Inactive Bad Image Errors and some kind of virus...

mvongsa · May 23, 2013

Hi! I've been battling bad image errors and some kind of virus continuously for the past few months. It's the family computer, so I didn't realize how ongoing the problem was til now. I run on Windows XP and use Avast as my antivirus and Comodo as my firewall. In addition, I have Malwarebytes' Anti-Malware installed and CCleaner. I've used AVG in the past, but have since uninstalled it months ago and switched over to Avast. I've performed full scans and they've come out clean.

Besides the bad image error I get, I'm also getting this:

As you can see, my computer decides to randomly slow down and then all the text and icons start disappearing. Is this still attributed to the bad image error? It's not just when I'm browsing the internet either, because it also happens when I'm working in Word or trying to open any other program. Sometimes, I can't even see the bad image error, but just the error box!

Also, I have no real way to check if I finally solve the problem, until I sit on my computer and work on it for a while and then it randomly appears again.

Here's what a quick scan from Malwarebytes' Anti-Malware said:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.23.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sam :: SAM-A398FE5300A [administrator]

5/23/2013 3:57:09 AM
mbam-log-2013-05-23 (03-57-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 263043
Time elapsed: 12 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

mvongsa · May 23, 2013

Here's what my dds.txt file says:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2
Run by Sam at 4:14:33 on 2013-05-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.943 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled*
FW: COMODO Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe
C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Documents and Settings\Sam\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.glarysoft.com/?src=newtab
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome
uProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [MusicManager] "c:\documents and settings\sam\local settings\application data\programs\google\musicmanager\MusicManager.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Qwest Personal Digital Vault] "c:\program files\qwest personal digital vault\QwestPersonalDigitalVault.exe" /m
mRun: [QuickCare] c:\program files\qwest\quickcare\bin\sprtcmd.exe /P QuickCare
mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions
mRun: [VMM Mode Selection] c:\program files\htc\modeselection\VMMModeSelection.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISW] <no file>
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoSMConfigurePrograms = dword:1
uPolicies-Explorer: NoStartMenuLogoff = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoStartMenuLogOff = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoSMConfigurePrograms = dword:1
mPolicies-Explorer: NoStartMenuLogoff = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{431ECE70-D9B9-4045-ACD0-BA534A6ED114} : DHCPNameServer = 192.168.0.1 205.171.3.25
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sam\application data\mozilla\firefox\profiles\b2pd2wan.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Glary Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.glarysoft.com/?src=ffhome
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - plugin: c:\documents and settings\sam\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\sam\local settings\application data\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: 2013-05-23 03:49; wrc@avast.com; c:\progra~1\avasts~1\avast\webrep\FF
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.414:28:31
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.hpOld0 - hxxp://isearch.glarysoft.com/?src=ffhome
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=fadf3cd3eadc4408895a010c45edd45d&tu=10GX0008B2B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 44d06554000000000000001a6bcbd126
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15847
FF - user.js: extensions.zonealarm.vrsn - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsni - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.11.1117:18:13
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1025
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN16524721347397-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=fadf3cd3eadc4408895a010c45edd45d&tu=10GX0008B2B0008&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=fadf3cd3eadc4408895a010c45edd45d&tu=10GX0008B2B0008&sku=&tstsId=&ver=&
.
============= SERVICES / DRIVERS ===============
.
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-23 174664]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2011-7-1 16024]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-23 368944]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2013-4-15 18528]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [2013-4-15 592384]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2013-4-15 32816]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-5-23 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-23 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-23 46808]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2013-4-25 4443912]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-8-8 266240]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2011-7-1 220824]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R2 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\qwest\quickcare\bin\sprtsvc.exe [2010-8-8 206120]
R2 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\qwest\quickcare\bin\tgsrvc.exe [2010-8-8 185640]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2011-10-16 17984]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\comodo\comodo internet security\cmdvirth.exe [2013-4-15 127184]
S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-23 49376]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-23 765736]
.
=============== Created Last 30 ================
.
2013-05-23 09:09:42 -------- d--h--w- C:\VTRoot
2013-05-23 09:09:41 1770 ----a-w- c:\windows\system32\drivers\fvstore.dat
2013-05-23 08:50:35 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-23 08:50:35 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-23 08:50:34 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-23 08:50:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-23 08:48:58 41664 ----a-w- c:\windows\avastSS.scr
2013-05-23 08:48:11 -------- d-----w- c:\program files\AVAST Software
2013-05-23 08:46:46 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-05-23 08:45:31 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-23 08:45:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-23 08:38:14 -------- d-s---w- c:\documents and settings\all users\application data\Shared Space
2013-05-23 08:26:16 -------- d-----w- c:\documents and settings\all users\application data\COMODO
2013-05-23 08:25:26 47368 ----a-w- c:\windows\system32\certsentry.dll
2013-05-23 08:25:26 -------- d-----w- c:\documents and settings\sam\local settings\application data\COMODO
2013-05-23 08:25:14 -------- d-----w- c:\program files\Comodo
2013-05-23 08:25:08 -------- d-----w- c:\documents and settings\all users\application data\Comodo Downloader
2013-05-23 07:58:00 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-05-23 07:29:23 -------- d-----w- c:\program files\ESET
2013-05-23 04:27:16 -------- d-sha-r- C:\cmdcons
2013-05-23 04:21:17 98816 ----a-w- c:\windows\sed.exe
2013-05-23 04:21:17 256000 ----a-w- c:\windows\PEV.exe
2013-05-23 04:21:17 208896 ----a-w- c:\windows\MBR.exe
2013-05-23 00:35:07 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-22 22:08:55 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-23 20:04:12 348048 ----a-w- c:\windows\system32\guard32.dll
.
==================== Find3M ====================
.
2013-05-23 01:39:13 664 ----a-w- c:\windows\system32\d3d9caps.tmp
2013-05-22 22:08:36 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-05-22 22:08:35 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-05-22 22:08:35 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-22 21:53:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-22 21:53:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17:14 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-15 23:39:00 592384 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2013-04-15 23:39:00 32816 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-04-15 23:39:00 18528 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-04-15 23:38:38 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-04-15 23:38:26 40656 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-04-15 23:38:26 276688 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-04-12 23:28:55 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH: 4:16:02.50 ===============

