Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Crash Randomly


  • This topic is locked This topic is locked
65 replies to this topic

#1 Auto99

Auto99

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 01 January 2014 - 03:34 PM

hi, i have a windows XP SP3, my computer started to reboot randomly, every day or 2, i scanned with Avast and it didnt returned any infection, then with Anti malwarbytes and it also had no infection, so i ran combofix, and it got a few infections, so it started to take care of it, and then it asked to restart, when the system came back, the desktop disappeared the only thing what was on screen was the box from combo fix with a blinking line, was there for about an hour without seeing any results i did a hard reboot, and then i got back to my desktop, but the computer is still crashing.

 

 i inspected the Dump file, and i got IRQL_NOT_LESS_OR_EQUAL and caused by driver tcpip.sys, and i am having 4 files highlighted which are 

aswTdi.sys = avast! Antivirus

bckd.sys = K9 Web Protection

ntoskrnl.exe

tcpip.sys

 

now my question is, any help on this?

Attached Files

  • Attached File  dds.txt   11.81KB   6 downloads


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:46 PM

Posted 06 January 2014 - 03:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/519267 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Auto99

Auto99
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 07 January 2014 - 10:38 AM

here is my new DDS and Attach files.
 
DDS
------
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by zing at 10:25:12 on 2014-01-07
Microsoft Windows XP Professional  5.1.2600.3.1255.972.1033.18.2001.1363 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Syncovery\SyncoveryVSS.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = ftp://xx.xx.xxx.x/
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Syncovery Background Scheduler] "c:\program files\syncovery\SyncoveryService.exe" /TIMERASAPP /STARTUP
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [LangOver] c:\program files\langover\LangOver.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
TCP: NameServer = 192.168.1.10
TCP: Interfaces\{8862432C-DD62-4E82-8878-96D72A85F47D} : DHCPNameServer = 192.168.1.10
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-10-15 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-10-15 180248]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2012-9-12 161072]
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2012-9-12 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2012-9-12 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2012-9-12 13616]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-10-15 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-10-15 410528]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2013-3-1 91248]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-10-15 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-10-15 50344]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2013-3-1 1717488]
R2 SyncoveryVSSService;SyncoveryVSSService;c:\program files\syncovery\SyncoveryVSS.exe [2013-6-19 3255632]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2013-12-15 5341536]
R3 Zing;Telex Zing Driver;c:\windows\system32\drivers\Zing.sys [2013-6-18 41136]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-6-18 1691480]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2014-01-01 01:38:00 -------- d-----w- c:\documents and settings\zing.******\local settings\application data\File Viewer
2013-12-31 16:32:24 -------- d-----w- c:\documents and settings\zing.******\local settings\application data\Avg2013
2013-12-30 15:54:22 -------- d-----w- c:\windows\pss
2013-12-27 08:36:50 -------- d-----w- c:\windows\ie8updates
2013-12-27 08:36:13 -------- d-----w- c:\program files\MSXML 4.0
2013-12-27 08:21:46 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-12-27 08:11:26 -------- d--h--w- c:\windows\$hf_mig$
2013-12-27 08:07:55 -------- d-----w- c:\windows\SxsCaPendDel
2013-12-26 17:44:51 2193536 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2013-12-26 17:44:51 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2013-12-26 17:44:51 2070144 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2013-12-26 17:44:51 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2013-12-26 17:41:52 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-12-26 17:41:52 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-12-26 17:41:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-12-26 17:41:51 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-12-26 17:41:51 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-12-26 17:41:49 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-12-26 17:41:49 2006016 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-12-26 17:41:49 11113472 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-12-26 17:41:22 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-12-26 17:41:22 14976 -c----w- c:\windows\system32\dllcache\usbscan.sys
2013-12-26 17:39:35 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-12-26 17:37:06 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-12-26 17:37:06 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys
2013-12-26 15:41:27 -------- d-----w- c:\documents and settings\zing.******\application data\ElevatedDiagnostics
2013-12-25 17:28:34 -------- d-sha-r- C:\cmdcons
2013-12-25 17:26:57 98816 ----a-w- c:\windows\sed.exe
2013-12-25 17:26:57 256000 ----a-w- c:\windows\PEV.exe
2013-12-25 17:26:57 208896 ----a-w- c:\windows\MBR.exe
2013-12-13 18:56:52 -------- d-----w- c:\program files\TagRename
2013-12-11 02:31:16 -------- d-----w- c:\documents and settings\zing.******\application data\Avisoft
2013-12-11 02:31:10 -------- d-----w- c:\documents and settings\all users\application data\Avisoft
2013-12-11 02:21:48 -------- d-----w- c:\windows\system32\XPSViewer
2013-12-11 02:20:52 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-12-11 02:20:52 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-12-11 02:20:52 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-12-11 02:20:52 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-12-11 02:20:52 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-12-11 02:20:52 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2013-12-11 02:20:52 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-12-11 02:20:52 117760 ------w- c:\windows\system32\prntvpt.dll
2013-12-08 23:13:42 -------- d-----w- c:\program files\תורת אמת - 352
.
==================== Find3M  ====================
.
2013-12-26 21:27:50 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-26 21:27:50 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-26 21:27:50 43152 ----a-w- c:\windows\avastSS.scr
