XP Antivirus 2012: 12/18/2011

[Hurriken]

I picked up a nasty Malware on my PC again. It won't let me do anything. I tried to run Malwarebytes and GMER in both normal and safe mode but no joy. Malwarebytes won't even open and GMER gets kicked to the curb by the virus. Please Help.

 

[Bobbye]

I'll be glad to try and help you, but understand this:
Telling me you tried to run a program but "no joy" tells me nothing.
Telling me a program "got kicked to the curb" by a program tells me nothing.

You need to tell me what happens when you try to run a scan so I can determine the best way to help you accomplish it.

Please also give me a description of what this malware is causing on your system. You have named it, so something must have indicated this malware.
---------------------------------------------
Description of thi malware with the following sequence for XP Antivirus 2012:

1. Pretends to be a security update for Windows installed via Automatic Updates. It will then install itself as a single executable that has a random consisting of three characters
2. Clicking on any executable loads the malware
3. Display fake security alerts on the infected computer.
4. May not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer
5. Changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program.

To fix #5, you start here: Download a Registry file that will fix these changes.
Please download FixNCR.reg and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive.

• Insert the removable device into the infected computer and open the folder the drive letter associated with it.(Usually C)
• Double click the FixNCR.reg file
• You should now be able to run the .exe files.

-------------------------------------
To end the processes that belong to the rogue program:
Please click on RKill

• At the download page, click on Download now button for iExplore.exe download link and save to the desktop
• Double click on the iExplore.exe icon
• Please be patient- it may take a bit.
• The black Window will close when through and you can continue.

Note: If you get a message that RKill is malware, ignore it> it's from the malware.
=======================================
Do not reboot your computer after running RKill as the malware programs will start again.
================================

Malwarebytes' Anti-Malware

• Please download Malwarebytes' Anti-Malware from from HERE
• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  [o] Update Malwarebytes' Anti-Malware
  [o] and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please attach this log with your reply
  Note: on opening Notepad, click on Format> make sure Word Wrap is unchecked.
  [o] If you accidentally close it, the log file is saved here and will be named like this:
  [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

==============================
This should remove the major offender. Reboot the Computer into Normal Mode and run the following:
To run the Eset Online Virus Scan:
If you use Internet Explorer:

1. Open the ESETOnlineScan
2. Skip to #4 to "Continue with the directions"
   
   If you are using a browser other than Internet Explorer
3. Open Eset Smart Installer
   [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
   [o] Double click on the desktop icon to run.
   [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
   
4. Continue with the directions.
   
5. Check 'Yes I accept terms of use.'
6. Click Start button
7. Accept any security warnings from your browser.
   
   
8. Uncheck 'Remove found threats'
9. Check 'Scan archives/
10. Leave remaining settings as is.
11. Press the Start button.
12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
13. When the scan completes, press List of found threats
14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
15. Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
========================================

• Download DDS by sUBs and save it to your desktop.
  
  After downloading the tool, disconnect from the internet and disable all antivirus protection.
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
• Notepad will open with the results, click no to the Optional_Scan
• Follow the instructions that pop up for posting the results.
• When done, DDS will open two (2) logs: Please paste both in your next reply.
  [o]DDS.txt
  [o]Attach.txt
• Close the program window, and delete the program from your desktop.
• Enable your Antivirus protection and reconnect to the internet.

Please note: You may have to disable any script protection running if the scan fails to run.
======================================
If you cannot run a program following each direction in the order I have given it, tell me what happens when you try

 

[Hurriken]

Sorry, I'll answer below.

I'll be glad to try and help you, but understand this:
Telling me you tried to run a program but "no joy" tells me nothing.
Telling me a program "got kicked to the curb" by a program tells me nothing. Sorry for being vague, I should know better.

You need to tell me what happens when you try to run a scan so I can determine the best way to help you accomplish it. I was able to get Malwarebytes going, but not updated, in Safe mode. It is running now. I had to "trick" it. I right clicked the icon and selected "run as" when the window opened I unchecked the box asking if I wanted my system protected. Malwarebytes opend right away. I could not update it (its been 47 days) but I am running a full scan now.

Please also give me a description of what this malware is causing on your system. You have named it, so something must have indicated this malware.
---------------------------------------------
Description of thi malware with the following sequence for XP Antivirus 2012:

1. Pretends to be a security update for Windows installed via Automatic Updates. It will then install itself as a single executable that has a random consisting of three characters
2. Clicking on any executable loads the malware
3. Display fake security alerts on the infected computer.
4. May not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer
5. Changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program.

