04:08 PM - System Checkpoint

RP1774: 5/12/2012 3:00:47 AM - Software Distribution Service 3.0

RP1775: 5/13/2012 6:21:49 AM - System Checkpoint

RP1776: 5/14/2012 5:25:37 AM - Software Distribution Service 3.0

RP1777: 5/15/2012 5:36:27 AM - System Checkpoint

RP1778: 5/16/2012 7:20:27 AM - System Checkpoint

RP1779: 5/17/2012 7:34:04 AM - System Checkpoint

RP1780: 5/18/2012 5:33:48 PM - System Checkpoint

RP1781: 5/19/2012 7:25:23 PM - System Checkpoint

RP1782: 5/20/2012 8:50:36 PM - System Checkpoint

RP1783: 5/21/2012 10:24:09 PM - System Checkpoint

RP1784: 5/22/2012 3:00:16 AM - Software Distribution Service 3.0

RP1785: 5/22/2012 5:55:41 AM - Software Distribution Service 3.0

RP1786: 5/22/2012 9:17:47 AM - Software Distribution Service 3.0

RP1787: 5/22/2012 8:04:08 PM - Software Distribution Service 3.0

RP1788: 5/23/2012 8:04:44 PM - System Checkpoint

RP1789: 5/24/2012 9:05:01 PM - System Checkpoint

RP1790: 5/25/2012 10:52:48 PM - System Checkpoint

RP1791: 5/26/2012 11:37:08 PM - System Checkpoint

RP1792: 5/28/2012 1:36:54 AM - System Checkpoint

RP1793: 5/29/2012 1:43:08 AM - System Checkpoint

RP1794: 5/30/2012 3:37:08 AM - System Checkpoint

RP1795: 5/31/2012 4:15:17 AM - System Checkpoint

RP1796: 6/1/2012 6:30:13 AM - System Checkpoint

RP1797: 6/2/2012 8:15:17 AM - System Checkpoint

RP1798: 6/3/2012 8:27:00 AM - System Checkpoint

RP1799: 6/4/2012 9:58:57 AM - System Checkpoint

RP1800: 6/4/2012 10:22:16 AM - Software Distribution Service 3.0

RP1801: 6/5/2012 10:29:05 AM - System Checkpoint

RP1802: 6/6/2012 12:28:00 PM - System Checkpoint

RP1803: 6/7/2012 2:59:56 PM - System Checkpoint

RP1804: 6/8/2012 4:28:00 PM - System Checkpoint

RP1805: 6/9/2012 6:27:59 PM - System Checkpoint

RP1806: 6/10/2012 8:40:12 PM - System Checkpoint

RP1807: 6/11/2012 10:37:02 PM - System Checkpoint

RP1808: 6/13/2012 12:38:21 AM - System Checkpoint

RP1809: 6/13/2012 11:07:51 AM - Software Distribution Service 3.0

RP1810: 6/14/2012 12:56:22 PM - System Checkpoint

RP1811: 6/15/2012 1:40:21 PM - System Checkpoint

RP1812: 6/16/2012 1:59:03 PM - System Checkpoint

RP1813: 6/17/2012 4:36:54 PM - System Checkpoint

RP1814: 6/18/2012 5:21:19 PM - System Checkpoint

RP1815: 6/19/2012 7:09:38 PM - System Checkpoint

RP1816: 6/20/2012 8:31:11 PM - System Checkpoint

RP1817: 6/21/2012 9:16:45 PM - System Checkpoint

RP1818: 6/22/2012 9:32:24 PM - System Checkpoint

RP1819: 6/23/2012 9:50:54 PM - System Checkpoint

RP1820: 6/25/2012 12:29:25 AM - System Checkpoint

RP1821: 6/25/2012 5:47:25 AM - Installed Microsoft Network Monitor 3.4

RP1822: 6/25/2012 5:47:59 AM - Installed Microsoft Network Monitor: NetworkMonitor Parsers 3.4

