TechSpot

New computer with random internet usages

By Chronus
Nov 15, 2011
  1. Hey, I recently purchased a used computer without a hard drive. Bought a new hard drive for it, and its been working pretty well.


    However, I've noticed that at odd times, the computer starts to use the internet heavily. It happens when I've not been on the computer for a time and is in use before i start using the computer. It will also stay in use after I've closed everything that is using the internet, (games browser and such)

    If I tell my wireless connection to repair, then the internet usage stops, and then behaves like normal after the repair is finished.

    I'm not sure whats causing it, Possibly random updates, or hopefully not; something on my computer in less then a month.


    Malwarebytes' Anti-Malware 1.51.2.1300

    www.malwarebytes.org

    Database version: 8168

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/15/2011 12:04:17 PM
    mbam-log-2011-11-15 (12-04-17).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 230437
    Time elapsed: 36 minute(s), 21 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-11-15 12:14:50
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 WDC_WD5000AADS-00M2B0 rev.01.00A01
    Running: gkiduogi.exe; Driver: C:\DOCUME~1\Kevin\LOCALS~1\Temp\pxtdqpog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAD0C2D5A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAD0C2BC5]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAD1429A6]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----


    DDS
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
    Run by Kevin at 12:17:10 on 2011-11-15
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2031.1338 [GMT -5:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Intel\AMT\atchksrv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Pando Networks\Media Booster\PMB.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    c:\WINDOWS\system32\IFXSPMGT.exe
    c:\WINDOWS\system32\IFXTCS.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Intel\AMT\LMS.exe
    c:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    c:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uWindow Title = Windows Internet Explorer provided by MSN & Bing
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [SetRefresh] c:\program files\compaq\setrefresh\\SetRefresh.exe
    mRun: [AutoCADMaxDriver] c:\program files\amd\fireproacad\atifglcp.exe /i
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
    mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\kevin\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: IfxWlxEN - IfxWlxEN.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\kevin\application data\mozilla\firefox\profiles\mzbfukih.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-22 442200]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-22 320856]
    R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2006-4-7 31104]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-22 20568]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-22 44768]
    R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\brcmmgmtagent.exe -service --> c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe -service [?]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-4-25 36608]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-10-21 23456]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-7-8 606056]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-8-29 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-11-15 16:26:21 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-15 16:25:06 -------- d-----w- c:\documents and settings\kevin\application data\Malwarebytes
    2011-11-15 16:24:59 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-11-15 15:22:56 -------- d-----w- c:\program files\Trend Micro
    2011-11-11 23:03:25 -------- d-----w- c:\documents and settings\kevin\application data\Windows Search
    2011-11-10 17:52:59 -------- d-----r- c:\program files\Skype
    2011-11-10 14:49:26 -------- d-----w- c:\documents and settings\kevin\application data\.minecraft
    2011-11-09 08:02:05 -------- d-----w- c:\program files\MSXML 4.0
    2011-11-09 00:07:27 -------- d-----w- c:\documents and settings\kevin\local settings\application data\TricksAndTreats
    2011-11-09 00:07:27 -------- d-----w- c:\documents and settings\kevin\GNUstep
    2011-11-08 16:03:49 -------- d-----w- c:\documents and settings\kevin\local settings\application data\The Witcher
    2011-11-08 14:45:54 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
    2011-11-08 14:45:54 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
