Jump to content

Recommended Posts

I recently switched from Verizon Internet Security Suite (McAfee) to Avast and the following day had my email account hacked.

I downloaded the pro version of MBAM on 2/3/12; here is the log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.03.09

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Owner :: NOTEBOOK [administrator]

Protection: Enabled

2/3/2012 2:29:37 PM

mbam-log-2012-02-03 (14-29-37).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 189615

Time elapsed: 36 minute(s), 48 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 2

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

I also ran the DDS, here is that log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by Owner at 22:34:19 on 2012-02-17

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.125 [GMT -5:00]

.

AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Verizon\VSP\ServicepointService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Verizon\VSP\VerizonServicepoint.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Nuance\PaperPort\pptd40nt.exe

C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe

C:\Program Files\ControlCenter4\BrCtrlCntr.exe

C:\Program Files\Browny02\Brother\BrStMonW.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files\Browny02\BrYNSvc.exe

C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe

C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Okidata\OKI LPR Utility\Okilpr.exe

C:\Program Files\ControlCenter4\BrCcUxSys.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: Verizon SMB Toolbar: {4e7bd74f-2b8d-469e-d0ea-fd61a78fac7d} - c:\progra~1\vzsmbtb\vzsmbtb.dll

BHO: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File

BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File

TB: Verizon SMB Toolbar: {4e7bd74f-2b8d-469e-d0ea-fd61a78fac7d} - c:\progra~1\vzsmbtb\vzsmbtb.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [iSUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe -scheduler

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.4; .NET CLR 2.0.50727; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.featherri...CrownJewel.html"

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY

mRun: [share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe

mRun: [Motive SmartBridge] c:\progra~1\verizon\smartb~1\MotiveSB.exe

mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"

mRun: [instantAccess] c:\progra~1\textbr~1.0\bin\INSTAN~1.EXE /h

mRun: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXE

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [<NO NAME>]

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [indexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"

mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"

mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\12\config\ereg\Ereg.ini"

mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe

mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe

mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun

mRun: [brStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRunServices: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXE

dRun: [Power2GoExpress] NA

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\corelc~2.lnk - c:\program files\corel\wordperfect office 2000\programs\ccwin9.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\corelc~1.lnk - c:\program files\corel\wordperfect office 2000\programs\alarm.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\corel\wordperfect office 2000\programs\dad9.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\okilpr~1.lnk - c:\program files\okidata\oki lpr utility\Okilpr.exe

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Open with PDF Viewer Plus - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2005_6_10_1/yregucfg.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://groups.msn.com/controls/PhotoUC/MsnPUpld.cab

DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - hxxps://www.webiqonline.com/WebIQ/bin/WebIQ.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164124030953

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.installengine.com/engine/isetup.cab

DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab

DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Hosts: 192.168.1.42 HP00215A399BBF

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\0oafu86t.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=5BE5C07C-1500-4F64-9637-C7121043C42E&apn_ptnrs=TV&apn_sauid=E0E82BC0-4EC3-43F1-9BC1-6662FB367472&apn_dtid=OSJ000YYUS&&q=

FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll

FF - plugin: c:\program files\verizon\vsp\nprpspa.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2012-2-14 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2012-2-14 195416]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2012-2-14 111320]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-14 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-14 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-14 44768]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-3 652360]

R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]

R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2010-12-16 689392]

R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-12-29 245760]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2006-4-21 200576]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-3 20464]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-14 435032]

S2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2012-2-14 127192]

S2 gupdate1c9c350b497a2aa;Google Update Service (gupdate1c9c350b497a2aa);c:\program files\google\update\GoogleUpdate.exe [2009-4-22 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-22 133104]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-9-27 10664]

SUnknown IHA_MessageCenter;IHA_MessageCenter; [x]

.

=============== Created Last 30 ================

.

2012-02-17 05:28:53 -------- d-----w- c:\program files\CCleaner

2012-02-14 22:55:49 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-02-14 22:55:49 3072 ------w- c:\windows\system32\iacenc.dll

2012-02-14 16:41:07 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys

2012-02-14 16:39:48 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2012-02-14 16:39:30 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2012-02-14 16:18:54 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-02-14 16:17:39 41184 ----a-w- c:\windows\avastSS.scr

2012-02-14 16:16:45 -------- d-----w- c:\program files\AVAST Software

2012-02-14 16:16:45 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2012-02-03 19:24:32 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-03 19:24:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2012-02-16 14:51:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys

2012-01-08 04:32:21 256 ----a-w- c:\windows\system32\MSIevent.bat

2012-01-08 04:32:18 260 ----a-w- c:\windows\system32\cmdVBS.vbs

2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec

2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll

.

============= FINISH: 22:36:14.46 ===============

And the Attach.txt file:

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 6/27/2006 11:39:50 AM

System Uptime: 2/17/2012 3:43:26 PM (7 hours ago)

.

Motherboard: Gateway | |

Processor: Mobile AMD Sempron™ Processor 3300+ | Socket 754 | 1594/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 68 GiB total, 35.234 GiB free.

D: is FIXED (FAT32) - 7 GiB total, 5.027 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1230: 11/19/2011 1:10:44 AM - System Checkpoint

RP1231: 11/20/2011 11:21:39 PM - System Checkpoint

RP1232: 11/21/2011 11:55:25 PM - System Checkpoint

RP1233: 11/23/2011 1:21:28 PM - System Checkpoint

RP1234: 11/24/2011 9:52:30 PM - System Checkpoint

RP1235: 11/26/2011 7:54:14 PM - System Checkpoint

RP1236: 11/28/2011 1:29:45 AM - System Checkpoint

RP1237: 11/29/2011 1:27:33 PM - System Checkpoint

RP1238: 11/30/2011 6:26:38 PM - System Checkpoint

RP1239: 12/1/2011 8:28:51 PM - System Checkpoint

RP1240: 12/2/2011 9:18:36 PM - System Checkpoint

RP1241: 12/4/2011 10:20:38 AM - System Checkpoint

RP1242: 12/5/2011 12:12:15 PM - System Checkpoint

RP1243: 12/6/2011 1:30:19 PM - System Checkpoint

RP1244: 12/7/2011 6:08:45 PM - System Checkpoint

RP1245: 12/8/2011 6:11:41 PM - System Checkpoint

RP1246: 12/10/2011 11:08:56 AM - System Checkpoint

RP1247: 12/11/2011 12:12:55 PM - System Checkpoint

RP1248: 12/12/2011 12:21:25 PM - System Checkpoint

RP1249: 12/13/2011 2:08:28 PM - System Checkpoint

RP1250: 12/14/2011 8:40:18 PM - System Checkpoint

RP1251: 12/15/2011 1:01:12 AM - Software Distribution Service 3.0

RP1252: 12/16/2011 1:51:20 AM - System Checkpoint

RP1253: 12/17/2011 11:51:36 AM - System Checkpoint

RP1254: 12/18/2011 7:14:05 PM - System Checkpoint

RP1255: 12/19/2011 10:10:38 PM - System Checkpoint

RP1256: 12/21/2011 12:39:11 AM - System Checkpoint

RP1257: 12/22/2011 1:21:00 PM - System Checkpoint

RP1258: 12/23/2011 7:38:30 PM - System Checkpoint

RP1259: 12/26/2011 2:43:00 PM - System Checkpoint

RP1260: 12/27/2011 6:34:35 PM - System Checkpoint

RP1261: 12/28/2011 11:06:00 PM - Removed PaperPort Printer Driver

RP1262: 12/28/2011 11:06:29 PM - Removed PaperPort 9.0

RP1263: 12/28/2011 11:11:02 PM - Installed MSXML 4.0 SP3 Parser

RP1264: 12/28/2011 11:12:02 PM - Installed Microsoft Visual C++ 2005 Redistributable

RP1265: 12/28/2011 11:18:19 PM - Installed Brother Software Suite

RP1266: 12/28/2011 11:24:54 PM - Unsigned printer driver Brother PC-FAX v.2.2 installed.