RP1823: 6/26/2012 9:05:12 AM - Installed TCP Analyzer 1.2

RP1824: 6/27/2012 9:43:54 AM - System Checkpoint

RP1825: 6/28/2012 9:48:17 AM - System Checkpoint

RP1826: 6/29/2012 9:58:19 AM - System Checkpoint

RP1827: 6/30/2012 11:48:20 AM - System Checkpoint

RP1828: 7/1/2012 12:35:00 PM - System Checkpoint

RP1829: 7/2/2012 12:45:33 PM - System Checkpoint

RP1830: 7/3/2012 12:53:36 PM - System Checkpoint

RP1831: 7/4/2012 5:20:57 PM - System Checkpoint

RP1832: 7/5/2012 6:19:50 PM - System Checkpoint

RP1833: 7/6/2012 7:35:01 PM - System Checkpoint

RP1834: 7/7/2012 9:09:53 PM - System Checkpoint

RP1835: 7/8/2012 10:56:36 PM - System Checkpoint

RP1836: 7/9/2012 11:09:03 PM - System Checkpoint

RP1837: 7/11/2012 12:29:07 AM - System Checkpoint

RP1838: 7/11/2012 3:00:28 AM - Software Distribution Service 3.0

RP1839: 7/12/2012 3:21:21 AM - Ad-Aware Checkpoint

RP1840: 7/13/2012 3:31:04 AM - System Checkpoint

RP1841: 7/14/2012 3:45:15 AM - System Checkpoint

RP1842: 7/14/2012 11:49:08 AM - Restore Operation

RP1843: 7/14/2012 11:55:16 AM - Restore Operation

RP1844: 7/14/2012 11:59:16 AM - Restore Operation

RP1845: 7/14/2012 12:03:29 PM - Restore Operation

RP1846: 7/14/2012 12:45:52 PM - Restore Operation

RP1847: 7/14/2012 1:19:55 PM - After restore to 7-12 in SAFE mode

RP1848: 7/14/2012 4:45:01 PM - Removed Ad-Aware

RP1849: 7/14/2012 4:46:45 PM - Removed Ad-Aware

.

==== Installed Programs ======================

.

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Media Player

Adobe Photoshop 5.5

Adobe Reader 9.5.1

Adobe SVG Viewer 3.0

Advanced Decoder Patch

AmpliTube2

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Audacity 1.2.6

Avanquest update

avast! Free Antivirus

Broadcom Management Programs

Bulk Rename Utility 2, 6, 1, 0

Business Contact Manager for Outlook 2007 SP2

Calculator Powertoy for Windows XP

calibre

Conexant D850 56K V.92 DFVc Modem

Cool Edit Pro 2.0

Creative Audio Control Panel

Critical Update for Windows Media Player 11 (KB959772)

Dell DataSafe Online

Dell Support Center

Dell System Restore

DellSupport

Digital Line Detect

Digital Video Converter v1.18.0.52

DivX Converter

DivX Plus DirectShow Filters

DivX Setup

DivX Version Checker

Documentation & Support Launcher

Download Center

DupDetector 3.201

Duplic8 V2.0.009

DVD Identifier

DVDStyler v1.7.4

eReg

exPressit S.E. 3.0

Eye Candy 3

FileAlyzer

FileHippo.com Update Checker

Fine WoodWorking

Fine Woodworking Archive

FosiX v. 2.3.10.6

Free Download Manager 3.9

Free M4a to MP3 Converter 6.0

Free Video Converter

FreeRIP v3.1

Games, Music, & Photos Launcher

GemMaster Mystic

getPlus®_ocx

Google Desktop

Google SketchUp 6

Google SketchUp 8

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist Corporate

Guitar Pro 5.1

Haali Media Splitter

HDView for Internet Explorer

High Definition Audio Driver Package - KB835221

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Hoyle Solitaire & Mah Jong Tiles

Internet Service Offers Launcher

IrfanView (remove only)

ISO Recorder

Java Auto Updater

Java™ 6 Update 26

K-Lite Mega Codec Pack 5.5.1

LADSPA_plugins-win-0.4.15

Linksys Dual-Band Wireless-N USB Network Adapter

Linksys EasyLink Advisor

Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter

Logitech SetPoint 6.32

Malwarebytes' Anti-Malware version 1.51.0.1200

MFC RunTime files

Microsoft .NET Framework 1.0 Hotfix (KB2572066)

Microsoft .NET Framework 1.0 Hotfix (KB2604042)

Microsoft .NET Framework 1.0 Hotfix (KB2656378)

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Math Add-in for Word 2007

Microsoft MPEG-4 VKI Video Codec V1/V2/V3

Microsoft National Language Support Downlevel APIs

Microsoft Network Monitor 3.4

Microsoft Network Monitor: NetworkMonitor Parsers 3.4

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Word MUI (English) 2007

Microsoft OpenType Font File Properties Extension

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Reader

Microsoft Reader Text-to-Speech for English

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Modem Helper

Motorola Driver Installation 4.6.0

Motorola Phone Tools

Motorola Software Update

Move Media Player

MP3 Book Helper version 2.3.4.24

Mp3tag v2.46a

MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only)

