Inactive New computer with random internet usages

[Chronus]

Hey, I recently purchased a used computer without a hard drive. Bought a new hard drive for it, and its been working pretty well.


However, I've noticed that at odd times, the computer starts to use the internet heavily. It happens when I've not been on the computer for a time and is in use before i start using the computer. It will also stay in use after I've closed everything that is using the internet, (games browser and such)

If I tell my wireless connection to repair, then the internet usage stops, and then behaves like normal after the repair is finished.

I'm not sure whats causing it, Possibly random updates, or hopefully not; something on my computer in less then a month.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8168

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/15/2011 12:04:17 PM
mbam-log-2011-11-15 (12-04-17).txt

Scan type: Full scan (C:\|)
Objects scanned: 230437
Time elapsed: 36 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-15 12:14:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 WDC_WD5000AADS-00M2B0 rev.01.00A01
Running: gkiduogi.exe; Driver: C:\DOCUME~1\Kevin\LOCALS~1\Temp\pxtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAD0C2D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAD0C2BC5]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAD1429A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----


DDS
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Kevin at 12:17:10 on 2011-11-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2031.1338 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\WINDOWS\system32\IFXSPMGT.exe
c:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
c:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Windows Internet Explorer provided by MSN & Bing
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SetRefresh] c:\program files\compaq\setrefresh\\SetRefresh.exe
mRun: [AutoCADMaxDriver] c:\program files\amd\fireproacad\atifglcp.exe /i
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\kevin\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IfxWlxEN - IfxWlxEN.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kevin\application data\mozilla\firefox\profiles\mzbfukih.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-22 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-22 320856]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2006-4-7 31104]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-22 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-22 44768]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\brcmmgmtagent.exe -service --> c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe -service [?]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-4-25 36608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-10-21 23456]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-7-8 606056]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-8-29 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-15 16:26:21 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 16:25:06 -------- d-----w- c:\documents and settings\kevin\application data\Malwarebytes
2011-11-15 16:24:59 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-15 15:22:56 -------- d-----w- c:\program files\Trend Micro
2011-11-11 23:03:25 -------- d-----w- c:\documents and settings\kevin\application data\Windows Search
2011-11-10 17:52:59 -------- d-----r- c:\program files\Skype
2011-11-10 14:49:26 -------- d-----w- c:\documents and settings\kevin\application data\.minecraft
2011-11-09 08:02:05 -------- d-----w- c:\program files\MSXML 4.0
2011-11-09 00:07:27 -------- d-----w- c:\documents and settings\kevin\local settings\application data\TricksAndTreats
2011-11-09 00:07:27 -------- d-----w- c:\documents and settings\kevin\GNUstep
2011-11-08 16:03:49 -------- d-----w- c:\documents and settings\kevin\local settings\application data\The Witcher
2011-11-08 14:45:54 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-11-08 14:45:54 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-11-08 14:30:33 -------- d-----w- c:\program files\The Witcher Enhanced Edition
2011-11-08 12:50:04 -------- d-----w- c:\documents and settings\kevin\application data\Infineon