All of the above. This is exactly what I am seeing.

Should I run the fix for #5 after this?

 

[Bobbye]

Run the entire sequence- important that you run programs in order given.

For the next time you have a problem and need help, although your frustrations may be great, what you need to tell us is similar to the lists of questions, which carry a description of the malware problems.

Chuck the panic and the frustration under the kitchen sink. Cleaning is orderly and specific.

I don't want you to try and 'trick it into running a scan properly. Although what I am having you do running RKill could be considered 'tricking' the program into running, it is an organized and accepted way of doing it. So follow what I set up and come to me for suggestions if something doesn''t work

 

[Hurriken]

Ok, I will do exactly what you say. I have to go out of town tomorrow and I may or may not be back until Thursday night. This is on my home PC so of course I can't work on it while I'm gone. But I promise I will be back until this 100% finished and cleaned.

 

[Hurriken]

Just to be clear, since I was able to start malwarebytes I let it run. When it is finished should I go back and run FixNCR.reg and Rkill?

 

[Hurriken]

I should be home Thursday.

 

[Bobbye]

No problem. Go ahead when you can.

 

[Hurriken]

Because I was struggling to get anything to work I ran malwarebytes first without updating it.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8060

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

12/19/2011 5:29:47 AM
mbam-log-2011-12-19 (05-29-47).txt

Scan type: Full scan (C:\|)
Objects scanned: 409572
Time elapsed: 3 hour(s), 20 minute(s), 34 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
c:\documents and settings\Ken\local settings\application data\qna.exe (Trojan.ExeShell.Gen) -> 1308 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Ken\Local Settings\Application Data\qna.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Ken\Local Settings\Application Data\qna.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Ken\Local Settings\Application Data\qna.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Ken\local settings\application data\qna.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.

 

[Hurriken]

I started completely over after that. I ran FixNCR and Rkill as per your instructions. Rkill gave me a log.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/22/2011 at 0:40:48.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Documents and Settings\Ken\My Documents\My Pictures\PictureProject\NkbMonitor.exe


Rkill completed on 12/22/2011 at 0:40:54.

 

[Hurriken]

After that I updated Malwarebytes and ran it again.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122201

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/22/2011 8:11:39 AM
mbam-log-2011-12-22 (08-11-39).txt

Scan type: Full scan (C:\|)
Objects scanned: 414045
Time elapsed: 1 hour(s), 39 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Ken\application data\Sun\Java\deployment\cache\6.0\42\2935fea-4e79c2ae (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cfcf99c9-62d4-4095-ba35-c03dcecbccc5}\RP254\A0075954.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

[Hurriken]

The Esetscan log is as follows:

C:\Documents and Settings\Ken\Application Data\Sun\Java\Deployment\cache\6.0\39\2452a8e7-402863d3 multiple threats
C:\Documents and Settings\Ken\Application Data\Sun\Java\Deployment\cache\6.0\55\51d1c3f7-14a1c623 a variant of Java/TrojanDownloader.OpenStream.NCE trojan

 

[Hurriken]

