TechSpot

Bad Image Errors and some kind of virus...

By mvongsa
May 23, 2013
  1. Hi! I've been battling bad image errors and some kind of virus continuously for the past few months. It's the family computer, so I didn't realize how ongoing the problem was til now. I run on Windows XP and use Avast as my antivirus and Comodo as my firewall. In addition, I have Malwarebytes' Anti-Malware installed and CCleaner. I've used AVG in the past, but have since uninstalled it months ago and switched over to Avast. I've performed full scans and they've come out clean.

    Besides the bad image error I get, I'm also getting this:

    photo(1).JPG photo.JPG

    As you can see, my computer decides to randomly slow down and then all the text and icons start disappearing. Is this still attributed to the bad image error? It's not just when I'm browsing the internet either, because it also happens when I'm working in Word or trying to open any other program. Sometimes, I can't even see the bad image error, but just the error box!

    Also, I have no real way to check if I finally solve the problem, until I sit on my computer and work on it for a while and then it randomly appears again.

    Here's what a quick scan from Malwarebytes' Anti-Malware said:

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.05.23.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Sam :: SAM-A398FE5300A [administrator]

    5/23/2013 3:57:09 AM
    mbam-log-2013-05-23 (03-57-09).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 263043
    Time elapsed: 12 minute(s), 58 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  2. mvongsa

    mvongsa TS Rookie Topic Starter

    Here's what my dds.txt file says:

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2
    Run by Sam at 4:14:33 on 2013-05-23
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.943 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Antivirus *Disabled*
    FW: COMODO Firewall *Enabled*
    .
    ============== Running Processes ================
    .
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CSHelper.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Macrium\Reflect\ReflectService.exe
    C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
    C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe
    C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe
    C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    C:\Documents and Settings\Sam\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Google\Drive\googledrivesync.exe
    C:\Program Files\Google\Drive\googledrivesync.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://isearch.glarysoft.com/?src=newtab
    mStart Page = hxxp://isearch.glarysoft.com/?src=iehome
    uProxyOverride = <local>;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -
    TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [MusicManager] "c:\documents and settings\sam\local settings\application data\programs\google\musicmanager\MusicManager.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Qwest Personal Digital Vault] "c:\program files\qwest personal digital vault\QwestPersonalDigitalVault.exe" /m
    mRun: [QuickCare] c:\program files\qwest\quickcare\bin\sprtcmd.exe /P QuickCare
    mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions
    mRun: [VMM Mode Selection] c:\program files\htc\modeselection\VMMModeSelection.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [ISW] <no file>
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoSMConfigurePrograms = dword:1
    uPolicies-Explorer: NoStartMenuLogoff = dword:0
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoStartMenuLogOff = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoSMConfigurePrograms = dword:1
    mPolicies-Explorer: NoStartMenuLogoff = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{431ECE70-D9B9-4045-ACD0-BA534A6ED114} : DHCPNameServer = 192.168.0.1 205.171.3.25
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\sam\application data\mozilla\firefox\profiles\b2pd2wan.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Glary Search
    FF - prefs.js: browser.startup.homepage - hxxp://isearch.glarysoft.com/?src=ffhome
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - plugin: c:\documents and settings\sam\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\sam\local settings\application data\google\update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScopeDRM11.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - plugin: c:\windows\system32\npwmsdrm.dll
    FF - ExtSQL: 2013-05-23 03:49; wrc@avast.com; c:\progra~1\avasts~1\avast\webrep\FF
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.zonealarm_i.newTab - false
    FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.414:28:31
    FF - user.js: extensions.zonealarm_i.smplGrp - none
    FF - user.js: extensions.zonealarm.hpOld0 - hxxp://isearch.glarysoft.com/?src=ffhome
    FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=fadf3cd3eadc4408895a010c45edd45d&tu=10GX0008B2B0008&sku=&tstsId=&ver=&&q=
    FF - user.js: extensions.zonealarm.id - 44d06554000000000000001a6bcbd126
    FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
    FF - user.js: extensions.zonealarm.instlDay - 15847
    FF - user.js: extensions.zonealarm.vrsn - 1.8.11.11
    FF - user.js: extensions.zonealarm.vrsni - 1.8.11.11
    FF - user.js: extensions.zonealarm.vrsnTs - 1.8.11.1117:18:13
    FF - user.js: extensions.zonealarm.prtnrId - checkpoint
    FF - user.js: extensions.zonealarm.prdct - zonealarm
    FF - user.js: extensions.zonealarm.aflt - 1025
    FF - user.js: extensions.zonealarm.smplGrp - none
    FF - user.js: extensions.zonealarm.tlbrId - base2013
    FF - user.js: extensions.zonealarm.instlRef - ZLN16524721347397-1001
    FF - user.js: extensions.zonealarm.dfltLng - en
    FF - user.js: extensions.zonealarm.excTlbr - false
    FF - user.js: extensions.zonealarm.ffxUnstlRst - false
    FF - user.js: extensions.zonealarm.admin - false
    FF - user.js: extensions.zonealarm.autoRvrt - false
    FF - user.js: extensions.zonealarm.rvrt - true
    FF - user.js: extensions.zonealarm.hmpg - true
    FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=fadf3cd3eadc4408895a010c45edd45d&tu=10GX0008B2B0008&sku=&tstsId=&ver=&
    FF - user.js: extensions.zonealarm.newTab - true
    FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=fadf3cd3eadc4408895a010c45edd45d&tu=10GX0008B2B0008&sku=&tstsId=&ver=&
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-23 174664]
    R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2011-7-1 16024]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-23 368944]
    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2013-4-15 18528]
    R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [2013-4-15 592384]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2013-4-15 32816]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-5-23 29816]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-23 66336]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-23 46808]
    R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2013-4-25 4443912]
    R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-8-8 266240]
    R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2011-7-1 220824]
    R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
    R2 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\qwest\quickcare\bin\sprtsvc.exe [2010-8-8 206120]
    R2 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\qwest\quickcare\bin\tgsrvc.exe [2010-8-8 185640]
    R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2011-10-16 17984]
    R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\comodo\comodo internet security\cmdvirth.exe [2013-4-15 127184]
    S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-23 49376]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-23 765736]
    .
    =============== Created Last 30 ================
    .
    2013-05-23 09:09:42 -------- d--h--w- C:\VTRoot
    2013-05-23 09:09:41 1770 ----a-w- c:\windows\system32\drivers\fvstore.dat
    2013-05-23 08:50:35 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-05-23 08:50:35 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-05-23 08:50:34 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-05-23 08:50:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-05-23 08:48:58 41664 ----a-w- c:\windows\avastSS.scr
    2013-05-23 08:48:11 -------- d-----w- c:\program files\AVAST Software
    2013-05-23 08:46:46 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2013-05-23 08:45:31 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-05-23 08:45:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-05-23 08:38:14 -------- d-s---w- c:\documents and settings\all users\application data\Shared Space
    2013-05-23 08:26:16 -------- d-----w- c:\documents and settings\all users\application data\COMODO
    2013-05-23 08:25:26 47368 ----a-w- c:\windows\system32\certsentry.dll
    2013-05-23 08:25:26 -------- d-----w- c:\documents and settings\sam\local settings\application data\COMODO
    2013-05-23 08:25:14 -------- d-----w- c:\program files\Comodo
    2013-05-23 08:25:08 -------- d-----w- c:\documents and settings\all users\application data\Comodo Downloader
    2013-05-23 07:58:00 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2013-05-23 07:29:23 -------- d-----w- c:\program files\ESET
    2013-05-23 04:27:16 -------- d-sha-r- C:\cmdcons
    2013-05-23 04:21:17 98816 ----a-w- c:\windows\sed.exe
    2013-05-23 04:21:17 256000 ----a-w- c:\windows\PEV.exe
    2013-05-23 04:21:17 208896 ----a-w- c:\windows\MBR.exe
    2013-05-23 00:35:07 238872 ------w- c:\windows\system32\MpSigStub.exe
    2013-05-22 22:08:55 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-04-23 20:04:12 348048 ----a-w- c:\windows\system32\guard32.dll
    .
    ==================== Find3M ====================
    .
    2013-05-23 01:39:13 664 ----a-w- c:\windows\system32\d3d9caps.tmp
    2013-05-22 22:08:36 144896 ----a-w- c:\windows\system32\javacpl.cpl
    2013-05-22 22:08:35 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-05-22 22:08:35 788896 ----a-w- c:\windows\system32\deployJava1.dll
    2013-05-22 21:53:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-05-22 21:53:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-04-16 22:17:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-04-16 22:17:14 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-04-15 23:39:00 592384 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2013-04-15 23:39:00 32816 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2013-04-15 23:39:00 18528 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2013-04-15 23:38:38 35488 ----a-w- c:\windows\system32\cmdcsr.dll
    2013-04-15 23:38:26 40656 ----a-w- c:\windows\system32\cmdkbd32.dll
    2013-04-15 23:38:26 276688 ----a-w- c:\windows\system32\cmdvrt32.dll
    2013-04-12 23:28:55 385024 ----a-w- c:\windows\system32\html.iec
    2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
    2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
    2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
    .
    ============= FINISH: 4:16:02.50 ===============
     
  3. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================

    I still need Attach.txt from DDS.
     