2011-11-08 12:50:04 -------- d-----w- c:\documents and settings\all users\application data\Infineon
2011-11-08 12:49:53 -------- d-----w- c:\program files\ProtectTools
2011-11-08 12:49:30 -------- d-----w- c:\program files\HPQ
2011-11-08 12:49:23 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2011-11-08 12:49:23 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2011-11-08 12:49:23 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2011-11-08 12:49:23 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2011-11-08 12:49:22 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2011-11-08 12:49:22 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2011-11-08 12:49:22 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2011-11-08 12:41:51 372736 ----a-w- c:\windows\system32\mesoludlg.exe
2011-11-06 01:32:56 -------- d-----w- c:\program files\Firefly Studios
2011-11-05 01:33:44 -------- d-----w- C:\games
2011-11-05 01:31:48 -------- d-----w- c:\documents and settings\kevin\local settings\application data\Temp
2011-11-04 12:16:12 -------- d-----w- c:\program files\StarCraft
2011-11-04 01:58:25 -------- d-----w- c:\program files\StarCraft II
2011-11-03 17:49:56 -------- d-----w- c:\documents and settings\kevin\riotsGamesLogs
2011-11-03 03:11:41 -------- d-----w- c:\windows\system32\Adobe
2011-11-03 01:52:45 -------- d-----w- c:\documents and settings\kevin\local settings\application data\Adobe
2011-11-02 14:35:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-02 14:35:15 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-11-02 14:35:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-02 14:32:49 -------- d-----w- c:\documents and settings\kevin\application data\LolClient
2011-11-01 23:46:12 -------- d-----w- c:\program files\World of Warcraft
2011-11-01 22:33:36 -------- d-----w- c:\program files\Belkin
2011-11-01 22:33:12 -------- d-----w- c:\windows\{7EBEACC7-A0C9-4DA4-9A63-3DC7D244B051}
2011-10-24 11:33:29 -------- d-----w- c:\documents and settings\kevin\local settings\application data\ATI
2011-10-24 11:32:35 0 ----a-w- c:\windows\ativpsrm.bin
2011-10-24 11:24:12 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-10-24 11:24:12 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-10-24 11:24:12 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-10-24 11:24:11 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-10-24 11:24:11 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-10-24 11:24:11 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-10-24 11:24:11 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-10-24 11:24:11 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-10-24 11:22:49 77824 ------w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-10-24 11:22:49 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-10-24 11:22:49 221184 ------w- c:\program files\common files\installshield\iscript\IScript.dll
2011-10-24 11:22:49 221184 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-10-24 11:22:13 -------- d-----w- C:\ATI
2011-10-24 11:11:22 -------- d-----w- c:\documents and settings\all users\application data\Driver Tool
2011-10-24 11:06:51 -------- d-----w- c:\program files\AMD
2011-10-24 10:53:24 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-10-24 10:49:34 40960 ----a-r- c:\documents and settings\kevin\application data\microsoft\installer\{f5242227-2051-4158-ac42-0f2baa3cd3d6}\New_Shortcut_S1425_ADB54615A0E240F89C5EFD8513472ED3.exe
2011-10-24 10:49:34 -------- d-----w- c:\program files\COMPAQ
2011-10-24 03:35:18 -------- d-----w- c:\documents and settings\kevin\local settings\application data\PMB Files
2011-10-24 03:35:14 -------- d-----w- c:\documents and settings\all users\application data\PMB Files
2011-10-24 03:35:01 -------- d-----w- c:\program files\Pando Networks
2011-10-24 01:32:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-23 22:02:33 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-10-23 22:02:33 215920 ----a-w- c:\windows\system32\muweb.dll
2011-10-23 22:02:33 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-10-23 03:32:24 -------- d-----w- c:\documents and settings\kevin\local settings\application data\Mozilla
2011-10-23 03:28:11 -------- d-----w- c:\documents and settings\all users\Microsoft
2011-10-23 03:25:28 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-10-23 03:25:09 -------- d-----w- c:\documents and settings\kevin\local settings\application data\Microsoft Help