MSN

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

NetAlyzer

NetAlyzer 0.3

NetWaiting

NewsBin Pro

Next Generation Visualisations

NVIDIA Control Panel 275.33

NVIDIA Drivers

NVIDIA Graphics Driver 275.33

NVIDIA Install Application

NVIDIA nView 135.85

NVIDIA nView Desktop Manager

NVIDIA PhysX

NVIDIA PhysX System Software 9.10.0514

NVIDIA Update 1.3.5

NVIDIA Update Components

OpenAL

Otto

PowerDVD

Powerpost

Pure Networks Platform

QualxServ Service Agreement

QuickPar 0.9

QuickSet

QuickSFV (Remove only)

QuickTime

R-Studio Agent v1.0

R-STUDIO network edition v1.0

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Drag-to-Disc

Roxio Express Labeler

Roxio MyDVD DE

Roxio UDF Reader

Roxio Update Manager

SearchAssist

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SolveigMM AVI Trimmer

Sonic Activation Module

Sonic Encoders

Spybot - Search & Destroy

SQLite2009 Pro Enterprise Manager [sqlite v3.6.19 - 2009.10.15]

System Checkup 3.0

TargetExpress

TCP Analyzer 1.2

Tweak UI

UnderCoverXP 1.14

Unlocker 1.8.7

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Internet Explorer 8 (KB2632503)

Update for Windows Internet Explorer 8 (KB969497)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows Media Player 10 (KB910393)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB943729)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

URL Assistant

VC80CRTRedist - 8.0.50727.4053

Video DVD Maker v3.24.0.62

Virtual Earth 3D (Beta)

Visual CD

VST Bridge 1.1

WebEx

WebEx Support Manager for Internet Explorer

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live OneCare safety scanner

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]

Windows Media Player 11

Windows Search 4.0

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Media Center Edition 2005 KB908246

Windows XP Media Center Edition 2005 KB925766

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

WinPcap 4.1.2

WinRAR archiver

WinX DVD Author 6.0

WinX DVD Ripper 5.5.4

Wireshark 1.6.1

XMedia Recode version 3.1.0.5

XviD MPEG-4 Video Codec

yEnc32 (remove only)

.

==== Event Viewer Messages From Past Week ========

.

7/9/2012 8:15:39 AM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done

this 1 time(s).

7/14/2012 12:48:24 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to

connect.

7/14/2012 12:48:24 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The

service did not respond to the start or control request in a timely fashion.

7/14/2012 12:48:24 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order

to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/14/2012 12:44:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to

run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

7/14/2012 12:44:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in

order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/14/2012 12:43:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4

AFD APPDRV aswRdr aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

7/14/2012 12:43:55 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which

failed to start because of the following error: A device attached to the system is not functioning.

7/14/2012 12:43:55 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed

to start because of the following error: A device attached to the system is not functioning.

7/14/2012 12:43:55 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which

failed to start because of the following error: A device attached to the system is not functioning.

7/14/2012 12:43:55 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which

failed to start because of the following error: A device attached to the system is not functioning.

7/14/2012 12:43:55 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver

service which failed to start because of the following error: A device attached to the system is not functioning.

7/14/2012 11:59:23 AM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error

2147749155 (0x80040D23).

7/11/2012 3:22:21 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WebClient service to connect.

7/11/2012 3:22:21 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to

connect.

7/11/2012 3:22:21 AM, error: Service Control Manager [7000] - The WebClient service failed to start due to the following error: The service

did not respond to the start or control request in a timely fashion.

7/11/2012 3:22:21 AM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

post-114860-0-61691000-1342356796.jpg

post-114860-0-11804700-1342356871.jpg

Link to post
Share on other sites

Thank you for your response.

No, I've not tried uninstalling IE8.

I came to the forums instead.

In the 3 1/2 days between, I've noticed the following:

I have attempted to run Malwarebytes as user (with Admin priv.) and get Run-time error 5, Invalid procedure call or argument.

Avast has been set to exclude MWB per the instructions on this site.

I temporarily disabled Avast. No change.

Ran Chameleon from the Help file and it shows green 'Tested' on all 12 tests, but no DOS box opens.

I can re-install MWB. If I do, does the old one need to be uninstalled first?

One other thing noticed about browser behavior: it often takes two clicks on the Back button to go anywhere.

Link to post
Share on other sites

Please do the following to see if it resolves the issue: Post back and let us know please


  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus:
  • Here's how to do that.
  • usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Next: Install the latest version of Malwarebytes' Anti-Malware from here

    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

ID and KEY location in the Registry

x86

HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware

x64

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware

Link to post
Share on other sites

I d/l and ran mbclean.

Got messages:

This will remove....Are you sure? Answered Yes.