...and here are both DDS logs. I will await your reply.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_25
Run by Ken at 11:17:36 on 2011-12-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3198.2340 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
C:\Program Files\Content Manager\CmTray.exe
C:\Documents and Settings\Ken\My Documents\My Pictures\PictureProject\NkbMonitor.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [CmTray] "c:\program files\content manager\launchCM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SonicWALLNetExtender] c:\program files\sonicwall\ssl-vpn\netextender\NEGui.exe -hideGUI -clearReboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\ken\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-ba7e-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\documents and settings\ken\my documents\my pictures\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoi~1.lnk - c:\program files\logitech\setpoint ii\SetpointII.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://sslvpn.demo.sonicwall.com/NELX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ken\application data\mozilla\firefox\profiles\jyan8p1f.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/p/1.html
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-27 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-10 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-10 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-3-10 42184]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2011-3-13 10384]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-29 2255464]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
R3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [2011-3-10 36384]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-3-10 119528]
R3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\drivers\NxDrv.sys [2010-11-9 22600]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\ken\locals~1\temp\alsysio.sys --> c:\docume~1\ken\locals~1\temp\ALSysIO.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-3-10 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-25 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-25 366152]
.
=============== Created Last 30 ================
.
2011-12-22 14:21:04 -------- d-----w- c:\program files\ESET
2011-12-18 17:42:42 -------- d-----w- c:\documents and settings\ken\application data\mm
2011-12-14 17:28:05 -------- d-----w- c:\program files\iPod
2011-12-14 17:28:02 -------- d-----w- c:\program files\iTunes
2011-12-09 23:25:05 -------- d-----w- c:\program files\Content Manager
2011-12-09 23:25:00 -------- d-----w- c:\documents and settings\ken\application data\ContentMgr_backup
.
==================== Find3M ====================
.
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 16:57:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43:21 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43:21 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43:20 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 20:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 11:18:36.84 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/10/2011 8:45:45 AM
System Uptime: 12/22/2011 8:13:14 AM (3 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA790X-DS4
Processor: AMD Phenom(tm) II X4 955 Processor | Socket M2 | 3214/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 596 GiB total, 381.927 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMTSSTCORP_CD/DVDW_TS-H652L_______________0603____\5&B6F7694&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: TSSTcorp CD/DVDW TS-H652L
PNP Device ID: IDE\CDROMTSSTCORP_CD/DVDW_TS-H652L_______________0603____\5&B6F7694&0&0.0.0
Service: cdrom
.
==== System Restore Points ===================
.
RP196: 9/24/2011 9:10:55 AM - System Checkpoint
RP197: 9/24/2011 1:40:24 PM - Installed Comcast Desktop Software (v1.2.0.9)
RP198: 9/25/2011 1:59:14 PM - System Checkpoint
RP199: 9/26/2011 2:04:28 PM - System Checkpoint
RP200: 9/27/2011 2:36:34 PM - System Checkpoint
RP201: 9/28/2011 4:31:56 PM - System Checkpoint
RP202: 9/29/2011 12:10:26 AM - Software Distribution Service 3.0
RP203: 9/30/2011 8:53:44 AM - System Checkpoint
RP204: 10/1/2011 8:26:55 PM - System Checkpoint
RP205: 10/3/2011 7:25:27 AM - System Checkpoint
RP206: 10/7/2011 8:14:31 PM - System Checkpoint
RP207: 10/10/2011 1:44:51 AM - System Checkpoint
RP208: 10/11/2011 2:29:02 AM - System Checkpoint
RP209: 10/15/2011 1:19:22 AM - Software Distribution Service 3.0
RP210: 10/16/2011 8:55:18 AM - System Checkpoint
RP211: 10/17/2011 9:23:32 AM - System Checkpoint
RP212: 10/21/2011 2:44:01 PM - System Checkpoint
RP213: 10/22/2011 2:54:10 PM - System Checkpoint
RP214: 10/23/2011 3:53:52 PM - System Checkpoint
RP215: 10/24/2011 6:19:46 PM - System Checkpoint
RP216: 10/25/2011 7:36:52 PM - System Checkpoint
