Jump to content

Possible Virus


Recommended Posts

Hello,

Last night when I closed internet explorer window hundreds of windows popped up. From what I could see they were of the same page though some said blank. I tried ctrl/alt/delete but nothing would work as the system locked up. I had to manually shut down. Things seem to be running a little slower now. I ran Malware bytes and Avast but nothing was found on either one. Any help would be appreciated.

Thanks!

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by LadyBoadicea at 17:19:49 on 2012-08-12

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.2001 [GMT -7:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\agrsmsvc.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\BisonCam\BisonTrayIcon.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [setDefaultMIDI] MIDIDef.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Aim6]

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [bisonTrayIcon] c:\windows\bisoncam\BisonTrayIcon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

mRun: [sPIRun] Rundll32 SPIRun.dll,RunDLLEntry

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: buildabearville.com\www

Trusted Zone: compass-usa.com\barms

Trusted Zone: compass-usa.com\gorms

Trusted Zone: gmail.com\www

Trusted Zone: go.com\disneyland.disney

Trusted Zone: google.com\mail

Trusted Zone: google.com\www

Trusted Zone: wageworks.com\employee

Trusted Zone: wageworks.com\www

Trusted Zone: yahoo.com\us.mc500.mail

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxps://barms.compass-usa.com/forms/jinitiator/jinit.exe

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-20 64160]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-4-23 24408]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-2 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-26 353688]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-26 21256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-16 44808]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-10 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-10 136176]

S3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [2007-10-11 733184]

S3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [2007-10-11 1656576]

S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2005-11-2 11596]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-08-10 08:43:32 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{dd2aea05-d182-4c84-9033-981807a2ba88}\mpengine.dll

2012-07-21 15:57:32 -------- d-----w- c:\documents and settings\ladyboadicea\local settings\application data\Help

.

==================== Find3M ====================

.

2012-07-29 06:04:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-29 06:04:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr

2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

.

============= FINISH: 17:20:45.68 ===============

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by LadyBoadicea at 17:19:49 on 2012-08-12

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.2001 [GMT -7:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\agrsmsvc.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\BisonCam\BisonTrayIcon.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [setDefaultMIDI] MIDIDef.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Aim6]

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [bisonTrayIcon] c:\windows\bisoncam\BisonTrayIcon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

mRun: [sPIRun] Rundll32 SPIRun.dll,RunDLLEntry

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: buildabearville.com\www

Trusted Zone: compass-usa.com\barms

Trusted Zone: compass-usa.com\gorms

Trusted Zone: gmail.com\www

Trusted Zone: go.com\disneyland.disney

Trusted Zone: google.com\mail

Trusted Zone: google.com\www

Trusted Zone: wageworks.com\employee

Trusted Zone: wageworks.com\www

Trusted Zone: yahoo.com\us.mc500.mail

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxps://barms.compass-usa.com/forms/jinitiator/jinit.exe

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-20 64160]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-4-23 24408]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-2 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-26 353688]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-26 21256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-16 44808]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-10 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-10 136176]

S3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [2007-10-11 733184]

S3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [2007-10-11 1656576]

S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2005-11-2 11596]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-08-10 08:43:32 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{dd2aea05-d182-4c84-9033-981807a2ba88}\mpengine.dll

2012-07-21 15:57:32 -------- d-----w- c:\documents and settings\ladyboadicea\local settings\application data\Help

.

==================== Find3M ====================

.

2012-07-29 06:04:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-29 06:04:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr

2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

.

============= FINISH: 17:20:45.68 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Hi There,

Thanks for your help :)

Here are my logs:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.13.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

LadyBoadicea :: OWNER-960A874C3 [administrator]

8/12/2012 9:47:46 PM

mbam-log-2012-08-12 (21-47-46).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204314

Time elapsed: 6 minute(s), 15 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ComboFix 12-08-10.02 - LadyBoadicea 08/12/2012 22:24:30.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1800 [GMT -7:00]

Running from: c:\documents and settings\LadyBoadicea\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\EventSystem.log

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\SET101.tmp

c:\windows\system32\SET3D5.tmp

c:\windows\system32\SET3D6.tmp

c:\windows\system32\SET3D7.tmp

c:\windows\system32\setb0.tmp

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_TDSSSERV.SYS

.

.

((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))

.

.