Got message Run-time error 5. Invalid... as before.

Some 10 seconds later got the Reboot now? message. Answered Yes.

Got a Cannot Quit... message.

Then the computer rebooted.

Disabled A/V and Firewall.

d/l, launched and updated mbam.

Restarted computer.

Set or checked set A/V exclusions.

Set mbaw exclusion (avast is located in Alwil software group, BTW).

I followed the guide and your instructions as best as possible but am not sure about the firewall exclusions.

Please confirm that mbam.exe, mbam gui, and mbam service are to be excluded in Windows firewall (XP).

Also at the end of your post you have some registry locations, but no instructions on what to do with them.

These IE errors just started in the last month. I've had IE8 since 3/2009 according to the file date. Browsing without add-ons was tried last week but still had the same problems.

Awaiting your instructions.

Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Machine seems to be running fine but I only checked a few things. Noted fewer processes running - usually 74-78, currently (with IE open) 69. Wish the log had a little less personal info..... What now? ComboFix 12-07-19.02 - 07/19/2012 12:42:32.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1055 [GMT -5:00] Running from: c:\documents and settings\\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\GoToAssistDownloadHelper.exe c:\documents and settings\Local Settings\Application Data\assembly\tmp c:\documents and settings\\Recent\Thumbs.db c:\documents and settings\\WINDOWS C:\t.txt C:\Thumbs.db c:\windows\system32\BSTIEPrintCtl1.dll c:\windows\system32\hplampc.1 c:\windows\system32\PowerToyReadme.htm c:\windows\system32\SET94.tmp c:\windows\system32\SET95.tmp c:\windows\system32\SETCA.tmp c:\windows\system32\SETD6.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_FAD . . ((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 ))))))))))))))))))))))))))))))) . . 2012-07-19 12:34 . 2012-07-19 12:34 -------- d-----w- c:\documents and settings\\Application Data\Malwarebytes 2012-07-19 12:34 . 2012-07-19 12:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-19 12:34 . 2012-07-19 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-07-19 12:34 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-14 17:46 . 2012-07-14 17:46 -------- d-----w- c:\windows\system32\wbem\Repository 2012-07-08 18:30 . 2012-07-08 18:30 -------- d-----w- c:\windows\system32\Adobe 2012-06-26 14:05 . 2012-06-26 14:05 -------- d-----w- c:\program files\Network Monitor Experts 2012-06-25 10:47 . 2012-06-25 10:47 -------- d-----w- c:\program files\Microsoft Network Monitor 3 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 04:03 . 2012-04-11 03:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-12 04:03 . 2011-05-15 15:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-11 08:23 . 2005-08-16 09:18 26112 ----a-w- c:\windows\system32\userinit.exe 2012-07-03 16:21 . 2007-09-15 05:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-03 16:21 . 2011-06-09 08:35 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21 . 2008-03-30 18:07 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-03 16:21 . 2008-03-30 18:07 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-03 16:21 . 2007-09-15 05:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-07-03 16:21 . 2007-09-15 05:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-07-03 16:21 . 2007-09-15 05:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-07-03 16:21 . 2007-09-15 05:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-07-03 16:21 . 2010-06-29 09:34 41224 ----a-w- c:\windows\avastSS.scr 2012-07-03 16:21 . 2007-09-15 05:21 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-06-13 13:19 . 2005-08-16 09:18 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:50 . 2007-05-15 20:43 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50 . 2005-08-16 09:18 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 22:35 . 2007-09-16 16:46 222448 ----a-w- c:\windows\system32\muweb.dll 2012-06-04 04:32 . 2005-08-16 09:18 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 20:19 . 2007-09-15 05:43 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19 . 2007-09-15 05:43 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19 . 2005-08-16 09:40 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 20:19 . 2005-08-16 09:40 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 20:19 . 2005-08-16 09:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19 . 2007-09-15 05:43 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 20:19 . 2007-09-15 05:43 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19 . 2005-08-16 09:40 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 20:19 . 2005-08-16 09:40 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 20:19 . 2005-08-16 09:18 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 20:19 . 2007-09-15 05:43 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 20:19 . 2005-08-16 09:40 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 20:19 . 2005-08-16 09:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 20:18 . 2007-09-16 16:46 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 20:18 . 2007-09-16 16:46 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2005-08-16 09:18 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08 . 2005-08-16 09:18 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:42 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42 . 2005-08-16 09:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38 . 2005-08-16 09:18 385024 ----a-w- c:\windows\system32\html.iec 2012-05-04 13:16 . 2005-08-16 09:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32 . 2004-08-04 03:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46 . 2005-08-16 09:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2012-05-14 6149120] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-15 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-04-04 1236992] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920] "hplampc"="c:\windows\system32\hplampc.exe" [2002-01-17 40448] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184] "CTHelper"="CTHELPER.EXE" [2006-12-12 19456] "CTxfiHlp"="CTXFIHLP.EXE" [2008-10-08 23552] "bacstray"="c:\program files\Broadcom\BACS\BacsTray.exe" [2007-01-14 124488] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2009-05-20 221184] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008] "NvMediaCenter"="NvMCTray.dll" [2007-09-17 81920] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-26 30192] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMIDI"="MIDIDEF.EXE" [2005-11-08 25600] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk.disabled [2007-9-27 986] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-10 24576] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2008-1-9 6922240] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2011-03-03 02:01 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\NewsBin\\nbpro.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Free Download Manager\\fdm.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamservice.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "57126:TCP"= 57126:TCP:PandoRest Listening Port "67:UDP"= 67:UDP:DHCP Discovery Service "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/9/2011 3:35 AM 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/30/2008 1:07 PM 353688] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/30/2008 1:07 PM 21256] R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [3/19/2012 9:09 PM 12184] R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 2:43 PM 204800] R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [1/9/2010 6:28 PM 91456] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 12:07 PM 35088] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/3/2011 4:44 PM 2214504] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [9/2/2011 1:31 AM 42648] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [9/2/2011 1:31 AM 12184] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 7:57 AM 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/10/2012 10:00 PM 250056] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2/5/2009 1:52 PM 79360] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/10/2007 3:35 PM 30192] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 7:57 AM 135664] S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [9/15/2007 11:51 AM 9312] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 vidcap;vidcap;c:\windows\system32\DRIVERS\vidcap.sys --> c:\windows\system32\DRIVERS\vidcap.sys [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 04:03] . 2012-07-19 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-02 16:21] . 2011-03-24 c:\windows\Tasks\DRIVER - ping pong log saver.job - c:\ping-pong\DRIVER - ping pong log saver.bat [2009-03-06 12:52] . 2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 12:57] . 2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 12:57] . 2011-06-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 207.243.120.10 207.243.120.20 209.55.24.10 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-19 12:53 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTHelper = CTHELPER.EXE? CTxfiHlp = CTXFIHLP.EXE? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3412740315-57191028-3237971591-1008\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(968) c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll . - - - - - - - > 'explorer.exe'(916) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Creative\Shared Files\CTAudSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\java.exe c:\windows\system32\nvsvc32.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\fxssvc.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\eHome\ehmsas.exe c:\windows\system32\RunDLL32.exe c:\program files\Motorola\MotoConnectService\MotoConnect.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE . ************************************************************************** . Completion time: 2012-07-19 12:58:22 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-19 17:58 . Pre-Run: 915,490,861,056 bytes free Post-Run: 915,844,882,432 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - 1B28B2F3673FE5A6C156D3A0F0C09BED