RP217: 10/28/2011 9:37:24 AM - System Checkpoint
RP218: 10/29/2011 10:19:58 AM - System Checkpoint
RP219: 10/30/2011 12:59:33 PM - System Checkpoint
RP220: 10/31/2011 1:41:53 PM - System Checkpoint
RP221: 11/1/2011 4:46:21 PM - System Checkpoint
RP222: 11/6/2011 2:01:00 PM - System Checkpoint
RP223: 11/7/2011 2:39:48 PM - System Checkpoint
RP224: 11/10/2011 1:29:27 AM - Software Distribution Service 3.0
RP225: 11/11/2011 12:03:56 AM - Software Distribution Service 3.0
RP226: 11/12/2011 10:10:26 AM - System Checkpoint
RP227: 11/13/2011 1:01:09 PM - System Checkpoint
RP228: 11/14/2011 2:23:39 PM - System Checkpoint
RP229: 11/15/2011 11:43:37 PM - System Checkpoint
RP230: 11/17/2011 11:23:34 PM - System Checkpoint
RP231: 11/19/2011 1:45:30 PM - System Checkpoint
RP232: 11/20/2011 5:07:27 PM - System Checkpoint
RP233: 11/21/2011 6:01:49 PM - System Checkpoint
RP234: 11/22/2011 7:06:36 PM - System Checkpoint
RP235: 11/24/2011 11:40:45 AM - System Checkpoint
RP236: 11/25/2011 12:09:09 PM - System Checkpoint
RP237: 11/26/2011 2:58:49 PM - System Checkpoint
RP238: 11/27/2011 3:01:09 PM - System Checkpoint
RP239: 11/28/2011 4:10:13 PM - System Checkpoint
RP240: 11/29/2011 6:10:31 PM - System Checkpoint
RP241: 12/2/2011 4:08:35 PM - System Checkpoint
RP242: 12/3/2011 4:25:12 PM - System Checkpoint
RP243: 12/4/2011 6:57:49 PM - System Checkpoint
RP244: 12/7/2011 12:47:59 AM - System Checkpoint
RP245: 12/9/2011 5:14:51 PM - System Checkpoint
RP246: 12/9/2011 5:25:05 PM - Configured Content Manager
RP247: 12/10/2011 6:58:49 PM - System Checkpoint
RP248: 12/11/2011 9:52:25 PM - System Checkpoint
RP249: 12/13/2011 9:22:44 PM - System Checkpoint
RP250: 12/14/2011 3:00:21 AM - Software Distribution Service 3.0
RP251: 12/15/2011 3:36:13 AM - System Checkpoint
RP252: 12/16/2011 11:19:12 AM - System Checkpoint
RP253: 12/17/2011 11:35:41 AM - System Checkpoint
RP254: 12/18/2011 2:55:56 PM - System Checkpoint
RP255: 12/22/2011 1:07:58 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
µTorrent
Adobe Acrobat 8 Standard
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARMA 2 Operation Arrowhead Uninstall
ArmA 2 Uninstall
ATI - Software Uninstall Utility
avast! Free Antivirus
BattlEye for OA Uninstall
BattlEye Uninstall
Bonjour
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.1
Canon MX340 series MP Drivers
Canon MX340 series User Registration
Canon Speed Dial Utility
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Comcast Desktop Software (v1.2.0.9)
Company of Heroes
Company of Heroes Retail Beta
Company of Heroes: Opposing Fronts
Company of Heroes: Tales of Valor
ContentManager
Core Temp version 0.99.8
Creative Audio Control Panel
Creative Software AutoUpdate
Darkest Hour: Europe '44-'45
Day of Defeat: Source
Draft Predictor 2011
erLT
FileMaker Pro 11
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HyperLobby client
IL-2 Sturmovik 1946
Insurgency
iTunes
Java Auto Updater
Java(TM) 6 Update 25
Killing Floor
Logitech SetPoint 5.20
Malwarebytes' Anti-Malware version 1.51.2.1300
Medieval II: Total War
Memoir '44 Online
Men of War
Men of War: Red Tide
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 8.0 (x86 en-US)
MSI Afterburner 1.5.1
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nikon Message Center
NVIDIA Control Panel 280.26
NVIDIA Graphics Driver 280.26
NVIDIA HD Audio Driver 1.2.23.3
NVIDIA Install Application
NVIDIA nView 135.94
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Update 1.4.28
NVIDIA Update Components
OpenAL
PictureProject
PictureProject In Touch Downloader 1.0
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Red Orchestra: Ostfront 41-45
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Silent Hunter III
Skype Click to Call
Skype™ 5.5
SonicWALL SSL-VPN NetExtender
Steam
Team Fortress 2
TeamSpeak 3 Client
Theatre of War
Theatre of War 2: Africa 1943
Theatre of War 2: Kursk 1943
TrackIR4
TurboTax 2010
TurboTax 2010 wiliper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User's Guides
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.01 (32-bit)
WinZip 15.5
World of Tanks closed Beta v.0.6.3.8
Xfire (remove only)
.
==== Event Viewer Messages From Past Week ========
.
12/18/2011 7:58:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/18/2011 7:50:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/18/2011 7:50:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/18/2011 7:50:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip
12/18/2011 7:50:01 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2011 7:50:01 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2011 7:50:01 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2011 7:50:01 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2011 7:50:01 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2011 7:50:01 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================

