Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What can I delete from hijack this scan?


  • This topic is locked This topic is locked
12 replies to this topic

#1 queensfull

queensfull

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 05 October 2012 - 02:17 PM

Mod edit:MOVED to Virus,Trojan and Malware Removal Logs ~~boopme


My greendot credit card has been compromised. I made an online purchase at amazon but it was declined. I found out that a motel in another state charged my card on the same date of the purchase. I have never been to maryland so I think my computer has some kind of infection. I am using avast antivirus and zonealarm firewall. My OS is windows xp. I have run Malwarebytes and these are the Files Detected: 2
C:\Documents and Settings\USER\Downloads\HC2Setup.exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8612A512-3749-4C5F-A751-8C0772DE192E}\RP30\A0009002.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
Avast did not detect anything. I ran ccleaner registry and made some changes. I reversed them after having these problems. I tried doing a system restore from the control panel but I would get a message saying "no changes were made". I also had a message saying dump reporting tool may be trying to prevent Kenal Fault Check from running. And another one saying Dr watson Postmortum debugger had to close. I I don't feel safe making a purchase online. Could you please help me out? Here is the scan results from Hijackthis: Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:20:29 AM, on 10/4/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\USER\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=9C6565AA9EF6FAD83831A0506A2FD324
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347741755031
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

--
End of file - 5143 bytes

Edited by boopme, 05 October 2012 - 07:24 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:21 AM

Posted 06 October 2012 - 09:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

Please post the logs for my review.

#3 queensfull

queensfull
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 06 October 2012 - 08:26 PM

Hello nasdaq, and thank you for helping me I greatly appreciate your help. These are the following logs you requested.