  4. mvongsa

    mvongsa TS Rookie Topic Starter

    Oops! Sorry, Here you go:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/4/2010 1:42:16 AM
    System Uptime: 5/23/2013 3:12:03 PM (4 hours ago)
    .
    Motherboard: ASUSTek Computer INC. | | NODUSM3
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ | Socket AM2 | 2405/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 100 GiB total, 31.328 GiB free.
    E: is Removable
    F: is Removable
    G: is Removable
    H: is CDROM ()
    I: is FIXED (NTFS) - 500 GiB total, 452.544 GiB free.
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ACPI\AWY0001\2&DABA3FF&0
    Manufacturer:
    Name:
    PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
    Service:
    .
    ==== System Restore Points ===================
    .
    RP674: 2/22/2013 11:50:20 PM - System Checkpoint
    RP675: 2/24/2013 5:09:11 PM - System Checkpoint
    RP676: 2/25/2013 11:01:21 PM - System Checkpoint
    RP677: 2/26/2013 11:47:42 PM - System Checkpoint
    RP678: 2/28/2013 12:47:43 AM - System Checkpoint
    RP679: 3/1/2013 1:59:43 AM - System Checkpoint
    RP680: 3/2/2013 1:42:16 PM - System Checkpoint
    RP681: 3/4/2013 11:19:00 PM - System Checkpoint
    RP682: 3/5/2013 11:33:09 PM - System Checkpoint
    RP683: 3/7/2013 1:11:33 AM - System Checkpoint
    RP684: 3/8/2013 1:26:10 AM - System Checkpoint
    RP685: 3/9/2013 1:50:40 AM - System Checkpoint
    RP686: 3/10/2013 8:26:10 AM - System Checkpoint
    RP687: 3/11/2013 11:48:58 AM - System Checkpoint
    RP688: 3/12/2013 7:24:30 PM - System Checkpoint
    RP689: 3/12/2013 9:37:12 PM - System Checkpoint
    RP690: 3/14/2013 2:21:33 AM - System Checkpoint
    RP691: 3/14/2013 12:00:14 PM - Software Distribution Service 3.0
    RP692: 3/15/2013 12:26:13 PM - System Checkpoint
    RP693: 3/16/2013 1:01:15 PM - System Checkpoint
    RP694: 3/24/2013 6:57:41 AM - Software Distribution Service 3.0
    RP695: 3/30/2013 12:43:05 PM - System Checkpoint
    RP696: 3/30/2013 1:55:17 PM - Installed AVG 2013
    RP697: 3/30/2013 1:55:27 PM - Removed AVG 2012
    RP698: 3/30/2013 1:55:55 PM - Installed AVG 2013
    RP699: 3/30/2013 2:01:24 PM - Removed AVG 2012
    RP700: 4/4/2013 9:51:25 PM - Software Distribution Service 3.0
    RP701: 4/5/2013 10:09:51 PM - System Checkpoint
    RP702: 4/7/2013 8:39:59 AM - System Checkpoint
    RP703: 4/8/2013 2:42:50 PM - System Checkpoint
    RP704: 4/9/2013 11:04:01 PM - System Checkpoint
    RP705: 4/13/2013 11:06:00 AM - System Checkpoint
    RP706: 4/13/2013 12:00:15 PM - Software Distribution Service 3.0
    RP707: 4/17/2013 8:29:04 PM - System Checkpoint
    RP708: 4/20/2013 8:17:00 AM - System Checkpoint
    RP709: 4/21/2013 10:42:23 PM - System Checkpoint
    RP710: 4/23/2013 8:53:33 PM - System Checkpoint
    RP711: 5/13/2013 7:39:27 PM - System Checkpoint
    RP712: 5/13/2013 10:33:01 PM - System Checkpoint
    RP713: 5/21/2013 5:37:35 PM - System Checkpoint
    RP714: 5/21/2013 11:37:46 PM - Software Distribution Service 3.0
    RP715: 5/22/2013 4:54:05 PM - Software Distribution Service 3.0
    RP716: 5/22/2013 5:07:18 PM - Removed Java 7 Update 9
    RP717: 5/22/2013 5:08:30 PM - Installed Java 7 Update 21
    RP719: 5/22/2013 7:45:54 PM - Software Distribution Service 3.0
    RP720: 5/22/2013 8:32:26 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    2570
    2570_Help
    2570Trb
    Acrobat.com
    Actiontec Gateway
    Adobe AIR
    Adobe Community Help
    Adobe Download Manager
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Reader XI (11.0.02)
    Adobe Support Advisor
    AiO_Scan_CDA
    AiOSoftwareNPI
    Akamai NetSession Interface Service
    Amazon MP3 Downloader 1.0.12
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArtistScope Plugin FX
    avast! Free Antivirus
    AVG 2012
    Bonjour
    BufferChm
    CCleaner
    CenturyLink Installer
    COMODO Firewall
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    CueTour
    CustomerResearchQFolder
    Data Fax SoftModem with SmartCP
    Destinations
    DeviceFunctionQFolder
    DeviceManagementQFolder
    DivX Setup
    DocProc
    DocumentViewer
    DocumentViewerQFolder
    Elements STI Installer
    eSupportQFolder
    Facebook Plug-In
    Facebook Video Calling 1.2.0.287
    Fax_CDA
    Folder Lock
    FullDPAppQFolder
    GameSpy Arcade
    Glary Utilities 2.50.0.1632
    Google Chrome
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    HP Document Viewer 5.3
    HP Extended Capabilities 5.3
    HP Image Zone 5.3
    HP Imaging Device Functions 5.3
    HP PSC & OfficeJet 5.3.A
    HP Software Update
    HP Solution Center & Imaging Support Tools 5.3
    HPProductAssistant
    InstantShareAlert
    InstantShareDevices
    iPod for Windows 2005-10-12
    iTunes
    Java 7 Update 21
    Java Auto Updater
    Java(TM) 6 Update 34
    Macrium Reflect - Free Edition
    Malwarebytes Anti-Malware version 1.75.0.1300
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2742597)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML4 Parser
    Music Manager
    NewCopy_CDA
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    Pando Media Booster
    PanoStandAlone
    PhotoGallery
    ProductContextNPI
    QuickConnect
    QuickTime
    Qwest eChat Support Tools
    Qwest Personal Digital Vault™
    Qwest QuickAssist Desktop Tools
    Qwest Quickcare 2.7
    RandMap
    Readme
    Realtek High Definition Audio Driver
    Scan
    ScannerCopy
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB2809289)
    Security Update for Windows Internet Explorer 8 (KB2817183)
    Security Update for Windows Internet Explorer 8 (KB2829530)
    Security Update for Windows Internet Explorer 8 (KB2847204)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    Security Update for Windows XP (KB2808735)
    Security Update for Windows XP (KB2813170)
    Security Update for Windows XP (KB2813345)
    Security Update for Windows XP (KB2820197)
    Security Update for Windows XP (KB2820917)
    Security Update for Windows XP (KB2829361)
    Segoe UI
    SkinsHP1
    Skype™ 5.5
    SolutionCenter
    Sonic_PrimoSDK
    Status
    TrayApp
    Unload
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    VC80CRTRedist - 8.0.50727.4053
    Veetle TV 0.9.18
    VLC media player 1.1.1
    WebFldrs XP
    WebReg
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    WinRAR archiver
    WModem Driver Installer
    ZoneAlarm LTD Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/22/2013 7:02:37 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    5/22/2013 5:06:31 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    5/22/2013 11:30:43 PM, error: PlugPlayManager [11] - The device Root\LEGACY_AVGTP\0000 disappeared from the system without first being prepared for removal.
    5/22/2013 11:30:43 PM, error: PlugPlayManager [11] - The device Root\LEGACY_AVGTDIX\0000 disappeared from the system without first being prepared for removal.
    5/22/2013 11:30:43 PM, error: PlugPlayManager [11] - The device Root\LEGACY_AVGLOGX\0000 disappeared from the system without first being prepared for removal.
    5/22/2013 11:30:43 PM, error: PlugPlayManager [11] - The device Root\LEGACY_AVGLDX86\0000 disappeared from the system without first being prepared for removal.
    5/22/2013 11:30:43 PM, error: PlugPlayManager [11] - The device Root\LEGACY_AVGIDSSHIM\0000 disappeared from the system without first being prepared for removal.
    5/22/2013 11:30:43 PM, error: PlugPlayManager [11] - The device Root\LEGACY_AVGIDSHX\0000 disappeared from the system without first being prepared for removal.
    5/22/2013 11:30:43 PM, error: PlugPlayManager [11] - The device Root\LEGACY_AVGIDSDRIVER\0000 disappeared from the system without first being prepared for removal.
    5/22/2013 11:30:30 PM, error: Service Control Manager [7034] - The CopySafe Helper Service service terminated unexpectedly. It has done this 1 time(s).
    5/21/2013 5:22:36 PM, error: Service Control Manager [7022] - The IPv6 Helper Service service hung on starting.
    5/21/2013 5:21:03 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
    5/21/2013 5:20:35 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    5/21/2013 4:19:33 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: Insufficient system resources exist to complete the requested service. .
    5/21/2013 4:19:33 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\sirenacm.dll. Reference error message: The operation completed successfully. .
    5/21/2013 4:19:32 PM, error: SideBySide [59] - Generate Activation Context failed for C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL. Reference error message: The operation completed successfully. .
    5/21/2013 10:21:44 PM, error: System Error [1003] - Error code 000000c2, parameter1 00000040, parameter2 00000000, parameter3 80000000, parameter4 00000000.
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  6. mvongsa