2013-12-26 21:27:50 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-10 20:29:40 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 20:29:40 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-16 00:38:40 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/18/2013 7:50:32 PM
System Uptime: 1/6/2014 7:48:54 PM (15 hours ago)
.
Motherboard: Intel Corporation | | DQ35JO
Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz | CPU1 | 2989/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 932 GiB total, 751.511 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 298 GiB total, 182.175 GiB free.
T: is NetworkDisk (NTFS) - 932 GiB total, 270.857 GiB free.
U: is NetworkDisk (NTFS) - 181 GiB total, 33.096 GiB free.
Y: is NetworkDisk (NTFS) - 932 GiB total, 652.631 GiB free.
Z: is NetworkDisk (NTFS) - 181 GiB total, 33.096 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_29B4&SUBSYS_4F4A8086&REV_02\3&61AAA01&0&18
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_29B4&SUBSYS_4F4A8086&REV_02\3&61AAA01&0&18
Service:
.
Class GUID:
Description: PCI Serial Port
Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_4F4A8086&REV_02\3&61AAA01&0&1B
Manufacturer:
Name: PCI Serial Port
PNP Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_4F4A8086&REV_02\3&61AAA01&0&1B
Service:
.
==== System Restore Points ===================
.
RP166: 11/24/2013 7:09:59 PM - System Checkpoint
RP167: 11/26/2013 10:47:40 AM - Unsigned printer driver Xerox WorkCentre 7335 PCL6 installed.
RP168: 11/26/2013 11:41:20 AM - Unsigned printer driver Xerox WorkCentre 7335 PS installed.
RP169: 11/27/2013 2:17:36 PM - System Checkpoint
RP170: 11/30/2013 6:19:08 AM - System Checkpoint
RP171: 12/1/2013 2:11:43 PM - System Checkpoint
RP172: 12/2/2013 11:29:44 PM - System Checkpoint
RP173: 12/4/2013 9:50:00 AM - System Checkpoint
RP174: 12/5/2013 2:16:17 PM - System Checkpoint
RP175: 12/8/2013 2:12:42 PM - System Checkpoint
RP176: 12/8/2013 5:40:24 PM - Revo Uninstaller's restore point - úåøú àîú - 348
RP177: 12/10/2013 9:21:08 PM - Installed Windows KB954550-v5.
RP178: 12/10/2013 9:21:17 PM - Printer Driver Microsoft XPS Document Writer Installed
RP179: 12/10/2013 9:27:35 PM - Printer Driver Microsoft XPS Document Writer Installed
RP180: 12/10/2013 9:30:21 PM - Installed Sunset Reminder
RP181: 12/12/2013 1:50:51 AM - System Checkpoint
RP182: 12/13/2013 1:50:56 PM - Revo Uninstaller's restore point - Tag&Rename 3.7
RP183: 12/13/2013 1:51:00 PM - Revo Uninstaller's restore point - Tag&Rename 3.7
RP184: 12/14/2013 1:58:01 PM - System Checkpoint
RP185: 12/15/2013 5:41:22 PM - System Checkpoint
RP186: 12/16/2013 8:12:10 PM - System Checkpoint
RP187: 12/18/2013 7:21:14 PM - System Checkpoint
RP188: 12/19/2013 10:14:45 PM - System Checkpoint
RP189: 12/22/2013 2:02:55 AM - System Checkpoint
RP190: 12/23/2013 12:52:44 PM - System Checkpoint
RP191: 12/23/2013 5:04:55 PM - Revo Uninstaller's restore point - Free Alarm Clock 2.7.1
RP192: 12/23/2013 5:05:37 PM - Revo Uninstaller's restore point - Free Alarm Clock 2.7.1
RP193: 12/24/2013 7:21:33 PM - System Checkpoint
RP194: 12/25/2013 7:28:58 PM - System Checkpoint
RP195: 12/26/2013 10:39:57 AM - Installed %1 %2.
RP196: 12/26/2013 4:27:06 PM - avast! antivirus system restore point
RP197: 12/27/2013 3:00:22 AM - Software Distribution Service 3.0
RP198: 12/28/2013 3:00:32 AM - Software Distribution Service 3.0
RP199: 12/29/2013 3:25:05 AM - System Checkpoint
RP200: 12/30/2013 3:59:59 AM - System Checkpoint
RP201: 12/31/2013 4:56:19 AM - System Checkpoint
RP202: 12/31/2013 8:40:32 PM - Revo Uninstaller's restore point - File Identifier version 1.0.3
RP203: 12/31/2013 8:57:04 PM - Revo Uninstaller's restore point - File Viewer version 1.0.2
RP204: 1/1/2014 11:14:29 AM - Revo Uninstaller's restore point - Sunset Reminder
RP205: 1/1/2014 11:14:39 AM - Removed Sunset Reminder
RP206: 1/2/2014 11:57:33 AM - System Checkpoint
RP207: 1/3/2014 12:13:01 PM - System Checkpoint
RP208: 1/4/2014 1:08:22 PM - System Checkpoint
RP209: 1/5/2014 3:10:36 PM - System Checkpoint
RP210: 1/6/2014 3:12:21 PM - System Checkpoint
.
==== Installed Programs ======================
.
úåøú àîú - 352
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05) MUI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASAPI Update
AudioShell 1.3.5
avast! Free Antivirus
Blue Coat K9 Web Protection
Bonjour
CCleaner
ConverterLite 1.6.3
Data
Dropbox
Easy CD-DA Extractor 16
EZ Vinyl/Tape Converter 7.4 by MixMeister
FileZilla Client 3.7.3
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB954550-v5)
Image Resizer Powertoy for Windows XP
Intel® Graphics Media Accelerator Driver
Intel® Network Connections 15.3.68.0
iTunes
Java 7 Update 45
Java Auto Updater
Kaluach3
Kerio Outlook Connector
LangOver 5.0
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP3 Parser (KB2758694)
Noise Reduction Plug-in 2.0i
Realtek High Definition Audio Driver
Renamer (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB941569)
Sound Forge Pro 10.0
Steinberg WaveLab 5.01b
Syncovery 6.19
Tag&Rename 3.5.4
TeamViewer 9
Telex Zing Versatile Audio Digitizer
Unlocker 1.9.2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Windows XP (KB2749655)
Update for Windows XP (KB2904266)
Visual Studio 2012 x86 Redistributables
VLC media player 2.1.2
VNC Enterprise Edition E4.5.3
VNC Mirror Driver 1.8.0
VNC Printer Driver 1.6.0
WebFldrs XP
Windows Media Player 11
Windows PowerShell™ 1.0
Windows Search 4.0
WinRAR archiver
YouSendIt Express
.
==== Event Viewer Messages From Past Week ========
.
12/31/2013 8:23:35 PM, error: System Error [1003] - Error code 1000000a, parameter1 000001e1, parameter2 00000002, parameter3 00000000, parameter4 804e5fa3.
12/31/2013 8:22:04 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TeamViewer9 service.
12/31/2013 10:59:50 AM, error: System Error [1003] - Error code 1000000a, parameter1 00000016, parameter2 0000001c, parameter3 00000000, parameter4 804fa2d6.
1/6/2014 6:29:11 PM, error: Kerberos [4] - The kerberos client received a KRB_AP_ERR_MODIFIED error from the server GRAPHICS$. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (KOLTORAHONLINE.LOCAL), and the client realm. Please contact your system administrator.
1/6/2014 12:10:57 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WSearch service.
1/3/2014 3:00:39 AM, error: Kerberos [4] - The kerberos client received a KRB_AP_ERR_MODIFIED error from the server yona-pc$. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (KOLTORAHONLINE.LOCAL), and the client realm. Please contact your system administrator.
.
==== End Of File ===========================