RP1267: 12/29/2011 4:48:05 PM - Removed Brother MFL-Pro Suite

RP1268: 12/29/2011 4:50:20 PM - Removed Brother Software Suite

RP1269: 12/29/2011 5:13:23 PM - Installed Nuance PaperPort 12

RP1270: 12/29/2011 5:19:02 PM - Installed Nuance PDF Viewer Plus.

RP1271: 12/29/2011 5:20:27 PM - Installed PaperPort Image Printer

RP1272: 12/29/2011 5:21:29 PM - Printer Driver Nuance Image Printer Driver Installed

RP1273: 12/29/2011 5:29:00 PM - Installed Brother Software Suite

RP1274: 12/29/2011 5:40:21 PM - Unsigned printer driver Brother PC-FAX v.2.2 installed.

RP1275: 12/30/2011 6:36:22 PM - System Checkpoint

RP1276: 12/31/2011 2:06:51 AM - Software Distribution Service 3.0

RP1277: 1/1/2012 2:19:45 AM - System Checkpoint

RP1278: 1/2/2012 2:30:19 AM - System Checkpoint

RP1279: 1/3/2012 1:49:56 AM - Software Distribution Service 3.0

RP1280: 1/4/2012 1:50:06 PM - System Checkpoint

RP1281: 1/5/2012 5:36:18 PM - System Checkpoint

RP1282: 1/6/2012 6:02:54 PM - System Checkpoint

RP1283: 1/7/2012 9:34:25 PM - System Checkpoint

RP1284: 1/9/2012 5:31:42 PM - System Checkpoint

RP1285: 1/10/2012 10:27:14 PM - System Checkpoint

RP1286: 1/11/2012 2:18:59 PM - Software Distribution Service 3.0

RP1287: 1/12/2012 8:32:07 PM - System Checkpoint

RP1288: 1/14/2012 3:18:07 AM - System Checkpoint

RP1289: 1/15/2012 12:42:43 PM - System Checkpoint

RP1290: 1/16/2012 5:40:14 PM - System Checkpoint

RP1291: 1/17/2012 9:05:58 PM - System Checkpoint

RP1292: 1/19/2012 2:41:04 AM - System Checkpoint

RP1293: 1/20/2012 3:17:59 PM - System Checkpoint

RP1294: 1/21/2012 5:26:35 PM - System Checkpoint

RP1295: 1/22/2012 2:32:40 AM - Software Distribution Service 3.0

RP1296: 1/23/2012 12:10:54 PM - System Checkpoint

RP1297: 1/24/2012 7:46:10 PM - System Checkpoint

RP1298: 1/25/2012 11:03:44 PM - System Checkpoint

RP1299: 1/27/2012 8:31:00 PM - System Checkpoint

RP1300: 1/30/2012 5:32:58 PM - System Checkpoint

RP1301: 1/31/2012 7:32:37 PM - System Checkpoint

RP1302: 2/1/2012 8:14:13 PM - System Checkpoint

RP1303: 2/2/2012 8:41:56 PM - System Checkpoint

RP1304: 2/4/2012 10:59:57 AM - System Checkpoint

RP1305: 2/5/2012 11:29:30 PM - System Checkpoint

RP1306: 2/7/2012 1:23:46 PM - System Checkpoint

RP1307: 2/8/2012 6:38:03 PM - System Checkpoint

RP1308: 2/9/2012 6:50:30 PM - System Checkpoint

RP1309: 2/11/2012 9:00:50 PM - System Checkpoint

RP1310: 2/13/2012 2:44:12 PM - System Checkpoint

RP1311: 2/14/2012 11:16:45 AM - avast! Free Antivirus Setup

RP1312: 2/15/2012 12:09:05 AM - Software Distribution Service 3.0

RP1313: 2/16/2012 3:09:33 AM - Software Distribution Service 3.0

RP1314: 2/16/2012 4:42:29 AM - Software Distribution Service 3.0

RP1315: 2/16/2012 8:26:32 PM - Removed PlayLinc

.

==== Installed Programs ======================

.

Adobe Acrobat 8 Professional - English, Français, Deutsch

Adobe Acrobat 8.3.1 - CPSID_83708

Adobe Acrobat 8.3.1 Professional

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 7.0

Adobe Shockwave Player 11.5

AnswerWorks Runtime

ArcSoft Panorama Maker 3

ArcSoft PhotoImpression

Ask Toolbar

Ask Toolbar Updater

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

avast! Internet Security

Broadcom 802.11 Network Adapter

Brother MFL-Pro Suite MFC-J430W

Browser Address Error Redirector

BufferChm

CCleaner

Choice Guard

Compatibility Pack for the 2007 Office system

Conexant AC-Link Audio

Corel Applications

CustomerResearchQFolder

Destinations

DeviceManagementQFolder

dj_taplugin

dj6980

DVD Solution

eSupportQFolder

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Deskjet 6900 series

HP Extended Capabilities 6.0

HP Imaging Device Functions 6.0

HP Memories Disc

HP Officejet 6500 E710n-z Basic Device Software

HP Officejet 6500 E710n-z Help

HP Officejet 6500 E710n-z Product Improvement Study

HP Photo and Imaging 2.3 - Scanjet 4600 Series

HP Photosmart Essential

HP Solution Center and Imaging Support Tools 6.0

HP Update

hpf_ProductContext

HPProductAssistant

I.R.I.S. OCR

InstallMgr

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 11

J2SE Runtime Environment 5.0 Update 2

Java Auto Updater

Java™ 6 Update 2

Java™ 6 Update 29

Java™ 6 Update 3

Java™ 6 Update 5

Java™ 6 Update 7

Java™ SE Runtime Environment 6 Update 1

Junk Mail filter update

Languages of the World

LP6980_Help

LP6980Trb

Malwarebytes Anti-Malware version 1.60.1.1000

MarketResearch

Marketsplash Shortcuts

MathPlayer

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Default Manager

Microsoft Digital Image Library 9 - Blocker

Microsoft Digital Image Starter Edition 2006

Microsoft Digital Image Starter Edition 2006 Editor

Microsoft Digital Image Starter Edition 2006 Library

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Money 2006

Microsoft National Language Support Downlevel APIs

Microsoft Office File Validation Add-In

Microsoft Office Live Add-in 1.3

Microsoft Office Outlook Connector

Microsoft Office Standard Edition 2003

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Move Media Player

Mozilla Firefox 10.0.1 (x86 en-US)

MSN

MSN Toolbar

MSVCRT

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

Napster

Napster Burn Engine

Nuance PaperPort 12

Nuance PDF Viewer Plus

OKI Color Swatch Utility

OKI LPR Utility

OKI Network Extension

OpenOffice.org 2.3

PaperPort Image Printer

Power2Go 4.0

PowerDVD

QuickScan 3.0

QuickTime

Readiris Pro 8

Readme

RealPlayer Basic

Recovery Software Suite Gateway

Rhapsody Player Engine

RPS CRT

Scansoft PDF Professional

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

ShareIns

Skype™ 4.0

Soft Data Fax Modem with SmartCP

SolutionCenter

Status

Synaptics Pointing Device Driver

Texas Instruments PCIxx21/x515/xx12 drivers.