 

[Bobbye]

Holiday Notice! I will not be working on the threads Sat. Dec. 24 or Sunday Dec. 25. I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that. Please do not send a PM during those days.
------------------------------------------------------
Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

The malware is in the Java cache so we need to clear it:
To clear the Java Plug-in cache:

• 
  [1]. Click Start > Control Panel.
  [2]. Double-click the Java icon in the control panel.
  
  The Java Control Panel appears.
  
  
  
  [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
  
  
  
  [4] Click Delete Files.The Delete Temporary Files dialog box appears.
  
  
  
  [5]. Click OK on Delete Temporary Files window.
  Note: This deletes all the Downloaded Applications and Applets from the cache.
  [6]. Click Apply> OK on Temporary Files Settings window.

Images courtesy java.com
=====================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  ***Please note: if you have downloaded Combofix to a flash drive, then run it on the infected machine> the Recovery Console will not install- just bypass and go on.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once installed, you should see a blue screen prompt that says:
  The Recovery Console was successfully installed.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
=======================================
Let me know specifically what problems remain after you run Combofix.

 

[Hurriken]

ComboFix 11-12-23.01 - Ken 12/23/2011 14:33:06.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3198.2775 [GMT -6:00]
Running from: c:\documents and settings\Ken\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
c:\documents and settings\Ken\Application Data\mm
C:\Install.exe
c:\windows\$NtUninstallKB56583$
c:\windows\$NtUninstallKB56583$\2552748841
c:\windows\system32\oobe\isperror
c:\windows\system32\oobe\isperror\ispcnerr.htm
c:\windows\system32\oobe\isperror\ispdtone.htm
c:\windows\system32\oobe\isperror\isphdshk.htm
c:\windows\system32\oobe\isperror\ispins.htm
c:\windows\system32\oobe\isperror\ispnoanw.htm
c:\windows\system32\oobe\isperror\isppberr.htm
c:\windows\system32\oobe\isperror\ispphbsy.htm
c:\windows\system32\oobe\isperror\ispsbusy.htm
c:\windows\system32\SET1C7.tmp
c:\windows\system32\SET1CC.tmp
c:\windows\system32\SET281.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.redbook
.
.
((((((((((((((((((((((((( Files Created from 2011-11-23 to 2011-12-23 )))))))))))))))))))))))))))))))
.
.
2011-12-23 19:31 . 2011-12-23 19:31 -------- d-----w- c:\program files\Common Files\Java
2011-12-23 19:31 . 2011-12-23 19:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-20 00:56 . 2011-12-20 00:56 -------- d-----w- c:\documents and settings\Sigrid\Application Data\Malwarebytes
2011-12-14 17:28 . 2011-12-14 17:28 -------- d-----w- c:\program files\iPod
2011-12-14 17:28 . 2011-12-14 17:28 -------- d-----w- c:\program files\iTunes
2011-12-09 23:25 . 2011-12-10 03:41 -------- d-----w- c:\program files\Content Manager
2011-12-09 23:25 . 2011-12-09 23:25 -------- d-----w- c:\documents and settings\Ken\Application Data\ContentMgr_backup
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-23 19:31 . 2011-05-09 01:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-23 13:25 . 2004-08-04 10:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 16:57 . 2011-05-19 13:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-01 16:07 . 2004-08-04 10:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43 . 2004-08-04 10:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:31 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2005-03-30 01:21 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2005-03-30 01:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-03-10 14:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-08-04 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-11 20:06 . 2011-03-10 17:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"CmTray"="c:\program files\Content Manager\launchCM.exe" [2011-08-19 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" [2008-06-19 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2010-11-10 1095552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\Sigrid\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Ken\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000003}\_SC_Acrobat.exe [2011-3-11 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bohemia Interactive\\ArmA 2\\arma2.exe"=