============= FINISH: 10:25:30.65 ===============

Attached Files


Edited by Oh My, 10 January 2014 - 06:49 PM.
Posted Attach log


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,710 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:46 PM

Posted 10 January 2014 - 06:46 PM

Greetings Auto99 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this for me.

===================================================

Obtaining Current ComboFix.txt

--------------------

Please copy and paste the contents of the following file in your reply.
 

C:\ComboFix.txt


===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Auto99

Auto99
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 13 January 2014 - 02:18 PM

thanks Garry, i just saw your reply, from now on i will check your updates immediately.

i will start working on the above, hope to reply soon with the info.

you can call me Sam. :)

and thanks again for your efforts.



#6 Auto99

Auto99
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 13 January 2014 - 02:35 PM

combofix
---------------
ComboFix 13-12-24.02 - zing 12/25/2013  14:17:49.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1255.972.1033.18.2001.1337 [GMT -5:00]
Running from: c:\documents and settings\zing.KOLTORAHONLINE\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\bb6813d7edc1a7e1.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\PowerToyReadme.htm
.
-- Previous Run --
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected 
Restored copy from - c:\system volume information\_restore{A5E75C56-2E27-4241-8E81-A090C5B29D3D}\RP193\A0057808.exe 
.
--------
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Asapi
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-25 to 2013-12-25  )))))))))))))))))))))))))))))))
.
.
2013-12-25 17:07 . 2013-12-25 17:07 -------- d-----w- c:\documents and settings\Administrator
2013-12-13 18:56 . 2013-12-13 18:57 -------- d-----w- c:\program files\TagRename
2013-12-11 02:31 . 2013-12-11 02:31 -------- d-----w- c:\documents and settings\zing.KOLTORAHONLINE\Application Data\Avisoft
2013-12-11 02:31 . 2013-12-11 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Avisoft
2013-12-11 02:30 . 2013-12-11 02:30 -------- d-----w- c:\program files\Avisoft
2013-12-11 02:21 . 2013-12-11 02:21 -------- d-----w- c:\windows\system32\XPSViewer
2013-12-11 02:21 . 2013-12-11 02:21 -------- d-----w- c:\program files\Reference Assemblies
2013-12-11 02:20 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-12-11 02:20 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-12-11 02:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-12-11 02:20 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2013-12-11 02:20 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-12-11 02:20 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2013-12-11 02:20 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-12-11 02:20 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-12-08 23:13 . 2013-12-08 23:15 -------- d-----w- c:\program files\תורת אמת - 352
2013-11-26 16:42 . 2013-11-26 16:43 -------- d-----w- c:\documents and settings\zing.KOLTORAHONLINE\Application Data\Xerox
2013-11-26 16:36 . 2013-11-26 16:36 -------- d-----w- C:\xerox
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-10 20:29 . 2008-04-14 12:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 20:29 . 2008-04-14 12:00 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-13 08:39 . 2013-10-16 00:38 403440 ----a-w- c:\windows\system32\drivers\aswsp.sys
2013-10-16 00:38 . 2013-10-16 00:38 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-10-16 00:38 . 2013-10-16 00:38 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-16 00:38 . 2013-10-16 00:38 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-16 00:38 . 2013-10-16 00:38 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-16 00:38 . 2013-10-16 00:38 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-16 00:38 . 2013-10-16 00:38 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-10-16 00:38 . 2013-10-16 00:38 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-10-16 00:38 . 2013-10-16 00:38 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-10-16 00:38 . 2013-10-16 00:38 43152 ----a-w- c:\windows\avastSS.scr
2013-10-08 11:50 . 2013-10-22 14:00 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-08 11:29 . 2013-10-22 14:00 145408 ----a-w- c:\windows\system32\javacpl.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-09-12 . E17798E1E6FF1CA9C67B8576570E05EE . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-16 00:38 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\zing.KOLTORAHONLINE\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\zing.KOLTORAHONLINE\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\zing.KOLTORAHONLINE\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\zing.KOLTORAHONLINE\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-29 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-29 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-29 142360]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-15 19576424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Syncovery Background Scheduler"="c:\program files\Syncovery\SyncoveryService.exe" [2012-12-06 15261520]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-10-21 3567800]
"LangOver"="c:\program files\LangOver\LangOver.exe" [2009-02-10 1257472]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\zing.KOLTORAHONLINE\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\zing.KOLTORAHONLINE\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-12-17 30714312]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Avisoft Sunset Reminder.lnk - c:\windows\Installer\{5BBA80C1-70D1-4718-BE5E-48A211841F99}\_072E4D003806622ED4FFE4.exe [2013-12-10 353118]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe  /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\zing.KOLTORAHONLINE\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\zing.KOLTORAHONLINE\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [10/15/2013 7:38 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [10/15/2013 7:38 PM 178304]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [9/12/2012 7:55 AM 161072]
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [9/12/2012 7:55 AM 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [9/12/2012 7:55 AM 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [9/12/2012 7:55 AM 13616]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/15/2013 7:38 PM 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [10/15/2013 7:38 PM 403440]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [3/1/2013 6:06 AM 91248]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/15/2013 7:38 PM 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10/15/2013 7:38 PM 70384]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [3/1/2013 6:06 AM 1717488]
R2 SyncoveryVSSService;SyncoveryVSSService;c:\program files\Syncovery\SyncoveryVSS.exe [6/19/2013 10:00 AM 3255632]
R2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [12/15/2013 7:19 PM 5341536]
R3 Zing;Telex Zing Driver;c:\windows\system32\drivers\Zing.sys [6/18/2013 5:53 PM 41136]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/18/2013 7:06 PM 1691480]
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-12 20:29]
.
2013-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2013-12-25 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-10-16 00:38]
.
2013-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1377919801-3167874910-3791750491-1116Core.job
- c:\documents and settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2013-06-18 23:42]
.
2013-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1377919801-3167874910-3791750491-1116UA.job
- c:\documents and settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2013-06-18 23:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = (**Address deleted**)
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.10
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-25 14:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3772)
c:\windows\system32\WININET.dll
c:\program files\TeamViewer\Version9\tv_w32.dll
c:\windows\system32\msi.dll
c:\documents and settings\zing.KOLTORAHONLINE\Application Data\Dropbox\bin\DropboxExt.22.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-12-25  14:24:02
ComboFix-quarantined-files.txt  2013-12-25 19:24
.
Pre-Run: 811,962,314,752 bytes free
Post-Run: 811,926,556,672 bytes free
.
- - End Of File - - 453F78F8E0B73DA870C4D827E8578F0F
8F558EB6672622401DA993E1E865C861
-----------------------------------------------------------
FRST
-----------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-01-2014 02
Ran by zing (administrator) on ZING on 13-01-2014 14:25:19
Running from C:\Documents and Settings\zing.KOLTORAHONLINE\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Super Flexible Software Ltd. & Co. KG) C:\Program Files\Syncovery\SyncoveryVSS.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Syncovery\SyncoveryService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(LangOver.com) C:\Program Files\LangOver\LangOver.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Microsoft Corporation) C:\WINDOWS\winhlp32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [19576424 2010-09-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-10] (Apple Inc.)
HKLM\...\Run: [googletalk] - C:\Program Files\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM\...\Run: [Syncovery Background Scheduler] - C:\Program Files\Syncovery\SyncoveryService.exe [15261520 2012-12-05] ()
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-26] (AVAST Software)
HKLM\...\Run: [LangOver] - C:\Program Files\LangOver\LangOver.exe [1257472 2009-02-10] (LangOver.com)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKU\Administrator\...\Run: [Google Update] - C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [ 2013-06-18] (Google Inc.)
HKU\Default User\...\Run: [Google Update] - C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [ 2013-06-18] (Google Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=122471&babsrc=SP_ss&mntrId=68E50019D17F2ACF
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.10
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/?vm=r&s=1
CHR RestoreOnStartup: "hxxp://www.delta-search.com/?affID=122471&babsrc=HP_ss&mntrId=68E50019D17F2ACF"
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-06-18]
CHR Extension: (Google Drive) - C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-06-18]
CHR Extension: (Google Search) - C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-06-18]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0 [2013-12-26]
CHR Extension: (Google Wallet) - C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-25]
CHR Extension: (Gmail) - C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-06-18]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-10-15]
 