16:44:22.0332 2348 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:44:22.0754 2348 ============================================================
16:44:22.0754 2348 Current date / time: 2012/10/06 16:44:22.0754
16:44:22.0754 2348 SystemInfo:
16:44:22.0754 2348
16:44:22.0754 2348 OS Version: 5.1.2600 ServicePack: 3.0
16:44:22.0754 2348 Product type: Workstation
16:44:22.0754 2348 ComputerName: USER-9AE4383ECF
16:44:22.0754 2348 UserName: USER
16:44:22.0754 2348 Windows directory: C:\WINDOWS
16:44:22.0754 2348 System windows directory: C:\WINDOWS
16:44:22.0754 2348 Processor architecture: Intel x86
16:44:22.0754 2348 Number of processors: 2
16:44:22.0754 2348 Page size: 0x1000
16:44:22.0754 2348 Boot type: Normal boot
16:44:22.0754 2348 ============================================================
16:44:24.0801 2348 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:44:24.0926 2348 ============================================================
16:44:24.0926 2348 \Device\Harddisk0\DR0:
16:44:24.0926 2348 MBR partitions:
16:44:24.0926 2348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
16:44:24.0926 2348 ============================================================
16:44:24.0957 2348 C: <-> \Device\Harddisk0\DR0\Partition1
16:44:24.0957 2348 ============================================================
16:44:24.0957 2348 Initialize success
16:44:24.0957 2348 ============================================================
16:44:59.0270 0448 ============================================================
16:44:59.0270 0448 Scan started
16:44:59.0270 0448 Mode: Manual;
16:44:59.0270 0448 ============================================================
16:45:00.0176 0448 ================ Scan system memory ========================
16:45:00.0176 0448 System memory - ok
16:45:00.0176 0448 ================ Scan services =============================
16:45:00.0442 0448 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
16:45:00.0442 0448 Aavmker4 - ok
16:45:00.0442 0448 Abiosdsk - ok
16:45:00.0457 0448 abp480n5 - ok
16:45:00.0488 0448 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:45:00.0504 0448 ACPI - ok
16:45:00.0535 0448 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:45:00.0535 0448 ACPIEC - ok
16:45:00.0598 0448 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:45:00.0598 0448 AdobeFlashPlayerUpdateSvc - ok
16:45:00.0613 0448 adpu160m - ok
16:45:00.0645 0448 [ 3CB6AE5435987B1F8C83FD2730479878 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
16:45:00.0645 0448 aeaudio - ok
16:45:00.0707 0448 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:45:00.0707 0448 aec - ok
16:45:00.0754 0448 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:45:00.0754 0448 AFD - ok
16:45:00.0754 0448 Aha154x - ok
16:45:00.0770 0448 aic78u2 - ok
16:45:00.0770 0448 aic78xx - ok
16:45:00.0817 0448 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:45:00.0817 0448 Alerter - ok
16:45:00.0848 0448 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:45:00.0848 0448 ALG - ok
16:45:00.0848 0448 AliIde - ok
16:45:00.0848 0448 amsint - ok
16:45:00.0895 0448 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:45:00.0895 0448 AppMgmt - ok
16:45:00.0895 0448 asc - ok
16:45:00.0910 0448 asc3350p - ok
16:45:00.0910 0448 asc3550 - ok
16:45:00.0973 0448 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:45:01.0035 0448 aspnet_state - ok
16:45:01.0098 0448 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
16:45:01.0098 0448 aswFsBlk - ok
16:45:01.0160 0448 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
16:45:01.0160 0448 aswMon2 - ok
16:45:01.0207 0448 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
16:45:01.0207 0448 AswRdr - ok
16:45:01.0223 0448 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
16:45:01.0270 0448 aswSnx - ok
16:45:01.0285 0448 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
16:45:01.0285 0448 aswSP - ok
16:45:01.0301 0448 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
16:45:01.0301 0448 aswTdi - ok
16:45:01.0332 0448 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:45:01.0332 0448 AsyncMac - ok
16:45:01.0332 0448 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:45:01.0332 0448 atapi - ok
16:45:01.0348 0448 Atdisk - ok
16:45:01.0363 0448 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:45:01.0395 0448 Atmarpc - ok
16:45:01.0426 0448 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:45:01.0426 0448 AudioSrv - ok
16:45:01.0442 0448 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:45:01.0457 0448 audstub - ok
16:45:01.0535 0448 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:45:01.0535 0448 avast! Antivirus - ok
16:45:01.0582 0448 [ 5175E788BCD1CB7345AB21F3E14369D2 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:45:01.0582 0448 b57w2k - ok
16:45:01.0613 0448 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:45:01.0613 0448 Beep - ok
16:45:01.0660 0448 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:45:01.0707 0448 BITS - ok
16:45:01.0754 0448 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
16:45:01.0754 0448 Browser - ok
16:45:01.0785 0448 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:45:01.0785 0448 cbidf2k - ok
16:45:01.0817 0448 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:45:01.0817 0448 CCDECODE - ok
16:45:01.0817 0448 cd20xrnt - ok
16:45:01.0832 0448 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:45:01.0832 0448 Cdaudio - ok
16:45:01.0863 0448 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:45:01.0879 0448 Cdfs - ok
16:45:01.0879 0448 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:45:01.0895 0448 Cdrom - ok
16:45:01.0895 0448 Changer - ok
16:45:01.0926 0448 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:45:01.0926 0448 CiSvc - ok
16:45:01.0957 0448 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:45:01.0957 0448 ClipSrv - ok
16:45:01.0973 0448 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:45:02.0051 0448 clr_optimization_v2.0.50727_32 - ok
16:45:02.0067 0448 CmdIde - ok
16:45:02.0067 0448 COMSysApp - ok
16:45:02.0082 0448 Cpqarray - ok
16:45:02.0113 0448 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:45:02.0113 0448 CryptSvc - ok
16:45:02.0113 0448 dac2w2k - ok
16:45:02.0129 0448 dac960nt - ok
16:45:02.0145 0448 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:45:02.0176 0448 DcomLaunch - ok
16:45:02.0207 0448 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:45:02.0223 0448 Dhcp - ok
16:45:02.0254 0448 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:45:02.0254 0448 Disk - ok
16:45:02.0254 0448 dmadmin - ok
16:45:02.0301 0448 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:45:02.0332 0448 dmboot - ok
16:45:02.0348 0448 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:45:02.0348 0448 dmio - ok
16:45:02.0379 0448 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:45:02.0379 0448 dmload - ok
16:45:02.0395 0448 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:45:02.0410 0448 dmserver - ok
16:45:02.0442 0448 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:45:02.0442 0448 DMusic - ok
16:45:02.0473 0448 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:45:02.0488 0448 Dnscache - ok
16:45:02.0520 0448 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:45:02.0535 0448 Dot3svc - ok
16:45:02.0535 0448 dpti2o - ok
16:45:02.0582 0448 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:45:02.0582 0448 drmkaud - ok
16:45:02.0598 0448 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:45:02.0613 0448 EapHost - ok
16:45:02.0629 0448 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:45:02.0629 0448 ERSvc - ok
16:45:02.0660 0448 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:45:02.0676 0448 Eventlog - ok
16:45:02.0723 0448 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
16:45:02.0723 0448 EventSystem - ok
16:45:02.0738 0448 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:45:02.0738 0448 Fastfat - ok
16:45:02.0770 0448 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:45:02.0801 0448 FastUserSwitchingCompatibility - ok
16:45:02.0801 0448 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:45:02.0817 0448 Fdc - ok
16:45:02.0817 0448 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:45:02.0832 0448 Fips - ok
16:45:02.0832 0448 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:45:02.0832 0448 Flpydisk - ok
16:45:02.0863 0448 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:45:02.0863 0448 FltMgr - ok
16:45:02.0942 0448 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:45:02.0942 0448 FontCache3.0.0.0 - ok
16:45:02.0942 0448 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:45:02.0957 0448 Fs_Rec - ok
16:45:02.0957 0448 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:45:02.0973 0448 Ftdisk - ok
16:45:02.0988 0448 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:45:03.0004 0448 Gpc - ok
16:45:03.0067 0448 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:45:03.0067 0448 helpsvc - ok
16:45:03.0082 0448 HidServ - ok
16:45:03.0098 0448 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:45:03.0098 0448 hidusb - ok
16:45:03.0145 0448 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:45:03.0160 0448 hkmsvc - ok
16:45:03.0160 0448 hpn - ok
16:45:03.0207 0448 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:45:03.0207 0448 HTTP - ok
16:45:03.0238 0448 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:45:03.0254 0448 HTTPFilter - ok
16:45:03.0254 0448 i2omgmt - ok
16:45:03.0270 0448 i2omp - ok
16:45:03.0285 0448 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:45:03.0285 0448 i8042prt - ok
16:45:03.0473 0448 [ 2AAE7BE67911F4AEC9AD28E9CFB9096F ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:45:03.0613 0448 ialm - ok
16:45:03.0676 0448 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:45:03.0707 0448 idsvc - ok
16:45:03.0723 0448 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:45:03.0723 0448 Imapi - ok
16:45:03.0754 0448 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:45:03.0770 0448 ImapiService - ok