TextBridge Pro 9.0

TIPCI

TrayApp

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB971180)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB953356)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Verizon Broadband Toolbar

Verizon Help and Support Tool

Verizon Servicepoint 3.5.18

Verizon SMB Toolbar

Viewpoint Media Player

Vz In Home Agent

Web Photo Manager

WebFldrs XP

WebIQ Client Software

WebIQ Technology Engine

WebReg

Windows Backup Utility

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Format Runtime

Windows Media Player 10

Windows XP Service Pack 3

XEROX DocuMate 510

Yahoo! Install Manager

Yahoo! SiteBuilder

Yahoo! SiteBuilder2.6-J

Yahoo! Widgets

.

==== Event Viewer Messages From Past Week ========

.

2/17/2012 9:23:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.

2/17/2012 9:23:22 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

2/17/2012 11:07:14 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx

2/16/2012 9:17:02 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/16/2012 9:16:58 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

2/16/2012 8:27:15 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

2/15/2012 5:26:17 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.

2/15/2012 10:41:55 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the .NET Runtime Optimization Service v2.0.50727_X86 service to connect.

2/14/2012 9:58:02 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Proxy Service service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

2/14/2012 9:57:02 AM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).

2/14/2012 9:57:02 AM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/14/2012 9:35:17 AM, error: Service Control Manager [7000] - The McAfee McShield service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/14/2012 9:35:16 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee McShield service to connect.

2/14/2012 9:34:28 AM, error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

2/14/2012 5:32:27 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

2/14/2012 11:49:14 AM, error: Service Control Manager [7000] - The IHA_MessageCenter service failed to start due to the following error: The system cannot find the file specified.

2/13/2012 9:28:12 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/13/2012 9:28:11 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

2/13/2012 5:07:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Spooler service.

.

==== End Of File ===========================

I've done full scans with both Avast & MBAM and neither show any infections, but after having my email hacked I'm concerned about whether malware or spyware is on my system. My trial of the pro version of MBAM expires today and I'd like to purchase the software, but am nervous about entering my credit card info without knowing definitely that there is no one tracking me.

Thank you! :)

Link to post
Share on other sites

Hi and :welcome:

First and for all, did you reset your email password? Passwords being hacked without an infection being present is nto uncommon, and it is important to change the password ASAP.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Hi Elise and thank you for helping me!

To answer your question, yes I did change my email password, I was logged onto my account when the hack happened so I caught it within 5 - 10 minutes. I ran a MBAM scan and avast scan and once they came back clean, I then changed my email password again, my security question and my secondary email. No hacking has happened since that time, that I'm aware of.

I'll do your instructions now and post back when done.

Link to post
Share on other sites

TDSS Killer didn't find any threats, here is the log:

11:15:05.0671 3540 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

11:15:07.0671 3540 ============================================================

11:15:07.0671 3540 Current date / time: 2012/02/18 11:15:07.0671

11:15:07.0671 3540 SystemInfo:

11:15:07.0671 3540

11:15:07.0671 3540 OS Version: 5.1.2600 ServicePack: 3.0

11:15:07.0671 3540 Product type: Workstation

11:15:07.0671 3540 ComputerName: NOTEBOOK

11:15:07.0671 3540 UserName: Owner

11:15:07.0671 3540 Windows directory: C:\WINDOWS

11:15:07.0671 3540 System windows directory: C:\WINDOWS

11:15:07.0671 3540 Processor architecture: Intel x86

11:15:07.0671 3540 Number of processors: 1

11:15:07.0671 3540 Page size: 0x1000

11:15:07.0671 3540 Boot type: Normal boot

11:15:07.0671 3540 ============================================================

11:15:20.0453 3540 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

11:15:20.0718 3540 \Device\Harddisk0\DR0:

11:15:20.0718 3540 MBR used

11:15:20.0718 3540 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xDAE73D, BlocksNum 0x875BEC3

11:15:20.0718 3540 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xDAE6FE

11:15:20.0937 3540 Initialize success

11:15:20.0937 3540 ============================================================

11:16:00.0828 1800 ============================================================

11:16:00.0828 1800 Scan started

11:16:00.0828 1800 Mode: Manual;

11:16:00.0828 1800 ============================================================

11:16:02.0328 1800 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys

11:16:02.0328 1800 Aavmker4 - ok

11:16:02.0359 1800 Abiosdsk - ok

11:16:02.0484 1800 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

11:16:02.0515 1800 abp480n5 - ok

11:16:02.0703 1800 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

11:16:02.0718 1800 ACPI - ok

11:16:02.0750 1800 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

11:16:02.0750 1800 ACPIEC - ok

11:16:02.0796 1800 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

11:16:02.0812 1800 adpu160m - ok

11:16:02.0875 1800 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

11:16:02.0875 1800 aec - ok

11:16:02.0937 1800 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys

11:16:02.0937 1800 AegisP - ok

11:16:03.0078 1800 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

11:16:03.0078 1800 AFD - ok

11:16:03.0203 1800 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys

11:16:03.0203 1800 AFS2K - ok

11:16:03.0250 1800 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

11:16:03.0265 1800 agp440 - ok

11:16:03.0296 1800 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

11:16:03.0296 1800 agpCPQ - ok

11:16:03.0343 1800 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

11:16:03.0343 1800 Aha154x - ok

11:16:03.0375 1800 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

11:16:03.0390 1800 aic78u2 - ok

11:16:03.0421 1800 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

11:16:03.0421 1800 aic78xx - ok

11:16:03.0500 1800 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

11:16:03.0500 1800 AliIde - ok

11:16:03.0531 1800 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

11:16:03.0531 1800 alim1541 - ok

11:16:03.0578 1800 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

11:16:03.0578 1800 amdagp - ok

11:16:03.0671 1800 AmdK8 (e6a2299284013ec4de3419481a62069f) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

11:16:03.0671 1800 AmdK8 - ok

11:16:03.0703 1800 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

11:16:03.0703 1800 amsint - ok

11:16:03.0796 1800 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

11:16:03.0796 1800 Arp1394 - ok

11:16:03.0828 1800 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

11:16:03.0828 1800 asc - ok

11:16:03.0859 1800 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

11:16:03.0859 1800 asc3350p - ok

11:16:03.0890 1800 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

11:16:03.0906 1800 asc3550 - ok

11:16:03.0968 1800 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

11:16:03.0968 1800 ASCTRM - ok

11:16:04.0171 1800 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys

11:16:04.0171 1800 aswFsBlk - ok

11:16:04.0281 1800 aswFW (9b88d53227e0bc1ce62a981b2fcd67c8) C:\WINDOWS\system32\drivers\aswFW.sys