Broni · May 23, 2013

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================

I still need Attach.txt from DDS.

mvongsa · May 23, 2013

Oops! Sorry, Here you go:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/4/2010 1:42:16 AM
System Uptime: 5/23/2013 3:12:03 PM (4 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NODUSM3
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ | Socket AM2 | 2405/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 31.328 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()
I: is FIXED (NTFS) - 500 GiB total, 452.544 GiB free.
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
Service:
.
==== System Restore Points ===================
.
RP674: 2/22/2013 11:50:20 PM - System Checkpoint
RP675: 2/24/2013 5:09:11 PM - System Checkpoint
RP676: 2/25/2013 11:01:21 PM - System Checkpoint
RP677: 2/26/2013 11:47:42 PM - System Checkpoint
RP678: 2/28/2013 12:47:43 AM - System Checkpoint
RP679: 3/1/2013 1:59:43 AM - System Checkpoint
RP680: 3/2/2013 1:42:16 PM - System Checkpoint
RP681: 3/4/2013 11:19:00 PM - System Checkpoint
RP682: 3/5/2013 11:33:09 PM - System Checkpoint
RP683: 3/7/2013 1:11:33 AM - System Checkpoint
RP684: 3/8/2013 1:26:10 AM - System Checkpoint
RP685: 3/9/2013 1:50:40 AM - System Checkpoint
RP686: 3/10/2013 8:26:10 AM - System Checkpoint
RP687: 3/11/2013 11:48:58 AM - System Checkpoint
RP688: 3/12/2013 7:24:30 PM - System Checkpoint
RP689: 3/12/2013 9:37:12 PM - System Checkpoint
RP690: 3/14/2013 2:21:33 AM - System Checkpoint
RP691: 3/14/2013 12:00:14 PM - Software Distribution Service 3.0
RP692: 3/15/2013 12:26:13 PM - System Checkpoint
RP693: 3/16/2013 1:01:15 PM - System Checkpoint
RP694: 3/24/2013 6:57:41 AM - Software Distribution Service 3.0
RP695: 3/30/2013 12:43:05 PM - System Checkpoint
RP696: 3/30/2013 1:55:17 PM - Installed AVG 2013
RP697: 3/30/2013 1:55:27 PM - Removed AVG 2012
RP698: 3/30/2013 1:55:55 PM - Installed AVG 2013
RP699: 3/30/2013 2:01:24 PM - Removed AVG 2012
RP700: 4/4/2013 9:51:25 PM - Software Distribution Service 3.0
RP701: 4/5/2013 10:09:51 PM - System Checkpoint
RP702: 4/7/2013 8:39:59 AM - System Checkpoint
RP703: 4/8/2013 2:42:50 PM - System Checkpoint
RP704: 4/9/2013 11:04:01 PM - System Checkpoint
RP705: 4/13/2013 11:06:00 AM - System Checkpoint
RP706: 4/13/2013 12:00:15 PM - Software Distribution Service 3.0
RP707: 4/17/2013 8:29:04 PM - System Checkpoint
RP708: 4/20/2013 8:17:00 AM - System Checkpoint
RP709: 4/21/2013 10:42:23 PM - System Checkpoint
RP710: 4/23/2013 8:53:33 PM - System Checkpoint
RP711: 5/13/2013 7:39:27 PM - System Checkpoint
RP712: 5/13/2013 10:33:01 PM - System Checkpoint
RP713: 5/21/2013 5:37:35 PM - System Checkpoint
RP714: 5/21/2013 11:37:46 PM - Software Distribution Service 3.0
RP715: 5/22/2013 4:54:05 PM - Software Distribution Service 3.0
RP716: 5/22/2013 5:07:18 PM - Removed Java 7 Update 9
RP717: 5/22/2013 5:08:30 PM - Installed Java 7 Update 21
RP719: 5/22/2013 7:45:54 PM - Software Distribution Service 3.0
RP720: 5/22/2013 8:32:26 PM - System Checkpoint
.
==== Installed Programs ======================
.
2570
2570_Help
2570Trb
Acrobat.com
Actiontec Gateway
Adobe AIR
Adobe Community Help
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader XI (11.0.02)
Adobe Support Advisor
AiO_Scan_CDA
AiOSoftwareNPI
Akamai NetSession Interface Service
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArtistScope Plugin FX
avast! Free Antivirus
AVG 2012
Bonjour
BufferChm
CCleaner
CenturyLink Installer
COMODO Firewall
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
CueTour
CustomerResearchQFolder
Data Fax SoftModem with SmartCP
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DivX Setup
DocProc
DocumentViewer
DocumentViewerQFolder
Elements STI Installer
eSupportQFolder
Facebook Plug-In
Facebook Video Calling 1.2.0.287
Fax_CDA
Folder Lock
FullDPAppQFolder
GameSpy Arcade
Glary Utilities 2.50.0.1632
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.A
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
InstantShareAlert
InstantShareDevices
iPod for Windows 2005-10-12
iTunes
Java 7 Update 21
Java Auto Updater
Java(TM) 6 Update 34
Macrium Reflect - Free Edition
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
Music Manager
NewCopy_CDA
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Pando Media Booster
PanoStandAlone
PhotoGallery
ProductContextNPI
QuickConnect
QuickTime
Qwest eChat Support Tools
Qwest Personal Digital Vault™
Qwest QuickAssist Desktop Tools
Qwest Quickcare 2.7
RandMap
Readme
Realtek High Definition Audio Driver
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Segoe UI
SkinsHP1
Skype™ 5.5
SolutionCenter
Sonic_PrimoSDK
Status
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
VLC media player 1.1.1
WebFldrs XP
WebReg
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
WinRAR archiver
WModem Driver Installer
ZoneAlarm LTD Toolbar
.
==== Event Viewer Messages From Past Week ========
.
5/22/2013 7:02:37 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
5/22/2013 5:06:31 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
5/22/2013 11:30:43 PM, error: PlugPlayManager [11] - The device Root\LEGACY_AVGTP\0000 disappeared from the system without first being prepared for removal.
5/22/2013 11:30:43 PM, error: PlugPlayManager [11] - The device Root\LEGACY_AVGTDIX\0000 disappeared from the system without first being prepared for removal.
5/22/2013 11:30:43 PM, error: PlugPlayManager [11] - The device Root\LEGACY_AVGLOGX\0000 disappeared from the system without first being prepared for removal.
5/22/2013 11:30:43 PM, error: PlugPlayManager [11] - The device Root\LEGACY_AVGLDX86\0000 disappeared from the system without first being prepared for removal.
5/22/2013 11:30:43 PM, error: PlugPlayManager [11] - The device Root\LEGACY_AVGIDSSHIM\0000 disappeared from the system without first being prepared for removal.
5/22/2013 11:30:43 PM, error: PlugPlayManager [11] - The device Root\LEGACY_AVGIDSHX\0000 disappeared from the system without first being prepared for removal.
5/22/2013 11:30:43 PM, error: PlugPlayManager [11] - The device Root\LEGACY_AVGIDSDRIVER\0000 disappeared from the system without first being prepared for removal.
5/22/2013 11:30:30 PM, error: Service Control Manager [7034] - The CopySafe Helper Service service terminated unexpectedly. It has done this 1 time(s).
5/21/2013 5:22:36 PM, error: Service Control Manager [7022] - The IPv6 Helper Service service hung on starting.
5/21/2013 5:21:03 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
5/21/2013 5:20:35 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
5/21/2013 4:19:33 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: Insufficient system resources exist to complete the requested service. .
5/21/2013 4:19:33 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\sirenacm.dll. Reference error message: The operation completed successfully. .
5/21/2013 4:19:32 PM, error: SideBySide [59] - Generate Activation Context failed for C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL. Reference error message: The operation completed successfully. .
5/21/2013 10:21:44 PM, error: System Error [1003] - Error code 000000c2, parameter1 00000040, parameter2 00000000, parameter3 80000000, parameter4 00000000.
.
==== End Of File ===========================