2012-08-10 08:43 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DD2AEA05-D182-4C84-9033-981807A2BA88}\mpengine.dll

2012-07-21 15:57 . 2012-07-21 15:57 -------- d-----w- c:\documents and settings\LadyBoadicea\Local Settings\Application Data\Help

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-29 06:04 . 2012-04-06 05:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-29 06:04 . 2011-06-23 07:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 20:46 . 2008-10-26 03:15 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 16:21 . 2008-01-12 00:47 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-07-03 16:21 . 2011-05-02 08:56 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21 . 2008-04-27 03:09 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-03 16:21 . 2008-04-27 03:09 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-03 16:21 . 2008-01-12 00:47 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-07-03 16:21 . 2008-01-12 00:47 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-07-03 16:21 . 2008-01-12 00:47 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-07-03 16:21 . 2008-01-12 00:47 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-07-03 16:21 . 2010-08-26 01:36 41224 ----a-w- c:\windows\avastSS.scr

2012-07-03 16:21 . 2008-01-12 00:47 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-06-29 08:44 . 2009-01-20 23:40 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-06-13 13:19 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2008-10-26 04:55 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 22:19 . 2007-05-09 01:25 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19 . 2007-05-09 01:25 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19 . 2007-05-09 01:17 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 22:19 . 2007-05-09 01:17 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 22:19 . 2007-05-09 01:17 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19 . 2007-05-09 01:25 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2007-05-09 01:25 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19 . 2007-05-09 01:17 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2007-05-09 01:17 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 22:19 . 2007-05-09 01:25 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 22:19 . 2007-05-09 01:17 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2007-05-09 01:17 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-05-31 19:25 . 2009-10-04 08:49 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264]

"SetDefaultMIDI"="MIDIDef.exe" [2005-04-22 73728]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-17 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-01-31 16116224]

"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]

"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-12 794714]

"BisonTrayIcon"="c:\windows\BisonCam\BisonTrayIcon.exe" [2005-10-07 40960]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-07 7700480]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]

"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-28 569413]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"NvMediaCenter"="NvMCTray.dll" [2007-03-07 86016]

"SPIRun"="SPIRun.dll" [2006-11-29 8704]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-14 39264]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2007-03-07 13:41 1622016 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.3.3.11723-to-3.3.5.12213-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/20/2009 11:25 AM 64160]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [4/23/2012 6:58 AM 24408]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/2/2011 1:56 AM 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/26/2008 8:09 PM 353688]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/26/2008 8:09 PM 21256]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/10/2011 1:05 AM 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/10/2011 1:05 AM 136176]

S3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [10/11/2007 1:40 PM 733184]

S3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [10/11/2007 1:40 PM 1656576]

S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [11/2/2005 10:54 AM 11596]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

.

2012-08-13 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-01 16:21]

.

2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-10 08:05]

.

2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-10 08:05]

.

2012-08-13 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: buildabearville.com\www

Trusted Zone: compass-usa.com\barms

Trusted Zone: compass-usa.com\gorms

Trusted Zone: gmail.com\www

Trusted Zone: go.com\disneyland.disney

Trusted Zone: google.com\mail

Trusted Zone: google.com\www

Trusted Zone: wageworks.com\employee

Trusted Zone: wageworks.com\www

Trusted Zone: yahoo.com\us.mc500.mail

TCP: DhcpNameServer = 192.168.1.1

DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxps://barms.compass-usa.com/forms/jinitiator/jinit.exe

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-Aim6 - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-12 22:29

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2732)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\RTHDCPL.EXE

c:\windows\AGRSMMSG.exe

c:\windows\system32\RunDLL32.exe

c:\windows\system32\Rundll32.exe

c:\windows\system32\rundll32.exe

c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

.

**************************************************************************

.

Completion time: 2012-08-12 22:32:38 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-13 05:32

.

Pre-Run: 339,085,946,880 bytes free

Post-Run: 340,394,905,600 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 6CA7D0013397109CE5768B738D37ADC6

ComboFix 12-08-10.02 - LadyBoadicea 08/12/2012 22:24:30.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1800 [GMT -7:00]

Running from: c:\documents and settings\LadyBoadicea\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\EventSystem.log

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\SET101.tmp

c:\windows\system32\SET3D5.tmp

c:\windows\system32\SET3D6.tmp

c:\windows\system32\SET3D7.tmp

c:\windows\system32\setb0.tmp

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_TDSSSERV.SYS

.

.