11:16:04.0281 1800 aswFW - ok

11:16:04.0343 1800 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys

11:16:04.0359 1800 aswMon2 - ok

11:16:04.0468 1800 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\WINDOWS\system32\DRIVERS\aswNdis.sys

11:16:04.0468 1800 aswNdis - ok

11:16:04.0625 1800 aswNdis2 (2d26aaee48a48e64129b4ae1d0ab3a3b) C:\WINDOWS\system32\drivers\aswNdis2.sys

11:16:04.0625 1800 aswNdis2 - ok

11:16:04.0750 1800 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys

11:16:04.0750 1800 aswRdr - ok

11:16:04.0843 1800 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys

11:16:04.0859 1800 aswSnx - ok

11:16:04.0984 1800 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys

11:16:05.0000 1800 aswSP - ok

11:16:05.0109 1800 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys

11:16:05.0156 1800 aswTdi - ok

11:16:05.0234 1800 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

11:16:05.0234 1800 AsyncMac - ok

11:16:05.0281 1800 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

11:16:05.0281 1800 atapi - ok

11:16:05.0312 1800 Atdisk - ok

11:16:05.0453 1800 ati2mtag (c8dc21751c5684a14ec075fdd2473719) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

11:16:05.0484 1800 ati2mtag - ok

11:16:05.0687 1800 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

11:16:05.0687 1800 Atmarpc - ok

11:16:05.0750 1800 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

11:16:05.0750 1800 audstub - ok

11:16:05.0890 1800 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

11:16:05.0906 1800 BCM43XX - ok

11:16:05.0937 1800 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

11:16:05.0937 1800 Beep - ok

11:16:06.0015 1800 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys

11:16:06.0015 1800 BrScnUsb - ok

11:16:06.0062 1800 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys

11:16:06.0078 1800 BrSerIf - ok

11:16:06.0234 1800 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys

11:16:06.0234 1800 BrUsbSer - ok

11:16:06.0312 1800 CAMCAUD (80eb55b615ed0f669a28a96fefd4603f) C:\WINDOWS\system32\drivers\camc6aud.sys

11:16:06.0328 1800 CAMCAUD - ok

11:16:06.0375 1800 CAMCHALA (ad1d8debdb1df8682e374e0cd1638c1b) C:\WINDOWS\system32\drivers\camc6hal.sys

11:16:06.0375 1800 CAMCHALA - ok

11:16:06.0531 1800 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

11:16:06.0562 1800 cbidf - ok

11:16:06.0656 1800 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

11:16:06.0656 1800 cbidf2k - ok

11:16:06.0671 1800 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

11:16:06.0687 1800 cd20xrnt - ok

11:16:06.0734 1800 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

11:16:06.0734 1800 Cdaudio - ok

11:16:06.0781 1800 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

11:16:06.0781 1800 Cdfs - ok

11:16:06.0875 1800 Cdr4_xp (2552670e5fbcfdb540eeb426af39704d) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

11:16:06.0875 1800 Cdr4_xp - ok

11:16:06.0921 1800 Cdralw2k (b761b10d6a541be69ea448a8429d30b0) C:\WINDOWS\system32\drivers\Cdralw2k.sys

11:16:06.0921 1800 Cdralw2k - ok

11:16:06.0953 1800 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

11:16:06.0953 1800 Cdrom - ok

11:16:06.0984 1800 Changer - ok

11:16:07.0078 1800 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

11:16:07.0078 1800 CmBatt - ok

11:16:07.0203 1800 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

11:16:07.0218 1800 CmdIde - ok

11:16:07.0281 1800 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

11:16:07.0281 1800 Compbatt - ok

11:16:07.0359 1800 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

11:16:07.0359 1800 Cpqarray - ok

11:16:07.0437 1800 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

11:16:07.0437 1800 dac2w2k - ok

11:16:07.0468 1800 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

11:16:07.0468 1800 dac960nt - ok

11:16:07.0546 1800 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

11:16:07.0546 1800 Disk - ok

11:16:07.0640 1800 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

11:16:07.0671 1800 dmboot - ok

11:16:07.0843 1800 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

11:16:07.0859 1800 dmio - ok

11:16:07.0906 1800 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

11:16:07.0906 1800 dmload - ok

11:16:07.0968 1800 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

11:16:07.0968 1800 DMusic - ok

11:16:08.0046 1800 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

11:16:08.0046 1800 dpti2o - ok

11:16:08.0109 1800 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

11:16:08.0156 1800 drmkaud - ok

11:16:08.0187 1800 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

11:16:08.0203 1800 Fastfat - ok

11:16:08.0406 1800 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

11:16:08.0406 1800 Fdc - ok

11:16:08.0437 1800 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

11:16:08.0437 1800 Fips - ok

11:16:08.0515 1800 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

11:16:08.0515 1800 Flpydisk - ok

11:16:08.0593 1800 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

11:16:08.0593 1800 FltMgr - ok

11:16:08.0656 1800 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

11:16:08.0671 1800 Fs_Rec - ok

11:16:08.0687 1800 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

11:16:08.0703 1800 Ftdisk - ok

11:16:08.0750 1800 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

11:16:08.0765 1800 Gpc - ok

11:16:08.0968 1800 hamachi_oem (c25c70fd4d49391091d9eb8c747f19e6) C:\WINDOWS\system32\DRIVERS\gan_adapter.sys

11:16:08.0968 1800 hamachi_oem - ok

11:16:09.0015 1800 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

11:16:09.0015 1800 HidUsb - ok

11:16:09.0203 1800 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

11:16:09.0203 1800 hpn - ok

11:16:09.0265 1800 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

11:16:09.0265 1800 HPZid412 - ok

11:16:09.0468 1800 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

11:16:09.0484 1800 HPZipr12 - ok

11:16:09.0546 1800 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

11:16:09.0562 1800 HPZius12 - ok

11:16:09.0625 1800 HSFHWATI (a32f20830996d61d862311f138870a0c) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys

11:16:09.0640 1800 HSFHWATI - ok

11:16:09.0750 1800 HSF_DPV (822c60f2abee73a0e089230d94064f39) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