Broni · May 23, 2013

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

Unzip downloaded file.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

mvongsa · May 23, 2013

Here's the first log from RogueKiller:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Sam [Admin rights]
Mode : Scan -- Date : 05/23/2013 20:34:03
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Documents and Settings\Sam\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe") [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1659004503-838170752-1801674531-1003[...]\Run : MusicManager ("C:\Documents and Settings\Sam\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe") [-] -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-00M2B0 +++++
--- User ---
[MBR] 885976efd7cd7f6a5b3fec452cf1235a
[BSP] 2436dd5d3abce323ade1fc051e8ba260 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 102398 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 209712510 | Size: 851460 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_05232013_02d2034.txt >>
RKreport[1]_S_05232013_02d2034.txt

Here's the second log from RogueKiller:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Sam [Admin rights]
Mode : Remove -- Date : 05/23/2013 20:35:38
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Documents and Settings\Sam\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe") [-] -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-00M2B0 +++++
--- User ---
[MBR] 885976efd7cd7f6a5b3fec452cf1235a
[BSP] 2436dd5d3abce323ade1fc051e8ba260 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 102398 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 209712510 | Size: 851460 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_05232013_02d2035.txt >>
RKreport[1]_S_05232013_02d2034.txt ; RKreport[2]_D_05232013_02d2035.txt

mvongsa · May 23, 2013

I performed the Malwarebytes Anti-Rootkit Scan and the first can said it did not need to do a cleanup because no Malware was found, so it did not produce a log. However, I'm currently running a second one just in case like you said. Although, I'm unsure if it will detect anything if it didn't the first time. I figured the second scan was in case it missed over any other malware if found.

Broni · May 23, 2013

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

mvongsa · May 23, 2013

Okay while performing my second root kit malwarebytes scanner it seemed to detect something and said it would be killed. Also, I tried to open notepad but the all the text and names of the icons started disappearing. And I now have a blue screen of death, should I note what it says and restart it?