((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))

.

.

2012-08-10 08:43 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DD2AEA05-D182-4C84-9033-981807A2BA88}\mpengine.dll

2012-07-21 15:57 . 2012-07-21 15:57 -------- d-----w- c:\documents and settings\LadyBoadicea\Local Settings\Application Data\Help

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-29 06:04 . 2012-04-06 05:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-29 06:04 . 2011-06-23 07:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 20:46 . 2008-10-26 03:15 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 16:21 . 2008-01-12 00:47 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-07-03 16:21 . 2011-05-02 08:56 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21 . 2008-04-27 03:09 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-03 16:21 . 2008-04-27 03:09 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-03 16:21 . 2008-01-12 00:47 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-07-03 16:21 . 2008-01-12 00:47 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-07-03 16:21 . 2008-01-12 00:47 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-07-03 16:21 . 2008-01-12 00:47 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-07-03 16:21 . 2010-08-26 01:36 41224 ----a-w- c:\windows\avastSS.scr

2012-07-03 16:21 . 2008-01-12 00:47 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-06-29 08:44 . 2009-01-20 23:40 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-06-13 13:19 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2008-10-26 04:55 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 22:19 . 2007-05-09 01:25 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19 . 2007-05-09 01:25 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19 . 2007-05-09 01:17 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 22:19 . 2007-05-09 01:17 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 22:19 . 2007-05-09 01:17 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19 . 2007-05-09 01:25 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2007-05-09 01:25 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19 . 2007-05-09 01:17 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2007-05-09 01:17 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 22:19 . 2007-05-09 01:25 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 22:19 . 2007-05-09 01:17 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2007-05-09 01:17 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-05-31 19:25 . 2009-10-04 08:49 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264]

"SetDefaultMIDI"="MIDIDef.exe" [2005-04-22 73728]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-17 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-01-31 16116224]

"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]

"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-12 794714]

"BisonTrayIcon"="c:\windows\BisonCam\BisonTrayIcon.exe" [2005-10-07 40960]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-07 7700480]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]

"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-28 569413]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"NvMediaCenter"="NvMCTray.dll" [2007-03-07 86016]

"SPIRun"="SPIRun.dll" [2006-11-29 8704]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-14 39264]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2007-03-07 13:41 1622016 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.3.3.11723-to-3.3.5.12213-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/20/2009 11:25 AM 64160]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [4/23/2012 6:58 AM 24408]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/2/2011 1:56 AM 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/26/2008 8:09 PM 353688]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/26/2008 8:09 PM 21256]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/10/2011 1:05 AM 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/10/2011 1:05 AM 136176]

S3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [10/11/2007 1:40 PM 733184]

S3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [10/11/2007 1:40 PM 1656576]

S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [11/2/2005 10:54 AM 11596]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

.

2012-08-13 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-01 16:21]

.

2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-10 08:05]

.

2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-10 08:05]

.

2012-08-13 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: buildabearville.com\www

Trusted Zone: compass-usa.com\barms

Trusted Zone: compass-usa.com\gorms

Trusted Zone: gmail.com\www

Trusted Zone: go.com\disneyland.disney

Trusted Zone: google.com\mail

Trusted Zone: google.com\www

Trusted Zone: wageworks.com\employee

Trusted Zone: wageworks.com\www

Trusted Zone: yahoo.com\us.mc500.mail

TCP: DhcpNameServer = 192.168.1.1

DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxps://barms.compass-usa.com/forms/jinitiator/jinit.exe

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-Aim6 - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-12 22:29

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2732)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\RTHDCPL.EXE

c:\windows\AGRSMMSG.exe

c:\windows\system32\RunDLL32.exe

c:\windows\system32\Rundll32.exe

c:\windows\system32\rundll32.exe

c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

.

**************************************************************************

.

Completion time: 2012-08-12 22:32:38 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-13 05:32

.

Pre-Run: 339,085,946,880 bytes free

Post-Run: 340,394,905,600 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 6CA7D0013397109CE5768B738D37ADC6

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1/3/2002 2:33:54 PM

System Uptime: 8/12/2012 10:28:58 PM (0 hours ago)

.