    mvongsa TS Rookie Topic Starter

    Here's the first log from RogueKiller:

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Sam [Admin rights]
    Mode : Scan -- Date : 05/23/2013 20:34:03
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 9 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Documents and Settings\Sam\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe") [-] -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-1659004503-838170752-1801674531-1003[...]\Run : MusicManager ("C:\Documents and Settings\Sam\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe") [-] -> FOUND
    [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD10EADS-00M2B0 +++++
    --- User ---
    [MBR] 885976efd7cd7f6a5b3fec452cf1235a
    [BSP] 2436dd5d3abce323ade1fc051e8ba260 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 102398 Mo
    1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 209712510 | Size: 851460 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_05232013_02d2034.txt >>
    RKreport[1]_S_05232013_02d2034.txt



    Here's the second log from RogueKiller:

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Sam [Admin rights]
    Mode : Remove -- Date : 05/23/2013 20:35:38
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 8 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Documents and Settings\Sam\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe") [-] -> DELETED
    [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD10EADS-00M2B0 +++++
    --- User ---
    [MBR] 885976efd7cd7f6a5b3fec452cf1235a
    [BSP] 2436dd5d3abce323ade1fc051e8ba260 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 102398 Mo
    1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 209712510 | Size: 851460 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_05232013_02d2035.txt >>
    RKreport[1]_S_05232013_02d2034.txt ; RKreport[2]_D_05232013_02d2035.txt
     
  7. mvongsa

    mvongsa TS Rookie Topic Starter

    I performed the Malwarebytes Anti-Rootkit Scan and the first can said it did not need to do a cleanup because no Malware was found, so it did not produce a log. However, I'm currently running a second one just in case like you said. Although, I'm unsure if it will detect anything if it didn't the first time. I figured the second scan was in case it missed over any other malware if found.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  9. mvongsa

    mvongsa TS Rookie Topic Starter

    Okay while performing my second root kit malwarebytes scanner it seemed to detect something and said it would be killed. Also, I tried to open notepad but the all the text and names of the icons started disappearing. And I now have a blue screen of death, should I note what it says and restart it?
     
  10. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Yes and yes.
     
  11. mvongsa

    mvongsa TS Rookie Topic Starter

    Okay I restarted my computer and on my startup I got this message, which I sent the error report:

    DetectProblem.JPG

    In addition, my BSOD said this:
    STOP: 0x0000008E (0xC0000005, 0x8053AD21, 0xB462C700, 0x00000000)

    After this post, I will begin the TDSSKiller Scan and post its results.
     
  12. mvongsa

    mvongsa TS Rookie Topic Starter

    Here's what the TDSSKiller Scan log produced: (It found two suspicious items that were medium level, which I skipped)