Broni · May 23, 2013

Yes and yes.

mvongsa · May 24, 2013

Okay I restarted my computer and on my startup I got this message, which I sent the error report:

In addition, my BSOD said this:
STOP: 0x0000008E (0xC0000005, 0x8053AD21, 0xB462C700, 0x00000000)

After this post, I will begin the TDSSKiller Scan and post its results.

mvongsa · May 24, 2013

Here's what the TDSSKiller Scan log produced: (It found two suspicious items that were medium level, which I skipped)

23:14:47.0375 1716 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:14:48.0015 1716 ============================================================
23:14:48.0015 1716 Current date / time: 2013/05/23 23:14:48.0015
23:14:48.0015 1716 SystemInfo:
23:14:48.0015 1716
23:14:48.0015 1716 OS Version: 5.1.2600 ServicePack: 3.0
23:14:48.0015 1716 Product type: Workstation
23:14:48.0015 1716 ComputerName: SAM-A398FE5300A
23:14:48.0015 1716 UserName: Sam
23:14:48.0015 1716 Windows directory: C:\WINDOWS
23:14:48.0015 1716 System windows directory: C:\WINDOWS
23:14:48.0015 1716 Processor architecture: Intel x86
23:14:48.0015 1716 Number of processors: 2
23:14:48.0015 1716 Page size: 0x1000
23:14:48.0015 1716 Boot type: Normal boot
23:14:48.0015 1716 ============================================================
23:14:49.0562 1716 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:14:53.0015 1716 ============================================================
23:14:53.0015 1716 \Device\Harddisk0\DR0:
23:14:53.0031 1716 MBR partitions:
23:14:53.0031 1716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC7FF53F
23:14:53.0046 1716 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC7FF5BD, BlocksNum 0x3E8009F8
23:14:53.0062 1716 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xE, StartLBA 0x4AFFFFF4, BlocksNum 0x29701B0C
23:14:53.0062 1716 ============================================================
23:14:53.0109 1716 C: <-> \Device\Harddisk0\DR0\Partition1
23:14:53.0218 1716 I: <-> \Device\Harddisk0\DR0\Partition2
23:14:53.0218 1716 ============================================================
23:14:53.0218 1716 Initialize success
23:14:53.0218 1716 ============================================================
23:15:28.0187 3016 ============================================================
23:15:28.0187 3016 Scan started
23:15:28.0187 3016 Mode: Manual;
23:15:28.0187 3016 ============================================================
23:15:28.0765 3016 ================ Scan system memory ========================
23:15:28.0765 3016 System memory - ok
23:15:28.0765 3016 ================ Scan services =============================
23:15:28.0921 3016 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll
23:15:28.0921 3016 6to4 - ok
23:15:28.0937 3016 Abiosdsk - ok
23:15:28.0937 3016 abp480n5 - ok
23:15:28.0984 3016 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:15:28.0984 3016 ACPI - ok
23:15:29.0015 3016 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:15:29.0015 3016 ACPIEC - ok
23:15:29.0078 3016 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:15:29.0078 3016 AdobeFlashPlayerUpdateSvc - ok
23:15:29.0078 3016 adpu160m - ok
23:15:29.0109 3016 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:15:29.0125 3016 aec - ok
23:15:29.0140 3016 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:15:29.0140 3016 AFD - ok
23:15:29.0140 3016 Aha154x - ok
23:15:29.0156 3016 aic78u2 - ok
23:15:29.0156 3016 aic78xx - ok
23:15:29.0296 3016 [ C7074BD8D4B8F564859ED373433030AE ] Akamai c:\program files\common files\akamai/netsession_win_ca0e279.dll
23:15:29.0296 3016 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
23:15:29.0312 3016 Akamai ( HiddenFile.Multi.Generic ) - warning
23:15:29.0312 3016 Akamai - detected HiddenFile.Multi.Generic (1)
23:15:29.0343 3016 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:15:29.0343 3016 Alerter - ok
23:15:29.0359 3016 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:15:29.0359 3016 ALG - ok
23:15:29.0359 3016 AliIde - ok
23:15:29.0375 3016 amsint - ok
23:15:29.0421 3016 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:15:29.0421 3016 Apple Mobile Device - ok
23:15:29.0437 3016 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:15:29.0453 3016 AppMgmt - ok
23:15:29.0468 3016 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:15:29.0468 3016 Arp1394 - ok
23:15:29.0484 3016 asc - ok
23:15:29.0484 3016 asc3350p - ok
23:15:29.0484 3016 asc3550 - ok
23:15:29.0562 3016 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:15:29.0578 3016 aspnet_state - ok
23:15:29.0609 3016 [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:15:29.0609 3016 aswFsBlk - ok
23:15:29.0625 3016 [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
23:15:29.0640 3016 aswMonFlt - ok
23:15:29.0656 3016 [ 7B43265F92257A21CBFD88E7A651044C ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
23:15:29.0656 3016 AswRdr - ok
23:15:29.0671 3016 [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
23:15:29.0671 3016 aswRvrt - ok
23:15:29.0703 3016 [ 6CAB0A5991C5C0FC63F5E66593E71D7E ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
23:15:29.0703 3016 aswSnx - ok
23:15:29.0734 3016 [ 99102F60F344BEBAF4F6114514FD28D3 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
23:15:29.0734 3016 aswSP - ok
23:15:29.0750 3016 [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
23:15:29.0750 3016 aswTdi - ok
23:15:29.0781 3016 [ 16B8E3CD50A460EC32CA680C8210A0A9 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
23:15:29.0781 3016 aswVmm - ok
23:15:29.0781 3016 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:15:29.0796 3016 AsyncMac - ok
23:15:29.0828 3016 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:15:29.0828 3016 atapi - ok
23:15:29.0828 3016 Atdisk - ok
23:15:29.0859 3016 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:15:29.0859 3016 Atmarpc - ok
23:15:29.0859 3016 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:15:29.0875 3016 AudioSrv - ok
23:15:29.0875 3016 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:15:29.0875 3016 audstub - ok
23:15:29.0953 3016 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:15:29.0953 3016 avast! Antivirus - ok
23:15:29.0984 3016 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:15:29.0984 3016 Beep - ok