11:16:09.0781 1800 HSF_DPV - ok

11:16:09.0953 1800 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

11:16:09.0968 1800 HTTP - ok

11:16:10.0062 1800 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

11:16:10.0062 1800 i2omgmt - ok

11:16:10.0109 1800 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

11:16:10.0156 1800 i2omp - ok

11:16:10.0187 1800 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

11:16:10.0187 1800 i8042prt - ok

11:16:10.0359 1800 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

11:16:10.0359 1800 Imapi - ok

11:16:10.0406 1800 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

11:16:10.0406 1800 ini910u - ok

11:16:10.0437 1800 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

11:16:10.0437 1800 IntelIde - ok

11:16:10.0531 1800 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

11:16:10.0531 1800 Ip6Fw - ok

11:16:10.0625 1800 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

11:16:10.0625 1800 IpFilterDriver - ok

11:16:10.0687 1800 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

11:16:10.0687 1800 IpInIp - ok

11:16:10.0734 1800 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

11:16:10.0750 1800 IpNat - ok

11:16:10.0890 1800 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

11:16:10.0890 1800 IPSec - ok

11:16:10.0937 1800 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

11:16:10.0953 1800 IRENUM - ok

11:16:11.0000 1800 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

11:16:11.0000 1800 isapnp - ok

11:16:11.0062 1800 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

11:16:11.0078 1800 Kbdclass - ok

11:16:11.0156 1800 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

11:16:11.0171 1800 kbdhid - ok

11:16:11.0234 1800 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

11:16:11.0234 1800 kmixer - ok

11:16:11.0390 1800 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

11:16:11.0390 1800 KSecDD - ok

11:16:11.0421 1800 lbrtfdc - ok

11:16:11.0515 1800 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

11:16:11.0515 1800 MBAMProtector - ok

11:16:11.0640 1800 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

11:16:11.0640 1800 mdmxsdk - ok

11:16:11.0703 1800 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

11:16:11.0703 1800 mnmdd - ok

11:16:11.0828 1800 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

11:16:11.0828 1800 Modem - ok

11:16:11.0875 1800 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

11:16:11.0890 1800 Mouclass - ok

11:16:11.0921 1800 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

11:16:11.0921 1800 mouhid - ok

11:16:11.0984 1800 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

11:16:12.0000 1800 MountMgr - ok

11:16:12.0062 1800 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

11:16:12.0062 1800 mraid35x - ok

11:16:12.0203 1800 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

11:16:12.0203 1800 MREMP50 - ok

11:16:12.0250 1800 MREMPR5 - ok

11:16:12.0265 1800 MRENDIS5 - ok

11:16:12.0281 1800 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

11:16:12.0296 1800 MRESP50 - ok

11:16:12.0484 1800 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

11:16:12.0484 1800 MRxDAV - ok

11:16:12.0609 1800 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

11:16:12.0625 1800 MRxSmb - ok

11:16:12.0796 1800 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

11:16:12.0796 1800 Msfs - ok

11:16:12.0875 1800 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

11:16:12.0890 1800 MSKSSRV - ok

11:16:12.0921 1800 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

11:16:12.0921 1800 MSPCLOCK - ok

11:16:12.0968 1800 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

11:16:12.0968 1800 MSPQM - ok

11:16:13.0031 1800 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

11:16:13.0046 1800 mssmbios - ok

11:16:13.0109 1800 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

11:16:13.0171 1800 Mup - ok

11:16:13.0296 1800 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys

11:16:13.0296 1800 mxnic - ok

11:16:13.0421 1800 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

11:16:13.0421 1800 NDIS - ok

11:16:13.0500 1800 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

11:16:13.0500 1800 NdisTapi - ok

11:16:13.0531 1800 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

11:16:13.0531 1800 Ndisuio - ok

11:16:13.0578 1800 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

11:16:13.0578 1800 NdisWan - ok

11:16:13.0718 1800 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

11:16:13.0734 1800 NDProxy - ok

11:16:13.0796 1800 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

11:16:13.0812 1800 NetBIOS - ok

11:16:13.0875 1800 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

11:16:13.0890 1800 NetBT - ok

11:16:13.0984 1800 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

11:16:13.0984 1800 NIC1394 - ok

11:16:14.0046 1800 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

11:16:14.0046 1800 Npfs - ok

11:16:14.0125 1800 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

11:16:14.0187 1800 Ntfs - ok

11:16:14.0359 1800 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

11:16:14.0359 1800 Null - ok

11:16:14.0546 1800 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

11:16:14.0609 1800 nv - ok

11:16:14.0750 1800 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

11:16:14.0750 1800 NwlnkFlt - ok

11:16:14.0812 1800 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

11:16:14.0812 1800 NwlnkFwd - ok

11:16:14.0890 1800 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

11:16:14.0906 1800 ohci1394 - ok

11:16:14.0968 1800 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

11:16:14.0968 1800 P3 - ok

11:16:15.0031 1800 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

11:16:15.0046 1800 Parport - ok

11:16:15.0093 1800 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

11:16:15.0109 1800 PartMgr - ok

11:16:15.0296 1800 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

11:16:15.0296 1800 ParVdm - ok

11:16:15.0406 1800 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

11:16:15.0406 1800 PCI - ok

11:16:15.0437 1800 PCIDump - ok

11:16:15.0468 1800 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

11:16:15.0484 1800 PCIIde - ok

11:16:15.0546 1800 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

11:16:15.0546 1800 Pcmcia - ok

11:16:15.0578 1800 PDCOMP - ok

11:16:15.0625 1800 PDFRAME - ok

11:16:15.0640 1800 PDRELI - ok

11:16:15.0671 1800 PDRFRAME - ok

11:16:15.0703 1800 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

11:16:15.0718 1800 perc2 - ok

11:16:15.0750 1800 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

11:16:15.0750 1800 perc2hib - ok

11:16:15.0953 1800 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

11:16:15.0953 1800 PptpMiniport - ok

11:16:16.0031 1800 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

11:16:16.0031 1800 PSched - ok

11:16:16.0078 1800 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

11:16:16.0078 1800 Ptilink - ok

11:16:16.0171 1800 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

11:16:16.0171 1800 ql1080 - ok

11:16:16.0203 1800 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

11:16:16.0203 1800 Ql10wnt - ok

11:16:16.0250 1800 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

11:16:16.0250 1800 ql12160 - ok

11:16:16.0265 1800 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

11:16:16.0281 1800 ql1240 - ok

11:16:16.0312 1800 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

11:16:16.0312 1800 ql1280 - ok

11:16:16.0328 1800 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

11:16:16.0343 1800 RasAcd - ok

11:16:16.0406 1800 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

11:16:16.0421 1800 Rasl2tp - ok

11:16:16.0578 1800 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

11:16:16.0578 1800 RasPppoe - ok

11:16:16.0656 1800 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

11:16:16.0656 1800 Raspti - ok

11:16:16.0703 1800 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

11:16:16.0718 1800 Rdbss - ok

11:16:16.0750 1800 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

11:16:16.0750 1800 RDPCDD - ok

11:16:16.0843 1800 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

11:16:16.0843 1800 rdpdr - ok

11:16:17.0062 1800 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

11:16:17.0062 1800 RDPWD - ok

11:16:17.0171 1800 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

11:16:17.0171 1800 redbook - ok

11:16:17.0281 1800 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

11:16:17.0296 1800 sdbus - ok

11:16:17.0359 1800 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

11:16:17.0359 1800 Secdrv - ok

11:16:17.0531 1800 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

11:16:17.0531 1800 serenum - ok

11:16:17.0609 1800 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

11:16:17.0609 1800 Serial - ok

11:16:17.0687 1800 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

11:16:17.0687 1800 Sfloppy - ok

11:16:17.0718 1800 Simbad - ok

11:16:17.0765 1800 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

11:16:17.0796 1800 sisagp - ok

11:16:17.0859 1800 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