    23:14:47.0375 1716 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    23:14:48.0015 1716 ============================================================
    23:14:48.0015 1716 Current date / time: 2013/05/23 23:14:48.0015
    23:14:48.0015 1716 SystemInfo:
    23:14:48.0015 1716
    23:14:48.0015 1716 OS Version: 5.1.2600 ServicePack: 3.0
    23:14:48.0015 1716 Product type: Workstation
    23:14:48.0015 1716 ComputerName: SAM-A398FE5300A
    23:14:48.0015 1716 UserName: Sam
    23:14:48.0015 1716 Windows directory: C:\WINDOWS
    23:14:48.0015 1716 System windows directory: C:\WINDOWS
    23:14:48.0015 1716 Processor architecture: Intel x86
    23:14:48.0015 1716 Number of processors: 2
    23:14:48.0015 1716 Page size: 0x1000
    23:14:48.0015 1716 Boot type: Normal boot
    23:14:48.0015 1716 ============================================================
    23:14:49.0562 1716 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    23:14:53.0015 1716 ============================================================
    23:14:53.0015 1716 \Device\Harddisk0\DR0:
    23:14:53.0031 1716 MBR partitions:
    23:14:53.0031 1716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC7FF53F
    23:14:53.0046 1716 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC7FF5BD, BlocksNum 0x3E8009F8
    23:14:53.0062 1716 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xE, StartLBA 0x4AFFFFF4, BlocksNum 0x29701B0C
    23:14:53.0062 1716 ============================================================
    23:14:53.0109 1716 C: <-> \Device\Harddisk0\DR0\Partition1
    23:14:53.0218 1716 I: <-> \Device\Harddisk0\DR0\Partition2
    23:14:53.0218 1716 ============================================================
    23:14:53.0218 1716 Initialize success
    23:14:53.0218 1716 ============================================================
    23:15:28.0187 3016 ============================================================
    23:15:28.0187 3016 Scan started
    23:15:28.0187 3016 Mode: Manual;
    23:15:28.0187 3016 ============================================================
    23:15:28.0765 3016 ================ Scan system memory ========================
    23:15:28.0765 3016 System memory - ok
    23:15:28.0765 3016 ================ Scan services =============================
    23:15:28.0921 3016 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll
    23:15:28.0921 3016 6to4 - ok
    23:15:28.0937 3016 Abiosdsk - ok
    23:15:28.0937 3016 abp480n5 - ok
    23:15:28.0984 3016 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    23:15:28.0984 3016 ACPI - ok
    23:15:29.0015 3016 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    23:15:29.0015 3016 ACPIEC - ok
    23:15:29.0078 3016 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    23:15:29.0078 3016 AdobeFlashPlayerUpdateSvc - ok
    23:15:29.0078 3016 adpu160m - ok
    23:15:29.0109 3016 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    23:15:29.0125 3016 aec - ok
    23:15:29.0140 3016 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    23:15:29.0140 3016 AFD - ok
    23:15:29.0140 3016 Aha154x - ok
    23:15:29.0156 3016 aic78u2 - ok
    23:15:29.0156 3016 aic78xx - ok
    23:15:29.0296 3016 [ C7074BD8D4B8F564859ED373433030AE ] Akamai c:\program files\common files\akamai/netsession_win_ca0e279.dll
    23:15:29.0296 3016 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
    23:15:29.0312 3016 Akamai ( HiddenFile.Multi.Generic ) - warning
    23:15:29.0312 3016 Akamai - detected HiddenFile.Multi.Generic (1)
    23:15:29.0343 3016 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    23:15:29.0343 3016 Alerter - ok
    23:15:29.0359 3016 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    23:15:29.0359 3016 ALG - ok
    23:15:29.0359 3016 AliIde - ok
    23:15:29.0375 3016 amsint - ok
    23:15:29.0421 3016 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    23:15:29.0421 3016 Apple Mobile Device - ok
    23:15:29.0437 3016 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    23:15:29.0453 3016 AppMgmt - ok
    23:15:29.0468 3016 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
    23:15:29.0468 3016 Arp1394 - ok
    23:15:29.0484 3016 asc - ok
    23:15:29.0484 3016 asc3350p - ok
    23:15:29.0484 3016 asc3550 - ok
    23:15:29.0562 3016 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    23:15:29.0578 3016 aspnet_state - ok
    23:15:29.0609 3016 [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
    23:15:29.0609 3016 aswFsBlk - ok
    23:15:29.0625 3016 [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
    23:15:29.0640 3016 aswMonFlt - ok
    23:15:29.0656 3016 [ 7B43265F92257A21CBFD88E7A651044C ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
    23:15:29.0656 3016 AswRdr - ok
    23:15:29.0671 3016 [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
    23:15:29.0671 3016 aswRvrt - ok
    23:15:29.0703 3016 [ 6CAB0A5991C5C0FC63F5E66593E71D7E ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
    23:15:29.0703 3016 aswSnx - ok
    23:15:29.0734 3016 [ 99102F60F344BEBAF4F6114514FD28D3 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
    23:15:29.0734 3016 aswSP - ok
    23:15:29.0750 3016 [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
    23:15:29.0750 3016 aswTdi - ok
    23:15:29.0781 3016 [ 16B8E3CD50A460EC32CA680C8210A0A9 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
    23:15:29.0781 3016 aswVmm - ok
    23:15:29.0781 3016 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    23:15:29.0796 3016 AsyncMac - ok
    23:15:29.0828 3016 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    23:15:29.0828 3016 atapi - ok
    23:15:29.0828 3016 Atdisk - ok
    23:15:29.0859 3016 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    23:15:29.0859 3016 Atmarpc - ok
    23:15:29.0859 3016 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    23:15:29.0875 3016 AudioSrv - ok
    23:15:29.0875 3016 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    23:15:29.0875 3016 audstub - ok
    23:15:29.0953 3016 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    23:15:29.0953 3016 avast! Antivirus - ok
    23:15:29.0984 3016 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    23:15:29.0984 3016 Beep - ok
    23:15:30.0015 3016 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    23:15:30.0031 3016 BITS - ok
    23:15:30.0109 3016 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    23:15:30.0109 3016 Bonjour Service - ok
    23:15:30.0125 3016 [ F934D1B230F84E1D19DD00AC5A7A83ED ] BRIDGE C:\WINDOWS\system32\DRIVERS\bridge.sys
    23:15:30.0125 3016 BRIDGE - ok
    23:15:30.0125 3016 [ F934D1B230F84E1D19DD00AC5A7A83ED ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
    23:15:30.0125 3016 BridgeMP - ok
    23:15:30.0156 3016 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    23:15:30.0156 3016 Browser - ok
    23:15:30.0203 3016 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    23:15:30.0203 3016 BVRPMPR5 - ok
    23:15:30.0234 3016 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    23:15:30.0234 3016 cbidf2k - ok
    23:15:30.0265 3016 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    23:15:30.0265 3016 CCDECODE - ok
    23:15:30.0281 3016 cd20xrnt - ok
    23:15:30.0281 3016 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    23:15:30.0281 3016 Cdaudio - ok
    23:15:30.0296 3016 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    23:15:30.0296 3016 Cdfs - ok
    23:15:30.0328 3016 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    23:15:30.0328 3016 Cdrom - ok
    23:15:30.0343 3016 Changer - ok
    23:15:30.0359 3016 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    23:15:30.0359 3016 CiSvc - ok
    23:15:30.0359 3016 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    23:15:30.0375 3016 ClipSrv - ok
    23:15:30.0406 3016 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    23:15:30.0437 3016 clr_optimization_v2.0.50727_32 - ok
    23:15:31.0171 3016 [ D21DD5C3C4BF89D2722D25B7D11336D5 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    23:15:31.0203 3016 cmdAgent - ok
    23:15:31.0250 3016 [ C934F6E30D8A10D34A652BCF3A5C35BD ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
    23:15:31.0250 3016 cmderd - ok
    23:15:31.0328 3016 [ 8CDA9C3A987A1CD3F971EB9B33AB1EB6 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
    23:15:31.0328 3016 cmdGuard - ok
    23:15:31.0359 3016 [ 9DD6E71613F26DDE12A0F007AECA760B ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
    23:15:31.0375 3016 cmdHlp - ok
    23:15:31.0375 3016 CmdIde - ok
    23:15:31.0421 3016 [ C2C420573A006CDFB956443735C78A1B ] cmdvirth C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
    23:15:31.0421 3016 cmdvirth - ok
    23:15:31.0421 3016 COMSysApp - ok
    23:15:31.0437 3016 Cpqarray - ok
    23:15:31.0468 3016 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    23:15:31.0484 3016 CryptSvc - ok
    23:15:31.0515 3016 [ AEFB8558199BD5212B268B09BFA1D71A ] CSHelper C:\WINDOWS\system32\CSHelper.exe
    23:15:31.0515 3016 CSHelper - ok
    23:15:31.0531 3016 dac2w2k - ok
    23:15:31.0531 3016 dac960nt - ok
    23:15:31.0578 3016 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    23:15:31.0593 3016 DcomLaunch - ok
    23:15:31.0609 3016 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    23:15:31.0625 3016 Dhcp - ok
    23:15:31.0640 3016 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    23:15:31.0640 3016 Disk - ok