Motherboard: alienware | | Area-51 m9750

Processor: Intel® Core2 CPU T7400 @ 2.16GHz | CPU 1 | 1318/167mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 373 GiB total, 317.052 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP524: 5/15/2012 10:44:46 PM - Software Distribution Service 3.0

RP525: 5/19/2012 4:50:43 PM - Software Distribution Service 3.0

RP526: 5/20/2012 6:57:32 PM - System Checkpoint

RP527: 5/21/2012 9:33:15 PM - Software Distribution Service 3.0

RP528: 5/22/2012 12:37:57 AM - Software Distribution Service 3.0

RP529: 5/22/2012 7:36:28 PM - Software Distribution Service 3.0

RP530: 5/24/2012 11:13:00 PM - System Checkpoint

RP531: 5/26/2012 10:59:04 AM - Software Distribution Service 3.0

RP532: 5/28/2012 11:40:55 PM - System Checkpoint

RP533: 5/29/2012 8:56:44 PM - Software Distribution Service 3.0

RP534: 5/30/2012 9:04:05 PM - System Checkpoint

RP535: 5/31/2012 9:08:13 PM - System Checkpoint

RP536: 6/1/2012 7:55:03 PM - Software Distribution Service 3.0

RP537: 6/3/2012 6:35:50 AM - System Checkpoint

RP538: 6/4/2012 7:27:44 PM - Software Distribution Service 3.0

RP539: 6/5/2012 7:04:51 PM - Software Distribution Service 3.0

RP540: 6/6/2012 8:58:40 PM - System Checkpoint

RP541: 6/7/2012 11:55:01 PM - Software Distribution Service 3.0

RP542: 6/9/2012 12:17:58 AM - System Checkpoint

RP543: 6/11/2012 6:18:37 PM - System Checkpoint

RP544: 6/12/2012 5:40:45 PM - Software Distribution Service 3.0

RP545: 6/12/2012 11:59:05 PM - Software Distribution Service 3.0

RP546: 6/14/2012 7:42:26 PM - System Checkpoint

RP547: 6/15/2012 8:11:25 PM - Software Distribution Service 3.0

RP548: 6/17/2012 3:38:21 AM - System Checkpoint

RP549: 6/19/2012 8:57:38 PM - Software Distribution Service 3.0

RP550: 6/21/2012 1:34:08 AM - System Checkpoint

RP551: 6/23/2012 12:38:47 AM - Software Distribution Service 3.0

RP552: 6/26/2012 3:27:33 AM - Software Distribution Service 3.0

RP553: 6/30/2012 12:36:58 AM - Software Distribution Service 3.0

RP554: 7/1/2012 4:54:17 PM - System Checkpoint

RP555: 7/11/2012 9:06:27 PM - Software Distribution Service 3.0

RP556: 7/11/2012 9:18:44 PM - Software Distribution Service 3.0

RP557: 7/12/2012 8:10:24 PM - Software Distribution Service 3.0

RP558: 7/14/2012 1:28:31 PM - Software Distribution Service 3.0

RP559: 7/16/2012 10:11:12 PM - System Checkpoint

RP560: 7/17/2012 2:19:16 AM - Software Distribution Service 3.0

RP561: 7/18/2012 9:11:08 PM - System Checkpoint

RP562: 7/20/2012 8:34:56 PM - Software Distribution Service 3.0

RP563: 7/22/2012 5:46:20 AM - System Checkpoint

RP564: 7/23/2012 9:40:09 PM - System Checkpoint

RP565: 7/25/2012 8:49:42 PM - Software Distribution Service 3.0

RP566: 7/27/2012 10:34:57 PM - Software Distribution Service 3.0

RP567: 7/29/2012 3:01:31 PM - System Checkpoint

RP568: 7/30/2012 9:25:24 PM - System Checkpoint

RP569: 7/31/2012 6:31:10 PM - Software Distribution Service 3.0

RP570: 8/2/2012 11:44:57 PM - Software Distribution Service 3.0

RP571: 8/4/2012 12:02:36 AM - System Checkpoint

RP572: 8/7/2012 10:24:06 PM - Software Distribution Service 3.0

RP573: 8/10/2012 1:43:28 AM - Software Distribution Service 3.0

RP574: 8/11/2012 2:41:27 AM - System Checkpoint

RP575: 8/12/2012 3:50:26 AM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Reader 8.1.3