23:15:30.0015 3016 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
23:15:30.0031 3016 BITS - ok
23:15:30.0109 3016 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:15:30.0109 3016 Bonjour Service - ok
23:15:30.0125 3016 [ F934D1B230F84E1D19DD00AC5A7A83ED ] BRIDGE C:\WINDOWS\system32\DRIVERS\bridge.sys
23:15:30.0125 3016 BRIDGE - ok
23:15:30.0125 3016 [ F934D1B230F84E1D19DD00AC5A7A83ED ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
23:15:30.0125 3016 BridgeMP - ok
23:15:30.0156 3016 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
23:15:30.0156 3016 Browser - ok
23:15:30.0203 3016 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
23:15:30.0203 3016 BVRPMPR5 - ok
23:15:30.0234 3016 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:15:30.0234 3016 cbidf2k - ok
23:15:30.0265 3016 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:15:30.0265 3016 CCDECODE - ok
23:15:30.0281 3016 cd20xrnt - ok
23:15:30.0281 3016 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:15:30.0281 3016 Cdaudio - ok
23:15:30.0296 3016 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:15:30.0296 3016 Cdfs - ok
23:15:30.0328 3016 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:15:30.0328 3016 Cdrom - ok
23:15:30.0343 3016 Changer - ok
23:15:30.0359 3016 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:15:30.0359 3016 CiSvc - ok
23:15:30.0359 3016 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:15:30.0375 3016 ClipSrv - ok
23:15:30.0406 3016 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:15:30.0437 3016 clr_optimization_v2.0.50727_32 - ok
23:15:31.0171 3016 [ D21DD5C3C4BF89D2722D25B7D11336D5 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
23:15:31.0203 3016 cmdAgent - ok
23:15:31.0250 3016 [ C934F6E30D8A10D34A652BCF3A5C35BD ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
23:15:31.0250 3016 cmderd - ok
23:15:31.0328 3016 [ 8CDA9C3A987A1CD3F971EB9B33AB1EB6 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
23:15:31.0328 3016 cmdGuard - ok
23:15:31.0359 3016 [ 9DD6E71613F26DDE12A0F007AECA760B ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
23:15:31.0375 3016 cmdHlp - ok
23:15:31.0375 3016 CmdIde - ok
23:15:31.0421 3016 [ C2C420573A006CDFB956443735C78A1B ] cmdvirth C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
23:15:31.0421 3016 cmdvirth - ok
23:15:31.0421 3016 COMSysApp - ok
23:15:31.0437 3016 Cpqarray - ok
23:15:31.0468 3016 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:15:31.0484 3016 CryptSvc - ok
23:15:31.0515 3016 [ AEFB8558199BD5212B268B09BFA1D71A ] CSHelper C:\WINDOWS\system32\CSHelper.exe
23:15:31.0515 3016 CSHelper - ok
23:15:31.0531 3016 dac2w2k - ok
23:15:31.0531 3016 dac960nt - ok
23:15:31.0578 3016 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:15:31.0593 3016 DcomLaunch - ok
23:15:31.0609 3016 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:15:31.0625 3016 Dhcp - ok
23:15:31.0640 3016 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:15:31.0640 3016 Disk - ok
23:15:31.0640 3016 dmadmin - ok
23:15:31.0671 3016 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:15:31.0687 3016 dmboot - ok
23:15:31.0703 3016 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:15:31.0703 3016 dmio - ok
23:15:31.0734 3016 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:15:31.0734 3016 dmload - ok
23:15:31.0781 3016 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:15:31.0781 3016 dmserver - ok
23:15:31.0796 3016 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:15:31.0796 3016 DMusic - ok
23:15:31.0828 3016 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:15:31.0843 3016 Dnscache - ok
23:15:31.0843 3016 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:15:31.0859 3016 Dot3svc - ok
23:15:31.0859 3016 dpti2o - ok
23:15:31.0890 3016 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:15:31.0890 3016 drmkaud - ok
23:15:31.0937 3016 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:15:31.0937 3016 EapHost - ok
23:15:31.0937 3016 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:15:31.0953 3016 ERSvc - ok
23:15:31.0984 3016 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:15:31.0984 3016 Eventlog - ok
23:15:32.0015 3016 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
23:15:32.0031 3016 EventSystem - ok
23:15:32.0046 3016 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:15:32.0046 3016 Fastfat - ok
23:15:32.0078 3016 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:15:32.0093 3016 FastUserSwitchingCompatibility - ok
23:15:32.0109 3016 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
23:15:32.0109 3016 Fdc - ok
23:15:32.0125 3016 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:15:32.0125 3016 Fips - ok
23:15:32.0171 3016 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:15:32.0187 3016 FLEXnet Licensing Service - ok
23:15:32.0218 3016 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
23:15:32.0218 3016 Flpydisk - ok
23:15:32.0250 3016 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:15:32.0250 3016 FltMgr - ok
23:15:32.0312 3016 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:15:32.0328 3016 FontCache3.0.0.0 - ok
23:15:32.0343 3016 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:15:32.0359 3016 Fs_Rec - ok
23:15:32.0359 3016 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:15:32.0359 3016 Ftdisk - ok
23:15:32.0390 3016 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:15:32.0390 3016 GEARAspiWDM - ok
23:15:32.0421 3016 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
23:15:32.0421 3016 getPlusHelper - ok
23:15:32.0437 3016 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:15:32.0437 3016 Gpc - ok
23:15:32.0484 3016 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:15:32.0484 3016 gupdate - ok
23:15:32.0500 3016 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:15:32.0500 3016 gupdatem - ok
23:15:32.0515 3016 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:15:32.0515 3016 HDAudBus - ok
23:15:32.0546 3016 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:15:32.0546 3016 helpsvc - ok
23:15:32.0593 3016 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
23:15:32.0593 3016 HidServ - ok
23:15:32.0609 3016 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:15:32.0609 3016 hidusb - ok