16:45:03.0785 0448 ini910u - ok
16:45:03.0817 0448 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:45:03.0817 0448 IntelIde - ok
16:45:03.0832 0448 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:45:03.0848 0448 intelppm - ok
16:45:03.0863 0448 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:45:03.0863 0448 Ip6Fw - ok
16:45:03.0895 0448 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:45:03.0895 0448 IpFilterDriver - ok
16:45:03.0910 0448 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:45:03.0910 0448 IpInIp - ok
16:45:03.0942 0448 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:45:03.0942 0448 IpNat - ok
16:45:03.0957 0448 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:45:03.0973 0448 IPSec - ok
16:45:03.0988 0448 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:45:03.0988 0448 IRENUM - ok
16:45:04.0020 0448 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:45:04.0020 0448 isapnp - ok
16:45:04.0067 0448 [ 6ED8D475BF2F950F3262942F630B3A20 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
16:45:04.0082 0448 ISWKL - ok
16:45:04.0129 0448 [ 8A698B79EDF2BA40E42ADD764F43FAA7 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
16:45:04.0145 0448 IswSvc - ok
16:45:04.0160 0448 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:45:04.0160 0448 Kbdclass - ok
16:45:04.0160 0448 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:45:04.0160 0448 kbdhid - ok
16:45:04.0176 0448 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:45:04.0192 0448 kmixer - ok
16:45:04.0223 0448 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:45:04.0223 0448 KSecDD - ok
16:45:04.0254 0448 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:45:04.0254 0448 lanmanserver - ok
16:45:04.0270 0448 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:45:04.0317 0448 lanmanworkstation - ok
16:45:04.0317 0448 lbrtfdc - ok
16:45:04.0332 0448 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:45:04.0348 0448 LmHosts - ok
16:45:04.0363 0448 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
16:45:04.0379 0448 MBAMProtector - ok
16:45:04.0410 0448 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:45:04.0442 0448 MBAMScheduler - ok
16:45:04.0457 0448 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:45:04.0488 0448 MBAMService - ok
16:45:04.0520 0448 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:45:04.0520 0448 Messenger - ok
16:45:04.0551 0448 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:45:04.0567 0448 mnmdd - ok
16:45:04.0598 0448 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:45:04.0598 0448 mnmsrvc - ok
16:45:04.0629 0448 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:45:04.0629 0448 Modem - ok
16:45:04.0645 0448 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:45:04.0645 0448 Mouclass - ok
16:45:04.0660 0448 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:45:04.0660 0448 mouhid - ok
16:45:04.0676 0448 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:45:04.0676 0448 MountMgr - ok
16:45:04.0707 0448 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:45:04.0707 0448 MozillaMaintenance - ok
16:45:04.0723 0448 mraid35x - ok
16:45:04.0738 0448 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:45:04.0738 0448 MRxDAV - ok
16:45:04.0785 0448 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:45:04.0817 0448 MRxSmb - ok
16:45:04.0832 0448 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:45:04.0832 0448 MSDTC - ok
16:45:04.0848 0448 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:45:04.0848 0448 Msfs - ok
16:45:04.0848 0448 MSIServer - ok
16:45:04.0863 0448 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:45:04.0863 0448 MSKSSRV - ok
16:45:04.0879 0448 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:45:04.0879 0448 MSPCLOCK - ok
16:45:04.0910 0448 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:45:04.0910 0448 MSPQM - ok
16:45:04.0926 0448 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:45:04.0926 0448 mssmbios - ok
16:45:04.0942 0448 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
16:45:04.0957 0448 MSTEE - ok
16:45:04.0957 0448 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:45:04.0973 0448 Mup - ok
16:45:04.0988 0448 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:45:05.0004 0448 NABTSFEC - ok
16:45:05.0035 0448 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:45:05.0051 0448 napagent - ok
16:45:05.0067 0448 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:45:05.0082 0448 NDIS - ok
16:45:05.0098 0448 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:45:05.0113 0448 NdisIP - ok
16:45:05.0129 0448 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:45:05.0129 0448 NdisTapi - ok
16:45:05.0160 0448 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:45:05.0160 0448 Ndisuio - ok
16:45:05.0160 0448 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:45:05.0160 0448 NdisWan - ok
16:45:05.0192 0448 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:45:05.0192 0448 NDProxy - ok
16:45:05.0207 0448 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:45:05.0207 0448 NetBIOS - ok
16:45:05.0238 0448 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:45:05.0238 0448 NetBT - ok
16:45:05.0254 0448 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:45:05.0270 0448 NetDDE - ok
16:45:05.0270 0448 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:45:05.0285 0448 NetDDEdsdm - ok
16:45:05.0317 0448 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:45:05.0317 0448 Netlogon - ok
16:45:05.0348 0448 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:45:05.0379 0448 Netman - ok
16:45:05.0395 0448 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:45:05.0410 0448 NetTcpPortSharing - ok
16:45:05.0426 0448 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:45:05.0442 0448 Nla - ok
16:45:05.0457 0448 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:45:05.0473 0448 Npfs - ok
16:45:05.0488 0448 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:45:05.0520 0448 Ntfs - ok
16:45:05.0520 0448 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:45:05.0535 0448 NtLmSsp - ok
16:45:05.0582 0448 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:45:05.0613 0448 NtmsSvc - ok
16:45:05.0629 0448 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:45:05.0629 0448 Null - ok
16:45:05.0660 0448 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:45:05.0660 0448 NwlnkFlt - ok
16:45:05.0676 0448 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:45:05.0676 0448 NwlnkFwd - ok
16:45:05.0707 0448 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:45:05.0707 0448 Parport - ok
16:45:05.0723 0448 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:45:05.0723 0448 PartMgr - ok
16:45:05.0754 0448 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:45:05.0754 0448 ParVdm - ok
16:45:05.0770 0448 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:45:05.0770 0448 PCI - ok
16:45:05.0770 0448 PCIDump - ok
16:45:05.0785 0448 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
16:45:05.0785 0448 PCIIde - ok
16:45:05.0832 0448 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:45:05.0832 0448 Pcmcia - ok
16:45:05.0832 0448 PDCOMP - ok
16:45:05.0848 0448 PDFRAME - ok
16:45:05.0848 0448 PDRELI - ok
16:45:05.0863 0448 PDRFRAME - ok
16:45:05.0863 0448 perc2 - ok
16:45:05.0863 0448 perc2hib - ok
16:45:05.0910 0448 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:45:05.0926 0448 PlugPlay - ok
16:45:05.0926 0448 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:45:05.0942 0448 PolicyAgent - ok
16:45:05.0957 0448 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:45:05.0973 0448 PptpMiniport - ok
16:45:05.0973 0448 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:45:05.0988 0448 ProtectedStorage - ok
16:45:05.0988 0448 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:45:05.0988 0448 PSched - ok
16:45:06.0004 0448 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:45:06.0020 0448 Ptilink - ok
16:45:06.0020 0448 ql1080 - ok
16:45:06.0020 0448 Ql10wnt - ok
16:45:06.0035 0448 ql12160 - ok
16:45:06.0035 0448 ql1240 - ok
16:45:06.0051 0448 ql1280 - ok
16:45:06.0051 0448 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:45:06.0067 0448 RasAcd - ok
16:45:06.0082 0448 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:45:06.0082 0448 RasAuto - ok
16:45:06.0098 0448 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:45:06.0098 0448 Rasl2tp - ok
16:45:06.0145 0448 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:45:06.0160 0448 RasMan - ok
16:45:06.0176 0448 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:45:06.0176 0448 RasPppoe - ok
16:45:06.0192 0448 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:45:06.0192 0448 Raspti - ok
16:45:06.0207 0448 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:45:06.0207 0448 Rdbss - ok
16:45:06.0223 0448 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:45:06.0223 0448 RDPCDD - ok
16:45:06.0254 0448 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:45:06.0254 0448 rdpdr - ok
16:45:06.0301 0448 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:45:06.0301 0448 RDPWD - ok
16:45:06.0332 0448 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:45:06.0348 0448 RDSessMgr - ok
16:45:06.0363 0448 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:45:06.0363 0448 redbook - ok
16:45:06.0410 0448 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:45:06.0410 0448 RemoteAccess - ok
16:45:06.0442 0448 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:45:06.0457 0448 RemoteRegistry - ok
16:45:06.0457 0448 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:45:06.0473 0448 RpcLocator - ok
16:45:06.0504 0448 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:45:06.0520 0448 RpcSs - ok
16:45:06.0535 0448 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:45:06.0551 0448 RSVP - ok
16:45:06.0551 0448 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:45:06.0551 0448 SamSs - ok