"c:\\Program Files\\Bohemia Interactive\\ArmA 2\\arma2OA.exe"=
"c:\\Program Files\\FileMaker\\FileMaker Pro 11\\FileMaker Pro.exe"=
"c:\\Games\\World_of_Tanks_closed_Beta\\WOTLauncher.exe"=
"c:\\Games\\World_of_Tanks_closed_Beta\\WorldOfTanks.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ubisoft\\IL-2 Sturmovik 1946\\il2fb.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Steam\\steamapps\\hurriken42\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\theatre of war\\MissionEditor\\Editor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\theatre of war\\MissionEditor\\MissionGen.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\men of war red tide\\redtide.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\medieval ii total war\\Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\men of war\\mow.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\men of war\\mow_editor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\silent hunter 3\\sh3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\theatre of war\\tow.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\theatre of war\\towsetup.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\theatre of war 2 africa 1943\\Africa1943.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\theatre of war 2 africa 1943\\options.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\theatre of war ii kursk 1943\\Kursk1943.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes beta\\RelicCOH.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\memoir '44 online\\Memoir'44 Online.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\red orchestra\\System\\RedOrchestra.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/27/2011 7:19 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/10/2011 10:33 AM 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/10/2011 10:33 AM 19544]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [3/13/2011 11:34 AM 10384]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/29/2011 6:52 PM 2255464]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 2:46 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 2:46 AM 72728]
R3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [3/10/2011 11:23 PM 36384]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [3/10/2011 9:48 PM 119528]
R3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\drivers\NxDrv.sys [11/9/2010 6:51 PM 22600]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Ken\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Ken\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [3/10/2011 10:27 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 2:46 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 2:46 AM 72728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/25/2011 3:58 PM 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/25/2011 3:58 PM 366152]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Ken\Application Data\Mozilla\Firefox\Profiles\jyan8p1f.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/p/1.html
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-BattlEye - c:\program files\Bohemia Interactive\ArmA 2BattlEye\UnInstallBE.exe
AddRemove-BattlEye for A2 - c:\program files\Bohemia Interactive\ArmA 2BattlEye\UnInstallBE.exe
AddRemove-BattlEye for OA - c:\program files\Bohemia Interactive\ArmA 2Expansion\BattlEye\UnInstallBE.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-23 15:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-484061587-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:7c,03,ab,7d,bf,bc,e2,fd,12,ce,0a,a1,8d,0b,0a,bc,02,ca,3a,94,9c,
b4,0e,b7,23,82,1a,53,d0,c1,70,62,a7,e0,99,a7,f7,95,2c,4b,38,cd,e4,a1,ff,5d,\
"rkeysecu"=hex:48,c0,e1,8f,45,0d,6b,e4,b2,c8,72,63,af,a2,b4,6b
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3164)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Content Manager\CmTray.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2011-12-23 15:13:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-23 21:13
.
Pre-Run: 409,901,191,168 bytes free
Post-Run: 417,468,833,792 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FE61336C10F6C0774F114C0F4411958C