Adobe Shockwave Player 11.5

Agere Systems HDA Modem

AIM 6

Amazon MP3 Downloader 1.0.5

Apple Software Update

avast! Free Antivirus

BisonCam

Canon Camera Access Library

Canon Camera Support Core Library

Canon Camera Window DC_DV 5 for ZoomBrowser EX

Canon Camera Window DC_DV 6 for ZoomBrowser EX

Canon Camera Window MC 6 for ZoomBrowser EX

Canon G.726 WMP-Decoder

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MovieEdit Task for ZoomBrowser EX

Canon MP Navigator EX 1.1

Canon MX850 series

Canon MX850 series User Registration

Canon My Printer

Canon RAW Image Task for ZoomBrowser EX

Canon RemoteCapture Task for ZoomBrowser EX

Canon Utilities EOS Utility

Canon Utilities PhotoStitch

Canon Utilities Solution Menu

Canon Utilities ZoomBrowser EX

CCleaner (remove only)

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® PROSet/Wireless Software

Java Auto Updater

Java 6 Update 3

Java 6 Update 32

Java 6 Update 5

Malwarebytes Anti-Malware version 1.62.0.1300

Marvell Miniport Driver

mCore

mDriver

mDrWiFi

mEoU

mHelp

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

mIWA

mLogView

mMHouse

Move Media Player

mPfMgr

mPfWiz

mProSafe

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

mWlsSafe

mXML

mZConfig

Nero 7 Essentials

NVIDIA Drivers

OpenOffice.org Installer 1.0

Oracle JInitiator 1.3.1.22

PowerDVD

QuickTime

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Synaptics Pointing Device Driver

Trillian

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB971930)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB982664)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Ventrilo Client

Ventrilo Server

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

WIDCOMM Bluetooth Software

Windows Defender

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows Search 4.0

Windows XP Service Pack 3

World of Warcraft

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

8/12/2012 5:19:23 PM, error: System Error [1003] - Error code 100000c5, parameter1 012c0dc0, parameter2 00000002, parameter3 00000000, parameter4 8054b0ba.

8/12/2012 10:27:19 AM, error: yukonwxp [101] - Driver has encountered an internal error

.

==== End Of File ===========================

Link to post
Share on other sites

Hello,

I thought I posted but my response has disappeared. Thanks for your help! Here are my logs:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.13.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

LadyBoadicea :: OWNER-960A874C3 [administrator]

8/12/2012 9:47:46 PM

mbam-log-2012-08-12 (21-47-46).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204314

Time elapsed: 6 minute(s), 15 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ComboFix 12-08-10.02 - LadyBoadicea 08/12/2012 22:24:30.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1800 [GMT -7:00]

Running from: c:\documents and settings\LadyBoadicea\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\EventSystem.log

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\SET101.tmp

c:\windows\system32\SET3D5.tmp

c:\windows\system32\SET3D6.tmp

c:\windows\system32\SET3D7.tmp

c:\windows\system32\setb0.tmp

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_TDSSSERV.SYS

.

.

((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))

.

.

2012-08-10 08:43 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DD2AEA05-D182-4C84-9033-981807A2BA88}\mpengine.dll

2012-07-21 15:57 . 2012-07-21 15:57 -------- d-----w- c:\documents and settings\LadyBoadicea\Local Settings\Application Data\Help

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-29 06:04 . 2012-04-06 05:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-29 06:04 . 2011-06-23 07:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 20:46 . 2008-10-26 03:15 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 16:21 . 2008-01-12 00:47 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-07-03 16:21 . 2011-05-02 08:56 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21 . 2008-04-27 03:09 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-03 16:21 . 2008-04-27 03:09 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-03 16:21 . 2008-01-12 00:47 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-07-03 16:21 . 2008-01-12 00:47 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-07-03 16:21 . 2008-01-12 00:47 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-07-03 16:21 . 2008-01-12 00:47 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-07-03 16:21 . 2010-08-26 01:36 41224 ----a-w- c:\windows\avastSS.scr

2012-07-03 16:21 . 2008-01-12 00:47 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-06-29 08:44 . 2009-01-20 23:40 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-06-13 13:19 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2008-10-26 04:55 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 22:19 . 2007-05-09 01:25 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19 . 2007-05-09 01:25 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19 . 2007-05-09 01:17 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 22:19 . 2007-05-09 01:17 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 22:19 . 2007-05-09 01:17 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19 . 2007-05-09 01:25 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2007-05-09 01:25 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19 . 2007-05-09 01:17 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2007-05-09 01:17 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 22:19 . 2007-05-09 01:25 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 22:19 . 2007-05-09 01:17 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2007-05-09 01:17 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-05-31 19:25 . 2009-10-04 08:49 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264]