23:15:32.0625 3016 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:15:32.0625 3016 hkmsvc - ok
23:15:32.0640 3016 hpn - ok
23:15:32.0671 3016 [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:15:32.0671 3016 HPZid412 - ok
23:15:32.0703 3016 [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:15:32.0703 3016 HPZipr12 - ok
23:15:32.0734 3016 [ CF1B7951B4EC8D13F3C93B74BB2B461B ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:15:32.0734 3016 HPZius12 - ok
23:15:32.0734 3016 [ 5DF616ADDB75C1AD36C1F9E4DE0F7654 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
23:15:32.0750 3016 HSFHWBS2 - ok
23:15:32.0781 3016 [ DFA8F86C0DBCA7DB948043AA3BE6793B ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
23:15:32.0796 3016 HSF_DP - ok
23:15:32.0843 3016 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:15:32.0843 3016 HTTP - ok
23:15:32.0859 3016 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:15:32.0859 3016 HTTPFilter - ok
23:15:32.0875 3016 i2omgmt - ok
23:15:32.0875 3016 i2omp - ok
23:15:32.0906 3016 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:15:32.0906 3016 i8042prt - ok
23:15:32.0984 3016 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:15:33.0000 3016 idsvc - ok
23:15:33.0015 3016 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:15:33.0015 3016 Imapi - ok
23:15:33.0031 3016 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:15:33.0046 3016 ImapiService - ok
23:15:33.0046 3016 ini910u - ok
23:15:33.0109 3016 [ 31289DE45E75C0FD4A2CD6D9F4031078 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
23:15:33.0109 3016 Inspect - ok
23:15:33.0234 3016 [ DB01625D8E286CD17B94DCF088713D7F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:15:33.0281 3016 IntcAzAudAddService - ok
23:15:33.0296 3016 IntelIde - ok
23:15:33.0328 3016 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:15:33.0328 3016 Ip6Fw - ok
23:15:33.0359 3016 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:15:33.0359 3016 IpFilterDriver - ok
23:15:33.0375 3016 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:15:33.0375 3016 IpInIp - ok
23:15:33.0390 3016 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:15:33.0406 3016 IpNat - ok
23:15:33.0484 3016 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:15:33.0484 3016 iPod Service - ok
23:15:33.0500 3016 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:15:33.0500 3016 IPSec - ok
23:15:33.0531 3016 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:15:33.0531 3016 IRENUM - ok
23:15:33.0546 3016 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:15:33.0546 3016 isapnp - ok
23:15:33.0671 3016 [ 5739F2821D49975CEDE6BF0153D0CF01 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
23:15:33.0671 3016 JavaQuickStarterService - ok
23:15:33.0703 3016 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:15:33.0703 3016 Kbdclass - ok
23:15:33.0718 3016 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:15:33.0718 3016 kbdhid - ok
23:15:33.0734 3016 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:15:33.0734 3016 kmixer - ok
23:15:33.0750 3016 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:15:33.0750 3016 KSecDD - ok
23:15:33.0796 3016 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
23:15:33.0812 3016 LanmanServer - ok
23:15:33.0828 3016 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:15:33.0843 3016 lanmanworkstation - ok
23:15:33.0843 3016 lbrtfdc - ok
23:15:33.0859 3016 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:15:33.0875 3016 LmHosts - ok
23:15:33.0875 3016 MCSTRM - ok
23:15:33.0890 3016 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:15:33.0890 3016 mdmxsdk - ok
23:15:33.0906 3016 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:15:33.0906 3016 Messenger - ok
23:15:33.0937 3016 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:15:33.0937 3016 mnmdd - ok
23:15:33.0953 3016 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:15:33.0968 3016 mnmsrvc - ok
23:15:33.0984 3016 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:15:33.0984 3016 Modem - ok
23:15:33.0984 3016 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:15:34.0000 3016 Mouclass - ok
23:15:34.0000 3016 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:15:34.0000 3016 mouhid - ok
23:15:34.0000 3016 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:15:34.0000 3016 MountMgr - ok
23:15:34.0046 3016 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:15:34.0046 3016 MozillaMaintenance - ok
23:15:34.0062 3016 mraid35x - ok
23:15:34.0062 3016 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:15:34.0062 3016 MRxDAV - ok
23:15:34.0109 3016 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:15:34.0125 3016 MRxSmb - ok
23:15:34.0140 3016 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:15:34.0156 3016 MSDTC - ok
23:15:34.0156 3016 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:15:34.0156 3016 Msfs - ok
23:15:34.0171 3016 MSIServer - ok
23:15:34.0203 3016 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:15:34.0203 3016 MSKSSRV - ok
23:15:34.0234 3016 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:15:34.0234 3016 MSPCLOCK - ok
23:15:34.0250 3016 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:15:34.0250 3016 MSPQM - ok
23:15:34.0281 3016 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:15:34.0281 3016 mssmbios - ok
23:15:34.0296 3016 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
23:15:34.0296 3016 MSTEE - ok
23:15:34.0312 3016 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:15:34.0312 3016 Mup - ok
23:15:34.0343 3016 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:15:34.0343 3016 NABTSFEC - ok
23:15:34.0359 3016 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:15:34.0375 3016 napagent - ok
23:15:34.0390 3016 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:15:34.0390 3016 NDIS - ok
23:15:34.0390 3016 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:15:34.0390 3016 NdisIP - ok
23:15:34.0421 3016 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:15:34.0421 3016 NdisTapi - ok
23:15:34.0421 3016 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:15:34.0437 3016 Ndisuio - ok
23:15:34.0437 3016 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:15:34.0437 3016 NdisWan - ok