========================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-26] (AVAST Software)
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [1717488 2013-03-01] (Blue Coat Systems, Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
R2 SyncoveryVSSService; C:\Program Files\Syncovery\SyncoveryVSS.exe [3255632 2012-06-25] (Super Flexible Software Ltd. & Co. KG)
S2 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [1484152 2010-04-09] (RealVNC Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2013-12-26] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-12-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-10-15] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2013-12-26] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410528 2013-12-26] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-12-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2013-12-26] ()
R1 bckd; C:\Windows\System32\drivers\bckd.sys [91248 2013-03-01] (Blue Coat Systems, Inc.)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [161072 2011-05-06] (Marvell Semiconductor, Inc.)
R0 mv61xxmm; C:\Windows\System32\Drivers\mv61xxmm.sys [13616 2011-05-06] (Marvell Semiconductor Inc.)
R0 mv64xxmm; C:\Windows\System32\Drivers\mv64xxmm.sys [5632 2012-09-12] (Marvell Semiconductor Inc.)
R0 mvxxmm; C:\Windows\System32\Drivers\mvxxmm.sys [13616 2012-09-12] (Marvell Semiconductor Inc.)
R3 TPM; C:\Windows\System32\DRIVERS\tpm.sys [18048 2008-02-10] (Winbond Electronics Corp.)
R3 vncmirror; C:\Windows\System32\DRIVERS\vncmirror.sys [4608 2010-04-09] (RealVNC Ltd.)
R3 Zing; C:\Windows\System32\Drivers\Zing.sys [41136 2002-05-01] (Telex Corporation)
S3 catchme; \??\C:\DOCUME~1\ZING~1.KOL\LOCALS~1\Temp\catchme.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-13 14:25 - 2014-01-13 14:25 - 00000000 ____D C:\FRST
2014-01-13 14:22 - 2014-01-13 14:22 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-07 20:37 - 2014-01-07 20:37 - 00090112 _____ C:\WINDOWS\Minidump\Mini010714-02.dmp
2014-01-07 11:56 - 2014-01-07 11:56 - 00090112 _____ C:\WINDOWS\Minidump\Mini010714-01.dmp
2014-01-07 10:56 - 2014-01-12 10:54 - 00000360 _____ C:\WINDOWS\Tasks\32-bit-SCAN.job
2014-01-07 10:55 - 2014-01-09 09:59 - 00000364 _____ C:\WINDOWS\Tasks\32-bit-update.job
2014-01-06 19:48 - 2014-01-06 19:48 - 00090112 _____ C:\WINDOWS\Minidump\Mini010614-03.dmp
2014-01-06 15:56 - 2014-01-06 15:56 - 00090112 _____ C:\WINDOWS\Minidump\Mini010614-02.dmp
2014-01-06 12:09 - 2014-01-06 12:09 - 00090112 _____ C:\WINDOWS\Minidump\Mini010614-01.dmp
2014-01-05 12:33 - 2014-01-05 12:33 - 00090112 _____ C:\WINDOWS\Minidump\Mini010514-01.dmp
2014-01-01 15:24 - 2014-01-07 10:34 - 00000000 ____D C:\Documents and Settings\zing.KOLTORAHONLINE\My Documents\dds
2014-01-01 15:23 - 2014-01-07 10:25 - 00012892 _____ C:\Documents and Settings\zing.KOLTORAHONLINE\Desktop\attach.txt
2014-01-01 15:23 - 2014-01-07 10:25 - 00011525 _____ C:\Documents and Settings\zing.KOLTORAHONLINE\Desktop\dds.txt
2014-01-01 15:21 - 2013-12-31 15:02 - 00688992 ____R (Swearware) C:\Documents and Settings\zing.KOLTORAHONLINE\Desktop\dds.com
2013-12-31 20:38 - 2013-12-31 20:57 - 00000000 ____D C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\File Viewer
2013-12-31 20:20 - 2013-12-31 20:20 - 00090112 _____ C:\WINDOWS\Minidump\Mini123113-02.dmp
2013-12-31 11:47 - 2014-01-12 18:35 - 00002574 _____ C:\WINDOWS\setupact.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00006810 _____ C:\WINDOWS\ocgen.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00006803 _____ C:\WINDOWS\iis6.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00006782 _____ C:\WINDOWS\FaxSetup.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00004591 _____ C:\WINDOWS\tsoc.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00002548 _____ C:\WINDOWS\comsetup.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00001943 _____ C:\WINDOWS\imsins.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00001896 _____ C:\WINDOWS\msmqinst.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00001836 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00001592 _____ C:\WINDOWS\netfxocm.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00000719 _____ C:\WINDOWS\MedCtrOC.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00000311 _____ C:\WINDOWS\tabletoc.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-31 11:32 - 2013-12-31 11:32 - 00000000 ____D C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Avg2013
2013-12-31 10:57 - 2013-12-31 10:57 - 00090112 _____ C:\WINDOWS\Minidump\Mini123113-01.dmp
2013-12-30 13:35 - 2014-01-12 18:35 - 00056471 _____ C:\WINDOWS\setupapi.log
2013-12-30 10:54 - 2013-12-30 10:54 - 00000000 ____D C:\WINDOWS\pss
2013-12-30 10:53 - 2013-12-30 10:53 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-12-27 03:36 - 2013-12-27 03:36 - 00000000 ____D C:\WINDOWS\ie8updates
2013-12-27 03:36 - 2013-12-27 03:36 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-12-27 03:33 - 2013-12-27 03:33 - 00006672 _____ C:\WINDOWS\system32\TZLog.log
2013-12-27 03:21 - 2008-04-14 07:00 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll
2013-12-27 03:14 - 2013-12-27 03:14 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft Help
2013-12-27 03:11 - 2013-12-27 03:42 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2013-12-27 03:07 - 2013-12-27 04:03 - 00000000 ____D C:\WINDOWS\SxsCaPendDel
2013-12-26 16:28 - 2013-12-26 16:28 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-12-26 12:44 - 2013-07-03 22:03 - 02149888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2013-12-26 12:44 - 2013-07-03 21:59 - 02193536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2013-12-26 12:44 - 2013-07-03 21:08 - 02070144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2013-12-26 12:44 - 2013-07-03 21:08 - 02028544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2013-12-26 12:41 - 2013-10-29 02:57 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2013-12-26 12:41 - 2013-10-29 02:57 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2013-12-26 12:41 - 2013-10-29 02:57 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2013-12-26 12:41 - 2013-10-29 02:57 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2013-12-26 12:41 - 2013-10-29 02:57 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2013-12-26 12:41 - 2013-10-29 02:57 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2013-12-26 12:41 - 2013-10-29 02:57 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2013-12-26 12:41 - 2013-10-29 02:57 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2013-12-26 12:41 - 2013-07-02 21:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-12-26 12:41 - 2013-07-02 20:59 - 00014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2013-12-26 12:39 - 2013-02-11 19:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys
2013-12-26 12:37 - 2013-08-08 19:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2013-12-26 12:37 - 2013-08-08 19:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-12-26 10:40 - 2013-12-26 10:43 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2013-12-26 10:40 - 2013-12-26 10:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
2013-12-26 10:39 - 2013-12-26 10:39 - 00000000 ____D C:\WINDOWS\system32\windowspowershell
2013-12-25 14:24 - 2013-12-25 14:24 - 00016353 _____ C:\ComboFix.txt
2013-12-25 12:35 - 2013-12-25 12:35 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-12-25 12:35 - 2013-12-25 12:35 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-12-25 12:35 - 2013-12-25 12:35 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-12-25 12:35 - 2013-12-25 12:35 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-12-25 12:35 - 2013-12-25 12:35 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-12-25 12:28 - 2013-12-25 12:28 - 00000000 _RSHD C:\cmdcons
2013-12-25 12:28 - 2013-06-18 18:40 - 00000211 _____ C:\Boot.bak
2013-12-25 12:28 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-12-25 12:26 - 2013-12-25 14:24 - 00000000 ____D C:\Qoobox
2013-12-25 12:26 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-12-25 12:26 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-12-25 12:26 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-12-25 12:26 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-12-25 12:26 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-12-25 12:26 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-12-25 12:26 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-12-25 12:26 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-12-25 12:26 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-12-25 12:07 - 2013-12-25 12:08 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-12-25 12:07 - 2013-12-25 12:07 - 00000000 ____D C:\Documents and Settings\Administrator
2013-12-25 12:07 - 2013-06-18 18:49 - 00001599 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2013-12-25 12:07 - 2013-06-18 18:49 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-12-25 12:07 - 2013-06-18 18:49 - 00000000 ___RD C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2013-12-25 11:59 - 2013-12-25 11:59 - 05158070 ____R (Swearware) C:\Documents and Settings\zing.KOLTORAHONLINE\Desktop\ComboFix.exe
2013-12-25 11:54 - 2013-12-25 14:23 - 00000000 ____D C:\WINDOWS\erdnt
2013-12-22 13:23 - 2013-12-22 13:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 9
 