"SetDefaultMIDI"="MIDIDef.exe" [2005-04-22 73728]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-17 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-01-31 16116224]

"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]

"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-12 794714]

"BisonTrayIcon"="c:\windows\BisonCam\BisonTrayIcon.exe" [2005-10-07 40960]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-07 7700480]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]

"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-28 569413]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"NvMediaCenter"="NvMCTray.dll" [2007-03-07 86016]

"SPIRun"="SPIRun.dll" [2006-11-29 8704]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-14 39264]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2007-03-07 13:41 1622016 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.3.3.11723-to-3.3.5.12213-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/20/2009 11:25 AM 64160]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [4/23/2012 6:58 AM 24408]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/2/2011 1:56 AM 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/26/2008 8:09 PM 353688]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/26/2008 8:09 PM 21256]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/10/2011 1:05 AM 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/10/2011 1:05 AM 136176]

S3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [10/11/2007 1:40 PM 733184]

S3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [10/11/2007 1:40 PM 1656576]

S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [11/2/2005 10:54 AM 11596]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

.

2012-08-13 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-01 16:21]

.

2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-10 08:05]

.

2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-10 08:05]

.

2012-08-13 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: buildabearville.com\www

Trusted Zone: compass-usa.com\barms

Trusted Zone: compass-usa.com\gorms

Trusted Zone: gmail.com\www

Trusted Zone: go.com\disneyland.disney

Trusted Zone: google.com\mail

Trusted Zone: google.com\www

Trusted Zone: wageworks.com\employee

Trusted Zone: wageworks.com\www

Trusted Zone: yahoo.com\us.mc500.mail

TCP: DhcpNameServer = 192.168.1.1

DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxps://barms.compass-usa.com/forms/jinitiator/jinit.exe

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-Aim6 - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-12 22:29

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2732)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\RTHDCPL.EXE

c:\windows\AGRSMMSG.exe

c:\windows\system32\RunDLL32.exe

c:\windows\system32\Rundll32.exe

c:\windows\system32\rundll32.exe

c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

.

**************************************************************************

.

Completion time: 2012-08-12 22:32:38 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-13 05:32

.

Pre-Run: 339,085,946,880 bytes free

Post-Run: 340,394,905,600 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 6CA7D0013397109CE5768B738D37ADC6

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by LadyBoadicea at 22:34:27 on 2012-08-12

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1992 [GMT -7:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\agrsmsvc.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\BisonCam\BisonTrayIcon.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [setDefaultMIDI] MIDIDef.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [bisonTrayIcon] c:\windows\bisoncam\BisonTrayIcon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

mRun: [sPIRun] Rundll32 SPIRun.dll,RunDLLEntry

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: buildabearville.com\www

Trusted Zone: compass-usa.com\barms

Trusted Zone: compass-usa.com\gorms

Trusted Zone: gmail.com\www

Trusted Zone: go.com\disneyland.disney

Trusted Zone: google.com\mail

Trusted Zone: google.com\www

Trusted Zone: wageworks.com\employee

Trusted Zone: wageworks.com\www

Trusted Zone: yahoo.com\us.mc500.mail

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxps://barms.compass-usa.com/forms/jinitiator/jinit.exe

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-20 64160]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-4-23 24408]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-2 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-26 353688]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-26 21256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-16 44808]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-10 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-10 136176]

S3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [2007-10-11 733184]

S3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [2007-10-11 1656576]

S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2005-11-2 11596]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-08-13 05:23:35 -------- d-sha-r- C:\cmdcons

2012-08-13 05:22:09 98816 ----a-w- c:\windows\sed.exe

2012-08-13 05:22:09 518144 ----a-w- c:\windows\SWREG.exe

2012-08-13 05:22:09 256000 ----a-w- c:\windows\PEV.exe

2012-08-13 05:22:09 208896 ----a-w- c:\windows\MBR.exe

2012-08-10 08:43:32 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{dd2aea05-d182-4c84-9033-981807a2ba88}\mpengine.dll

2012-07-21 15:57:32 -------- d-----w- c:\documents and settings\ladyboadicea\local settings\application data\Help

.

==================== Find3M ====================

.

2012-07-29 06:04:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-29 06:04:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr

2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

.