    2011-11-08 14:30:33 -------- d-----w- c:\program files\The Witcher Enhanced Edition
    2011-11-08 12:50:04 -------- d-----w- c:\documents and settings\kevin\application data\Infineon
    2011-11-08 12:50:04 -------- d-----w- c:\documents and settings\all users\application data\Infineon
    2011-11-08 12:49:53 -------- d-----w- c:\program files\ProtectTools
    2011-11-08 12:49:30 -------- d-----w- c:\program files\HPQ
    2011-11-08 12:49:23 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
    2011-11-08 12:49:23 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
    2011-11-08 12:49:23 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
    2011-11-08 12:49:23 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
    2011-11-08 12:49:22 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
    2011-11-08 12:49:22 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
    2011-11-08 12:49:22 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
    2011-11-08 12:41:51 372736 ----a-w- c:\windows\system32\mesoludlg.exe
    2011-11-06 01:32:56 -------- d-----w- c:\program files\Firefly Studios
    2011-11-05 01:33:44 -------- d-----w- C:\games
    2011-11-05 01:31:48 -------- d-----w- c:\documents and settings\kevin\local settings\application data\Temp
    2011-11-04 12:16:12 -------- d-----w- c:\program files\StarCraft
    2011-11-04 01:58:25 -------- d-----w- c:\program files\StarCraft II
    2011-11-03 17:49:56 -------- d-----w- c:\documents and settings\kevin\riotsGamesLogs
    2011-11-03 03:11:41 -------- d-----w- c:\windows\system32\Adobe
    2011-11-03 01:52:45 -------- d-----w- c:\documents and settings\kevin\local settings\application data\Adobe
    2011-11-02 14:35:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-11-02 14:35:15 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2011-11-02 14:35:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-02 14:32:49 -------- d-----w- c:\documents and settings\kevin\application data\LolClient
    2011-11-01 23:46:12 -------- d-----w- c:\program files\World of Warcraft
    2011-11-01 22:33:36 -------- d-----w- c:\program files\Belkin
    2011-11-01 22:33:12 -------- d-----w- c:\windows\{7EBEACC7-A0C9-4DA4-9A63-3DC7D244B051}
    2011-10-24 11:33:29 -------- d-----w- c:\documents and settings\kevin\local settings\application data\ATI
    2011-10-24 11:32:35 0 ----a-w- c:\windows\ativpsrm.bin
    2011-10-24 11:24:12 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
    2011-10-24 11:24:12 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
    2011-10-24 11:24:12 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
    2011-10-24 11:24:11 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
    2011-10-24 11:24:11 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
    2011-10-24 11:24:11 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
    2011-10-24 11:24:11 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
    2011-10-24 11:24:11 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
    2011-10-24 11:22:49 77824 ------w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
    2011-10-24 11:22:49 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
    2011-10-24 11:22:49 221184 ------w- c:\program files\common files\installshield\iscript\IScript.dll
    2011-10-24 11:22:49 221184 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
    2011-10-24 11:22:13 -------- d-----w- C:\ATI
    2011-10-24 11:11:22 -------- d-----w- c:\documents and settings\all users\application data\Driver Tool
    2011-10-24 11:06:51 -------- d-----w- c:\program files\AMD
    2011-10-24 10:53:24 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
    2011-10-24 10:49:34 40960 ----a-r- c:\documents and settings\kevin\application data\microsoft\installer\{f5242227-2051-4158-ac42-0f2baa3cd3d6}\New_Shortcut_S1425_ADB54615A0E240F89C5EFD8513472ED3.exe
    2011-10-24 10:49:34 -------- d-----w- c:\program files\COMPAQ
    2011-10-24 03:35:18 -------- d-----w- c:\documents and settings\kevin\local settings\application data\PMB Files
    2011-10-24 03:35:14 -------- d-----w- c:\documents and settings\all users\application data\PMB Files
    2011-10-24 03:35:01 -------- d-----w- c:\program files\Pando Networks
    2011-10-24 01:32:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-23 22:02:33 274288 ----a-w- c:\windows\system32\mucltui.dll
    2011-10-23 22:02:33 215920 ----a-w- c:\windows\system32\muweb.dll
    2011-10-23 22:02:33 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
    2011-10-23 03:32:24 -------- d-----w- c:\documents and settings\kevin\local settings\application data\Mozilla
    2011-10-23 03:28:11 -------- d-----w- c:\documents and settings\all users\Microsoft