2011-10-23 02:56:59 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2011-10-23 02:55:59 -------- d-----w- c:\windows\Logs
2011-10-23 02:07:41 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-23 02:07:23 41184 ----a-w- c:\windows\avastSS.scr
2011-10-23 02:07:12 -------- d-----w- c:\program files\AVAST Software
2011-10-23 02:07:12 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-10-23 01:59:37 -------- d-----w- c:\program files\common files\Steam
2011-10-23 01:59:36 -------- d-----w- c:\program files\Steam
2011-10-23 01:22:38 -------- d-----w- c:\documents and settings\kevin\application data\WildTangent
2011-10-23 01:22:38 -------- d-----w- c:\documents and settings\kevin\application data\SUPERAntiSpyware.com
2011-10-23 01:22:36 -------- d-----w- c:\documents and settings\kevin\application data\dingogames
2011-10-23 01:15:30 -------- d-----w- c:\documents and settings\kevin\usrusmt2.tmp
2011-10-23 01:15:26 -------- d-----w- c:\windows\ShellNew
2011-10-23 01:12:51 -------- d-----w- c:\documents and settings\all users\application data\Alwil Software
2011-10-23 01:12:51 -------- d-----w- C:\DELL
2011-10-23 01:12:51 -------- d-----w- C:\cmdcons
2011-10-23 01:08:25 -------- d-----w- C:\Backup
2011-10-23 00:19:35 -------- d-----w- c:\documents and settings\kevin\local settings\application data\ApplicationHistory
2011-10-22 23:26:00 -------- d-----w- c:\windows\system32\winrm
2011-10-22 23:25:56 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-10-22 21:38:06 -------- d-----w- c:\windows\system32\XPSViewer
2011-10-22 21:37:48 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-10-22 21:37:34 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-10-22 21:37:34 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-10-22 21:37:34 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-10-22 21:37:34 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-10-22 21:37:34 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-10-22 21:37:34 117760 ------w- c:\windows\system32\prntvpt.dll
2011-10-22 21:37:33 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-10-22 21:37:33 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-10-22 21:37:33 -------- d-----w- C:\3a89731baf5261df75dafa
2011-10-22 21:25:19 -------- d-----w- c:\windows\system32\Lang
2011-10-22 16:11:23 -------- d-----w- c:\documents and settings\kevin\local settings\application data\Identities
2011-10-22 16:11:22 -------- d-----w- c:\documents and settings\kevin\application data\Windows Desktop Search
2011-10-22 16:11:06 -------- d-----w- c:\windows\system32\GroupPolicy
2011-10-22 16:11:06 -------- d-----w- c:\program files\Windows Desktop Search
2011-10-22 16:10:30 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-10-22 16:10:30 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-10-22 16:10:30 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-10-22 16:10:14 -------- d-----w- c:\program files\Windows Media Connect 2
2011-10-22 16:09:29 -------- d-----w- c:\windows\system32\LogFiles
2011-10-22 16:08:33 -------- d-----w- c:\windows\system32\URTTEMP
2011-10-22 16:03:57 -------- d-----w- c:\windows\system32\RTCOM
2011-10-22 16:03:56 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2011-10-22 16:03:56 4096 ----a-w- c:\windows\system32\ksuser.dll
2011-10-22 16:03:56 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2011-10-22 16:03:56 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2011-10-22 16:03:55 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2011-10-22 16:03:55 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2011-10-22 16:03:55 129536 ----a-w- c:\windows\system32\ksproxy.ax
2011-10-22 15:44:59 -------- d-----w- C:\4abb1913f06369ed5a4e56