============= FINISH: 22:34:39.06 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1/3/2002 2:33:54 PM

System Uptime: 8/12/2012 10:28:58 PM (0 hours ago)

.

Motherboard: alienware | | Area-51 m9750

Processor: Intel® Core2 CPU T7400 @ 2.16GHz | CPU 1 | 1318/167mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 373 GiB total, 317.052 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP524: 5/15/2012 10:44:46 PM - Software Distribution Service 3.0

RP525: 5/19/2012 4:50:43 PM - Software Distribution Service 3.0

RP526: 5/20/2012 6:57:32 PM - System Checkpoint

RP527: 5/21/2012 9:33:15 PM - Software Distribution Service 3.0

RP528: 5/22/2012 12:37:57 AM - Software Distribution Service 3.0

RP529: 5/22/2012 7:36:28 PM - Software Distribution Service 3.0

RP530: 5/24/2012 11:13:00 PM - System Checkpoint

RP531: 5/26/2012 10:59:04 AM - Software Distribution Service 3.0

RP532: 5/28/2012 11:40:55 PM - System Checkpoint

RP533: 5/29/2012 8:56:44 PM - Software Distribution Service 3.0

RP534: 5/30/2012 9:04:05 PM - System Checkpoint

RP535: 5/31/2012 9:08:13 PM - System Checkpoint

RP536: 6/1/2012 7:55:03 PM - Software Distribution Service 3.0

RP537: 6/3/2012 6:35:50 AM - System Checkpoint

RP538: 6/4/2012 7:27:44 PM - Software Distribution Service 3.0

RP539: 6/5/2012 7:04:51 PM - Software Distribution Service 3.0

RP540: 6/6/2012 8:58:40 PM - System Checkpoint

RP541: 6/7/2012 11:55:01 PM - Software Distribution Service 3.0

RP542: 6/9/2012 12:17:58 AM - System Checkpoint

RP543: 6/11/2012 6:18:37 PM - System Checkpoint

RP544: 6/12/2012 5:40:45 PM - Software Distribution Service 3.0

RP545: 6/12/2012 11:59:05 PM - Software Distribution Service 3.0

RP546: 6/14/2012 7:42:26 PM - System Checkpoint

RP547: 6/15/2012 8:11:25 PM - Software Distribution Service 3.0

RP548: 6/17/2012 3:38:21 AM - System Checkpoint

RP549: 6/19/2012 8:57:38 PM - Software Distribution Service 3.0

RP550: 6/21/2012 1:34:08 AM - System Checkpoint

RP551: 6/23/2012 12:38:47 AM - Software Distribution Service 3.0

RP552: 6/26/2012 3:27:33 AM - Software Distribution Service 3.0

RP553: 6/30/2012 12:36:58 AM - Software Distribution Service 3.0

RP554: 7/1/2012 4:54:17 PM - System Checkpoint

RP555: 7/11/2012 9:06:27 PM - Software Distribution Service 3.0

RP556: 7/11/2012 9:18:44 PM - Software Distribution Service 3.0

RP557: 7/12/2012 8:10:24 PM - Software Distribution Service 3.0

RP558: 7/14/2012 1:28:31 PM - Software Distribution Service 3.0

RP559: 7/16/2012 10:11:12 PM - System Checkpoint

RP560: 7/17/2012 2:19:16 AM - Software Distribution Service 3.0

RP561: 7/18/2012 9:11:08 PM - System Checkpoint

RP562: 7/20/2012 8:34:56 PM - Software Distribution Service 3.0

RP563: 7/22/2012 5:46:20 AM - System Checkpoint

RP564: 7/23/2012 9:40:09 PM - System Checkpoint

RP565: 7/25/2012 8:49:42 PM - Software Distribution Service 3.0

RP566: 7/27/2012 10:34:57 PM - Software Distribution Service 3.0

RP567: 7/29/2012 3:01:31 PM - System Checkpoint

RP568: 7/30/2012 9:25:24 PM - System Checkpoint

RP569: 7/31/2012 6:31:10 PM - Software Distribution Service 3.0

RP570: 8/2/2012 11:44:57 PM - Software Distribution Service 3.0

RP571: 8/4/2012 12:02:36 AM - System Checkpoint

RP572: 8/7/2012 10:24:06 PM - Software Distribution Service 3.0

RP573: 8/10/2012 1:43:28 AM - Software Distribution Service 3.0

RP574: 8/11/2012 2:41:27 AM - System Checkpoint

RP575: 8/12/2012 3:50:26 AM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Reader 8.1.3