16:45:06.0582 0448 SBRE - ok
16:45:06.0598 0448 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:45:06.0613 0448 SCardSvr - ok
16:45:06.0645 0448 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:45:06.0660 0448 Schedule - ok
16:45:06.0723 0448 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:45:06.0723 0448 Secdrv - ok
16:45:06.0738 0448 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:45:06.0738 0448 seclogon - ok
16:45:06.0754 0448 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:45:06.0770 0448 SENS - ok
16:45:06.0770 0448 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:45:06.0785 0448 serenum - ok
16:45:06.0785 0448 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:45:06.0785 0448 Serial - ok
16:45:06.0848 0448 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:45:06.0848 0448 Sfloppy - ok
16:45:06.0879 0448 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:45:06.0895 0448 SharedAccess - ok
16:45:06.0895 0448 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:45:06.0910 0448 ShellHWDetection - ok
16:45:06.0910 0448 Simbad - ok
16:45:06.0942 0448 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:45:06.0942 0448 SLIP - ok
16:45:07.0004 0448 [ 86D17B6760DD2B09E932FF101714E0DC ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
16:45:07.0035 0448 smwdm - ok
16:45:07.0082 0448 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
16:45:07.0082 0448 SoundMAX Agent Service (default) - ok
16:45:07.0098 0448 Sparrow - ok
16:45:07.0129 0448 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:45:07.0129 0448 splitter - ok
16:45:07.0160 0448 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:45:07.0160 0448 Spooler - ok
16:45:07.0176 0448 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:45:07.0192 0448 sr - ok
16:45:07.0223 0448 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:45:07.0238 0448 srservice - ok
16:45:07.0285 0448 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:45:07.0301 0448 Srv - ok
16:45:07.0317 0448 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:45:07.0332 0448 SSDPSRV - ok
16:45:07.0363 0448 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:45:07.0379 0448 stisvc - ok
16:45:07.0410 0448 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:45:07.0410 0448 streamip - ok
16:45:07.0426 0448 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:45:07.0426 0448 swenum - ok
16:45:07.0473 0448 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:45:07.0473 0448 swmidi - ok
16:45:07.0488 0448 SwPrv - ok
16:45:07.0488 0448 symc810 - ok
16:45:07.0504 0448 symc8xx - ok
16:45:07.0504 0448 sym_hi - ok
16:45:07.0520 0448 sym_u3 - ok
16:45:07.0551 0448 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:45:07.0551 0448 sysaudio - ok
16:45:07.0567 0448 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:45:07.0582 0448 SysmonLog - ok
16:45:07.0598 0448 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:45:07.0613 0448 TapiSrv - ok
16:45:07.0660 0448 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:45:07.0692 0448 Tcpip - ok
16:45:07.0738 0448 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:45:07.0738 0448 TDPIPE - ok
16:45:07.0754 0448 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:45:07.0770 0448 TDTCP - ok
16:45:07.0785 0448 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:45:07.0785 0448 TermDD - ok
16:45:07.0801 0448 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:45:07.0832 0448 TermService - ok
16:45:07.0848 0448 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:45:07.0863 0448 Themes - ok
16:45:07.0879 0448 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:45:07.0895 0448 TlntSvr - ok
16:45:07.0895 0448 TosIde - ok
16:45:07.0942 0448 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:45:07.0957 0448 TrkWks - ok
16:45:07.0973 0448 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:45:07.0973 0448 Udfs - ok
16:45:07.0988 0448 ultra - ok
16:45:08.0020 0448 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:45:08.0035 0448 Update - ok
16:45:08.0067 0448 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:45:08.0082 0448 upnphost - ok
16:45:08.0098 0448 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:45:08.0113 0448 UPS - ok
16:45:08.0145 0448 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
16:45:08.0145 0448 usbaudio - ok
16:45:08.0176 0448 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:45:08.0176 0448 usbccgp - ok
16:45:08.0223 0448 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:45:08.0223 0448 usbehci - ok
16:45:08.0238 0448 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:45:08.0254 0448 usbhub - ok
16:45:08.0254 0448 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:45:08.0270 0448 USBSTOR - ok
16:45:08.0285 0448 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:45:08.0285 0448 usbuhci - ok
16:45:08.0301 0448 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
16:45:08.0301 0448 usbvideo - ok
16:45:08.0317 0448 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:45:08.0317 0448 VgaSave - ok
16:45:08.0332 0448 ViaIde - ok
16:45:08.0348 0448 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:45:08.0348 0448 VolSnap - ok
16:45:08.0395 0448 [ 8576A595D3C7DBB8768BEEF50381A141 ] Vsdatant C:\WINDOWS\system32\vsdatant.sys
16:45:08.0426 0448 Vsdatant - ok
16:45:08.0442 0448 vsmon - ok
16:45:08.0473 0448 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:45:08.0488 0448 VSS - ok
16:45:08.0520 0448 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
16:45:08.0535 0448 W32Time - ok
16:45:08.0551 0448 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:45:08.0551 0448 Wanarp - ok
16:45:08.0551 0448 WDICA - ok
16:45:08.0598 0448 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:45:08.0598 0448 wdmaud - ok
16:45:08.0629 0448 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:45:08.0645 0448 WebClient - ok
16:45:08.0707 0448 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:45:08.0707 0448 winmgmt - ok
16:45:08.0754 0448 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
16:45:08.0754 0448 WmdmPmSN - ok
16:45:08.0801 0448 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:45:08.0817 0448 Wmi - ok
16:45:08.0832 0448 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:45:08.0848 0448 WmiAcpi - ok
16:45:08.0863 0448 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:45:08.0863 0448 WmiApSrv - ok
16:45:08.0895 0448 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:45:08.0942 0448 wscsvc - ok
16:45:08.0957 0448 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:45:08.0957 0448 WSTCODEC - ok
16:45:08.0973 0448 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:45:08.0988 0448 wuauserv - ok
16:45:09.0035 0448 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:45:09.0067 0448 WZCSVC - ok
16:45:09.0082 0448 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:45:09.0098 0448 xmlprov - ok
16:45:09.0113 0448 ================ Scan global ===============================
16:45:09.0176 0448 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:45:09.0207 0448 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:45:09.0254 0448 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:45:09.0285 0448 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:45:09.0285 0448 [Global] - ok
16:45:09.0285 0448 ================ Scan MBR ==================================
16:45:09.0317 0448 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:45:09.0457 0448 \Device\Harddisk0\DR0 - ok
16:45:09.0457 0448 ================ Scan VBR ==================================
16:45:09.0473 0448 [ 1BF9B3E81185E0859ED47DF9B54A15B8 ] \Device\Harddisk0\DR0\Partition1
16:45:09.0473 0448 \Device\Harddisk0\DR0\Partition1 - ok
16:45:09.0473 0448 ============================================================
16:45:09.0473 0448 Scan finished
16:45:09.0473 0448 ============================================================
16:45:09.0488 0524 Detected object count: 0
16:45:09.0488 0524 Actual detected object count: 0
16:59:02.0629 3584 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-06 17:13:46
-----------------------------
17:13:46.988 OS Version: Windows 5.1.2600 Service Pack 3
17:13:46.988 Number of processors: 2 586 0x401
17:13:47.004 ComputerName: USER-9AE4383ECF UserName: USER
17:14:05.629 Initialize success
17:14:07.082 AVAST engine defs: 12100601
17:14:50.379 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
17:14:50.379 Disk 0 Vendor: WDC_WD800JD-60LSA0 07.01D07 Size: 76319MB BusType: 3
17:14:50.457 Disk 0 MBR read successfully
17:14:50.457 Disk 0 MBR scan
17:14:50.520 Disk 0 Windows XP default MBR code
17:14:50.551 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
17:14:50.582 Disk 0 scanning sectors +156296385
17:14:50.738 Disk 0 scanning C:\WINDOWS\system32\drivers
17:15:02.379 Service scanning
17:15:14.707 Modules scanning
17:15:31.301 Disk 0 trace - called modules:
17:15:31.317 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
17:15:31.317 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x823db9c0]
17:15:31.363 3 CLASSPNP.SYS[f8581fd7] -> nt!IofCallDriver -> \Device\00000063[0x82345500]
17:15:31.379 5 ACPI.sys[f84f8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x82345618]
17:15:32.863 AVAST engine scan C:\WINDOWS
17:15:36.207 AVAST engine scan C:\WINDOWS\system32
17:16:25.442 File: C:\WINDOWS\system32\hkcmd.exe **INFECTED** Win32:Malware-gen
17:18:10.473 AVAST engine scan C:\WINDOWS\system32\drivers
17:18:23.285 AVAST engine scan C:\Documents and Settings\USER
17:19:24.692 File: C:\Documents and Settings\USER\My Documents\Downloads\Drivers Backup\Intel® 82915G GV 910GL Express Chipset Family\hkcmd.exe **INFECTED** Win32:Malware-gen
17:19:37.551 AVAST engine scan C:\Documents and Settings\All Users
17:19:44.957 Scan finished successfully
17:21:46.207 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\USER\Desktop\MBR.dat"
17:21:46.238 The log file has been saved successfully to "C:\Documents and Settings\USER\Desktop\aswMBR.txt"