==================== One Month Modified Files and Folders =======
 
2014-01-13 14:25 - 2014-01-13 14:25 - 00000000 ____D C:\FRST
2014-01-13 14:22 - 2014-01-13 14:22 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-13 14:22 - 2013-06-18 18:47 - 01701963 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-13 14:21 - 2013-06-18 19:21 - 00000152 _____ C:\WINDOWS\system32\config\netlogon.ftl
2014-01-13 14:13 - 2013-06-19 16:14 - 00000000 ____D C:\Documents and Settings\zing.KOLTORAHONLINE\My Documents\-=DOCUMENTS=-
2014-01-13 13:46 - 2013-06-18 18:42 - 00001004 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1377919801-3167874910-3791750491-1116UA.job
2014-01-13 13:27 - 2013-06-28 09:10 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-13 10:56 - 2013-08-20 10:50 - 00000000 ____D C:\Documents and Settings\zing.KOLTORAHONLINE\Application Data\vlc
2014-01-13 04:28 - 2013-11-12 15:39 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-01-13 03:00 - 2013-06-19 10:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Syncovery
2014-01-12 22:51 - 2013-06-18 11:28 - 00000000 ____D C:\WINDOWS\security
2014-01-12 20:27 - 2013-06-18 18:53 - 00032520 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-12 19:46 - 2013-06-18 18:42 - 00000952 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1377919801-3167874910-3791750491-1116Core.job
2014-01-12 18:35 - 2013-12-31 11:47 - 00002574 _____ C:\WINDOWS\setupact.log
2014-01-12 18:35 - 2013-12-30 13:35 - 00056471 _____ C:\WINDOWS\setupapi.log
2014-01-12 14:09 - 2013-07-18 16:35 - 00000000 ____D C:\Documents and Settings\zing.KOLTORAHONLINE\Desktop\Unused Desktop Shortcuts
2014-01-12 14:04 - 2013-11-18 18:38 - 00000000 ____D C:\Documents and Settings\zing.KOLTORAHONLINE\Application Data\FileZilla
2014-01-12 10:54 - 2014-01-07 10:56 - 00000360 _____ C:\WINDOWS\Tasks\32-bit-SCAN.job
2014-01-10 08:10 - 2013-06-18 19:44 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-01-09 14:42 - 2013-06-18 18:51 - 00000000 ___RD C:\Documents and Settings\zing.KOLTORAHONLINE\My Documents\Dropbox
2014-01-09 14:42 - 2013-06-18 18:49 - 00000000 ____D C:\Documents and Settings\zing.KOLTORAHONLINE\Application Data\Dropbox
2014-01-09 13:22 - 2013-06-18 18:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-09 13:22 - 2008-04-14 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-09 13:20 - 2013-06-18 16:56 - 00000178 ___SH C:\Documents and Settings\zing.KOLTORAHONLINE\ntuser.ini
2014-01-09 09:59 - 2014-01-07 10:55 - 00000364 _____ C:\WINDOWS\Tasks\32-bit-update.job
2014-01-07 20:37 - 2014-01-07 20:37 - 00090112 _____ C:\WINDOWS\Minidump\Mini010714-02.dmp
2014-01-07 20:37 - 2013-06-24 21:50 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-07 20:37 - 2013-06-18 19:29 - 00000000 __SHD C:\WINDOWS\CSC
2014-01-07 11:56 - 2014-01-07 11:56 - 00090112 _____ C:\WINDOWS\Minidump\Mini010714-01.dmp
2014-01-07 10:54 - 2013-10-10 14:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-07 10:34 - 2014-01-01 15:24 - 00000000 ____D C:\Documents and Settings\zing.KOLTORAHONLINE\My Documents\dds
2014-01-07 10:25 - 2014-01-01 15:23 - 00012892 _____ C:\Documents and Settings\zing.KOLTORAHONLINE\Desktop\attach.txt
2014-01-07 10:25 - 2014-01-01 15:23 - 00011525 _____ C:\Documents and Settings\zing.KOLTORAHONLINE\Desktop\dds.txt
2014-01-06 19:48 - 2014-01-06 19:48 - 00090112 _____ C:\WINDOWS\Minidump\Mini010614-03.dmp
2014-01-06 15:56 - 2014-01-06 15:56 - 00090112 _____ C:\WINDOWS\Minidump\Mini010614-02.dmp
2014-01-06 15:29 - 2013-06-18 11:28 - 00000000 ____D C:\WINDOWS\Resources
2014-01-06 12:09 - 2014-01-06 12:09 - 00090112 _____ C:\WINDOWS\Minidump\Mini010614-01.dmp
2014-01-05 12:33 - 2014-01-05 12:33 - 00090112 _____ C:\WINDOWS\Minidump\Mini010514-01.dmp
2014-01-01 20:12 - 2013-06-18 19:49 - 00000936 _____ C:\WINDOWS\Kaluach3.INI
2013-12-31 20:57 - 2013-12-31 20:38 - 00000000 ____D C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\File Viewer
2013-12-31 20:20 - 2013-12-31 20:20 - 00090112 _____ C:\WINDOWS\Minidump\Mini123113-02.dmp
2013-12-31 15:02 - 2014-01-01 15:21 - 00688992 ____R (Swearware) C:\Documents and Settings\zing.KOLTORAHONLINE\Desktop\dds.com
2013-12-31 13:44 - 2013-06-24 18:22 - 00000000 ____D C:\Documents and Settings\zing.KOLTORAHONLINE\My Documents\privat
2013-12-31 11:47 - 2013-12-31 11:47 - 00006810 _____ C:\WINDOWS\ocgen.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00006803 _____ C:\WINDOWS\iis6.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00006782 _____ C:\WINDOWS\FaxSetup.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00004591 _____ C:\WINDOWS\tsoc.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00002548 _____ C:\WINDOWS\comsetup.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00001943 _____ C:\WINDOWS\imsins.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00001896 _____ C:\WINDOWS\msmqinst.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00001836 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00001592 _____ C:\WINDOWS\netfxocm.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00000719 _____ C:\WINDOWS\MedCtrOC.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00000311 _____ C:\WINDOWS\tabletoc.log
2013-12-31 11:47 - 2013-12-31 11:47 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-31 11:32 - 2013-12-31 11:32 - 00000000 ____D C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Avg2013
2013-12-31 11:24 - 2013-06-18 16:56 - 00000000 ____D C:\Documents and Settings\zing.KOLTORAHONLINE
2013-12-31 10:57 - 2013-12-31 10:57 - 00090112 _____ C:\WINDOWS\Minidump\Mini123113-01.dmp
2013-12-30 17:03 - 2013-07-24 20:57 - 00000000 ____D C:\Kol Torah
2013-12-30 14:50 - 2013-08-06 16:16 - 00000000 ____D C:\Documents and Settings\zing.KOLTORAHONLINE\Application Data\dvdcss
2013-12-30 14:50 - 2013-06-18 19:10 - 00000000 ____D C:\Documents and Settings\zing.KOLTORAHONLINE\Application Data\ConverterLite
2013-12-30 10:56 - 2013-07-22 13:44 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
2013-12-30 10:54 - 2013-12-30 10:54 - 00000000 ____D C:\WINDOWS\pss
2013-12-30 10:53 - 2013-12-30 10:53 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-12-30 10:53 - 2013-08-15 18:52 - 00000000 ____D C:\Program Files\CCleaner
2013-12-28 03:11 - 2013-06-19 09:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-12-28 03:01 - 2008-04-14 07:00 - 00000582 _____ C:\WINDOWS\win.ini
2013-12-27 11:00 - 2013-06-18 18:51 - 00084176 _____ C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-12-27 04:03 - 2013-12-27 03:07 - 00000000 ____D C:\WINDOWS\SxsCaPendDel
2013-12-27 04:03 - 2013-06-18 20:21 - 00000000 ____D C:\Program Files\Windows Desktop Search
2013-12-27 04:03 - 2013-06-18 11:32 - 00329888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-27 03:50 - 2013-06-18 18:25 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-12-27 03:46 - 2013-06-18 11:33 - 00522210 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-27 03:42 - 2013-12-27 03:11 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2013-12-27 03:36 - 2013-12-27 03:36 - 00000000 ____D C:\WINDOWS\ie8updates
2013-12-27 03:36 - 2013-12-27 03:36 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-12-27 03:33 - 2013-12-27 03:33 - 00006672 _____ C:\WINDOWS\system32\TZLog.log
2013-12-27 03:17 - 2013-06-18 11:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-27 03:16 - 2013-06-19 09:32 - 00000000 ____D C:\Program Files\Microsoft Works
2013-12-27 03:14 - 2013-12-27 03:14 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft Help
2013-12-27 03:05 - 2013-12-10 21:21 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2013-12-26 16:28 - 2013-12-26 16:28 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-12-26 16:27 - 2013-10-15 19:38 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-12-26 16:27 - 2013-10-15 19:38 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2013-12-26 16:27 - 2013-10-15 19:38 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-12-26 16:27 - 2013-10-15 19:38 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-12-26 16:27 - 2013-10-15 19:38 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-12-26 16:27 - 2013-10-15 19:38 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-12-26 16:27 - 2013-10-15 19:38 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-12-26 16:27 - 2013-10-15 19:38 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-12-26 10:43 - 2013-12-26 10:40 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2013-12-26 10:40 - 2013-12-26 10:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
2013-12-26 10:39 - 2013-12-26 10:39 - 00000000 ____D C:\WINDOWS\system32\windowspowershell
2013-12-25 14:24 - 2013-12-25 14:24 - 00016353 _____ C:\ComboFix.txt
2013-12-25 14:24 - 2013-12-25 12:26 - 00000000 ____D C:\Qoobox
2013-12-25 14:23 - 2013-12-25 11:54 - 00000000 ____D C:\WINDOWS\erdnt
2013-12-25 14:22 - 2008-04-14 07:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-12-25 12:36 - 2013-06-18 11:32 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2013-12-25 12:36 - 2013-06-18 11:31 - 35651584 _____ C:\WINDOWS\system32\config\software.bak
2013-12-25 12:36 - 2013-06-18 11:31 - 07602176 _____ C:\WINDOWS\system32\config\system.bak
2013-12-25 12:36 - 2013-06-18 11:31 - 00524288 _____ C:\WINDOWS\system32\config\default.bak
2013-12-25 12:35 - 2013-12-25 12:35 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-12-25 12:35 - 2013-12-25 12:35 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-12-25 12:35 - 2013-12-25 12:35 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-12-25 12:35 - 2013-12-25 12:35 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-12-25 12:35 - 2013-12-25 12:35 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-12-25 12:28 - 2013-12-25 12:28 - 00000000 _RSHD C:\cmdcons
2013-12-25 12:28 - 2013-06-18 11:31 - 00000327 __RSH C:\boot.ini
2013-12-25 12:08 - 2013-12-25 12:07 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-12-25 12:07 - 2013-12-25 12:07 - 00000000 ____D C:\Documents and Settings\Administrator
2013-12-25 11:59 - 2013-12-25 11:59 - 05158070 ____R (Swearware) C:\Documents and Settings\zing.KOLTORAHONLINE\Desktop\ComboFix.exe
2013-12-23 16:53 - 2013-06-18 19:48 - 00000000 ____D C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Kaluach 3
2013-12-22 19:24 - 2013-06-27 21:20 - 00001084 _____ C:\Documents and Settings\zing.KOLTORAHONLINE\Desktop\Dropbox.lnk
2013-12-22 19:24 - 2013-06-27 21:18 - 00000000 ____D C:\Documents and Settings\zing.KOLTORAHONLINE\Start Menu\Programs\Dropbox
2013-12-22 13:23 - 2013-12-22 13:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 9
2013-12-16 23:02 - 2013-06-18 18:28 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2013-12-16 20:21 - 2013-06-19 12:11 - 00000000 ____D C:\ipod loading
2013-12-15 19:19 - 2013-06-18 19:39 - 00000000 ____D C:\Program Files\TeamViewer
2013-12-15 16:35 - 2013-11-19 15:02 - 00000000 ____D C:\Documents and Settings\zing.KOLTORAHONLINE\My Documents\מעלבוירן
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe
[2012-09-12 07:45] - [2012-09-12 07:45] - 1033728 ____A (Microsoft Corporation) 2bb75b7f548d82a099125d0c5971de7d 
 