11:16:17.0859 1800 Sparrow - ok

11:16:17.0875 1800 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

11:16:17.0875 1800 splitter - ok

11:16:17.0921 1800 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

11:16:17.0937 1800 sr - ok

11:16:18.0125 1800 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

11:16:18.0156 1800 Srv - ok

11:16:18.0250 1800 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

11:16:18.0250 1800 StillCam - ok

11:16:18.0296 1800 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

11:16:18.0312 1800 swenum - ok

11:16:18.0359 1800 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

11:16:18.0359 1800 swmidi - ok

11:16:18.0421 1800 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

11:16:18.0421 1800 symc810 - ok

11:16:18.0609 1800 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

11:16:18.0609 1800 symc8xx - ok

11:16:18.0687 1800 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

11:16:18.0687 1800 sym_hi - ok

11:16:18.0703 1800 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

11:16:18.0718 1800 sym_u3 - ok

11:16:18.0796 1800 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys

11:16:18.0812 1800 SynTP - ok

11:16:18.0859 1800 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

11:16:18.0875 1800 sysaudio - ok

11:16:19.0062 1800 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

11:16:19.0078 1800 Tcpip - ok

11:16:19.0171 1800 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

11:16:19.0171 1800 TDPIPE - ok

11:16:19.0218 1800 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

11:16:19.0218 1800 TDTCP - ok

11:16:19.0281 1800 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

11:16:19.0296 1800 TermDD - ok

11:16:19.0375 1800 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys

11:16:19.0375 1800 tifm21 - ok

11:16:19.0578 1800 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

11:16:19.0578 1800 TosIde - ok

11:16:19.0687 1800 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

11:16:19.0687 1800 Udfs - ok

11:16:19.0750 1800 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

11:16:19.0750 1800 ultra - ok

11:16:19.0843 1800 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

11:16:19.0859 1800 Update - ok

11:16:19.0937 1800 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

11:16:19.0937 1800 usbccgp - ok

11:16:20.0078 1800 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

11:16:20.0078 1800 usbehci - ok

11:16:20.0171 1800 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

11:16:20.0171 1800 usbhub - ok

11:16:20.0234 1800 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

11:16:20.0234 1800 usbohci - ok

11:16:20.0296 1800 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

11:16:20.0296 1800 usbprint - ok

11:16:20.0343 1800 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

11:16:20.0359 1800 usbscan - ok

11:16:20.0406 1800 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

11:16:20.0406 1800 USBSTOR - ok

11:16:20.0453 1800 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

11:16:20.0453 1800 usbuhci - ok

11:16:20.0640 1800 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

11:16:20.0656 1800 VgaSave - ok

11:16:20.0765 1800 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

11:16:20.0765 1800 viaagp - ok

11:16:20.0812 1800 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

11:16:20.0812 1800 ViaIde - ok

11:16:20.0843 1800 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

11:16:20.0859 1800 VolSnap - ok

11:16:20.0937 1800 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

11:16:20.0937 1800 Wanarp - ok

11:16:21.0000 1800 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

11:16:21.0000 1800 wanatw - ok

11:16:21.0171 1800 WDICA - ok

11:16:21.0250 1800 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

11:16:21.0250 1800 wdmaud - ok

11:16:21.0359 1800 winachsf (5ea185425bfcbc2d4b96d673d8c4deaf) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

11:16:21.0375 1800 winachsf - ok

11:16:21.0671 1800 yukonwxp (9a916f4354eef85c535dd792754edc1d) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

11:16:21.0671 1800 yukonwxp - ok

11:16:21.0750 1800 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0

11:16:21.0765 1800 \Device\Harddisk0\DR0 - ok

11:16:21.0812 1800 Boot (0x1200) (998e3666a271f119ab5d1a6193f1b091) \Device\Harddisk0\DR0\Partition0

11:16:21.0812 1800 \Device\Harddisk0\DR0\Partition0 - ok

11:16:21.0828 1800 Boot (0x1200) (84d2f6b2cf8512cb045bc9787cff225b) \Device\Harddisk0\DR0\Partition1

11:16:21.0828 1800 \Device\Harddisk0\DR0\Partition1 - ok

11:16:21.0828 1800 ============================================================

11:16:21.0828 1800 Scan finished

11:16:21.0828 1800 ============================================================

11:16:21.0859 2828 Detected object count: 0

11:16:21.0859 2828 Actual detected object count: 0

11:16:52.0093 2132 Deinitialize success

Thank you so much for your help :)

Link to post
Share on other sites

Hi again, :)

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Hi again Elise :)

ComboFix did do something, here is the log:

ComboFix 12-02-17.02 - Owner 02/18/2012 12:35:54.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.118 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Owner\My Documents\DPE.DUS

c:\documents and settings\Owner\WINDOWS

c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\File.txt

D:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-01-18 to 2012-02-18 )))))))))))))))))))))))))))))))

.

.

2012-02-17 05:28 . 2012-02-17 05:29 -------- d-----w- c:\program files\CCleaner

2012-02-16 09:44 . 2012-02-16 09:44 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2012-02-14 22:55 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-02-14 22:55 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2012-02-14 16:41 . 2011-11-28 17:54 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys

2012-02-14 16:39 . 2011-11-28 17:53 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2012-02-14 16:39 . 2011-11-28 17:26 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2012-02-14 16:19 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-02-14 16:19 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-02-14 16:18 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-02-14 16:18 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-02-14 16:18 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-02-14 16:18 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-02-14 16:18 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-02-14 16:18 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-02-14 16:17 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr

2012-02-14 16:17 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe

2012-02-14 16:16 . 2012-02-14 16:16 -------- d-----w- c:\program files\AVAST Software

2012-02-14 16:16 . 2012-02-14 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2012-02-03 19:24 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-03 19:24 . 2012-02-03 19:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-16 14:51 . 2011-05-18 12:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-12 16:53 . 2004-08-26 16:12 1859968 ----a-w- c:\windows\system32\win32k.sys

2012-01-08 04:32 . 2011-12-23 04:13 256 ----a-w- c:\windows\system32\MSIevent.bat

2012-01-08 04:32 . 2011-12-23 04:13 260 ----a-w- c:\windows\system32\cmdVBS.vbs

2011-12-17 19:46 . 2004-08-26 16:12 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46 . 2004-08-26 16:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-17 19:46 . 2004-08-26 16:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:22 . 2004-08-26 16:11 385024 ----a-w- c:\windows\system32\html.iec

2011-11-25 21:57 . 2004-08-26 16:12 293376 ----a-w- c:\windows\system32\winsrv.dll

2012-02-18 03:44 . 2011-10-03 14:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 18:08 . 2010-12-16 16:00 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-01-03 21:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 68856]

"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 344064]

"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-21 98304]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"Motive SmartBridge"="c:\progra~1\verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 438359]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2010-03-16 4281584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]

"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]

"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]

"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]

"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]

"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]

"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]

"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-12-23 2629632]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Power2GoExpress"="NA" [X]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

CorelCENTRAL 9.LNK - c:\program files\Corel\WordPerfect Office 2000\programs\ccwin9.exe [2006-6-28 589824]

CorelCENTRAL Alarms.LNK - c:\program files\Corel\WordPerfect Office 2000\programs\alarm.exe [2006-6-28 225280]