23:15:34.0453 3016 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:15:34.0453 3016 NDProxy - ok
23:15:34.0468 3016 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:15:34.0468 3016 NetBIOS - ok
23:15:34.0484 3016 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:15:34.0484 3016 NetBT - ok
23:15:34.0500 3016 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:15:34.0515 3016 NetDDE - ok
23:15:34.0515 3016 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:15:34.0531 3016 NetDDEdsdm - ok
23:15:34.0546 3016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:15:34.0546 3016 Netlogon - ok
23:15:34.0562 3016 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:15:34.0578 3016 Netman - ok
23:15:34.0609 3016 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:15:34.0609 3016 NetTcpPortSharing - ok
23:15:34.0609 3016 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:15:34.0625 3016 NIC1394 - ok
23:15:34.0640 3016 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
23:15:34.0640 3016 Nla - ok
23:15:34.0656 3016 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
23:15:34.0656 3016 nm - ok
23:15:34.0671 3016 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:15:34.0671 3016 Npfs - ok
23:15:34.0687 3016 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:15:34.0703 3016 Ntfs - ok
23:15:34.0703 3016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:15:34.0703 3016 NtLmSsp - ok
23:15:34.0734 3016 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:15:34.0750 3016 NtmsSvc - ok
23:15:34.0765 3016 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:15:34.0781 3016 Null - ok
23:15:34.0859 3016 [ 642A87877F83313EB5302749CD479024 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:15:34.0921 3016 nv - ok
23:15:34.0937 3016 [ 22EEDB34C4D7613A25B10C347C6C4C21 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
23:15:34.0937 3016 NVENETFD - ok
23:15:34.0968 3016 [ 5E3F6AD5CAD0F12D3CCCD06FD964087A ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
23:15:34.0968 3016 nvnetbus - ok
23:15:34.0984 3016 [ B0903C021BFCD6055C053A569EF98AEF ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
23:15:35.0000 3016 NVSvc - ok
23:15:35.0015 3016 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:15:35.0015 3016 NwlnkFlt - ok
23:15:35.0031 3016 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:15:35.0031 3016 NwlnkFwd - ok
23:15:35.0109 3016 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:15:35.0125 3016 odserv - ok
23:15:35.0140 3016 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:15:35.0140 3016 ohci1394 - ok
23:15:35.0171 3016 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:15:35.0171 3016 ose - ok
23:15:35.0203 3016 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
23:15:35.0203 3016 Parport - ok
23:15:35.0203 3016 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:15:35.0203 3016 PartMgr - ok
23:15:35.0234 3016 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:15:35.0234 3016 ParVdm - ok
23:15:35.0234 3016 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:15:35.0234 3016 PCI - ok
23:15:35.0250 3016 PCIDump - ok
23:15:35.0265 3016 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:15:35.0265 3016 PCIIde - ok
23:15:35.0281 3016 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:15:35.0296 3016 Pcmcia - ok
23:15:35.0296 3016 PDCOMP - ok
23:15:35.0296 3016 PDFRAME - ok
23:15:35.0312 3016 PDRELI - ok
23:15:35.0312 3016 PDRFRAME - ok
23:15:35.0328 3016 perc2 - ok
23:15:35.0328 3016 perc2hib - ok
23:15:35.0375 3016 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:15:35.0375 3016 PlugPlay - ok
23:15:35.0406 3016 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
23:15:35.0421 3016 Pml Driver HPZ12 - ok
23:15:35.0421 3016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:15:35.0421 3016 PolicyAgent - ok
23:15:35.0468 3016 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:15:35.0468 3016 PptpMiniport - ok
23:15:35.0500 3016 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
23:15:35.0500 3016 Processor - ok
23:15:35.0500 3016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:15:35.0515 3016 ProtectedStorage - ok
23:15:35.0515 3016 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:15:35.0531 3016 PSched - ok
23:15:35.0546 3016 [ AC7BD82678401A89CC80359806C80364 ] pssnap C:\WINDOWS\system32\DRIVERS\pssnap.sys
23:15:35.0546 3016 pssnap - ok
23:15:35.0546 3016 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:15:35.0562 3016 Ptilink - ok
23:15:35.0578 3016 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:15:35.0578 3016 PxHelp20 - ok
23:15:35.0578 3016 ql1080 - ok
23:15:35.0578 3016 Ql10wnt - ok
23:15:35.0593 3016 ql12160 - ok
23:15:35.0593 3016 ql1240 - ok
23:15:35.0609 3016 ql1280 - ok
23:15:35.0609 3016 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:15:35.0625 3016 RasAcd - ok
23:15:35.0640 3016 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:15:35.0640 3016 RasAuto - ok
23:15:35.0656 3016 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:15:35.0656 3016 Rasl2tp - ok
23:15:35.0671 3016 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:15:35.0687 3016 RasMan - ok
23:15:35.0687 3016 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:15:35.0687 3016 RasPppoe - ok
23:15:35.0703 3016 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:15:35.0703 3016 Raspti - ok
23:15:35.0750 3016 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:15:35.0750 3016 Rdbss - ok
23:15:35.0750 3016 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:15:35.0750 3016 RDPCDD - ok
23:15:35.0796 3016 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:15:35.0796 3016 rdpdr - ok
23:15:35.0828 3016 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:15:35.0828 3016 RDPWD - ok
23:15:35.0859 3016 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:15:35.0875 3016 RDSessMgr - ok
23:15:35.0875 3016 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:15:35.0875 3016 redbook - ok
23:15:35.0953 3016 [ 7A8FD91FD806B1EB1743898DF4C6477A ] ReflectService C:\Program Files\Macrium\Reflect\ReflectService.exe
23:15:35.0968 3016 ReflectService - ok
23:15:35.0984 3016 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:15:36.0000 3016 RemoteAccess - ok
23:15:36.0015 3016 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:15:36.0031 3016 RemoteRegistry - ok