C:\Windows\System32\winlogon.exe
[2012-09-12 07:46] - [2012-09-12 07:46] - 0509440 ____A (Microsoft Corporation) 53a8857723277b1d6d5ee60a9f85b117 
 
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2012-09-12 07:46] - [2012-09-12 07:46] - 0110592 ____A (Microsoft Corporation) c519e15665cd89a91ad383fce3cb556a 
 
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2012-09-12 07:46] - [2012-09-12 07:46] - 0401408 ____A (Microsoft Corporation) 9222562d44021b988b9f9f62207fb6f2 
 
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
addition
------------

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-01-2014 02
Ran by zing at 2014-01-13 14:25:47
Running from C:\Documents and Settings\zing.KOLTORAHONLINE\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
 
==================== Installed Programs ======================
 
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05)  MUI (Version: 11.0.05 - Adobe Systems Incorporated)
Apple Application Support (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ASAPI Update (Version:  - )
AudioShell 1.3.5 (Version: 1.3.5 - Softpointer Inc)
avast! Free Antivirus (Version: 9.0.2011 - Avast Software)
Blue Coat K9 Web Protection (Version: 4.4.268 - Blue Coat Systems, Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
CCleaner (Version: 4.09 - Piriform)
ConverterLite 1.6.3 (Version: 1.6.3 - ConverterLite)
Data (Version: 1.0.0 - Kol Torah)
Dropbox (Version: 2.4.10 - Dropbox, Inc.)
Easy CD-DA Extractor 16 (Version: 16.0.9 - Poikosoft)
EZ Vinyl/Tape Converter 7.4 by MixMeister (Version:  - MixMeister Technology LLC)
FileZilla Client 3.7.3 (Version: 3.7.3 - Tim Kosse)
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Google Talk (remove only) (Version:  - )
Google Talk Plugin (Version: 4.9.1.16010 - Google)
Image Resizer Powertoy for Windows XP (Version: 1.00.0001 - Microsoft Corporation)
Intel® Graphics Media Accelerator Driver (Version: 0.0.0.0000 - Intel Corporation)
Intel® Network Connections 15.3.68.0 (Version: 15.3.68.0 - Intel)
iTunes (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kaluach3 (Version:  - )
Kerio Outlook Connector (Version: 7.1.1906 - Kerio Technologies Inc.)
LangOver 5.0 (Version: 5.0.08 - LangOver)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0 - Microsoft Corporation)
Noise Reduction Plug-in 2.0i (Version: 2.0.455 - Sony)
Realtek High Definition Audio Driver (Version: 5.10.0.6201 - Realtek Semiconductor Corp.)
Renamer (remove only) (Version:  - )
Sound Forge Pro 10.0 (Version: 10.0.368 - Sony)
Steinberg WaveLab 5.01b (Version:  - )
Syncovery 6.19 (Version: 6.19 - Super Flexible Software)
Tag&Rename 3.5.4 (Version: 3.5.4 - Softpointer Inc)
TeamViewer 9 (Version: 9.0.24951 - TeamViewer)
Telex Zing Versatile Audio Digitizer (Version:  - )
Unlocker 1.9.2 (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version:  - Microsoft)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
VNC Enterprise Edition E4.5.3 (Version: E4.5.3 - RealVNC Ltd.)
VNC Mirror Driver 1.8.0 (Version: 1.8.0 - RealVNC Ltd.)
VNC Printer Driver 1.6.0 (Version: 1.6.0 - RealVNC Ltd.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows PowerShell™ 1.0 (Version: 2 - Microsoft Corporation)
Windows Search 4.0 (Version: 04.00.6001.503 - Microsoft Corporation)
WinRAR archiver (Version:  - )
YouSendIt Express (Version: 2.13.2 - YouSendIt)
YouSendIt Express (Version: 2.13.2 - YouSendIt) Hidden
תורת אמת - 352  (Version:  - )
 
==================== Restore Points  =========================
 
25-11-2013 00:09:59 System Checkpoint
26-11-2013 15:47:40 Unsigned printer driver Xerox WorkCentre 7335 PCL6 installed.
26-11-2013 16:41:20 Unsigned printer driver Xerox WorkCentre 7335 PS installed.
27-11-2013 19:17:36 System Checkpoint
30-11-2013 11:19:08 System Checkpoint
01-12-2013 19:11:43 System Checkpoint
03-12-2013 04:29:44 System Checkpoint
04-12-2013 14:50:00 System Checkpoint
05-12-2013 19:16:17 System Checkpoint
08-12-2013 19:12:42 System Checkpoint
08-12-2013 22:40:24 Revo Uninstaller's restore point - תורת אמת - 348 
11-12-2013 02:21:08 Installed Windows KB954550-v5.
11-12-2013 02:21:17 Printer Driver Microsoft XPS Document Writer Installed
11-12-2013 02:27:35 Printer Driver Microsoft XPS Document Writer Installed
11-12-2013 02:30:21 Installed Sunset Reminder
12-12-2013 06:50:51 System Checkpoint
13-12-2013 18:50:56 Revo Uninstaller's restore point - Tag&Rename 3.7
13-12-2013 18:51:00 Revo Uninstaller's restore point - Tag&Rename 3.7
14-12-2013 18:58:01 System Checkpoint
15-12-2013 22:41:22 System Checkpoint
17-12-2013 01:12:10 System Checkpoint
19-12-2013 00:21:14 System Checkpoint
20-12-2013 03:14:45 System Checkpoint
22-12-2013 07:02:55 System Checkpoint
23-12-2013 17:52:44 System Checkpoint
23-12-2013 22:04:55 Revo Uninstaller's restore point - Free Alarm Clock 2.7.1
23-12-2013 22:05:37 Revo Uninstaller's restore point - Free Alarm Clock 2.7.1
25-12-2013 00:21:33 System Checkpoint
26-12-2013 00:28:58 System Checkpoint
26-12-2013 15:39:57 Installed %1 %2.
26-12-2013 21:27:06 avast! antivirus system restore point
27-12-2013 08:00:22 Software Distribution Service 3.0
28-12-2013 08:00:32 Software Distribution Service 3.0
29-12-2013 08:25:05 System Checkpoint
30-12-2013 08:59:59 System Checkpoint
31-12-2013 09:56:19 System Checkpoint
01-01-2014 01:40:32 Revo Uninstaller's restore point - File Identifier version 1.0.3
01-01-2014 01:57:04 Revo Uninstaller's restore point - File Viewer version 1.0.2
01-01-2014 16:14:29 Revo Uninstaller's restore point - Sunset Reminder
01-01-2014 16:14:39 Removed Sunset Reminder
02-01-2014 16:57:33 System Checkpoint
03-01-2014 17:13:01 System Checkpoint
04-01-2014 18:08:22 System Checkpoint
05-01-2014 20:10:36 System Checkpoint
06-01-2014 20:12:21 System Checkpoint
07-01-2014 21:57:58 System Checkpoint
09-01-2014 01:31:20 System Checkpoint
10-01-2014 02:21:47 System Checkpoint
11-01-2014 02:22:44 System Checkpoint
12-01-2014 03:22:12 System Checkpoint
13-01-2014 04:20:41 System Checkpoint
 