    2011-10-23 03:25:28 -------- d-----w- c:\program files\Microsoft Analysis Services
    2011-10-23 03:25:09 -------- d-----w- c:\documents and settings\kevin\local settings\application data\Microsoft Help
    2011-10-23 02:56:59 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
    2011-10-23 02:55:59 -------- d-----w- c:\windows\Logs
    2011-10-23 02:07:41 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-10-23 02:07:23 41184 ----a-w- c:\windows\avastSS.scr
    2011-10-23 02:07:12 -------- d-----w- c:\program files\AVAST Software
    2011-10-23 02:07:12 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2011-10-23 01:59:37 -------- d-----w- c:\program files\common files\Steam
    2011-10-23 01:59:36 -------- d-----w- c:\program files\Steam
    2011-10-23 01:22:38 -------- d-----w- c:\documents and settings\kevin\application data\WildTangent
    2011-10-23 01:22:38 -------- d-----w- c:\documents and settings\kevin\application data\SUPERAntiSpyware.com
    2011-10-23 01:22:36 -------- d-----w- c:\documents and settings\kevin\application data\dingogames
    2011-10-23 01:15:30 -------- d-----w- c:\documents and settings\kevin\usrusmt2.tmp
    2011-10-23 01:15:26 -------- d-----w- c:\windows\ShellNew
    2011-10-23 01:12:51 -------- d-----w- c:\documents and settings\all users\application data\Alwil Software
    2011-10-23 01:12:51 -------- d-----w- C:\DELL
    2011-10-23 01:12:51 -------- d-----w- C:\cmdcons
    2011-10-23 01:08:25 -------- d-----w- C:\Backup
    2011-10-23 00:19:35 -------- d-----w- c:\documents and settings\kevin\local settings\application data\ApplicationHistory
    2011-10-22 23:26:00 -------- d-----w- c:\windows\system32\winrm
    2011-10-22 23:25:56 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2011-10-22 21:38:06 -------- d-----w- c:\windows\system32\XPSViewer
    2011-10-22 21:37:48 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2011-10-22 21:37:34 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-10-22 21:37:34 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-10-22 21:37:34 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-10-22 21:37:34 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-10-22 21:37:34 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2011-10-22 21:37:34 117760 ------w- c:\windows\system32\prntvpt.dll
    2011-10-22 21:37:33 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-10-22 21:37:33 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2011-10-22 21:37:33 -------- d-----w- C:\3a89731baf5261df75dafa
    2011-10-22 21:25:19 -------- d-----w- c:\windows\system32\Lang
    2011-10-22 16:11:23 -------- d-----w- c:\documents and settings\kevin\local settings\application data\Identities
    2011-10-22 16:11:22 -------- d-----w- c:\documents and settings\kevin\application data\Windows Desktop Search
    2011-10-22 16:11:06 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-10-22 16:11:06 -------- d-----w- c:\program files\Windows Desktop Search
    2011-10-22 16:10:30 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
    2011-10-22 16:10:30 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
    2011-10-22 16:10:30 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
    2011-10-22 16:10:14 -------- d-----w- c:\program files\Windows Media Connect 2
    2011-10-22 16:09:29 -------- d-----w- c:\windows\system32\LogFiles
    2011-10-22 16:08:33 -------- d-----w- c:\windows\system32\URTTEMP
    2011-10-22 16:03:57 -------- d-----w- c:\windows\system32\RTCOM
    2011-10-22 16:03:56 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
    2011-10-22 16:03:56 4096 ----a-w- c:\windows\system32\ksuser.dll
    2011-10-22 16:03:56 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
    2011-10-22 16:03:56 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
    2011-10-22 16:03:55 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys
    2011-10-22 16:03:55 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
    2011-10-22 16:03:55 129536 ----a-w- c:\windows\system32\ksproxy.ax
    2011-10-22 15:44:59 -------- d-----w- C:\4abb1913f06369ed5a4e56
    2011-10-22 15:41:31 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-10-22 15:41:24 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-10-22 15:40:54 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-10-22 15:40:53 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-10-22 15:40:34 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-10-22 15:40:27 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-10-22 15:40:10 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-10-22 15:40:02 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-10-22 15:40:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-10-22 15:40:01 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2011-10-22 15:39:40 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