    23:15:31.0640 3016 dmadmin - ok
    23:15:31.0671 3016 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    23:15:31.0687 3016 dmboot - ok
    23:15:31.0703 3016 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    23:15:31.0703 3016 dmio - ok
    23:15:31.0734 3016 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    23:15:31.0734 3016 dmload - ok
    23:15:31.0781 3016 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    23:15:31.0781 3016 dmserver - ok
    23:15:31.0796 3016 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    23:15:31.0796 3016 DMusic - ok
    23:15:31.0828 3016 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    23:15:31.0843 3016 Dnscache - ok
    23:15:31.0843 3016 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    23:15:31.0859 3016 Dot3svc - ok
    23:15:31.0859 3016 dpti2o - ok
    23:15:31.0890 3016 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    23:15:31.0890 3016 drmkaud - ok
    23:15:31.0937 3016 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    23:15:31.0937 3016 EapHost - ok
    23:15:31.0937 3016 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    23:15:31.0953 3016 ERSvc - ok
    23:15:31.0984 3016 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    23:15:31.0984 3016 Eventlog - ok
    23:15:32.0015 3016 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    23:15:32.0031 3016 EventSystem - ok
    23:15:32.0046 3016 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    23:15:32.0046 3016 Fastfat - ok
    23:15:32.0078 3016 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    23:15:32.0093 3016 FastUserSwitchingCompatibility - ok
    23:15:32.0109 3016 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    23:15:32.0109 3016 Fdc - ok
    23:15:32.0125 3016 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    23:15:32.0125 3016 Fips - ok
    23:15:32.0171 3016 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    23:15:32.0187 3016 FLEXnet Licensing Service - ok
    23:15:32.0218 3016 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    23:15:32.0218 3016 Flpydisk - ok
    23:15:32.0250 3016 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    23:15:32.0250 3016 FltMgr - ok
    23:15:32.0312 3016 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    23:15:32.0328 3016 FontCache3.0.0.0 - ok
    23:15:32.0343 3016 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    23:15:32.0359 3016 Fs_Rec - ok
    23:15:32.0359 3016 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    23:15:32.0359 3016 Ftdisk - ok
    23:15:32.0390 3016 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    23:15:32.0390 3016 GEARAspiWDM - ok
    23:15:32.0421 3016 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
    23:15:32.0421 3016 getPlusHelper - ok
    23:15:32.0437 3016 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    23:15:32.0437 3016 Gpc - ok
    23:15:32.0484 3016 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    23:15:32.0484 3016 gupdate - ok
    23:15:32.0500 3016 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    23:15:32.0500 3016 gupdatem - ok
    23:15:32.0515 3016 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    23:15:32.0515 3016 HDAudBus - ok
    23:15:32.0546 3016 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    23:15:32.0546 3016 helpsvc - ok
    23:15:32.0593 3016 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    23:15:32.0593 3016 HidServ - ok
    23:15:32.0609 3016 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    23:15:32.0609 3016 hidusb - ok
    23:15:32.0625 3016 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    23:15:32.0625 3016 hkmsvc - ok
    23:15:32.0640 3016 hpn - ok
    23:15:32.0671 3016 [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    23:15:32.0671 3016 HPZid412 - ok
    23:15:32.0703 3016 [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    23:15:32.0703 3016 HPZipr12 - ok
    23:15:32.0734 3016 [ CF1B7951B4EC8D13F3C93B74BB2B461B ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    23:15:32.0734 3016 HPZius12 - ok
    23:15:32.0734 3016 [ 5DF616ADDB75C1AD36C1F9E4DE0F7654 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    23:15:32.0750 3016 HSFHWBS2 - ok
    23:15:32.0781 3016 [ DFA8F86C0DBCA7DB948043AA3BE6793B ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    23:15:32.0796 3016 HSF_DP - ok
    23:15:32.0843 3016 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    23:15:32.0843 3016 HTTP - ok
    23:15:32.0859 3016 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    23:15:32.0859 3016 HTTPFilter - ok
    23:15:32.0875 3016 i2omgmt - ok
    23:15:32.0875 3016 i2omp - ok
    23:15:32.0906 3016 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    23:15:32.0906 3016 i8042prt - ok
    23:15:32.0984 3016 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    23:15:33.0000 3016 idsvc - ok
    23:15:33.0015 3016 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    23:15:33.0015 3016 Imapi - ok
    23:15:33.0031 3016 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    23:15:33.0046 3016 ImapiService - ok
    23:15:33.0046 3016 ini910u - ok
    23:15:33.0109 3016 [ 31289DE45E75C0FD4A2CD6D9F4031078 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
    23:15:33.0109 3016 Inspect - ok
    23:15:33.0234 3016 [ DB01625D8E286CD17B94DCF088713D7F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    23:15:33.0281 3016 IntcAzAudAddService - ok
    23:15:33.0296 3016 IntelIde - ok
    23:15:33.0328 3016 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    23:15:33.0328 3016 Ip6Fw - ok
    23:15:33.0359 3016 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    23:15:33.0359 3016 IpFilterDriver - ok
    23:15:33.0375 3016 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    23:15:33.0375 3016 IpInIp - ok
    23:15:33.0390 3016 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    23:15:33.0406 3016 IpNat - ok
    23:15:33.0484 3016 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    23:15:33.0484 3016 iPod Service - ok
    23:15:33.0500 3016 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    23:15:33.0500 3016 IPSec - ok
    23:15:33.0531 3016 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    23:15:33.0531 3016 IRENUM - ok
    23:15:33.0546 3016 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    23:15:33.0546 3016 isapnp - ok
    23:15:33.0671 3016 [ 5739F2821D49975CEDE6BF0153D0CF01 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    23:15:33.0671 3016 JavaQuickStarterService - ok
    23:15:33.0703 3016 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    23:15:33.0703 3016 Kbdclass - ok
    23:15:33.0718 3016 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    23:15:33.0718 3016 kbdhid - ok
    23:15:33.0734 3016 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    23:15:33.0734 3016 kmixer - ok
    23:15:33.0750 3016 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    23:15:33.0750 3016 KSecDD - ok
    23:15:33.0796 3016 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
    23:15:33.0812 3016 LanmanServer - ok
    23:15:33.0828 3016 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    23:15:33.0843 3016 lanmanworkstation - ok
    23:15:33.0843 3016 lbrtfdc - ok
    23:15:33.0859 3016 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    23:15:33.0875 3016 LmHosts - ok
    23:15:33.0875 3016 MCSTRM - ok
    23:15:33.0890 3016 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    23:15:33.0890 3016 mdmxsdk - ok
    23:15:33.0906 3016 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    23:15:33.0906 3016 Messenger - ok
    23:15:33.0937 3016 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    23:15:33.0937 3016 mnmdd - ok
    23:15:33.0953 3016 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    23:15:33.0968 3016 mnmsrvc - ok
    23:15:33.0984 3016 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    23:15:33.0984 3016 Modem - ok
    23:15:33.0984 3016 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    23:15:34.0000 3016 Mouclass - ok
    23:15:34.0000 3016 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    23:15:34.0000 3016 mouhid - ok
    23:15:34.0000 3016 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    23:15:34.0000 3016 MountMgr - ok
    23:15:34.0046 3016 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    23:15:34.0046 3016 MozillaMaintenance - ok
    23:15:34.0062 3016 mraid35x - ok
    23:15:34.0062 3016 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    23:15:34.0062 3016 MRxDAV - ok
    23:15:34.0109 3016 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    23:15:34.0125 3016 MRxSmb - ok
    23:15:34.0140 3016 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    23:15:34.0156 3016 MSDTC - ok
    23:15:34.0156 3016 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    23:15:34.0156 3016 Msfs - ok
    23:15:34.0171 3016 MSIServer - ok
    23:15:34.0203 3016 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    23:15:34.0203 3016 MSKSSRV - ok
    23:15:34.0234 3016 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    23:15:34.0234 3016 MSPCLOCK - ok
    23:15:34.0250 3016 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    23:15:34.0250 3016 MSPQM - ok
    23:15:34.0281 3016 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    23:15:34.0281 3016 mssmbios - ok