Adobe Shockwave Player 11.5

Agere Systems HDA Modem

AIM 6

Amazon MP3 Downloader 1.0.5

Apple Software Update

avast! Free Antivirus

BisonCam

Canon Camera Access Library

Canon Camera Support Core Library

Canon Camera Window DC_DV 5 for ZoomBrowser EX

Canon Camera Window DC_DV 6 for ZoomBrowser EX

Canon Camera Window MC 6 for ZoomBrowser EX

Canon G.726 WMP-Decoder

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MovieEdit Task for ZoomBrowser EX

Canon MP Navigator EX 1.1

Canon MX850 series

Canon MX850 series User Registration

Canon My Printer

Canon RAW Image Task for ZoomBrowser EX

Canon RemoteCapture Task for ZoomBrowser EX

Canon Utilities EOS Utility

Canon Utilities PhotoStitch

Canon Utilities Solution Menu

Canon Utilities ZoomBrowser EX

CCleaner (remove only)

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® PROSet/Wireless Software

Java Auto Updater

Java 6 Update 3

Java 6 Update 32

Java 6 Update 5

Malwarebytes Anti-Malware version 1.62.0.1300

Marvell Miniport Driver

mCore

mDriver

mDrWiFi

mEoU

mHelp

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

mIWA

mLogView

mMHouse

Move Media Player

mPfMgr

mPfWiz

mProSafe

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

mWlsSafe

mXML

mZConfig

Nero 7 Essentials

NVIDIA Drivers

OpenOffice.org Installer 1.0

Oracle JInitiator 1.3.1.22

PowerDVD

QuickTime

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Synaptics Pointing Device Driver

Trillian

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB971930)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB982664)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Ventrilo Client

Ventrilo Server

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

WIDCOMM Bluetooth Software

Windows Defender

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows Search 4.0

Windows XP Service Pack 3

World of Warcraft

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

8/12/2012 5:19:23 PM, error: System Error [1003] - Error code 100000c5, parameter1 012c0dc0, parameter2 00000002, parameter3 00000000, parameter4 8054b0ba.

8/12/2012 10:27:19 AM, error: yukonwxp [101] - Driver has encountered an internal error

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi,

I suggest uninstalling Yahoo! Toolbar

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

I deleted Yahoo! Toolbar. Here are my logs:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=3dce159cbeceb54889cdc7e9b7e42968

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-16 04:58:46

# local_time=2012-08-15 09:58:46 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=770 16774141 100 95 2102741 120879171 0 0

# compatibility_mode=1024 16777215 100 0 0 0 0 0

# compatibility_mode=6143 16777215 0 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=67842

# found=1

# cleaned=1

# scan_time=2226

C:\WINDOWS\system32\OEM\OSCust\ResetAvatar.exe probably a variant of Win32/TrojanDownloader.Agent.BNLZKLH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Results of screen317's Security Check version 0.99.44

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Windows Defender

Malwarebytes Anti-Malware version 1.62.0.1300

CCleaner (remove only)

Java 6 Update 32

Java 6 Update 3

Java 6 Update 5

Java version out of Date!

Adobe Reader 8 Adobe Reader out of Date!

Google Chrome 21.0.1180.75

Google Chrome 21.0.1180.79

Google Chrome VisualElementsManifest.xml..

````````Process Check: objlist.exe by Laurent````````

Windows Defender MSMpEng.exe

Windows Defender MsMpEng.exe

Alwil Software Avast5 AvastSvc.exe

Alwil Software Avast5 avastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 35% Defragment your hard drive soon!

````````````````````End of Log``````````````````````

Things seem to be running fine. I have not noticed any delays and I have not had the hundreds of windows opening again. Did I have a virus?

Thanks again!

Link to post
Share on other sites

  • Staff

There appears to have been malware present, but we have removed it. :)

Run TFC by OldTimer to clear temporary files:

  • Open TFC.exe if you already have it. If not, please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java™ 6 Update 32

Java™ 6 Update 3

Java™ 6 Update 5

Adobe Reader 8

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

Let me know what issues remain.

Defragmenting is a must. It's one of the large reasons for system slowdowns. I use Defraggler to defragment. It is free to download and you can use it forever. I recommend installing it and defragmenting as soon as possible.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.