Desktop Application Director 9.LNK - c:\program files\Corel\WordPerfect Office 2000\programs\dad9.exe [2006-6-28 225280]

HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]

OKI LPR Utility.lnk - c:\program files\Okidata\OKI LPR Utility\Okilpr.exe [2010-11-4 159744]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\verizon\\VSP\\ServicepointService.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"54925:UDP"= 54925:UDP:BrotherNetwork Scanner

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2/14/2012 11:39 AM 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2/14/2012 11:39 AM 195416]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2/14/2012 11:41 AM 111320]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/14/2012 11:19 AM 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/14/2012 11:19 AM 20568]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/3/2012 2:24 PM 652360]

R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [3/9/2010 12:40 AM 144672]

R2 ServicepointService;ServicepointService;c:\program files\verizon\VSP\ServicepointService.exe [12/16/2010 10:02 AM 689392]

R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [12/29/2011 5:35 PM 245760]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [4/21/2006 3:06 AM 200576]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/3/2012 2:24 PM 20464]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/14/2012 11:18 AM 435032]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2/14/2012 11:39 AM 127192]

S2 gupdate1c9c350b497a2aa;Google Update Service (gupdate1c9c350b497a2aa);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 8:46 AM 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 8:46 AM 133104]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 4:12 PM 10664]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 70343226

*Deregistered* - 70343226

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-16 c:\windows\Tasks\At1.job

- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

2012-02-18 c:\windows\Tasks\At2.job

- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

2012-02-18 c:\windows\Tasks\At3.job

- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

2012-02-16 c:\windows\Tasks\At4.job

- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

2012-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 13:45]

.

2012-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 13:45]

.

2006-06-27 c:\windows\Tasks\ISP signup reminder 3.job

- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]

.

2012-02-18 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 21:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2005_6_10_1/yregucfg.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\0oafu86t.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=5BE5C07C-1500-4F64-9637-C7121043C42E&apn_ptnrs=TV&apn_sauid=E0E82BC0-4EC3-43F1-9BC1-6662FB367472&apn_dtid=OSJ000YYUS&&q=

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-RegisterDropHandler - c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-18 12:52

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1340)

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\BCMLogon.dll

.

Completion time: 2012-02-18 12:58:10

ComboFix-quarantined-files.txt 2012-02-18 17:58

.

Pre-Run: 37,713,408,000 bytes free

Post-Run: 38,738,362,368 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - F891D8FAE8BB0938A51D77D8A33D3EB1

Thank you, again! :)

Link to post
Share on other sites

Hi, can you please let me know how things are running at this point?

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


AtJob::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Hi Elise,

I'm not positive that I did this one correctly? It launched ComboFix again, here is the log:

ComboFix 12-02-17.02 - Owner 02/18/2012 13:43:51.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.10 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((( Files Created from 2012-01-18 to 2012-02-18 )))))))))))))))))))))))))))))))

.

.

2012-02-17 05:28 . 2012-02-17 05:29 -------- d-----w- c:\program files\CCleaner

2012-02-16 09:44 . 2012-02-16 09:44 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2012-02-14 22:55 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-02-14 22:55 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2012-02-14 16:41 . 2011-11-28 17:54 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys

2012-02-14 16:39 . 2011-11-28 17:53 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2012-02-14 16:39 . 2011-11-28 17:26 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2012-02-14 16:19 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-02-14 16:19 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-02-14 16:18 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-02-14 16:18 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-02-14 16:18 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-02-14 16:18 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-02-14 16:18 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-02-14 16:18 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-02-14 16:17 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr

2012-02-14 16:17 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe

2012-02-14 16:16 . 2012-02-14 16:16 -------- d-----w- c:\program files\AVAST Software

2012-02-14 16:16 . 2012-02-14 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2012-02-03 19:24 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-03 19:24 . 2012-02-03 19:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-16 14:51 . 2011-05-18 12:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-12 16:53 . 2004-08-26 16:12 1859968 ----a-w- c:\windows\system32\win32k.sys

2012-01-08 04:32 . 2011-12-23 04:13 256 ----a-w- c:\windows\system32\MSIevent.bat

2012-01-08 04:32 . 2011-12-23 04:13 260 ----a-w- c:\windows\system32\cmdVBS.vbs

2011-12-17 19:46 . 2004-08-26 16:12 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46 . 2004-08-26 16:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-17 19:46 . 2004-08-26 16:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:22 . 2004-08-26 16:11 385024 ----a-w- c:\windows\system32\html.iec

2011-11-25 21:57 . 2004-08-26 16:12 293376 ----a-w- c:\windows\system32\winsrv.dll

2012-02-18 03:44 . 2011-10-03 14:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 18:08 . 2010-12-16 16:00 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-01-03 21:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 68856]

"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 344064]

"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-21 98304]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"Motive SmartBridge"="c:\progra~1\verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 438359]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2010-03-16 4281584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]

"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]

"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]

"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]

"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]

"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]

"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]

"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-12-23 2629632]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Power2GoExpress"="NA" [X]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

CorelCENTRAL 9.LNK - c:\program files\Corel\WordPerfect Office 2000\programs\ccwin9.exe [2006-6-28 589824]

CorelCENTRAL Alarms.LNK - c:\program files\Corel\WordPerfect Office 2000\programs\alarm.exe [2006-6-28 225280]

Desktop Application Director 9.LNK - c:\program files\Corel\WordPerfect Office 2000\programs\dad9.exe [2006-6-28 225280]

HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]

OKI LPR Utility.lnk - c:\program files\Okidata\OKI LPR Utility\Okilpr.exe [2010-11-4 159744]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\verizon\\VSP\\ServicepointService.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"54925:UDP"= 54925:UDP:BrotherNetwork Scanner

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2/14/2012 11:39 AM 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2/14/2012 11:39 AM 195416]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2/14/2012 11:41 AM 111320]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/14/2012 11:19 AM 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/14/2012 11:19 AM 20568]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/3/2012 2:24 PM 652360]

R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [3/9/2010 12:40 AM 144672]

R2 ServicepointService;ServicepointService;c:\program files\verizon\VSP\ServicepointService.exe [12/16/2010 10:02 AM 689392]

R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [12/29/2011 5:35 PM 245760]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [4/21/2006 3:06 AM 200576]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/3/2012 2:24 PM 20464]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/14/2012 11:18 AM 435032]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2/14/2012 11:39 AM 127192]

S2 gupdate1c9c350b497a2aa;Google Update Service (gupdate1c9c350b497a2aa);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 8:46 AM 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 8:46 AM 133104]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 4:12 PM 10664]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 70343226

*Deregistered* - 70343226

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-16 c:\windows\Tasks\At1.job

- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

2012-02-18 c:\windows\Tasks\At2.job

- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

2012-02-18 c:\windows\Tasks\At3.job

- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

2012-02-16 c:\windows\Tasks\At4.job

- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

2012-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 13:45]

.

2012-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 13:45]

.

2006-06-27 c:\windows\Tasks\ISP signup reminder 3.job

- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]

.