    23:15:34.0296 3016 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    23:15:34.0296 3016 MSTEE - ok
    23:15:34.0312 3016 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    23:15:34.0312 3016 Mup - ok
    23:15:34.0343 3016 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    23:15:34.0343 3016 NABTSFEC - ok
    23:15:34.0359 3016 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    23:15:34.0375 3016 napagent - ok
    23:15:34.0390 3016 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    23:15:34.0390 3016 NDIS - ok
    23:15:34.0390 3016 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    23:15:34.0390 3016 NdisIP - ok
    23:15:34.0421 3016 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    23:15:34.0421 3016 NdisTapi - ok
    23:15:34.0421 3016 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    23:15:34.0437 3016 Ndisuio - ok
    23:15:34.0437 3016 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    23:15:34.0437 3016 NdisWan - ok
    23:15:34.0453 3016 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    23:15:34.0453 3016 NDProxy - ok
    23:15:34.0468 3016 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    23:15:34.0468 3016 NetBIOS - ok
    23:15:34.0484 3016 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    23:15:34.0484 3016 NetBT - ok
    23:15:34.0500 3016 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    23:15:34.0515 3016 NetDDE - ok
    23:15:34.0515 3016 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    23:15:34.0531 3016 NetDDEdsdm - ok
    23:15:34.0546 3016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    23:15:34.0546 3016 Netlogon - ok
    23:15:34.0562 3016 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    23:15:34.0578 3016 Netman - ok
    23:15:34.0609 3016 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    23:15:34.0609 3016 NetTcpPortSharing - ok
    23:15:34.0609 3016 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
    23:15:34.0625 3016 NIC1394 - ok
    23:15:34.0640 3016 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    23:15:34.0640 3016 Nla - ok
    23:15:34.0656 3016 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
    23:15:34.0656 3016 nm - ok
    23:15:34.0671 3016 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    23:15:34.0671 3016 Npfs - ok
    23:15:34.0687 3016 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    23:15:34.0703 3016 Ntfs - ok
    23:15:34.0703 3016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    23:15:34.0703 3016 NtLmSsp - ok
    23:15:34.0734 3016 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    23:15:34.0750 3016 NtmsSvc - ok
    23:15:34.0765 3016 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    23:15:34.0781 3016 Null - ok
    23:15:34.0859 3016 [ 642A87877F83313EB5302749CD479024 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    23:15:34.0921 3016 nv - ok
    23:15:34.0937 3016 [ 22EEDB34C4D7613A25B10C347C6C4C21 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    23:15:34.0937 3016 NVENETFD - ok
    23:15:34.0968 3016 [ 5E3F6AD5CAD0F12D3CCCD06FD964087A ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    23:15:34.0968 3016 nvnetbus - ok
    23:15:34.0984 3016 [ B0903C021BFCD6055C053A569EF98AEF ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
    23:15:35.0000 3016 NVSvc - ok
    23:15:35.0015 3016 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    23:15:35.0015 3016 NwlnkFlt - ok
    23:15:35.0031 3016 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    23:15:35.0031 3016 NwlnkFwd - ok
    23:15:35.0109 3016 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    23:15:35.0125 3016 odserv - ok
    23:15:35.0140 3016 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    23:15:35.0140 3016 ohci1394 - ok
    23:15:35.0171 3016 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    23:15:35.0171 3016 ose - ok
    23:15:35.0203 3016 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    23:15:35.0203 3016 Parport - ok
    23:15:35.0203 3016 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    23:15:35.0203 3016 PartMgr - ok
    23:15:35.0234 3016 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    23:15:35.0234 3016 ParVdm - ok
    23:15:35.0234 3016 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    23:15:35.0234 3016 PCI - ok
    23:15:35.0250 3016 PCIDump - ok
    23:15:35.0265 3016 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    23:15:35.0265 3016 PCIIde - ok
    23:15:35.0281 3016 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    23:15:35.0296 3016 Pcmcia - ok
    23:15:35.0296 3016 PDCOMP - ok
    23:15:35.0296 3016 PDFRAME - ok
    23:15:35.0312 3016 PDRELI - ok
    23:15:35.0312 3016 PDRFRAME - ok
    23:15:35.0328 3016 perc2 - ok
    23:15:35.0328 3016 perc2hib - ok
    23:15:35.0375 3016 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    23:15:35.0375 3016 PlugPlay - ok
    23:15:35.0406 3016 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
    23:15:35.0421 3016 Pml Driver HPZ12 - ok
    23:15:35.0421 3016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    23:15:35.0421 3016 PolicyAgent - ok
    23:15:35.0468 3016 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    23:15:35.0468 3016 PptpMiniport - ok
    23:15:35.0500 3016 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
    23:15:35.0500 3016 Processor - ok
    23:15:35.0500 3016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    23:15:35.0515 3016 ProtectedStorage - ok
    23:15:35.0515 3016 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    23:15:35.0531 3016 PSched - ok
    23:15:35.0546 3016 [ AC7BD82678401A89CC80359806C80364 ] pssnap C:\WINDOWS\system32\DRIVERS\pssnap.sys
    23:15:35.0546 3016 pssnap - ok
    23:15:35.0546 3016 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    23:15:35.0562 3016 Ptilink - ok
    23:15:35.0578 3016 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    23:15:35.0578 3016 PxHelp20 - ok
    23:15:35.0578 3016 ql1080 - ok
    23:15:35.0578 3016 Ql10wnt - ok
    23:15:35.0593 3016 ql12160 - ok
    23:15:35.0593 3016 ql1240 - ok
    23:15:35.0609 3016 ql1280 - ok
    23:15:35.0609 3016 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    23:15:35.0625 3016 RasAcd - ok
    23:15:35.0640 3016 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    23:15:35.0640 3016 RasAuto - ok
    23:15:35.0656 3016 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    23:15:35.0656 3016 Rasl2tp - ok
    23:15:35.0671 3016 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    23:15:35.0687 3016 RasMan - ok
    23:15:35.0687 3016 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    23:15:35.0687 3016 RasPppoe - ok
    23:15:35.0703 3016 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    23:15:35.0703 3016 Raspti - ok
    23:15:35.0750 3016 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    23:15:35.0750 3016 Rdbss - ok
    23:15:35.0750 3016 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    23:15:35.0750 3016 RDPCDD - ok
    23:15:35.0796 3016 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    23:15:35.0796 3016 rdpdr - ok
    23:15:35.0828 3016 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    23:15:35.0828 3016 RDPWD - ok
    23:15:35.0859 3016 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    23:15:35.0875 3016 RDSessMgr - ok
    23:15:35.0875 3016 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    23:15:35.0875 3016 redbook - ok
    23:15:35.0953 3016 [ 7A8FD91FD806B1EB1743898DF4C6477A ] ReflectService C:\Program Files\Macrium\Reflect\ReflectService.exe
    23:15:35.0968 3016 ReflectService - ok
    23:15:35.0984 3016 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    23:15:36.0000 3016 RemoteAccess - ok
    23:15:36.0015 3016 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    23:15:36.0031 3016 RemoteRegistry - ok
    23:15:36.0062 3016 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    23:15:36.0062 3016 RpcLocator - ok
    23:15:36.0078 3016 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
    23:15:36.0093 3016 RpcSs - ok
    23:15:36.0109 3016 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    23:15:36.0125 3016 RSVP - ok
    23:15:36.0140 3016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    23:15:36.0140 3016 SamSs - ok
    23:15:36.0156 3016 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    23:15:36.0171 3016 SCardSvr - ok
    23:15:36.0203 3016 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    23:15:36.0218 3016 Schedule - ok
    23:15:36.0250 3016 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    23:15:36.0250 3016 Secdrv - ok
    23:15:36.0265 3016 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    23:15:36.0265 3016 seclogon - ok
    23:15:36.0296 3016 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    23:15:36.0312 3016 SENS - ok
    23:15:36.0312 3016 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
    23:15:36.0328 3016 Serial - ok
    23:15:36.0343 3016 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    23:15:36.0343 3016 Sfloppy - ok
    23:15:36.0359 3016 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    23:15:36.0359 3016 SharedAccess - ok
    23:15:36.0375 3016 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    23:15:36.0390 3016 ShellHWDetection - ok
    23:15:36.0390 3016 Simbad - ok