2011-10-22 15:41:31 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-10-22 15:41:24 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-10-22 15:40:54 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-10-22 15:40:53 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-10-22 15:40:34 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-10-22 15:40:27 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-10-22 15:40:10 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-10-22 15:40:02 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-10-22 15:40:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-10-22 15:40:01 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-10-22 15:39:40 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-10-22 15:38:38 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-10-22 15:38:34 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-22 15:34:03 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-10-22 15:33:52 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-10-22 15:33:52 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-10-22 15:33:52 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-10-22 15:33:52 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-10-22 15:33:52 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-10-22 15:33:52 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-10-22 15:33:51 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-10-22 15:33:15 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-10-22 15:32:46 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-10-22 15:32:33 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-10-22 15:32:32 692736 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2011-10-22 15:32:09 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-10-22 15:32:09 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-10-22 15:32:09 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-10-22 15:32:08 2069376 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-10-22 15:32:08 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-10-22 15:32:05 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-10-22 15:32:04 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-22 15:31:05 -------- d-sh--w- c:\documents and settings\kevin\PrivacIE
2011-10-22 15:30:56 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-10-22 15:30:53 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-10-22 15:30:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-10-22 15:28:12 -------- d-sh--w- c:\documents and settings\kevin\IETldCache
2011-10-22 15:25:51 -------- d-----w- c:\windows\ie8updates
2011-10-22 15:24:41 -------- dc-h--w- c:\windows\ie8
2011-10-22 15:22:55 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-10-22 15:22:52 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-10-22 15:22:52 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-10-22 15:22:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-10-22 15:22:51 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-10-22 15:22:51 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-10-22 15:22:51 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-10-22 15:22:48 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-10-22 15:14:42 -------- d-----w- c:\windows\system32\PreInstall
2011-10-22 15:14:41 -------- d--h--w- c:\windows\$hf_mig$
2011-10-22 15:10:22 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-10-22 15:09:36 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2011-10-22 15:05:53 -------- d-----w- c:\windows\ServicePackFiles
2011-10-22 15:04:20 -------- d-----w- c:\windows\EHome
2011-10-22 14:51:32 -------- d-sh--w- c:\documents and settings\kevin\UserData
2011-10-21 11:41:14 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-10-21 11:41:14 -------- d-----w- c:\documents and settings\kevin\local settings\application data\eSupport.com
2011-10-21 11:34:24 89088 ----a-w- c:\windows\system32\Baspxp32.dll
2011-10-21 11:34:22 -------- d-----w- c:\program files\Broadcom
2011-10-21 11:34:19 -------- d-----w- c:\windows\Downloaded Installations
2011-10-21 11:32:40 44416 ----a-w- c:\windows\system32\drivers\HECI.sys
2011-10-21 11:32:39 364544 ----a-w- c:\windows\system32\heciudlg.exe
2011-10-21 11:32:39 312320 ----a-w- c:\windows\system32\difxapi.dll
2011-10-21 11:32:35 -------- d-----w- C:\Intel
2011-10-21 11:14:34 64000 ------w- c:\windows\system32\agrsmdel.exe
2011-10-21 11:14:34 13824 ------w- c:\windows\system32\agrscoin.dll
2011-10-21 11:14:31 -------- d-----w- c:\windows\Options
2011-10-21 11:14:29 -------- d-----w- C:\SWSetup
2011-10-21 05:44:53 -------- d-s---w- c:\windows\system32\Microsoft
2011-10-21 04:29:37 1778688 ----a-w- c:\documents and settings\all users\application data\microsoft\usmt\iconlib.dll
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 12:18:16.17 ===============