    2011-10-22 15:38:38 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2011-10-22 15:38:34 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2011-10-22 15:34:03 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-10-22 15:33:52 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2011-10-22 15:33:52 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2011-10-22 15:33:52 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2011-10-22 15:33:52 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
    2011-10-22 15:33:52 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2011-10-22 15:33:52 110592 -c----w- c:\windows\system32\dllcache\services.exe
    2011-10-22 15:33:51 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2011-10-22 15:33:15 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
    2011-10-22 15:32:46 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2011-10-22 15:32:33 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2011-10-22 15:32:32 692736 -c----w- c:\windows\system32\dllcache\inetcomm.dll
    2011-10-22 15:32:09 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
    2011-10-22 15:32:09 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2011-10-22 15:32:09 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2011-10-22 15:32:08 2069376 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2011-10-22 15:32:08 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2011-10-22 15:32:05 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2011-10-22 15:32:04 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    2011-10-22 15:31:05 -------- d-sh--w- c:\documents and settings\kevin\PrivacIE
    2011-10-22 15:30:56 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-10-22 15:30:53 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
    2011-10-22 15:30:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-10-22 15:28:12 -------- d-sh--w- c:\documents and settings\kevin\IETldCache
    2011-10-22 15:25:51 -------- d-----w- c:\windows\ie8updates
    2011-10-22 15:24:41 -------- dc-h--w- c:\windows\ie8
    2011-10-22 15:22:55 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2011-10-22 15:22:52 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-10-22 15:22:52 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-10-22 15:22:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-10-22 15:22:51 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-10-22 15:22:51 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-10-22 15:22:51 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-10-22 15:22:48 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2011-10-22 15:14:42 -------- d-----w- c:\windows\system32\PreInstall
    2011-10-22 15:14:41 -------- d--h--w- c:\windows\$hf_mig$
    2011-10-22 15:10:22 -------- d-----w- c:\windows\system32\SoftwareDistribution
    2011-10-22 15:09:36 -------- d-----w- c:\windows\system32\wbem\AutoRecover
    2011-10-22 15:05:53 -------- d-----w- c:\windows\ServicePackFiles
    2011-10-22 15:04:20 -------- d-----w- c:\windows\EHome
    2011-10-22 14:51:32 -------- d-sh--w- c:\documents and settings\kevin\UserData
    2011-10-21 11:41:14 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
    2011-10-21 11:41:14 -------- d-----w- c:\documents and settings\kevin\local settings\application data\eSupport.com
    2011-10-21 11:34:24 89088 ----a-w- c:\windows\system32\Baspxp32.dll
    2011-10-21 11:34:22 -------- d-----w- c:\program files\Broadcom
    2011-10-21 11:34:19 -------- d-----w- c:\windows\Downloaded Installations
    2011-10-21 11:32:40 44416 ----a-w- c:\windows\system32\drivers\HECI.sys
    2011-10-21 11:32:39 364544 ----a-w- c:\windows\system32\heciudlg.exe
    2011-10-21 11:32:39 312320 ----a-w- c:\windows\system32\difxapi.dll
    2011-10-21 11:32:35 -------- d-----w- C:\Intel
    2011-10-21 11:14:34 64000 ------w- c:\windows\system32\agrsmdel.exe
    2011-10-21 11:14:34 13824 ------w- c:\windows\system32\agrscoin.dll
    2011-10-21 11:14:31 -------- d-----w- c:\windows\Options
    2011-10-21 11:14:29 -------- d-----w- C:\SWSetup
    2011-10-21 05:44:53 -------- d-s---w- c:\windows\system32\Microsoft
    2011-10-21 04:29:37 1778688 ----a-w- c:\documents and settings\all users\application data\microsoft\usmt\iconlib.dll
    .
    ==================== Find3M ====================
    .
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 17:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec
    .
    ============= FINISH: 12:18:16.17 ===============