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/5/2012 5:02:52 PM
System Uptime: 10/4/2012 8:21:18 PM (45 hours ago)
.
Motherboard: Hewlett-Packard | | 09E0h
Processor: Intel® Pentium® 4 CPU 3.00GHz | XU1 PROCESSOR | 2992/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 54.426 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP10: 9/11/2012 10:54:14 AM - Software Distribution Service 3.0
RP11: 9/15/2012 9:15:35 AM - Software Distribution Service 3.0
RP12: 9/15/2012 12:14:05 PM - avast! Free Antivirus Setup
RP13: 9/15/2012 12:17:48 PM - Software Distribution Service 3.0
RP14: 9/15/2012 1:45:03 PM - Software Distribution Service 3.0
RP15: 9/16/2012 2:31:29 PM - System Checkpoint
RP16: 9/17/2012 7:40:34 AM - Software Distribution Service 3.0
RP17: 9/18/2012 8:15:40 AM - System Checkpoint
RP18: 9/18/2012 8:22:56 PM - Software Distribution Service 3.0
RP19: 9/19/2012 8:22:09 PM - Software Distribution Service 3.0
RP20: 9/20/2012 8:21:28 PM - Software Distribution Service 3.0
RP21: 9/21/2012 8:50:18 PM - System Checkpoint
RP22: 9/22/2012 5:12:17 AM - Software Distribution Service 3.0
RP23: 9/22/2012 8:57:42 AM - Software Distribution Service 3.0
RP24: 9/22/2012 8:39:34 AM - System Checkpoint
RP25: 9/23/2012 1:53:29 AM - Software Distribution Service 3.0
RP26: 9/23/2012 6:22:53 AM - Software Distribution Service 3.0
RP27: 9/24/2012 2:02:37 PM - System Checkpoint
RP28: 9/25/2012 2:05:18 PM - Software Distribution Service 3.0
RP29: 9/26/2012 2:04:51 PM - Software Distribution Service 3.0
RP30: 9/26/2012 2:42:21 PM - Software Distribution Service 3.0
RP31: 9/27/2012 3:00:14 AM - Software Distribution Service 3.0
RP32: 9/27/2012 6:32:53 AM - Software Distribution Service 3.0
RP33: 9/27/2012 4:04:12 PM - Software Distribution Service 3.0
RP34: 9/28/2012 3:00:15 AM - Software Distribution Service 3.0
RP35: 9/28/2012 12:17:54 PM - Software Distribution Service 3.0
RP36: 9/28/2012 4:04:27 PM - Software Distribution Service 3.0
RP37: 9/29/2012 2:11:13 PM - Installed AVG 2013
RP38: 9/29/2012 2:11:50 PM - Installed AVG 2013
RP39: 9/29/2012 4:17:57 PM - Software Distribution Service 3.0
RP40: 9/29/2012 4:41:33 PM - Software Distribution Service 3.0
RP41: 9/30/2012 1:47:11 AM - Software Distribution Service 3.0
RP42: 9/30/2012 3:41:34 PM - Restore Operation
RP43: 9/30/2012 3:53:40 PM - Removed AVG 2013
RP44: 9/30/2012 3:56:15 PM - Removed AVG 2013
RP45: 9/30/2012 4:04:21 PM - Removed COMODO Internet Security
RP46: 9/30/2012 4:05:41 PM - Removed GeekBuddy.
RP47: 10/1/2012 4:10:57 PM - System Checkpoint
RP48: 10/1/2012 5:41:27 PM - Software Distribution Service 3.0
RP49: 10/2/2012 2:00:46 PM - Software Distribution Service 3.0
RP50: 10/3/2012 4:36:50 AM - Restore Operation
RP51: 10/3/2012 4:43:37 AM - Restore Operation
RP52: 10/3/2012 5:31:13 PM - Removed Ad-Aware Antivirus.
RP53: 10/3/2012 5:50:04 PM - avast! Free Antivirus Setup
RP54: 10/3/2012 7:12:32 PM - avast! Free Antivirus Setup
RP55: 10/4/2012 8:52:16 PM - System Checkpoint
RP56: 10/5/2012 9:25:32 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
avast! Free Antivirus
Broadcom NetXtreme Ethernet Controller
Card Player Poker
CCleaner
ConvertHelper 2.2
Foxit Reader
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HyperCam 2
Intel® Graphics Media Accelerator Driver
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SoundMAX
SpywareBlaster 4.6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2736233)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
Yontoo 1.10.02
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm LTD Toolbar
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
9/30/2012 5:39:47 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/30/2012 5:39:46 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
9/30/2012 2:04:31 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
9/30/2012 1:58:13 PM, error: Dhcp [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 000FFE2B5C02 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
9/29/2012 4:31:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG WatchDog service to connect.
9/29/2012 4:31:58 PM, error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/29/2012 1:37:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
9/29/2012 1:37:22 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
10/3/2012 5:36:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
10/3/2012 4:13:46 AM, error: Service Control Manager [7034] - The Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
10/2/2012 1:52:17 PM, error: System Error [1003] - Error code 1000000a, parameter1 82560d14, parameter2 0000001c, parameter3 00000000, parameter4 804e1468.
10/1/2012 5:32:02 PM, error: Service Control Manager [7022] - The GFI VIPRE Antivirus Service service hung on starting.
.
==== End Of File ===========================