==================== Hosts content: ==========================
 
2008-04-14 07:00 - 2013-12-25 12:35 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\32-bit-SCAN.job => ?
Task: C:\WINDOWS\Tasks\32-bit-update.job => ?
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1377919801-3167874910-3791750491-1116Core.job => C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1377919801-3167874910-3791750491-1116UA.job => C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-12 17:23 - 2014-01-12 11:45 - 02153984 _____ () C:\Program Files\AVAST Software\Avast\defs\14011202\algo.dll
2013-09-08 11:46 - 2010-04-09 15:04 - 00026624 _____ () C:\WINDOWS\system32\VNCpm.dll
2012-08-27 23:33 - 2012-08-27 23:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 23:33 - 2012-08-27 23:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-12 07:46 - 2013-01-02 01:48 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2013-08-07 14:25 - 2013-08-07 14:25 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2010-07-04 16:32 - 2010-07-04 16:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-06-18 20:24 - 2006-08-05 10:34 - 00126464 _____ () C:\Program Files\WinRAR\rarext.dll
2013-10-15 19:38 - 2013-10-15 19:38 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-12-04 13:28 - 2013-12-03 21:48 - 04055504 _____ () C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-04 13:28 - 2013-12-03 21:48 - 00399312 _____ () C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-04 13:28 - 2013-12-03 21:47 - 01619408 _____ () C:\Documents and Settings\zing.KOLTORAHONLINE\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Serial Port
Description: PCI Serial Port
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/12/2014 00:40:16 PM) (Source: Windows Search Service) (User: )
Description: The entry <OTFS://{S-1-5-21-1377919801-3167874910-3791750491-1116}/Y/WORD FILES/12/12-1429.DOCX> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (01/09/2014 07:18:48 PM) (Source: Windows Search Service) (User: )
Description: The entry <OTFS://{S-1-5-21-1377919801-3167874910-3791750491-1116}/I/SZE/פארן קאנווערטן/סוכה באב''ד/01/26 DAF-016B.MP3> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (01/09/2014 05:04:46 PM) (Source: Windows Search Service) (User: )
Description: The entry <OTFS://{S-1-5-21-1377919801-3167874910-3791750491-1116}/Y/WORD FILES/PRIVATE/@000-0166.DOCX> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (01/09/2014 01:19:45 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5634, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/07/2014 02:59:29 PM) (Source: Application Hang) (User: )
Description: Hanging application edatzing.exe, version 4.2.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/05/2014 07:02:46 PM) (Source: Application Hang) (User: )
Description: Hanging application iTunes.exe, version 10.7.0.21, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/02/2014 08:35:58 PM) (Source: Application Error) (User: )
Description: Fault bucket 384516559.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.
 
Error: (01/02/2014 08:35:53 PM) (Source: Application Error) (User: )
Description: Faulting application edatzing.exe, version 4.2.0.0, faulting module edatctrl.ocx, version 4.2.0.0, fault address 0x0000139c.
Processing media-specific event for [edatzing.exe!ws!]
 
Error: (01/02/2014 01:25:18 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5634, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/01/2014 11:14:55 AM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.
 
Context:  Application, SystemIndex Catalog
 
 
System errors:
=============
Error: (01/13/2014 02:22:23 PM) (Source: TermServDevices) (User: )
Description: Driver Xerox WorkCentre 7335 PCL6 required for printer !!server!Xerox WorkCentre 7335 PCL6 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/13/2014 02:22:22 PM) (Source: TermServDevices) (User: )
Description: Driver Amyuni Document Converter 400 required for printer QuickBooks PDF Converter 2.0 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/13/2014 02:22:22 PM) (Source: TermServDevices) (User: )
Description: Driver Amyuni Document Converter 300 required for printer QuickBooks PDF Converter is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/13/2014 02:22:21 PM) (Source: TermServDevices) (User: )
Description: Driver WinFax (Photo Quality) required for printer Auto WinFax (Photo Quality) on ZING is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/13/2014 02:22:21 PM) (Source: TermServDevices) (User: )
Description: Driver WinFax (Photo Quality) required for printer Auto WinFax (Photo Quality) on YONA is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/13/2014 02:22:17 PM) (Source: TermServDevices) (User: )
Description: Driver Adobe PDF Converter required for printer Auto Adobe PDF on ZING2 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/13/2014 02:22:16 PM) (Source: TermServDevices) (User: )
Description: Driver Adobe PDF Converter required for printer Auto Adobe PDF on YONA is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/13/2014 02:22:16 PM) (Source: TermServDevices) (User: )
Description: Driver Adobe PDF Converter required for printer Auto Adobe PDF on GRAPHICS is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/13/2014 02:22:16 PM) (Source: TermServDevices) (User: )
Description: Driver ActiveFax required for printer Auto ActiveFax on ZING2 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/13/2014 02:22:16 PM) (Source: TermServDevices) (User: )
Description: Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 50%
Total physical RAM: 2001.17 MB
Available physical RAM: 1000.43 MB
Total Pagefile: 3893.75 MB
Available Pagefile: 3037.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.71 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.5 GB) (Free:748.63 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (Wave) (Fixed) (Total:298.09 GB) (Free:178.48 GB) NTFS
Drive i: (Working) (Network) (Total:931.51 GB) (Free:789.62 GB) NTFS
Drive t: (music) (Network) (Total:931.51 GB) (Free:270.67 GB) NTFS
Drive u: (DATA) (Network) (Total:180.9 GB) (Free:38.73 GB) NTFS
Drive y: (E) (Network) (Total:931.51 GB) (Free:650.28 GB) NTFS
Drive z: (DATA) (Network) (Total:180.9 GB) (Free:38.73 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 72CCE11F)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 09D5FC73)
Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Edited by Oh My, 13 January 2014 - 04:00 PM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,710 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:46 PM

Posted 13 January 2014 - 04:42 PM

Greetings Sam,

Thanks for posting the information. I want to clean up a few insignificant entries then look for a suspicious file. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Task: C:\WINDOWS\Tasks\32-bit-SCAN.job => ?
Task: C:\WINDOWS\Tasks\32-bit-update.job => ?
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Copy and paste the following into the Search box then click Search Files(s)

edatzing.exe

  • Copy and paste the results in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Farbar reports (2)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Auto99

Auto99
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 14 January 2014 - 11:35 AM

thanks garry for your kindly help.

in regards to the 32-bit-update.job and 32-bit-SCAN.job, thats a .bat file that i made for the anti-malwarebytes program, the update .bat is simply updating the program, and the scan .bat is opening the program and makes a full scan, and i scheduled these tasks to be done once a week, but anyhow i followed your steps.

here are the reports.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-01-2014 02
Ran by zing at 2014-01-14 11:30:39 Run:1
Running from C:\Documents and Settings\zing.KOLTORAHONLINE\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Task: C:\WINDOWS\Tasks\32-bit-SCAN.job => ?
Task: C:\WINDOWS\Tasks\32-bit-update.job => ?
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Value deleted successfully.
HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Key not found.
C:\WINDOWS\Tasks\32-bit-SCAN.job => Moved successfully.
C:\WINDOWS\Tasks\32-bit-update.job => Moved successfully.
 
==== End of Fixlog ====
 
Farbar Recovery Scan Tool (x86) Version: 13-01-2014 02
Ran by zing at 2014-01-14 11:31:57
Running from C:\Documents and Settings\zing.KOLTORAHONLINE\Desktop
Boot Mode: Normal
 
================== Search: "edatzing.exe" ===================
 
C:\Program Files\Telex\Zing\edatzing.exe
[2013-06-18 17:53] - [2002-05-01 11:26] - 0421888 ____A (MSI) 63e4ce76344b657f724a1839ea9b5671 
 
=== End Of Search ===
 

Edited by Auto99, 14 January 2014 - 11:39 AM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,710 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:46 PM

Posted 14 January 2014 - 02:36 PM

Thanks for the clarification.

Is Telex Communications familiar to you?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Auto99

Auto99
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 14 January 2014 - 02:39 PM

yes, its a software and hardware i use to convert from Tape to WAV. into computer.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,710 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:46 PM

Posted 14 January 2014 - 02:46 PM

Thanks Sam.

There is very little information about that file name but we will assume it is clean, at least for now.

Please run this.