    ATTACH

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/20/2011 11:55:23 PM
    System Uptime: 11/15/2011 10:09:06 AM (2 hours ago)
    .
    Motherboard: Hewlett-Packard | | 0A54h
    Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | XU1 PROCESSOR | 1862/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 361.16 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Belkin USB Wireless Adaptor
    Device ID: USB\VID_050D&PID_945A\00E04C000001
    Manufacturer: Belkin International, Inc.
    Name: Belkin USB Wireless Adaptor
    PNP Device ID: USB\VID_050D&PID_945A\00E04C000001
    Service: RTL8192su
    .
    Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
    Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&696F438&0
    Manufacturer: (Standard keyboards)
    Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&696F438&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP1: 10/21/2011 12:07:00 AM - System Checkpoint
    RP2: 10/22/2011 12:40:08 AM - System Checkpoint
    RP3: 10/22/2011 10:49:26 AM - Windows Product Key Update Tool
    RP4: 10/22/2011 11:05:13 AM - Installed Windows XP Service Pack 3.
    RP5: 10/22/2011 11:14:31 AM - Software Distribution Service 3.0
    RP6: 10/22/2011 11:23:40 AM - Software Distribution Service 3.0
    RP7: 10/22/2011 11:25:28 AM - Installed Windows Internet Explorer 8.
    RP8: 10/22/2011 11:25:49 AM - Software Distribution Service 3.0
    RP9: 10/22/2011 11:44:58 AM - Software Distribution Service 3.0
    RP10: 10/22/2011 11:52:12 AM - Software Distribution Service 3.0
    RP11: 10/22/2011 12:03:06 PM - Installed Windows XP WgaNotify.
    RP12: 10/22/2011 12:08:20 PM - Software Distribution Service 3.0
    RP13: 10/22/2011 5:28:53 PM - Software Distribution Service 3.0
    RP14: 10/22/2011 7:22:52 PM - Software Distribution Service 3.0
    RP15: 10/22/2011 7:34:33 PM - Software Distribution Service 3.0
    RP16: 10/22/2011 8:17:15 PM - Software Distribution Service 3.0
    RP17: 10/22/2011 8:57:01 PM - Software Distribution Service 3.0
    RP18: 10/22/2011 9:59:35 PM - Installed Steam
    RP19: 10/22/2011 10:07:12 PM - avast! Free Antivirus Setup
    RP20: 10/22/2011 10:55:53 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    RP21: 10/22/2011 10:56:03 PM - Installed DirectX
    RP22: 10/22/2011 11:24:46 PM - Installed Microsoft Office Home and Student 2010
    RP23: 10/22/2011 11:31:04 PM - Printer Driver Send To Microsoft OneNote 2010 Driver Installed
    RP24: 10/24/2011 12:03:21 AM - System Checkpoint
    RP25: 10/24/2011 2:51:42 AM - Installed League of Legends
    RP26: 10/24/2011 6:49:32 AM - Installed HP SetRefresh
    RP27: 10/24/2011 7:06:50 AM - Installed AutoCAD Performance Plug-in
    RP28: 10/24/2011 7:10:27 AM - Installed Driver Tool.
    RP29: 10/24/2011 7:21:02 AM - Removed Driver Tool.
    RP30: 10/24/2011 7:24:16 AM - Installed ATI Catalyst Control Center
    RP31: 10/24/2011 7:25:41 AM - Installed HydraVision
    RP32: 10/24/2011 7:30:20 AM - Installed DirectX
    RP33: 10/24/2011 9:30:52 AM - Software Distribution Service 3.0
    RP34: 11/1/2011 3:54:57 PM - System Checkpoint
    RP35: 11/1/2011 6:33:32 PM - Installed Belkin USB Wireless Adaptor
    RP36: 11/2/2011 5:00:20 AM - Software Distribution Service 3.0
    RP37: 11/2/2011 10:34:31 AM - Installed Java(TM) 6 Update 29
    RP38: 11/2/2011 11:10:48 PM - Installed Adobe Reader X (10.1.1).
    RP39: 11/3/2011 11:37:40 PM - System Checkpoint
    RP40: 11/4/2011 11:43:28 PM - System Checkpoint
    RP41: 11/5/2011 9:32:53 PM - Installed Stronghold Crusader Extreme
    RP42: 11/6/2011 8:51:35 PM - System Checkpoint
    RP43: 11/8/2011 7:49:30 AM - Installed HP ProtectTools Security Manager
    RP44: 11/8/2011 9:31:01 AM - Installed The Witcher Enhanced Edition
    RP45: 11/8/2011 9:44:24 AM - Installed DirectX
    RP46: 11/8/2011 9:45:44 AM - Installed Microsoft Visual C++ 2005 Redistributable
    RP47: 11/9/2011 3:00:43 AM - Software Distribution Service 3.0
    RP48: 11/10/2011 3:25:15 AM - System Checkpoint
    RP49: 11/11/2011 3:00:13 AM - Software Distribution Service 3.0
    RP50: 11/11/2011 6:24:43 PM - Software Distribution Service 3.0
    RP51: 11/12/2011 7:01:32 PM - System Checkpoint
    RP52: 11/13/2011 7:58:58 PM - System Checkpoint
    RP53: 11/14/2011 8:58:57 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.1)
    Adobe Shockwave Player 11.6
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    AutoCAD Performance Plug-in
    avast! Free Antivirus
    Belkin USB Wireless Adaptor
    Broadcom Management Programs
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center HydraVision Full
    Catalyst Control Center Localization All
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DriverAgent by eSupport.com
    Half-Life 2
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    HP Embedded Security for ProtectTools
    HP ProtectTools Security Manager 2.00 D3
    HP SetRefresh
    HydraVision
    Intel(R) Active Management Technology LMS Service and SOL Driver
    Intel(R) Management Engine Interface
    Intel(R) PRO Network Connections
    Java Auto Updater
    Java(TM) 6 Update 29
    League of Legends
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Software Update for Web Folders (English) 14
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 8.0 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Orcs Must Die!
    Pando Media Booster
    Realtek High Definition Audio Driver
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Excel 2010 (KB2553070)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Skins
    Skype™ 5.5
    StarCraft
    StarCraft II
    Steam
    Stronghold Crusader Extreme
    swMSM
    The Witcher Enhanced Edition
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VLC media player 1.1.11
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Service Pack 3
    WinRAR 4.01 (32-bit)
    World of Warcraft
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/9/2011 3:03:34 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
    11/9/2011 3:03:34 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/9/2011 3:03:34 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/8/2011 9:40:54 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
    11/8/2011 9:40:54 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\MFC80U.DLL. Reference error message: The operation completed successfully. .
    11/8/2011 9:40:54 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================================================