ATTACH
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/20/2011 11:55:23 PM
System Uptime: 11/15/2011 10:09:06 AM (2 hours ago)
.
Motherboard: Hewlett-Packard | | 0A54h
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | XU1 PROCESSOR | 1862/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 361.16 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Belkin USB Wireless Adaptor
Device ID: USB\VID_050D&PID_945A\00E04C000001
Manufacturer: Belkin International, Inc.
Name: Belkin USB Wireless Adaptor
PNP Device ID: USB\VID_050D&PID_945A\00E04C000001
Service: RTL8192su
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&696F438&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&696F438&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP1: 10/21/2011 12:07:00 AM - System Checkpoint
RP2: 10/22/2011 12:40:08 AM - System Checkpoint
RP3: 10/22/2011 10:49:26 AM - Windows Product Key Update Tool
RP4: 10/22/2011 11:05:13 AM - Installed Windows XP Service Pack 3.
RP5: 10/22/2011 11:14:31 AM - Software Distribution Service 3.0
RP6: 10/22/2011 11:23:40 AM - Software Distribution Service 3.0
RP7: 10/22/2011 11:25:28 AM - Installed Windows Internet Explorer 8.
RP8: 10/22/2011 11:25:49 AM - Software Distribution Service 3.0
RP9: 10/22/2011 11:44:58 AM - Software Distribution Service 3.0
RP10: 10/22/2011 11:52:12 AM - Software Distribution Service 3.0
RP11: 10/22/2011 12:03:06 PM - Installed Windows XP WgaNotify.
RP12: 10/22/2011 12:08:20 PM - Software Distribution Service 3.0
RP13: 10/22/2011 5:28:53 PM - Software Distribution Service 3.0
RP14: 10/22/2011 7:22:52 PM - Software Distribution Service 3.0
RP15: 10/22/2011 7:34:33 PM - Software Distribution Service 3.0
RP16: 10/22/2011 8:17:15 PM - Software Distribution Service 3.0
RP17: 10/22/2011 8:57:01 PM - Software Distribution Service 3.0
RP18: 10/22/2011 9:59:35 PM - Installed Steam
RP19: 10/22/2011 10:07:12 PM - avast! Free Antivirus Setup
RP20: 10/22/2011 10:55:53 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
RP21: 10/22/2011 10:56:03 PM - Installed DirectX
RP22: 10/22/2011 11:24:46 PM - Installed Microsoft Office Home and Student 2010
RP23: 10/22/2011 11:31:04 PM - Printer Driver Send To Microsoft OneNote 2010 Driver Installed
RP24: 10/24/2011 12:03:21 AM - System Checkpoint
RP25: 10/24/2011 2:51:42 AM - Installed League of Legends
RP26: 10/24/2011 6:49:32 AM - Installed HP SetRefresh
RP27: 10/24/2011 7:06:50 AM - Installed AutoCAD Performance Plug-in
RP28: 10/24/2011 7:10:27 AM - Installed Driver Tool.
RP29: 10/24/2011 7:21:02 AM - Removed Driver Tool.
RP30: 10/24/2011 7:24:16 AM - Installed ATI Catalyst Control Center
RP31: 10/24/2011 7:25:41 AM - Installed HydraVision
RP32: 10/24/2011 7:30:20 AM - Installed DirectX
RP33: 10/24/2011 9:30:52 AM - Software Distribution Service 3.0
RP34: 11/1/2011 3:54:57 PM - System Checkpoint
RP35: 11/1/2011 6:33:32 PM - Installed Belkin USB Wireless Adaptor
RP36: 11/2/2011 5:00:20 AM - Software Distribution Service 3.0
RP37: 11/2/2011 10:34:31 AM - Installed Java(TM) 6 Update 29
RP38: 11/2/2011 11:10:48 PM - Installed Adobe Reader X (10.1.1).
RP39: 11/3/2011 11:37:40 PM - System Checkpoint
RP40: 11/4/2011 11:43:28 PM - System Checkpoint
RP41: 11/5/2011 9:32:53 PM - Installed Stronghold Crusader Extreme
RP42: 11/6/2011 8:51:35 PM - System Checkpoint
RP43: 11/8/2011 7:49:30 AM - Installed HP ProtectTools Security Manager
RP44: 11/8/2011 9:31:01 AM - Installed The Witcher Enhanced Edition
RP45: 11/8/2011 9:44:24 AM - Installed DirectX
RP46: 11/8/2011 9:45:44 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP47: 11/9/2011 3:00:43 AM - Software Distribution Service 3.0
RP48: 11/10/2011 3:25:15 AM - System Checkpoint
RP49: 11/11/2011 3:00:13 AM - Software Distribution Service 3.0
RP50: 11/11/2011 6:24:43 PM - Software Distribution Service 3.0
RP51: 11/12/2011 7:01:32 PM - System Checkpoint
RP52: 11/13/2011 7:58:58 PM - System Checkpoint
RP53: 11/14/2011 8:58:57 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AutoCAD Performance Plug-in
avast! Free Antivirus
Belkin USB Wireless Adaptor
Broadcom Management Programs
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DriverAgent by eSupport.com
Half-Life 2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Embedded Security for ProtectTools
HP ProtectTools Security Manager 2.00 D3
HP SetRefresh
HydraVision
Intel(R) Active Management Technology LMS Service and SOL Driver
Intel(R) Management Engine Interface
Intel(R) PRO Network Connections
Java Auto Updater
Java(TM) 6 Update 29
League of Legends
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Orcs Must Die!
Pando Media Booster
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skins
Skype™ 5.5
StarCraft
StarCraft II
Steam
Stronghold Crusader Extreme
swMSM
The Witcher Enhanced Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.1.11
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR 4.01 (32-bit)
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
11/9/2011 3:03:34 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
11/9/2011 3:03:34 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/9/2011 3:03:34 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/8/2011 9:40:54 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
11/8/2011 9:40:54 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\MFC80U.DLL. Reference error message: The operation completed successfully. .
11/8/2011 9:40:54 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
.
==== End Of File ===========================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================================