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by USER at 17:51:35 on 2012-10-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.34 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=9C6565AA9EF6FAD83831A0506A2FD324
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347741755031
TCP: DhcpNameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{A703C64C-4D79-4A58-8889-9FF606E74E8A} : DhcpNameServer = 192.168.1.1 4.2.2.2
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\dfm8594y.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - b470299b-1f6a-4e9a-a41c-2214e6aeea37
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-3 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-3 355632]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2012-8-29 526640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-3 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-3 44808]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-8-30 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-8-30 497320]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-29 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-29 676936]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-29 22856]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-15 250568]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-9-15 114144]
.
=============== Created Last 30 ================
.
2012-10-05 19:45:59 -------- d-----w- c:\windows\system32\NtmsData
2012-10-05 18:51:26 -------- d-----w- c:\program files\Yontoo
2012-10-05 18:51:15 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2012-10-05 17:44:45 -------- d-----w- c:\program files\Cobian Backup 11
2012-10-05 15:55:17 -------- d-----w- c:\program files\Trend Micro
2012-10-04 02:13:41 729752 ------w- c:\windows\system32\drivers\aswSnx.sys
2012-10-04 02:12:57 41224 ------w- c:\windows\avastSS.scr
2012-10-04 00:52:41 -------- d-----w- c:\documents and settings\user\application data\#ISW.FS#
2012-10-03 11:42:09 -------- d-----w- c:\program files\MSXML 4.0
2012-10-03 11:41:44 -------- d-----w- c:\documents and settings\user\local settings\application data\Downloaded Installations
2012-10-03 11:41:44 -------- d-----w- c:\documents and settings\user\application data\blekko
2012-10-02 00:28:15 -------- d-----w- c:\documents and settings\user\application data\LavasoftStatistics
2012-09-30 23:13:38 -------- d-----w- c:\program files\CheckPoint
2012-09-30 23:06:16 -------- d-----w- c:\windows\system32\appmgmt
2012-09-30 22:55:56 -------- d-----w- c:\documents and settings\user\local settings\application data\Avg2013
2012-09-30 22:37:42 -------- d-----w- c:\documents and settings\user\application data\TuneUp Software
2012-09-30 22:18:40 -------- d-----w- c:\documents and settings\user\application data\Foxit Software
2012-09-30 22:04:28 -------- d-----w- C:\7ce7a4fe5a152ab22030d172a2
2012-09-30 12:34:16 -------- d-----w- c:\windows\pss
2012-09-29 22:48:51 -------- d-----w- c:\documents and settings\user\application data\PokerCreations
2012-09-29 22:19:07 -------- d-----w- c:\documents and settings\all users\application data\CPA_VA
2012-09-29 22:07:30 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2012-09-29 22:06:38 1060864 ------w- c:\windows\system32\mfc71.dll
2012-09-29 22:06:37 348160 ------w- c:\windows\system32\msvcr71.dll
2012-09-29 22:06:35 1700352 ------w- c:\windows\system32\gdiplus.dll
2012-09-29 19:50:34 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
2012-09-29 19:50:13 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-09-29 19:50:09 22856 ------w- c:\windows\system32\drivers\mbam.sys
2012-09-29 19:50:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-29 19:42:11 118784 ------w- c:\windows\system32\MSSTDFMT.DLL
2012-09-29 19:42:11 1071088 ------w- c:\windows\system32\MSCOMCTL.OCX
2012-09-29 19:41:27 -------- d-----w- c:\program files\SpywareBlaster
2012-09-29 19:32:49 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-09-29 19:32:48 -------- d-----w- c:\documents and settings\user\local settings\application data\MFAData
2012-09-29 19:32:48 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-09-28 21:00:11 -------- d-----w- c:\program files\ConvertHelper
2012-09-28 18:37:48 -------- d-----w- c:\documents and settings\user\application data\Card Player Poker
2012-09-28 18:37:44 -------- d-----w- c:\documents and settings\user\local settings\application data\Card Player Poker
2012-09-27 10:07:52 -------- d-----w- c:\windows\system32\XPSViewer
2012-09-27 10:07:13 89088 ------w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-09-27 10:06:53 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-09-27 10:06:53 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-09-27 10:06:53 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-09-27 10:06:53 117760 ------w- c:\windows\system32\prntvpt.dll
2012-09-27 10:06:52 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-09-27 10:06:52 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-09-27 10:06:52 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-09-27 10:06:52 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-09-27 03:01:39 -------- d-----w- c:\program files\CCleaner
2012-09-18 04:48:14 -------- d-----w- c:\program files\Foxit Software
2012-09-16 04:58:01 5504 -c----w- c:\windows\system32\dllcache\mstee.sys
2012-09-16 04:58:01 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2012-09-15 21:17:17 -------- d-----w- c:\documents and settings\user\local settings\application data\Mozilla
2012-09-15 21:17:00 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-15 21:03:17 -------- d-----w- c:\program files\HyperCam 2
2012-09-15 21:02:51 -------- d-----w- c:\documents and settings\user\local settings\application data\Google
2012-09-15 20:56:22 -------- d-----w- c:\documents and settings\user\Downloads
2012-09-15 20:31:58 -------- d-----w- c:\documents and settings\user\application data\CheckPoint
2012-09-15 20:24:07 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2012-09-15 19:14:05 -------- d-----w- c:\program files\AVAST Software
2012-09-15 19:14:05 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-09-15 16:10:10 73416 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-15 16:10:10 696520 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-09-11 17:56:55 -------- d-sh--w- c:\documents and settings\user\IECompatCache
.
==================== Find3M ====================
.
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 17:53:46.30 ===============