    Is your router secured?

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. Chronus

    Chronus TS Enthusiast Topic Starter Posts: 118

    Yes, the wireless here in this house (Recently moved) is not password protected. And I could not figure out how to do so. After having remembered the IPConfig to find out the proper gateway, it was 10.0.0.1 instead of the 192.168.0.1 that i'm used to seeing.

    Still not sure how to set up the password, and I have permission to do so if you could instruct me in what to do.

    Airlink101; 300n Wireless.




    aswMBR
    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-16 08:11:42
    -----------------------------
    08:11:42.234 OS Version: Windows 5.1.2600 Service Pack 3
    08:11:42.234 Number of processors: 2 586 0xF06
    08:11:42.234 ComputerName: KEV1 UserName:
    08:11:43.406 Initialize success
    08:11:43.531 AVAST engine defs: 11111600
    08:12:41.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
    08:12:41.000 Disk 0 Vendor: WDC_WD5000AADS-00M2B0 01.00A01 Size: 476940MB BusType: 3
    08:12:43.015 Disk 0 MBR read successfully
    08:12:43.015 Disk 0 MBR scan
    08:12:43.015 Disk 0 Windows XP default MBR code
    08:12:43.031 Disk 0 scanning sectors +976752000
    08:12:43.078 Disk 0 scanning C:\WINDOWS\system32\drivers
    08:12:49.453 Service scanning
    08:12:51.484 Modules scanning
    08:12:54.421 Disk 0 trace - called modules:
    08:12:54.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    08:12:54.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89db3ab8]
    08:12:54.437 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000065[0x89deb9e8]
    08:12:54.437 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-12[0x89e29d98]
    08:12:55.281 AVAST engine scan C:\WINDOWS
    08:13:04.859 AVAST engine scan C:\WINDOWS\system32
    08:14:19.687 AVAST engine scan C:\WINDOWS\system32\drivers
    08:14:38.546 AVAST engine scan C:\Documents and Settings\Kevin
    08:21:48.953 AVAST engine scan C:\Documents and Settings\All Users
    08:22:59.953 Scan finished successfully
    08:23:11.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kevin\My Documents\MBR.dat"
    08:23:11.546 The log file has been saved successfully to "C:\Documents and Settings\Kevin\My Documents\aswMBR.txt"
    08:24:19.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kevin\Desktop\MBR.dat"
    08:24:19.359 The log file has been saved successfully to "C:\Documents and Settings\Kevin\Desktop\aswMBR.txt"