    23:15:36.0437 3016 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    23:15:36.0437 3016 SLIP - ok
    23:15:36.0437 3016 Sparrow - ok
    23:15:36.0468 3016 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    23:15:36.0468 3016 splitter - ok
    23:15:36.0500 3016 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    23:15:36.0515 3016 Spooler - ok
    23:15:36.0546 3016 sprtlisten - ok
    23:15:36.0578 3016 sprtsvc_quickcare - ok
    23:15:36.0593 3016 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    23:15:36.0609 3016 sr - ok
    23:15:36.0609 3016 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    23:15:36.0625 3016 srservice - ok
    23:15:36.0656 3016 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    23:15:36.0671 3016 Srv - ok
    23:15:36.0687 3016 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    23:15:36.0703 3016 SSDPSRV - ok
    23:15:36.0734 3016 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    23:15:36.0750 3016 stisvc - ok
    23:15:36.0765 3016 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    23:15:36.0765 3016 streamip - ok
    23:15:36.0796 3016 [ 9A97B7024E2CA4D42046BF272997E14C ] SupportSoft RemoteAssist C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
    23:15:36.0812 3016 SupportSoft RemoteAssist - ok
    23:15:36.0828 3016 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    23:15:36.0828 3016 swenum - ok
    23:15:36.0843 3016 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    23:15:36.0843 3016 swmidi - ok
    23:15:36.0859 3016 SwPrv - ok
    23:15:36.0859 3016 symc810 - ok
    23:15:36.0875 3016 symc8xx - ok
    23:15:36.0875 3016 sym_hi - ok
    23:15:36.0890 3016 sym_u3 - ok
    23:15:36.0921 3016 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    23:15:36.0921 3016 sysaudio - ok
    23:15:36.0953 3016 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    23:15:36.0968 3016 SysmonLog - ok
    23:15:36.0984 3016 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    23:15:37.0000 3016 TapiSrv - ok
    23:15:37.0031 3016 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    23:15:37.0046 3016 Tcpip - ok
    23:15:37.0062 3016 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
    23:15:37.0062 3016 Tcpip6 - ok
    23:15:37.0093 3016 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    23:15:37.0093 3016 TDPIPE - ok
    23:15:37.0109 3016 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    23:15:37.0109 3016 TDTCP - ok
    23:15:37.0140 3016 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    23:15:37.0140 3016 TermDD - ok
    23:15:37.0156 3016 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    23:15:37.0187 3016 TermService - ok
    23:15:37.0187 3016 tgsrvc_quickcare - ok
    23:15:37.0218 3016 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    23:15:37.0234 3016 Themes - ok
    23:15:37.0265 3016 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    23:15:37.0281 3016 TlntSvr - ok
    23:15:37.0281 3016 TosIde - ok
    23:15:37.0296 3016 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    23:15:37.0312 3016 TrkWks - ok
    23:15:37.0312 3016 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
    23:15:37.0328 3016 tunmp - ok
    23:15:37.0328 3016 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    23:15:37.0343 3016 Udfs - ok
    23:15:37.0343 3016 ultra - ok
    23:15:37.0375 3016 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    23:15:37.0390 3016 Update - ok
    23:15:37.0406 3016 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    23:15:37.0421 3016 upnphost - ok
    23:15:37.0437 3016 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    23:15:37.0453 3016 UPS - ok
    23:15:37.0484 3016 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
    23:15:37.0484 3016 USBAAPL - ok
    23:15:37.0500 3016 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    23:15:37.0500 3016 usbccgp - ok
    23:15:37.0500 3016 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    23:15:37.0500 3016 usbehci - ok
    23:15:37.0515 3016 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    23:15:37.0515 3016 usbhub - ok
    23:15:37.0531 3016 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
    23:15:37.0531 3016 usbohci - ok
    23:15:37.0546 3016 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    23:15:37.0546 3016 usbprint - ok
    23:15:37.0562 3016 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    23:15:37.0578 3016 usbscan - ok
    23:15:37.0593 3016 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    23:15:37.0593 3016 usbstor - ok
    23:15:37.0625 3016 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
    23:15:37.0625 3016 usbvideo - ok
    23:15:37.0656 3016 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    23:15:37.0656 3016 VgaSave - ok
    23:15:37.0671 3016 ViaIde - ok
    23:15:37.0687 3016 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    23:15:37.0687 3016 VolSnap - ok
    23:15:37.0703 3016 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    23:15:37.0718 3016 VSS - ok
    23:15:37.0734 3016 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    23:15:37.0750 3016 W32Time - ok
    23:15:37.0765 3016 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    23:15:37.0765 3016 Wanarp - ok
    23:15:37.0765 3016 WDICA - ok
    23:15:37.0781 3016 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    23:15:37.0796 3016 wdmaud - ok
    23:15:37.0812 3016 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    23:15:37.0828 3016 WebClient - ok
    23:15:37.0843 3016 [ 473EE64C368CE2EED110376C11960259 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    23:15:37.0859 3016 winachsf - ok
    23:15:37.0875 3016 [ 7ACC77E135A709AE0F7E1DF428A2F908 ] WinFLdrv C:\WINDOWS\system32\WinFLdrv.sys
    23:15:37.0890 3016 Suspicious file (Hidden): C:\WINDOWS\system32\WinFLdrv.sys. md5: 7ACC77E135A709AE0F7E1DF428A2F908
    23:15:37.0890 3016 WinFLdrv ( HiddenFile.Multi.Generic ) - warning
    23:15:37.0890 3016 WinFLdrv - detected HiddenFile.Multi.Generic (1)
    23:15:37.0921 3016 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    23:15:37.0937 3016 winmgmt - ok
    23:15:37.0984 3016 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    23:15:37.0984 3016 WmdmPmSN - ok
    23:15:38.0000 3016 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    23:15:38.0015 3016 Wmi - ok
    23:15:38.0046 3016 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    23:15:38.0046 3016 WmiApSrv - ok
    23:15:38.0078 3016 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    23:15:38.0078 3016 WS2IFSL - ok
    23:15:38.0109 3016 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    23:15:38.0125 3016 wscsvc - ok
    23:15:38.0140 3016 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    23:15:38.0140 3016 WSTCODEC - ok
    23:15:38.0171 3016 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    23:15:38.0187 3016 wuauserv - ok
    23:15:38.0218 3016 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    23:15:38.0218 3016 WudfPf - ok
    23:15:38.0234 3016 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    23:15:38.0234 3016 WudfRd - ok
    23:15:38.0265 3016 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    23:15:38.0281 3016 WudfSvc - ok
    23:15:38.0312 3016 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    23:15:38.0328 3016 WZCSVC - ok
    23:15:38.0359 3016 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    23:15:38.0375 3016 xmlprov - ok
    23:15:38.0421 3016 [ 154FE6A5A608CD725266877901E883C2 ] ZD1211BU(ZyDAS) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
    23:15:38.0421 3016 ZD1211BU(ZyDAS) - ok
    23:15:38.0453 3016 ================ Scan global ===============================
    23:15:38.0515 3016 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    23:15:38.0546 3016 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
    23:15:38.0578 3016 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
    23:15:38.0609 3016 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    23:15:38.0609 3016 [Global] - ok
    23:15:38.0609 3016 ================ Scan MBR ==================================
    23:15:38.0625 3016 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    23:15:38.0796 3016 \Device\Harddisk0\DR0 - ok
    23:15:38.0796 3016 ================ Scan VBR ==================================
    23:15:38.0796 3016 [ C0C8962BD6AD3677EE47FC30FD96802C ] \Device\Harddisk0\DR0\Partition1
    23:15:38.0796 3016 \Device\Harddisk0\DR0\Partition1 - ok
    23:15:38.0812 3016 [ E7498C396917B2AF0DB9C31A3BD88FFD ] \Device\Harddisk0\DR0\Partition2
    23:15:38.0812 3016 \Device\Harddisk0\DR0\Partition2 - ok
    23:15:38.0843 3016 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
    23:15:38.0843 3016 \Device\Harddisk0\DR0\Partition3 - ok
    23:15:38.0843 3016 ============================================================
    23:15:38.0843 3016 Scan finished
    23:15:38.0843 3016 ============================================================
    23:15:38.0843 2152 Detected object count: 2
    23:15:38.0843 2152 Actual detected object count: 2
    23:15:59.0187 2152 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
    23:15:59.0187 2152 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
    23:15:59.0203 2152 WinFLdrv ( HiddenFile.Multi.Generic ) - skipped by user
    23:15:59.0203 2152 WinFLdrv ( HiddenFile.Multi.Generic ) - User select action: Skip
     
