Good morning and thanks. Here is the Combofix log.
There was an error message on the screen when the log popped up. This is the text from it:
debug assertation failed
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
File: c:\programfiles\microsoft visual studio.net 2003\vc7\atlmfc\include\atlfile.h
line 188
Expression: m_h !=0
abort? retry? fail? I chose retry and the message that popped up was LightScribe encountered a problem and had to shut down.
Also, Avast caught two more viruses last night. I just had the machine on, it was connected to the internet, with Firefox open. No one was actively using it at the time. I hadn't shut it down from trying to post from it earlier.
ComboFix 10-05-12.04 - Administrator 05/13/2010 9:08.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.461 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100513-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
((((((((((((((((((((((((( Files Created from 2010-04-13 to 2010-05-13 )))))))))))))))))))))))))))))))
.
2010-05-13 13:55 . 2010-05-13 13:55 -------- d-----w- c:\windows\LastGood
2010-05-12 19:44 . 2010-05-12 19:44 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-12 19:44 . 2010-05-12 19:44 -------- d-----w- c:\program files\Trend Micro
2010-05-12 19:40 . 2010-05-12 19:40 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2a86e9cd-n\decora-sse.dll
2010-05-12 19:40 . 2010-05-12 19:40 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2a86e9cd-n\decora-d3d.dll
2010-05-12 19:40 . 2010-05-12 19:40 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-32a9d2ef-n\msvcp71.dll
2010-05-12 19:40 . 2010-05-12 19:40 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-32a9d2ef-n\jmc.dll
2010-05-12 19:40 . 2010-05-12 19:40 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-32a9d2ef-n\msvcr71.dll
2010-05-12 19:39 . 2010-05-12 19:39 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-12 19:24 . 2010-05-12 19:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-12 19:24 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-12 19:24 . 2010-05-12 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-12 19:24 . 2010-05-12 19:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-12 19:24 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-12 18:28 . 2010-05-12 18:28 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-12 18:28 . 2010-05-12 18:28 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-12 18:28 . 2010-05-12 18:28 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-12 18:27 . 2010-05-12 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-12 18:26 . 2010-05-12 18:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-12 18:26 . 2010-05-12 18:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-05-12 18:26 . 2010-05-12 18:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-13 01:08 . 2010-03-09 00:08 36352 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2010-05-12 19:41 . 2010-03-09 00:42 -------- d-----w- c:\program files\Java
2010-05-12 18:22 . 2010-03-10 13:59 -------- d-----w- c:\program files\CCleaner
2010-05-12 18:19 . 2010-04-11 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2010-04-11 00:37 . 2010-04-11 00:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\OnlineArmor
2010-04-11 00:36 . 2010-04-11 00:36 -------- d-----w- c:\program files\Tall Emu
2010-04-11 00:24 . 2010-03-24 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-04-11 00:23 . 2010-03-24 23:01 -------- d-----w- c:\program files\DivX
2010-04-10 18:11 . 2010-04-10 18:11 25552 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-10 18:00 . 2010-04-10 18:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-07 20:43 . 2010-04-07 20:43 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2010-03-22 16:36 . 2010-03-24 23:03 986904 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-03-13 10:39 . 2010-04-11 00:36 24440 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-03-13 10:38 . 2010-04-11 00:36 29560 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-03-13 10:38 . 2010-04-11 00:36 226680 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-03-10 13:47 . 2010-03-10 13:47 0 ----a-w- c:\windows\nsreg.dat
2010-03-09 01:21 . 2010-03-08 23:45 92991 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-08 23:42 . 2010-03-08 23:42 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-25 06:24 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-18 729178]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-28 344064]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-13 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-09 98304]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 409600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2010-03-13 6658552]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-03-13 925688]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/8/2010 8:40 PM 114768]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [4/10/2010 7:36 PM 226680]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [4/10/2010 7:36 PM 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [4/10/2010 7:36 PM 29560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/8/2010 8:40 PM 20560]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [4/10/2010 7:36 PM 1284600]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [3/8/2010 7:10 PM 231424]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [4/10/2010 7:36 PM 3360760]
.
.
------- Supplementary Scan -------
.
uStart Page = google.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i576uv4j.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_
everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a
s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-13 09:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?
?-??|H?
?? ???B?
???hLC?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-583907252-602162358-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5
977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,30,6b,c0,74,0b,db,4d,87,20,b9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839
E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,30,6b,c0,74,0b,db,4d,87,20,b9,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(472)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2984)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-05-13 09:12:03
ComboFix-quarantined-files.txt 2010-05-13 14:12
Pre-Run: 68,984,107,008 bytes free
Post-Run: 68,955,639,808 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - 96D9511B2D0755CAFD8AD53EA9BBCE68