2012-02-18 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 21:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2005_6_10_1/yregucfg.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\0oafu86t.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=5BE5C07C-1500-4F64-9637-C7121043C42E&apn_ptnrs=TV&apn_sauid=E0E82BC0-4EC3-43F1-9BC1-6662FB367472&apn_dtid=OSJ000YYUS&&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-18 14:00

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1340)

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'explorer.exe'(588)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2012-02-18 14:05:07

ComboFix-quarantined-files.txt 2012-02-18 19:05

ComboFix2.txt 2012-02-18 17:58

.

Pre-Run: 38,814,507,008 bytes free

Post-Run: 38,798,696,448 bytes free

.

- - End Of File - - E68E44A426E3B13FF603F20F9026EFE7

Link to post
Share on other sites

Please run also the following scan.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


File::
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Here is the new ComboFix.txt log:

ComboFix 12-02-17.02 - Owner 02/18/2012 15:24:23.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.141 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

FILE ::

"c:\windows\Tasks\At1.job"

"c:\windows\Tasks\At2.job"

"c:\windows\Tasks\At3.job"

"c:\windows\Tasks\At4.job"

.

.

((((((((((((((((((((((((( Files Created from 2012-01-18 to 2012-02-18 )))))))))))))))))))))))))))))))

.

.

2012-02-17 05:28 . 2012-02-17 05:29 -------- d-----w- c:\program files\CCleaner

2012-02-16 09:44 . 2012-02-16 09:44 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2012-02-14 22:55 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-02-14 22:55 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2012-02-14 16:41 . 2011-11-28 17:54 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys

2012-02-14 16:39 . 2011-11-28 17:53 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2012-02-14 16:39 . 2011-11-28 17:26 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2012-02-14 16:19 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-02-14 16:19 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-02-14 16:18 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-02-14 16:18 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-02-14 16:18 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-02-14 16:18 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-02-14 16:18 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-02-14 16:18 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-02-14 16:17 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr

2012-02-14 16:17 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe

2012-02-14 16:16 . 2012-02-14 16:16 -------- d-----w- c:\program files\AVAST Software

2012-02-14 16:16 . 2012-02-14 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2012-02-03 19:24 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-03 19:24 . 2012-02-03 19:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-16 14:51 . 2011-05-18 12:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-12 16:53 . 2004-08-26 16:12 1859968 ----a-w- c:\windows\system32\win32k.sys

2012-01-08 04:32 . 2011-12-23 04:13 256 ----a-w- c:\windows\system32\MSIevent.bat

2012-01-08 04:32 . 2011-12-23 04:13 260 ----a-w- c:\windows\system32\cmdVBS.vbs

2011-12-17 19:46 . 2004-08-26 16:12 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46 . 2004-08-26 16:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-17 19:46 . 2004-08-26 16:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:22 . 2004-08-26 16:11 385024 ----a-w- c:\windows\system32\html.iec

2011-11-25 21:57 . 2004-08-26 16:12 293376 ----a-w- c:\windows\system32\winsrv.dll

2012-02-18 03:44 . 2011-10-03 14:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 18:08 . 2010-12-16 16:00 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-01-03 21:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 68856]

"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 344064]

"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-21 98304]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"Motive SmartBridge"="c:\progra~1\verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 438359]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2010-03-16 4281584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]

"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]

"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]

"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]

"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]

"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]

"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]

"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-12-23 2629632]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Power2GoExpress"="NA" [X]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

CorelCENTRAL 9.LNK - c:\program files\Corel\WordPerfect Office 2000\programs\ccwin9.exe [2006-6-28 589824]

CorelCENTRAL Alarms.LNK - c:\program files\Corel\WordPerfect Office 2000\programs\alarm.exe [2006-6-28 225280]

Desktop Application Director 9.LNK - c:\program files\Corel\WordPerfect Office 2000\programs\dad9.exe [2006-6-28 225280]

HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]

OKI LPR Utility.lnk - c:\program files\Okidata\OKI LPR Utility\Okilpr.exe [2010-11-4 159744]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\verizon\\VSP\\ServicepointService.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"54925:UDP"= 54925:UDP:BrotherNetwork Scanner

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2/14/2012 11:39 AM 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2/14/2012 11:39 AM 195416]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2/14/2012 11:41 AM 111320]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/14/2012 11:19 AM 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/14/2012 11:19 AM 20568]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/3/2012 2:24 PM 652360]

R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [3/9/2010 12:40 AM 144672]

R2 ServicepointService;ServicepointService;c:\program files\verizon\VSP\ServicepointService.exe [12/16/2010 10:02 AM 689392]

R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [12/29/2011 5:35 PM 245760]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [4/21/2006 3:06 AM 200576]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/3/2012 2:24 PM 20464]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/14/2012 11:18 AM 435032]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2/14/2012 11:39 AM 127192]

S2 gupdate1c9c350b497a2aa;Google Update Service (gupdate1c9c350b497a2aa);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 8:46 AM 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 8:46 AM 133104]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 4:12 PM 10664]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 70343226

*Deregistered* - 70343226

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-16 c:\windows\Tasks\At1.job

- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

2012-02-18 c:\windows\Tasks\At2.job

- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

2012-02-18 c:\windows\Tasks\At3.job

- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

2012-02-16 c:\windows\Tasks\At4.job

- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

2012-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 13:45]

.

2012-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 13:45]

.

2006-06-27 c:\windows\Tasks\ISP signup reminder 3.job

- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]

.

2012-02-18 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 21:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2005_6_10_1/yregucfg.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\0oafu86t.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=5BE5C07C-1500-4F64-9637-C7121043C42E&apn_ptnrs=TV&apn_sauid=E0E82BC0-4EC3-43F1-9BC1-6662FB367472&apn_dtid=OSJ000YYUS&&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-18 15:39

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1340)

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'explorer.exe'(3400)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2012-02-18 15:44:31

ComboFix-quarantined-files.txt 2012-02-18 20:44

ComboFix2.txt 2012-02-18 19:05

ComboFix3.txt 2012-02-18 17:58

.

Pre-Run: 38,734,360,576 bytes free

Post-Run: 38,718,468,096 bytes free

.

- - End Of File - - 3C8D1B63109180E7F0C3E303728AA289

Link to post
Share on other sites

Hi again,

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 7u3.
  • Look for "JDK 7u3 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

Please launch MBAM, update it and run a full scan. Post me the resulting log.

Link to post
Share on other sites

I cannot install Adobe Reader Version X. I deleted Adobe Acrobat Professional in case that was the issue (I can reinstall that when I get back to work on Tuesday) but still Adobe Reader X keeps giving me an error.

The error is: Installation encountered errors, Failed to initialize.

I've tried to install it by downloading it in both IE & Firefox (the download seems to work) and tried to disable MBAM and Avast but it still won't install.

Link to post
Share on other sites

Old Java removed, new Java installed

MBAM log below:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.18.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Owner :: NOTEBOOK [administrator]

Protection: Enabled

2/18/2012 8:27:41 PM

mbam-log-2012-02-18 (20-27-41).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 277269

Time elapsed: 2 hour(s), 15 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Thank you again Elise!

Link to post
Share on other sites

That looks good! Lets do one last scan just to be sure.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

No worries, if no threats were detected no need to do anything else. :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.