Is your router secured?

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Chronus]

Yes, the wireless here in this house (Recently moved) is not password protected. And I could not figure out how to do so. After having remembered the IPConfig to find out the proper gateway, it was 10.0.0.1 instead of the 192.168.0.1 that i'm used to seeing.

Still not sure how to set up the password, and I have permission to do so if you could instruct me in what to do.

Airlink101; 300n Wireless.




aswMBR
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-16 08:11:42
-----------------------------
08:11:42.234 OS Version: Windows 5.1.2600 Service Pack 3
08:11:42.234 Number of processors: 2 586 0xF06
08:11:42.234 ComputerName: KEV1 UserName:
08:11:43.406 Initialize success
08:11:43.531 AVAST engine defs: 11111600
08:12:41.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
08:12:41.000 Disk 0 Vendor: WDC_WD5000AADS-00M2B0 01.00A01 Size: 476940MB BusType: 3
08:12:43.015 Disk 0 MBR read successfully
08:12:43.015 Disk 0 MBR scan
08:12:43.015 Disk 0 Windows XP default MBR code
08:12:43.031 Disk 0 scanning sectors +976752000
08:12:43.078 Disk 0 scanning C:\WINDOWS\system32\drivers
08:12:49.453 Service scanning
08:12:51.484 Modules scanning
08:12:54.421 Disk 0 trace - called modules:
08:12:54.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
08:12:54.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89db3ab8]
08:12:54.437 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000065[0x89deb9e8]
08:12:54.437 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-12[0x89e29d98]
08:12:55.281 AVAST engine scan C:\WINDOWS
08:13:04.859 AVAST engine scan C:\WINDOWS\system32
08:14:19.687 AVAST engine scan C:\WINDOWS\system32\drivers
08:14:38.546 AVAST engine scan C:\Documents and Settings\Kevin
08:21:48.953 AVAST engine scan C:\Documents and Settings\All Users
08:22:59.953 Scan finished successfully
08:23:11.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kevin\My Documents\MBR.dat"
08:23:11.546 The log file has been saved successfully to "C:\Documents and Settings\Kevin\My Documents\aswMBR.txt"
08:24:19.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kevin\Desktop\MBR.dat"
08:24:19.359 The log file has been saved successfully to "C:\Documents and Settings\Kevin\Desktop\aswMBR.txt"