    Combo Log
    ComboFix 11-11-15.06 - Kevin 11/16/2011 8:33.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2031.1280 [GMT -5:00]
    Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Kevin\Local Settings\Application Data\FASTWiz.log
    c:\windows\system32\xactengine3_6.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-05 01:33 . 2011-11-09 01:08 -------- d-----w- C:\games
    2011-10-24 11:22 . 2011-10-24 11:22 -------- d-----w- C:\ATI
    2011-10-23 01:14 . 2011-10-23 01:24 -------- d-----w- C:\support
    2011-10-23 01:14 . 2011-10-23 01:24 -------- d-----w- C:\spoolerlogs
    2011-10-23 01:14 . 2011-10-23 01:14 -------- d-----w- C:\ubuntu
    2011-10-23 01:14 . 2011-10-23 01:14 -------- d-----w- C:\Riot Games
    2011-10-23 01:13 . 2011-10-23 01:23 -------- d-----w- C:\PCOMP5
    2011-10-23 01:13 . 2011-10-23 01:13 -------- d-----r- C:\MSOCache
    2011-10-23 01:12 . 2011-10-23 01:12 -------- d-----w- C:\DELL
    2011-10-23 01:08 . 2011-10-23 01:10 -------- d-----w- C:\Backup
    2011-10-22 21:37 . 2011-10-22 21:37 -------- d-----w- C:\3a89731baf5261df75dafa
    2011-10-22 15:44 . 2011-10-22 15:45 -------- d-----w- C:\4abb1913f06369ed5a4e56
    2011-10-21 11:32 . 2011-10-21 11:32 -------- d-----w- C:\Intel
    2011-10-21 11:14 . 2011-11-08 12:49 -------- d-----w- C:\SWSetup
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-28 07:06 . 2002-08-29 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 17:41 . 2010-03-18 16:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 17:41 . 2002-08-29 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 17:41 . 2002-08-29 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-06 13:20 . 2002-08-29 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-22 23:48 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48 . 2002-08-29 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48 . 2002-08-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-10 16:18 . 2011-10-23 02:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files\Steam\Steam.exe" [2011-10-23 1242448]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-24 3077528]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19550344]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
    "SetRefresh"="c:\program files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 525824]
    "AutoCADMaxDriver"="c:\program files\AMD\FireProACAD\atifglcp.exe" [2011-03-17 33792]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-07 61440]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-01-10 404288]
    "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
    .
    c:\documents and settings\Kevin\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
    2006-04-07 09:00 434176 ----a-w- c:\windows\system32\IfxWlxEN.dll
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "c:\\Program Files\\World of Warcraft\\Repair.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
    "c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
    "c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold_Crusader_Extreme.exe"=
    "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\orcs must die!\\Build\\release\\OrcsMustDie.exe"=
    "c:\\Documents and Settings\\Kevin\\Desktop\\Games\\Minecraft.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "56768:TCP"= 56768:TCP:pando Media Booster
    "56768:UDP"= 56768:UDP:pando Media Booster
    "56780:TCP"= 56780:TCP:pando Media Booster
    "56780:UDP"= 56780:UDP:pando Media Booster
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    "6112:TCP"= 6112:TCP:Blizzard Downloader
    "6112:UDP"= 6112:UDP:Starcraft
    "59122:TCP"= 59122:TCP:pando Media Booster
    "59122:UDP"= 59122:UDP:pando Media Booster
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/22/2011 9:07 PM 442200]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/22/2011 9:07 PM 320856]
    R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [4/7/2006 4:46 AM 31104]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/22/2011 9:07 PM 20568]
    R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -service --> c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -service [?]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/25/2006 4:26 PM 36608]
    R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [7/8/2010 4:09 PM 606056]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
    S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [10/21/2011 6:41 AM 23456]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/29/2002 7:00 AM 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - BASFND
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 10.0.0.1
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\mzbfukih.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-16 08:50
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    C:\## aswSnx private storage
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(892)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\IfxWlxEN.dll
    .
    Completion time: 2011-11-16 08:58:35
    ComboFix-quarantined-files.txt 2011-11-16 13:58
    .
    Pre-Run: 387,165,954,048 bytes free
    Post-Run: 387,422,560,256 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - 359DFD6DE83B27E7711A6F1C1B82B64B
     
  4. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    You have to absolutely secure your router.
    Your logs look clean, so most likely someone is stealing your internet connection.
    Get your router manual, set all necessary securities and post back with an update.
     
  5. Chronus

    Chronus TS Enthusiast Topic Starter Posts: 118

    Its weird, yesterday, when I went to the router, the password was automatically filled in for me. Today, it was not, and neither the default password that comes with the router worked, or the passwords that they would have used.

    The other problem with that is the person who would have put a password on there, passed away this last year, so I can not ask him directly what password he might have used.

    So I'm in the process of finding a way to manually reset the router to default, but no luck so far. I do have the manual, but that only says how to do it after I'm logged into the router.



    Just keeping you updated as to what is going on.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Call your router manufacturer, explain the situation and they should help you out.
     
  7. Chronus

    Chronus TS Enthusiast Topic Starter Posts: 118

    We figured out the password, and added a WPA-PSK protection onto the router, which went smoothly enough, just some tweaking around with someone Windows 7 laptop with the "profile" that needed switching, (annoying as I wanted the transition to be smooth, not take 15 minutes of me fiddling to find out what the problem was, then how to chance the settings).
     
  8. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Very well.
    Keep an eye on internet usage for couple next days and update me.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...