  13. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  14. mvongsa

    mvongsa TS Rookie Topic Starter

    Here's my combofix log:

    ComboFix 13-05-23.02 - Sam 05/24/2013 0:23.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1417 [GMT -5:00]
    Running from: c:\documents and settings\Sam\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-04-24 to 2013-05-24 )))))))))))))))))))))))))))))))
    .
    .
    2013-05-23 09:09 . 2013-05-23 09:09 -------- d-----w- C:\VTRoot
    2013-05-23 09:09 . 2013-05-24 01:05 44168 ----a-w- c:\windows\system32\drivers\fvstore.dat
    2013-05-23 08:50 . 2013-05-09 08:59 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-05-23 08:50 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-05-23 08:50 . 2013-05-09 08:59 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2013-05-23 08:50 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-05-23 08:50 . 2013-05-09 08:59 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-05-23 08:50 . 2013-05-09 08:59 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-05-23 08:50 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-05-23 08:50 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-05-23 08:50 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe
    2013-05-23 08:48 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
    2013-05-23 08:48 . 2013-05-23 08:48 -------- d-----w- c:\program files\AVAST Software
    2013-05-23 08:46 . 2013-05-23 08:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2013-05-23 08:45 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-05-23 08:45 . 2013-05-23 08:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-05-23 08:40 . 2013-05-23 08:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO
    2013-05-23 08:38 . 2013-05-23 08:38 -------- d-s---w- c:\documents and settings\All Users\Application Data\Shared Space
    2013-05-23 08:26 . 2013-05-23 08:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\COMODO
    2013-05-23 08:26 . 2013-05-23 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
    2013-05-23 08:25 . 2013-05-23 08:33 47368 ----a-w- c:\windows\system32\certsentry.dll
    2013-05-23 08:25 . 2013-05-23 08:25 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\COMODO
    2013-05-23 08:25 . 2013-05-23 08:45 -------- d-----w- c:\program files\Comodo
    2013-05-23 08:25 . 2013-05-23 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
    2013-05-23 07:58 . 2013-05-23 07:58 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2013-05-23 00:35 . 2013-05-02 15:28 238872 ------w- c:\windows\system32\MpSigStub.exe
    2013-05-22 22:09 . 2013-05-22 22:09 -------- d-----w- c:\program files\Common Files\Java
    2013-05-22 22:08 . 2013-05-22 22:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-04-25 16:05 . 2013-04-25 16:05 99392 ----a-w- c:\windows\system32\drivers\inspect.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-05-23 01:39 . 2013-01-10 02:39 664 ----a-w- c:\windows\system32\d3d9caps.tmp
    2013-05-22 22:08 . 2012-08-17 17:26 144896 ----a-w- c:\windows\system32\javacpl.cpl
    2013-05-22 22:08 . 2012-08-17 17:26 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-05-22 22:08 . 2010-09-25 17:40 788896 ----a-w- c:\windows\system32\deployJava1.dll
    2013-05-22 21:53 . 2012-03-31 23:16 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-05-22 21:53 . 2011-06-07 19:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-04-23 20:04 . 2013-04-23 20:04 348048 ----a-w- c:\windows\system32\guard32.dll
    2013-04-16 22:17 . 2008-04-14 10:42 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-04-16 22:17 . 2008-04-14 10:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-04-16 22:17 . 2008-04-14 10:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-04-15 23:39 . 2013-04-15 23:39 592384 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2013-04-15 23:39 . 2013-04-15 23:39 32816 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2013-04-15 23:39 . 2013-04-15 23:39 18528 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2013-04-15 23:38 . 2013-04-15 23:38 35488 ----a-w- c:\windows\system32\cmdcsr.dll
    2013-04-15 23:38 . 2013-04-15 23:38 40656 ----a-w- c:\windows\system32\cmdkbd32.dll
    2013-04-15 23:38 . 2013-04-15 23:38 276688 ----a-w- c:\windows\system32\cmdvrt32.dll
    2013-04-12 23:28 . 2008-04-14 05:07 385024 ----a-w- c:\windows\system32\html.iec
    2013-04-10 01:31 . 2008-04-14 06:00 1876352 ----a-w- c:\windows\system32\win32k.sys
    2013-03-08 08:36 . 2008-04-14 10:42 293376 ----a-w- c:\windows\system32\winsrv.dll
    2013-03-07 01:32 . 2008-04-14 05:54 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-03-07 00:50 . 2008-04-14 06:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-02-27 07:56 . 2010-04-04 06:37 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2013-05-23 07:57 . 2013-05-23 07:57 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-12-21 . 710DEE44DFB67EB7D512E768856E52A4 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
    "nwiz"="nwiz.exe" [2006-05-09 1519616]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-09 86016]
    "RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
    "Qwest Personal Digital Vault"="c:\program files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe" [2009-12-18 1064808]
    "QuickCare"="c:\program files\Qwest\Quickcare\bin\sprtcmd.exe" [2010-01-16 206120]
    "MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]
    "VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-04-15 3012816]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
    .
    c:\documents and settings\Guest\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMConfigurePrograms"= 1 (0x1)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMConfigurePrograms"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="c:\windows\system32\logonui.exe"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-12-12 19:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "58016:TCP"= 58016:TCP:pando Media Booster
    "58016:UDP"= 58016:UDP:pando Media Booster
    .
    R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [5/23/2013 3:50 AM 49376]
    R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [5/23/2013 3:50 AM 174664]
    R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [7/1/2011 12:55 PM 16024]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/23/2013 3:50 AM 765736]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/23/2013 3:50 AM 368944]
    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [4/15/2013 6:39 PM 18528]
    R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [4/15/2013 6:39 PM 592384]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [4/15/2013 6:39 PM 32816]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 5:42 AM 14336]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/23/2013 3:50 AM 29816]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [5/23/2013 3:50 AM 66336]
    R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [7/1/2011 12:55 PM 220824]
    R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728]
    R2 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\Qwest\Quickcare\bin\sprtsvc.exe [8/8/2010 10:14 PM 206120]
    R2 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\Qwest\Quickcare\bin\tgsrvc.exe [8/8/2010 10:14 PM 185640]
    R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [10/16/2011 11:54 PM 17984]
    S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [8/8/2010 1:31 AM 266240]
    S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\Comodo\COMODO Internet Security\cmdvirth.exe [4/15/2013 6:38 PM 127184]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 49850858
    *Deregistered* - 49850858
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    Akamai REG_MULTI_SZ Akamai
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-04-13 03:45 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 21:53]
    .
    2013-05-24 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-23 08:58]
    .
    2013-05-24 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
    - c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-04-15 23:38]
    .
    2013-05-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-838170752-1801674531-1005Core.job
    - c:\documents and settings\Monalisa\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-09-22 18:05]
    .
    2013-05-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-838170752-1801674531-1005UA.job
    - c:\documents and settings\Monalisa\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-09-22 18:05]
    .
    2013-05-23 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2010-04-10 20:39]
    .
    2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-23 03:18]
    .
    2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-23 03:18]
    .
    2013-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-838170752-1801674531-1003Core.job
    - c:\documents and settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-11 07:23]
    .
    2013-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-838170752-1801674531-1003UA.job
    - c:\documents and settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-11 07:23]
    .
    2013-05-23 c:\windows\Tasks\QuickConnectSupportTask.job
    - c:\program files\Qwest\QuickConnect\QuickConnect.exe [2011-10-17 21:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://isearch.glarysoft.com/?src=iehome
    mStart Page = hxxp://isearch.glarysoft.com/?src=iehome
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
    FF - ProfilePath - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\b2pd2wan.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Glary Search
    FF - prefs.js: browser.startup.homepage - hxxp://isearch.glarysoft.com/?src=ffhome
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - ExtSQL: 2013-05-23 03:49; wrc@avast.com; c:\progra~1\AVASTS~1\Avast\WebRep\FF
    FF - user.js: extensions.zonealarm_i.newTab - false
    FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.414:28
    FF - user.js: extensions.zonealarm_i.smplGrp - none
    FF - user.js: extensions.zonealarm.hpOld0 - hxxp://isearch.glarysoft.com/?src=ffhome
    FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=fadf3cd3eadc4408895a010c45edd45d&tu=10GX0008B2B0008&sku=&tstsId=&ver=&&q=
    FF - user.js: extensions.zonealarm.id - 44d06554000000000000001a6bcbd126
    FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
    FF - user.js: extensions.zonealarm.instlDay - 15847
    FF - user.js: extensions.zonealarm.vrsn - 1.8.11.11
    FF - user.js: extensions.zonealarm.vrsni - 1.8.11.11
    FF - user.js: extensions.zonealarm.vrsnTs - 1.8.11.1117:18
    FF - user.js: extensions.zonealarm.prtnrId - checkpoint
    FF - user.js: extensions.zonealarm.prdct - zonealarm
    FF - user.js: extensions.zonealarm.aflt - 1025
    FF - user.js: extensions.zonealarm.smplGrp - none
    FF - user.js: extensions.zonealarm.tlbrId - base2013
    FF - user.js: extensions.zonealarm.instlRef - ZLN16524721347397-1001
    FF - user.js: extensions.zonealarm.dfltLng - en
    FF - user.js: extensions.zonealarm.excTlbr - false
    FF - user.js: extensions.zonealarm.ffxUnstlRst - false
    FF - user.js: extensions.zonealarm.admin - false
    FF - user.js: extensions.zonealarm.autoRvrt - false
    FF - user.js: extensions.zonealarm.rvrt - true
    FF - user.js: extensions.zonealarm.hmpg - true
    FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=fadf3cd3eadc4408895a010c45edd45d&tu=10GX0008B2B0008&sku=&tstsId=&ver=&
    FF - user.js: extensions.zonealarm.newTab - true
    FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=fadf3cd3eadc4408895a010c45edd45d&tu=10GX0008B2B0008&sku=&tstsId=&ver=&
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-ISW - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-05-24 00:36
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    detected NTDLL code modification:
    ZwClose
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\windows\system32\sys_drv.dat 6024 bytes
    c:\windows\system32\sys_drv_2.dat 5020 bytes
    c:\windows\system32\WinFLdrv.sys 17984 bytes executable
    c:\documents and settings\Sam\Application Data\systemfl.$dk 990 bytes
    .
    scan completed successfully
    hidden files: 4
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_ca0e279.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
    "Licence0"="04F0D21-79D8-7A25-D702-433F"
    .
    [HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(952)
    c:\windows\system32\guard32.dll
    c:\windows\system32\mswsock.dll
    c:\windows\System32\wshtcpip.dll
    .
    - - - - - - - > 'explorer.exe'(2020)
    c:\windows\system32\WININET.dll
    c:\windows\system32\guard32.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WS2_32.dll
    c:\windows\system32\WS2HELP.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    - - - - - - - > 'csrss.exe'(856)
    c:\windows\system32\cmdcsr.dll
    .
    Completion time: 2013-05-24 00:40:58
    ComboFix-quarantined-files.txt 2013-05-24 05:40
    .
    Pre-Run: 40,356,335,616 bytes free
    Post-Run: 40,703,680,512 bytes free
    .
    - - End Of File - - 7100E80E7045D93AD3A8D958B5EA9ACC
     
  15. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please download Farbar Service Scanner Download Link and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  16. mvongsa

    mvongsa TS Rookie Topic Starter

    Farbar Service Scanner Version: 14-04-2013
    Ran by Sam (administrator) on 24-05-2013 at 12:16:28
    Running from "C:\Documents and Settings\Sam\My Documents\Downloads"
    Microsoft Windows XP Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is offline
    Google.com is accessible.
    Attempt to access Yahoo IP returned error. Yahoo IP is offline
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    aswTdi(9) BRIDGE(11) BridgeMP(10) cmdHlp(13) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) Tcpip6(8)
    0x0D00000004000000010000000200000003000000090000000D000000080000000C0000000500000006000000070000000A0000000B000000
    IpSec Tag value is correct.

    **** End of log ****
     
  17. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    I don't see anything malicious there.

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.

    Good luck :)
     
  18. mvongsa

    mvongsa TS Rookie Topic Starter

    Okay Thanks! I really appreciate all your patience and effort in helping me.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,892   +344

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...