 

[Hurriken]

So far everything seems to be fine.

 

[Hurriken]

By the way Merry Christmas to you also and thanks for all your help .

 

[Bobbye]

Thank you. I had a very nice holiday. And you're welcome for the help.
Please run the following 2 scans. Leave the logs in your next reply. We are almost finished, so be sure and let me know if any of the problems remain.

Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

File::
Folder::
DDS::
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
RegNull::
[HKEY_USERS\S-1-5-21-1715567821-484061587-839522115-1003\Software\SecuROM\License information*]
Clearjavacache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
To run the Eset Online Virus Scan:
If you use Internet Explorer:

1. Open the ESETOnlineScan
2. Skip to #4 to "Continue with the directions"
   
   If you are using a browser other than Internet Explorer
3. Open Eset Smart Installer
   [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
   [o] Double click on the desktop icon to run.
   [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
   
4. Continue with the directions.
   
5. Check 'Yes I accept terms of use.'
6. Click Start button
7. Accept any security warnings from your browser.
   
   
8. Uncheck 'Remove found threats'
9. Check 'Scan archives/
10. Leave remaining settings as is.
11. Press the Start button.
12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
13. When the scan completes, press List of found threats
14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
15. Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

 

[Hurriken]

ComboFix 11-12-25.03 - Ken 12/26/2011 10:29:38.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3198.2527 [GMT -6:00]
Running from: c:\documents and settings\Ken\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ken\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-26 to 2011-12-26 )))))))))))))))))))))))))))))))
.
.
2011-12-24 15:21 . 2011-12-24 15:21 -------- d-----w- c:\program files\Content Manager
2011-12-23 19:31 . 2011-12-23 19:31 -------- d-----w- c:\program files\Common Files\Java
2011-12-23 19:31 . 2011-12-23 19:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-20 00:56 . 2011-12-20 00:56 -------- d-----w- c:\documents and settings\Sigrid\Application Data\Malwarebytes
2011-12-14 17:28 . 2011-12-14 17:28 -------- d-----w- c:\program files\iPod
2011-12-14 17:28 . 2011-12-14 17:28 -------- d-----w- c:\program files\iTunes
2011-12-09 23:25 . 2011-12-09 23:25 -------- d-----w- c:\documents and settings\Ken\Application Data\ContentMgr_backup
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-23 19:31 . 2011-05-09 01:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-23 13:25 . 2004-08-04 10:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 16:57 . 2011-05-19 13:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-01 16:07 . 2004-08-04 10:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43 . 2004-08-04 10:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:31 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2005-03-30 01:21 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2005-03-30 01:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-03-10 14:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-11-11 20:06 . 2011-03-10 17:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-23_21.07.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-26 15:52 . 2011-12-26 15:52 16384 c:\windows\Temp\Perflib_Perfdata_4c0.dat
+ 2004-08-04 10:00 . 2011-12-26 15:56 67740 c:\windows\system32\perfc009.dat
- 2004-08-04 10:00 . 2011-12-23 21:10 67740 c:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2011-12-26 15:56 432784 c:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2011-12-23 21:10 432784 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"CmTray"="c:\program files\Content Manager\launchCM.exe" [2011-08-19 94208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" [2008-06-19 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2010-11-10 1095552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\Sigrid\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Ken\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000003}\_SC_Acrobat.exe [2011-3-11 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bohemia Interactive\\ArmA 2\\arma2.exe"=
"c:\\Program Files\\Bohemia Interactive\\ArmA 2\\arma2OA.exe"=
"c:\\Program Files\\FileMaker\\FileMaker Pro 11\\FileMaker Pro.exe"=
"c:\\Games\\World_of_Tanks_closed_Beta\\WOTLauncher.exe"=
"c:\\Games\\World_of_Tanks_closed_Beta\\WorldOfTanks.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ubisoft\\IL-2 Sturmovik 1946\\il2fb.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Steam\\steamapps\\hurriken42\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\theatre of war\\MissionEditor\\Editor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\theatre of war\\MissionEditor\\MissionGen.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\men of war red tide\\redtide.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\medieval ii total war\\Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\men of war\\mow.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\men of war\\mow_editor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\silent hunter 3\\sh3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\theatre of war\\tow.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\theatre of war\\towsetup.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\theatre of war 2 africa 1943\\Africa1943.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\theatre of war 2 africa 1943\\options.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\theatre of war ii kursk 1943\\Kursk1943.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes beta\\RelicCOH.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\memoir '44 online\\Memoir'44 Online.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\red orchestra\\System\\RedOrchestra.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/27/2011 7:19 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/10/2011 10:33 AM 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/10/2011 10:33 AM 19544]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [3/13/2011 11:34 AM 10384]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/29/2011 6:52 PM 2255464]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 2:46 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 2:46 AM 72728]
R3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [3/10/2011 11:23 PM 36384]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [3/10/2011 9:48 PM 119528]
R3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\drivers\NxDrv.sys [11/9/2010 6:51 PM 22600]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Ken\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Ken\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [3/10/2011 10:27 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 2:46 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 2:46 AM 72728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/25/2011 3:58 PM 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/25/2011 3:58 PM 366152]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Ken\Application Data\Mozilla\Firefox\Profiles\jyan8p1f.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/p/1.html
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-26 10:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
.
c:\docume~1\Ken\LOCALS~1\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3168)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-26 10:45:18
ComboFix-quarantined-files.txt 2011-12-26 16:45
ComboFix2.txt 2011-12-23 21:13
.
Pre-Run: 417,765,789,696 bytes free
Post-Run: 417,774,223,360 bytes free
.
- - End Of File - - 916C8378D8537454C9FACF4D64C80EEF



I ran Eset and it tried to reboot the computer. It got hung up during shut down...(I can see my background but everything else is gone)...I ended up hitting the power button after an hour.Not sure if Eset worked or not.

 

[Bobbye]

I'm not clear on what happened with Eset. Since you have rebooted, please update Eset and try the scan again. Please be sure to make note of the different directions depending on which browser you're using.

 

[Hurriken]

I ran it again and it ran perfect. No infected files found so no log produced. I think running it again was the right thing to do, better to be sure.

Whats next?

 

[Bobbye]

Okay, what problem remain?

 

[Hurriken]

I have not seen any problems since before Christmas. It seems to be running great.

 

[Bobbye]

That is very good to hear. Let's clean up the tools:

Removing all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

Let me know if you have any questions.

 

[Hurriken]

I ran all of the above with no issues.

The only thing I see now that I'm unsure about is the Avast Icon that is always in the start up near the clock is not there. However if access Avast through the start menu it seems to be running. I'm not sure if that is an issue.