Link to post
Share on other sites

Thanks - there's at least one left, but you tried. :)

mbam log is still clean.

Questions-

Looks like I gained 354 MB (354021376) of disk space - from what? A few days of temp files aren't that big even if I'd been using the machine.

I looked under ((( Other Deletions ))) in the log.

I no longer have an Administrator account ?? If I try to change user, there's only one account there.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\GoToAssistDownloadHelper.exe

c:\documents and settings\Local Settings\Application Data\assembly\tmp

c:\documents and settings\\Recent\Thumbs.db

c:\documents and settings\\WINDOWS

C:\t.txt

C:\Thumbs.db

c:\windows\system32\BSTIEPrintCtl1.dll

c:\windows\system32\hplampc.1

c:\windows\system32\PowerToyReadme.htm

c:\windows\system32\SET94.tmp

c:\windows\system32\SET95.tmp

c:\windows\system32\SETCA.tmp

c:\windows\system32\SETD6.tmp

------------------------

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.19.10

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

(personal data removed):: JUMBEAUX [administrator]

7/19/2012 2:13:07 PM

mbam-log-2012-07-19 (14-13-07).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 238237

Time elapsed: 5 minute(s), 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

The Administrator account is suppose to be hidden but if you boot in Safe Mode, you should be able to login as Administrator.

We need to uninstall Combofix

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Here's my usual final post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Link to post
Share on other sites

Combofix uninstalled.

Thank you.

What's the diagnosis? Any clue what was there? Where did 354 M come from?

Looks fine to me.

The temp files and whatever combofix removed.

You're more than welcome.

Glad we were able to help

Peace be with you :wave:

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.