===================================================

BlueScreenView

----------
  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • BSOD.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Auto99

Auto99
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 14 January 2014 - 02:53 PM

==================================================
Dump File         : Mini010714-02.dmp
Crash Time        : 1/7/2014 8:36:08 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x1000000a
Parameter 1       : 0x00000016
Parameter 2       : 0x0000001c
Parameter 3       : 0x00000000
Parameter 4       : 0x804fa2d6
Caused By Driver  : tcpip.sys
Caused By Address : tcpip.sys+2a059
File Description  : TCP/IP Protocol Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.6009 (xpsp_sp3_qfe.100708-1621)
Processor         : 32-bit
Crash Address     : ntoskrnl.exe+232d6
Stack Address 1   : tcpip.sys+2a059
Stack Address 2   : tcpip.sys+2a18d
Stack Address 3   : tcpip.sys+67b6
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini010714-02.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 90,112
Dump File Time    : 1/7/2014 8:37:14 PM
==================================================
 
==================================================
Dump File         : Mini010714-01.dmp
Crash Time        : 1/7/2014 11:55:43 AM
Bug Check String  : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x1000008e
Parameter 1       : 0xc0000005
Parameter 2       : 0xb9e93116
Parameter 3       : 0xa84eb9bc
Parameter 4       : 0x00000000
Caused By Driver  : fltMgr.sys
Caused By Address : fltMgr.sys+2116
File Description  : Microsoft Filesystem Filter Manager
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.5512 (xpsp.080413-2111)
Processor         : 32-bit
Crash Address     : fltMgr.sys+2116
Stack Address 1   : aswSnx.sys+32dc9
Stack Address 2   : aswSnx.sys+32f0f
Stack Address 3   : ntoskrnl.exe+fa48c
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini010714-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 90,112
Dump File Time    : 1/7/2014 11:56:43 AM
==================================================
 
==================================================
Dump File         : Mini010614-03.dmp
Crash Time        : 1/6/2014 7:47:23 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x1000000a
Parameter 1       : 0x00000016
Parameter 2       : 0x0000001c
Parameter 3       : 0x00000000
Parameter 4       : 0x804fa2d6
Caused By Driver  : tcpip.sys
Caused By Address : tcpip.sys+2a059
File Description  : TCP/IP Protocol Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.6009 (xpsp_sp3_qfe.100708-1621)
Processor         : 32-bit
Crash Address     : ntoskrnl.exe+232d6
Stack Address 1   : tcpip.sys+2a059
Stack Address 2   : tcpip.sys+2a18d
Stack Address 3   : tcpip.sys+67b6
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini010614-03.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 90,112
Dump File Time    : 1/6/2014 7:48:26 PM
==================================================
 
==================================================
Dump File         : Mini010614-02.dmp
Crash Time        : 1/6/2014 3:55:25 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x1000000a
Parameter 1       : 0x00000016
Parameter 2       : 0x0000001c
Parameter 3       : 0x00000000
Parameter 4       : 0x804fa2d6
Caused By Driver  : tcpip.sys
Caused By Address : tcpip.sys+2a059
File Description  : TCP/IP Protocol Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.6009 (xpsp_sp3_qfe.100708-1621)
Processor         : 32-bit
Crash Address     : ntoskrnl.exe+232d6
Stack Address 1   : tcpip.sys+2a059
Stack Address 2   : tcpip.sys+2a18d
Stack Address 3   : tcpip.sys+67b6
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini010614-02.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 90,112
Dump File Time    : 1/6/2014 3:56:29 PM
==================================================
 
==================================================
Dump File         : Mini010614-01.dmp
Crash Time        : 1/6/2014 12:08:01 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x1000000a
Parameter 1       : 0x00000016
Parameter 2       : 0x0000001c
Parameter 3       : 0x00000000
Parameter 4       : 0x804fa2d6
Caused By Driver  : tcpip.sys
Caused By Address : tcpip.sys+2a059
File Description  : TCP/IP Protocol Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.6009 (xpsp_sp3_qfe.100708-1621)
Processor         : 32-bit
Crash Address     : ntoskrnl.exe+232d6
Stack Address 1   : tcpip.sys+2a059
Stack Address 2   : tcpip.sys+2a18d
Stack Address 3   : tcpip.sys+67b6
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini010614-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 90,112
Dump File Time    : 1/6/2014 12:09:02 PM
==================================================
 
==================================================
Dump File         : Mini010514-01.dmp
Crash Time        : 1/5/2014 12:32:47 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x1000000a
Parameter 1       : 0x00000016
Parameter 2       : 0x0000001c
Parameter 3       : 0x00000000
Parameter 4       : 0x804fa2d6
Caused By Driver  : tcpip.sys
Caused By Address : tcpip.sys+2a059
File Description  : TCP/IP Protocol Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.6009 (xpsp_sp3_qfe.100708-1621)
Processor         : 32-bit
Crash Address     : ntoskrnl.exe+232d6
Stack Address 1   : tcpip.sys+2a059
Stack Address 2   : tcpip.sys+2a18d
Stack Address 3   : tcpip.sys+67b6
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini010514-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 90,112
Dump File Time    : 1/5/2014 12:33:09 PM
==================================================
 
==================================================
Dump File         : Mini123113-02.dmp
Crash Time        : 12/31/2013 8:18:55 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x1000000a
Parameter 1       : 0x000001e1
Parameter 2       : 0x00000002
Parameter 3       : 0x00000000
Parameter 4       : 0x804e5fa3
Caused By Driver  : aswSnx.sys
Caused By Address : aswSnx.sys+25670
File Description  : avast! Virtualization Driver
Product Name      : avast! Antivirus
Company           : AVAST Software
File Version      : 9.0.2011.263
Processor         : 32-bit
Crash Address     : ntoskrnl.exe+efa3
Stack Address 1   : ntoskrnl.exe+d4548
Stack Address 2   : aswSnx.sys+253b1
Stack Address 3   : aswSnx.sys+256e7
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini123113-02.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 90,112
Dump File Time    : 12/31/2013 8:20:03 PM
==================================================
 
==================================================
Dump File         : Mini123113-01.dmp
Crash Time        : 12/31/2013 10:56:26 AM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x1000000a
Parameter 1       : 0x00000016
Parameter 2       : 0x0000001c
Parameter 3       : 0x00000000
Parameter 4       : 0x804fa2d6
Caused By Driver  : tcpip.sys
Caused By Address : tcpip.sys+2a059
File Description  : TCP/IP Protocol Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.6009 (xpsp_sp3_qfe.100708-1621)
Processor         : 32-bit
Crash Address     : ntoskrnl.exe+232d6
Stack Address 1   : tcpip.sys+2a059
Stack Address 2   : tcpip.sys+2a18d
Stack Address 3   : tcpip.sys+67b6
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini123113-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 90,112
Dump File Time    : 12/31/2013 10:57:00 AM
==================================================


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,710 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:46 PM

Posted 14 January 2014 - 03:26 PM

Thanks,

Please do this now.

===================================================

Farbar's Recovery Scan Tool Search

--------------------
  • Launch FRST
  • Copy/paste the following in the Search Field
tcpip.sys
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Search.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Auto99

Auto99
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 14 January 2014 - 03:32 PM

THANK YOU SO MUCH FOR YOUR TIME.
 
Farbar Recovery Scan Tool (x86) Version: 14-01-2014 02
Ran by zing at 2014-01-14 15:29:53
Running from C:\Documents and Settings\zing.KOLTORAHONLINE\Desktop
Boot Mode: Normal
 
================== Search: "tcpip.sys" ===================
 
C:\WINDOWS\system32\drivers\tcpip.sys
[2012-09-12 07:46] - [2012-09-12 07:46] - 0361600 ____A (Microsoft Corporation) 51e41f16acd80b8b39c0ae703a213f09 
 
C:\WINDOWS\system32\dllcache\tcpip.sys
[2012-09-12 07:46] - [2012-09-12 07:46] - 0361600 ___AC (Microsoft Corporation) 51e41f16acd80b8b39c0ae703a213f09 
 
C:\WINDOWS\erdnt\cache\tcpip.sys
[2013-12-25 14:23] - [2012-09-12 07:46] - 0361600 ____A (Microsoft Corporation) 51e41f16acd80b8b39c0ae703a213f09 
 
=== End Of Search ===


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,710 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:46 PM

Posted 14 January 2014 - 03:46 PM

It is my pleasure.

Let's run a couple of programs please.

===================================================

TDSSKiller by Kaspersky on Windows XP With aswMBR Report

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Double-click on TDSSKiller.exe.
  • When the program opens, click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.


tdss2.png


  • Click Continue > Reboot now to finish the cleaning process.<- Important!!


tdss4.png


  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users