Attached File  MBR.zip   499bytes   0 downloads

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:21 AM

Posted 07 October 2012 - 07:24 AM

Lets check the integrity of this file c:\windows\system32\hkcmd.exe

>>> Run Jotti's malware scan: Please copy this line (in bold):
c:\windows\system32\hkcmd.exe
  • Go to Jotti's malware scan and click the Browse button,
  • A window will open, right-click in the File name field and choose Paste.
  • Click the Submit button and let the scan run uninterrupted.
  • At the end right-click the Permalink button and choose "Copy the link". Posted Image
  • Open Notepad (Start => All Programs => Accessories) and click "Edition" => "Paste".
Please copy and paste these Permalink in your next reply.
If Jotti is busy, please go to http://www.virustotal.com
===

In the event that it's been compromised let see if you have a good copy on your Hard disk.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    hkcmd.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    ===

    Remove the AdWare, PUP (Potentially Unwanted Program) identified by this tool.

    Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

===
Note: The log can also be found on your Desktop entitled SystemLook.txt

Please post the log for my review.

Let me know what problem persists.

#5 queensfull

queensfull
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 07 October 2012 - 05:34 PM

Hello nasdaq here are the results.

http://virusscan.jotti.org/en/scanresult/026e958141161104f659578015df9fe3818e7341/cefac60f19585dc32acb2558cb28447945fbae26

SystemLook 30.07.11 by jpshortstuff
Log created at 15:02 on 07/10/2012 by USER
Administrator - Elevation successful

========== filefind ==========

Searching for "hkcmd.exe"
C:\Documents and Settings\USER\My Documents\Downloads\Drivers Backup\Intel® 82915G GV 910GL Express Chipset Family\hkcmd.exe ------- 163840 bytes [19:34 31/07/2012] [17:47 13/01/2007] DDE4A991F26179573D2CFA7A093F56FA
C:\swsetup\SP35952\Graphics\hkcmd.exe ------- 163840 bytes [17:47 13/01/2007] [17:47 13/01/2007] DDE4A991F26179573D2CFA7A093F56FA
C:\WINDOWS\system32\hkcmd.exe ------- 163840 bytes [19:34 31/07/2012] [17:47 13/01/2007] DDE4A991F26179573D2CFA7A093F56FA
C:\WINDOWS\system32\DRVSTORE\igxp32_757949EFDD70357EE37252D828ACA09CDF5C75B7\hkcmd.exe -----c- 163840 bytes [19:34 31/07/2012] [17:47 13/01/2007] DDE4A991F26179573D2CFA7A093F56FA

-= EOF =-
# AdwCleaner v2.004 - Logfile created 10/07/2012 at 15:15:25
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : USER - USER-9AE4383ECF
# Boot Mode : Normal
# Running from : C:\Documents and Settings\USER\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\user.js
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\dfm8594y.default\extensions\plugin@yontoo.com
Folder Deleted : C:\Program Files\Yontoo

***** [Registry] *****

Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\Software\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\dfm8594y.default\prefs.js

C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\dfm8594y.default\user.js ... Deleted !
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\USER Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5753 octets] - [07/10/2012 15:09:28]
AdwCleaner[S1].txt - [5763 octets] - [07/10/2012 15:15:25]

########## EOF - C:\AdwCleaner[S1].txt - [5823 octets] ##########

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:21 AM

Posted 08 October 2012 - 09:27 AM

Please run these tools.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
===

Please post the logs and let me know if the problem persists.

#7 queensfull

queensfull
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 09 October 2012 - 04:34 PM

I ran all the tools and here are the results:

ComboFix 12-10-09.01 - USER 10/09/2012 14:01:57.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.154 [GMT -7:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))
.
.
2012-10-09 03:50 . 2012-10-09 03:50 9575864 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-10-05 19:45 . 2012-10-05 21:12 -------- d-----w- c:\windows\system32\NtmsData
2012-10-05 17:44 . 2012-10-05 20:30 -------- d-----w- c:\program files\Cobian Backup 11
2012-10-05 15:55 . 2012-10-05 15:55 -------- d-----w- c:\program files\Trend Micro
2012-10-04 02:13 . 2012-08-21 09:13 355632 ------w- c:\windows\system32\drivers\aswSP.sys
2012-10-04 02:13 . 2012-08-21 09:13 21256 ------w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-04 02:13 . 2012-08-21 09:13 54232 ------w- c:\windows\system32\drivers\aswTdi.sys
2012-10-04 02:13 . 2012-08-21 09:13 35928 ------w- c:\windows\system32\drivers\aswRdr.sys
2012-10-04 02:13 . 2012-08-21 09:13 729752 ------w- c:\windows\system32\drivers\aswSnx.sys
2012-10-04 02:13 . 2012-08-21 09:13 97608 ------w- c:\windows\system32\drivers\aswmon2.sys
2012-10-04 02:13 . 2012-08-21 09:13 89624 ------w- c:\windows\system32\drivers\aswmon.sys
2012-10-04 02:13 . 2012-08-21 09:13 25256 ------w- c:\windows\system32\drivers\aavmker4.sys
2012-10-04 02:12 . 2012-08-21 09:12 41224 ------w- c:\windows\avastSS.scr
2012-10-04 02:12 . 2012-08-21 09:12 227648 ------w- c:\windows\system32\aswBoot.exe
2012-10-04 00:52 . 2012-10-07 00:01 -------- d-----w- c:\documents and settings\USER\Application Data\#ISW.FS#
2012-10-03 11:42 . 2012-10-03 11:42 -------- d-----w- c:\program files\MSXML 4.0
2012-10-03 11:41 . 2012-10-03 11:41 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\Downloaded Installations
2012-10-03 11:41 . 2012-10-03 11:41 -------- d-----w- c:\documents and settings\USER\Application Data\blekko
2012-10-02 00:30 . 2012-10-02 00:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus
2012-10-02 00:28 . 2012-10-02 00:28 -------- d-----w- c:\documents and settings\USER\Application Data\LavasoftStatistics
2012-09-30 23:13 . 2012-10-03 11:41 -------- d-----w- c:\program files\CheckPoint
2012-09-30 22:55 . 2012-09-30 22:55 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\Avg2013
2012-09-30 22:38 . 2012-09-30 22:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\TightVNC
2012-09-30 22:37 . 2012-09-30 22:37 -------- d-----w- c:\documents and settings\USER\Application Data\TuneUp Software
2012-09-30 22:18 . 2012-09-30 22:18 -------- d-----w- c:\documents and settings\USER\Application Data\Foxit Software
2012-09-30 22:04 . 2012-09-30 22:04 -------- d-----w- C:\7ce7a4fe5a152ab22030d172a2
2012-09-29 22:48 . 2012-09-30 22:38 -------- d-----w- c:\documents and settings\USER\Application Data\PokerCreations
2012-09-29 22:19 . 2012-09-29 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA
2012-09-29 22:07 . 2012-09-30 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2012-09-29 22:06 . 2012-09-29 22:06 1060864 ------w- c:\windows\system32\mfc71.dll
2012-09-29 22:06 . 2012-09-29 22:06 348160 ------w- c:\windows\system32\msvcr71.dll
2012-09-29 22:06 . 2012-09-29 22:06 1700352 ------w- c:\windows\system32\gdiplus.dll
2012-09-29 19:50 . 2012-09-29 19:50 -------- d-----w- c:\documents and settings\USER\Application Data\Malwarebytes
2012-09-29 19:50 . 2012-09-29 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-09-29 19:50 . 2012-09-30 22:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-29 19:50 . 2012-09-08 00:04 22856 ------w- c:\windows\system32\drivers\mbam.sys
2012-09-29 19:42 . 2010-01-11 01:40 118784 ------w- c:\windows\system32\MSSTDFMT.DLL
2012-09-29 19:42 . 2010-01-11 01:40 1071088 ------w- c:\windows\system32\MSCOMCTL.OCX
2012-09-29 19:41 . 2012-10-04 02:26 -------- d-----w- c:\program files\SpywareBlaster
2012-09-29 19:32 . 2012-09-29 19:32 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-09-29 19:32 . 2012-09-30 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-09-29 19:32 . 2012-09-29 19:32 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\MFAData
2012-09-28 21:00 . 2012-09-30 22:18 -------- d-----w- c:\program files\ConvertHelper
2012-09-28 18:37 . 2012-09-28 18:38 -------- d-----w- c:\documents and settings\USER\Application Data\Card Player Poker
2012-09-28 18:37 . 2012-09-30 22:18 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\Card Player Poker
2012-09-27 10:07 . 2012-09-30 22:16 -------- d-----w- c:\windows\system32\XPSViewer
2012-09-27 10:07 . 2012-09-27 10:07 -------- d-----w- c:\program files\MSBuild
2012-09-27 10:07 . 2012-09-27 10:07 -------- d-----w- c:\program files\Reference Assemblies
2012-09-27 10:07 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-09-27 10:06 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-09-27 10:06 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-09-27 10:06 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-09-27 10:06 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-09-27 10:06 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-09-27 10:06 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-09-27 10:06 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-09-27 10:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-09-27 03:01 . 2012-09-27 03:01 -------- d-----w- c:\program files\CCleaner
2012-09-18 04:48 . 2012-09-18 04:48 -------- d-----w- c:\program files\Foxit Software
2012-09-16 04:58 . 2008-04-13 18:39 5504 -c----w- c:\windows\system32\dllcache\mstee.sys
2012-09-16 04:58 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2012-09-15 21:17 . 2012-09-15 21:17 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\Mozilla
2012-09-15 21:17 . 2012-09-15 21:17 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-15 21:03 . 2012-10-03 11:39 -------- d-----w- c:\program files\HyperCam 2
2012-09-15 21:02 . 2012-09-15 21:02 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\Google
2012-09-15 20:56 . 2012-10-06 23:59 -------- d-----w- c:\documents and settings\USER\Downloads
2012-09-15 20:31 . 2012-09-15 20:31 -------- d-----w- c:\documents and settings\USER\Application Data\CheckPoint
2012-09-15 20:24 . 2012-09-15 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2012-09-15 19:15 . 2012-09-15 19:15 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-09-15 19:14 . 2012-10-04 02:12 -------- d-----w- c:\program files\AVAST Software
2012-09-15 19:14 . 2012-10-04 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-09-11 17:56 . 2012-09-11 17:56 -------- d-sh--w- c:\documents and settings\USER\IECompatCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 15:14 . 2004-08-04 00:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-04 00:56 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-04 00:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-03 22:59 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-04 00:56 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2004-08-03 23:18 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-09-06 01:27 . 2012-09-15 21:16 266720 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ------w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-08-30 738984]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-08-29 73392]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/3/2012 7:13 PM 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/3/2012 7:13 PM 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/3/2012 7:13 PM 21256]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [8/30/2012 4:03 AM 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [8/30/2012 4:03 AM 497320]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/29/2012 12:50 PM 399432]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/29/2012 12:50 PM 676936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [9/15/2012 9:10 AM 250808]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/29/2012 12:50 PM 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [9/15/2012 2:17 PM 114144]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-15 20:33]
.
2012-10-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-04 09:12]
.
2012-10-09 c:\windows\Tasks\User_Feed_Synchronization-{58C7ABD5-DCCA-43D1-A72E-9C4072B845C1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=9C6565AA9EF6FAD83831A0506A2FD324
TCP: DhcpNameServer = 192.168.1.1 4.2.2.2
FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\dfm8594y.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Ad-Aware Browsing Protection - c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-09 14:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(780)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(2312)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-10-09 14:10:05
ComboFix-quarantined-files.txt 2012-10-09 21:10
.
Pre-Run: 55,242,555,392 bytes free
Post-Run: 55,223,635,968 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 68B1B1CAC4057033F5BB160A208122B2