Combo Log
ComboFix 11-11-15.06 - Kevin 11/16/2011 8:33.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2031.1280 [GMT -5:00]
Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Kevin\Local Settings\Application Data\FASTWiz.log
c:\windows\system32\xactengine3_6.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))
.
.
2011-11-05 01:33 . 2011-11-09 01:08 -------- d-----w- C:\games
2011-10-24 11:22 . 2011-10-24 11:22 -------- d-----w- C:\ATI
2011-10-23 01:14 . 2011-10-23 01:24 -------- d-----w- C:\support
2011-10-23 01:14 . 2011-10-23 01:24 -------- d-----w- C:\spoolerlogs
2011-10-23 01:14 . 2011-10-23 01:14 -------- d-----w- C:\ubuntu
2011-10-23 01:14 . 2011-10-23 01:14 -------- d-----w- C:\Riot Games
2011-10-23 01:13 . 2011-10-23 01:23 -------- d-----w- C:\PCOMP5
2011-10-23 01:13 . 2011-10-23 01:13 -------- d-----r- C:\MSOCache
2011-10-23 01:12 . 2011-10-23 01:12 -------- d-----w- C:\DELL
2011-10-23 01:08 . 2011-10-23 01:10 -------- d-----w- C:\Backup
2011-10-22 21:37 . 2011-10-22 21:37 -------- d-----w- C:\3a89731baf5261df75dafa
2011-10-22 15:44 . 2011-10-22 15:45 -------- d-----w- C:\4abb1913f06369ed5a4e56
2011-10-21 11:32 . 2011-10-21 11:32 -------- d-----w- C:\Intel
2011-10-21 11:14 . 2011-11-08 12:49 -------- d-----w- C:\SWSetup
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-28 07:06 . 2002-08-29 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41 . 2010-03-18 16:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41 . 2002-08-29 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41 . 2002-08-29 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2002-08-29 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2002-08-29 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2002-08-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-10 16:18 . 2011-10-23 02:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-10-23 1242448]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-24 3077528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19550344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"SetRefresh"="c:\program files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 525824]
"AutoCADMaxDriver"="c:\program files\AMD\FireProACAD\atifglcp.exe" [2011-03-17 33792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-07 61440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-01-10 404288]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
.
c:\documents and settings\Kevin\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-04-07 09:00 434176 ----a-w- c:\windows\system32\IfxWlxEN.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold_Crusader_Extreme.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\orcs must die!\\Build\\release\\OrcsMustDie.exe"=
"c:\\Documents and Settings\\Kevin\\Desktop\\Games\\Minecraft.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"56768:TCP"= 56768:TCPando Media Booster
"56768:UDP"= 56768:UDPando Media Booster
"56780:TCP"= 56780:TCPando Media Booster
"56780:UDP"= 56780:UDPando Media Booster
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6112:UDP"= 6112:UDP:Starcraft
"59122:TCP"= 59122:TCPando Media Booster
"59122:UDP"= 59122:UDPando Media Booster
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/22/2011 9:07 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/22/2011 9:07 PM 320856]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [4/7/2006 4:46 AM 31104]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/22/2011 9:07 PM 20568]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -service --> c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -service [?]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/25/2006 4:26 PM 36608]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [7/8/2010 4:09 PM 606056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [10/21/2011 6:41 AM 23456]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/29/2002 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - BASFND
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\mzbfukih.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-16 08:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\IfxWlxEN.dll
.
Completion time: 2011-11-16 08:58:35
ComboFix-quarantined-files.txt 2011-11-16 13:58
.
Pre-Run: 387,165,954,048 bytes free
Post-Run: 387,422,560,256 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 359DFD6DE83B27E7711A6F1C1B82B64B

 

[Broni]

You have to absolutely secure your router.
Your logs look clean, so most likely someone is stealing your internet connection.
Get your router manual, set all necessary securities and post back with an update.

 

[Chronus]

Its weird, yesterday, when I went to the router, the password was automatically filled in for me. Today, it was not, and neither the default password that comes with the router worked, or the passwords that they would have used.

The other problem with that is the person who would have put a password on there, passed away this last year, so I can not ask him directly what password he might have used.

So I'm in the process of finding a way to manually reset the router to default, but no luck so far. I do have the manual, but that only says how to do it after I'm logged into the router.



Just keeping you updated as to what is going on.

 

[Broni]

Call your router manufacturer, explain the situation and they should help you out.

 

[Chronus]

We figured out the password, and added a WPA-PSK protection onto the router, which went smoothly enough, just some tweaking around with someone Windows 7 laptop with the "profile" that needed switching, (annoying as I wanted the transition to be smooth, not take 15 minutes of me fiddling to find out what the problem was, then how to chance the settings).

 

[Broni]

Very well.
Keep an eye on internet usage for couple next days and update me.