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
a
v
a
s
t
!
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
SpywareBlaster 4.6
Malwarebytes Anti-Malware version 1.65.0.1400
HijackThis 2.0.2
CCleaner
Adobe Flash Player 11.4.402.265
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 35% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

# AdwCleaner v2.004 - Logfile created 10/09/2012 at 14:24:25
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : USER - USER-9AE4383ECF
# Boot Mode : Normal
# Running from : C:\Documents and Settings\USER\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\dfm8594y.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\USER Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5753 octets] - [07/10/2012 15:09:28]
AdwCleaner[S1].txt - [5892 octets] - [07/10/2012 15:15:25]
AdwCleaner[S2].txt - [1053 octets] - [09/10/2012 14:24:25]

########## EOF - C:\AdwCleaner[S2].txt - [1113 octets] ##########

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:21 AM

Posted 10 October 2012 - 08:43 AM

Looking good.

Using the Add/Remove Programs appler remove this old version HijackThis 2.0.2

===

Total Fragmentation on Drive C:: 35% Defragment your hard drive soon! (Do NOT defrag if SSD!)
This may take some time. Do it when you know you will not need the computer for a few hours.

===

Your logs are clean. Just to be on the safe side I suggest your run this on-line scan.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

When you decide to do some banking on line I suggest you change your password.

#9 queensfull

queensfull
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 10 October 2012 - 08:58 PM

Happy to hear some good news, I will be changing all my old passwords. Here is the result for esetscan:

C:\System Volume Information\_restore{8612A512-3749-4C5F-A751-8C0772DE192E}\RP30\A0009004.dll a variant of Win32/Toolbar.CrossRider.A application
C:\System Volume Information\_restore{8612A512-3749-4C5F-A751-8C0772DE192E}\RP57\A0031536.dll a variant of Win32/Adware.Yontoo.B application
C:\System Volume Information\_restore{8612A512-3749-4C5F-A751-8C0772DE192E}\RP57\A0031540.dll a variant of Win32/Adware.Yontoo.B application
C:\System Volume Information\_restore{8612A512-3749-4C5F-A751-8C0772DE192E}\RP57\A0031541.dll a variant of Win32/Adware.Yontoo.A application

Thank You
Kingsfull

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:21 AM

Posted 11 October 2012 - 09:08 AM

Nothing suspicious was removed. The items were in a restore point and now removed.

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#11 queensfull

queensfull
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 12 October 2012 - 08:58 AM

I removed adwcleaner and combofix but I might have made a mistake when I ran eset online scanner. I know you told me to check scan archives but I unchecked the remove found threats.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:21 AM

Posted 18 October 2012 - 08:41 AM

No problems.

What was found were bad items in the restore point.

#13 queensfull

queensfull
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 18 October 2012 - 05:43 PM

O.K. Thanks Nasdaq for all your help, we are lucky to have people like you dedicated to their field of expertise.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users