23:15:36.0062 3016 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
23:15:36.0062 3016 RpcLocator - ok
23:15:36.0078 3016 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
23:15:36.0093 3016 RpcSs - ok
23:15:36.0109 3016 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:15:36.0125 3016 RSVP - ok
23:15:36.0140 3016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:15:36.0140 3016 SamSs - ok
23:15:36.0156 3016 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:15:36.0171 3016 SCardSvr - ok
23:15:36.0203 3016 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:15:36.0218 3016 Schedule - ok
23:15:36.0250 3016 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:15:36.0250 3016 Secdrv - ok
23:15:36.0265 3016 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:15:36.0265 3016 seclogon - ok
23:15:36.0296 3016 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:15:36.0312 3016 SENS - ok
23:15:36.0312 3016 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
23:15:36.0328 3016 Serial - ok
23:15:36.0343 3016 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:15:36.0343 3016 Sfloppy - ok
23:15:36.0359 3016 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:15:36.0359 3016 SharedAccess - ok
23:15:36.0375 3016 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:15:36.0390 3016 ShellHWDetection - ok
23:15:36.0390 3016 Simbad - ok
23:15:36.0437 3016 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:15:36.0437 3016 SLIP - ok
23:15:36.0437 3016 Sparrow - ok
23:15:36.0468 3016 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:15:36.0468 3016 splitter - ok
23:15:36.0500 3016 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:15:36.0515 3016 Spooler - ok
23:15:36.0546 3016 sprtlisten - ok
23:15:36.0578 3016 sprtsvc_quickcare - ok
23:15:36.0593 3016 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:15:36.0609 3016 sr - ok
23:15:36.0609 3016 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
23:15:36.0625 3016 srservice - ok
23:15:36.0656 3016 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:15:36.0671 3016 Srv - ok
23:15:36.0687 3016 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:15:36.0703 3016 SSDPSRV - ok
23:15:36.0734 3016 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:15:36.0750 3016 stisvc - ok
23:15:36.0765 3016 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:15:36.0765 3016 streamip - ok
23:15:36.0796 3016 [ 9A97B7024E2CA4D42046BF272997E14C ] SupportSoft RemoteAssist C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
23:15:36.0812 3016 SupportSoft RemoteAssist - ok
23:15:36.0828 3016 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:15:36.0828 3016 swenum - ok
23:15:36.0843 3016 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:15:36.0843 3016 swmidi - ok
23:15:36.0859 3016 SwPrv - ok
23:15:36.0859 3016 symc810 - ok
23:15:36.0875 3016 symc8xx - ok
23:15:36.0875 3016 sym_hi - ok
23:15:36.0890 3016 sym_u3 - ok
23:15:36.0921 3016 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:15:36.0921 3016 sysaudio - ok
23:15:36.0953 3016 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:15:36.0968 3016 SysmonLog - ok
23:15:36.0984 3016 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:15:37.0000 3016 TapiSrv - ok
23:15:37.0031 3016 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:15:37.0046 3016 Tcpip - ok
23:15:37.0062 3016 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
23:15:37.0062 3016 Tcpip6 - ok
23:15:37.0093 3016 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:15:37.0093 3016 TDPIPE - ok
23:15:37.0109 3016 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:15:37.0109 3016 TDTCP - ok
23:15:37.0140 3016 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:15:37.0140 3016 TermDD - ok
23:15:37.0156 3016 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:15:37.0187 3016 TermService - ok
23:15:37.0187 3016 tgsrvc_quickcare - ok
23:15:37.0218 3016 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
23:15:37.0234 3016 Themes - ok
23:15:37.0265 3016 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
23:15:37.0281 3016 TlntSvr - ok
23:15:37.0281 3016 TosIde - ok
23:15:37.0296 3016 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:15:37.0312 3016 TrkWks - ok
23:15:37.0312 3016 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
23:15:37.0328 3016 tunmp - ok
23:15:37.0328 3016 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:15:37.0343 3016 Udfs - ok
23:15:37.0343 3016 ultra - ok
23:15:37.0375 3016 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:15:37.0390 3016 Update - ok
23:15:37.0406 3016 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:15:37.0421 3016 upnphost - ok
23:15:37.0437 3016 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:15:37.0453 3016 UPS - ok
23:15:37.0484 3016 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
23:15:37.0484 3016 USBAAPL - ok
23:15:37.0500 3016 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:15:37.0500 3016 usbccgp - ok
23:15:37.0500 3016 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:15:37.0500 3016 usbehci - ok
23:15:37.0515 3016 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:15:37.0515 3016 usbhub - ok
23:15:37.0531 3016 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:15:37.0531 3016 usbohci - ok
23:15:37.0546 3016 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:15:37.0546 3016 usbprint - ok
23:15:37.0562 3016 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:15:37.0578 3016 usbscan - ok
23:15:37.0593 3016 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:15:37.0593 3016 usbstor - ok
23:15:37.0625 3016 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
23:15:37.0625 3016 usbvideo - ok
23:15:37.0656 3016 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:15:37.0656 3016 VgaSave - ok
23:15:37.0671 3016 ViaIde - ok
23:15:37.0687 3016 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:15:37.0687 3016 VolSnap - ok
23:15:37.0703 3016 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:15:37.0718 3016 VSS - ok
23:15:37.0734 3016 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
23:15:37.0750 3016 W32Time - ok
23:15:37.0765 3016 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:15:37.0765 3016 Wanarp - ok
23:15:37.0765 3016 WDICA - ok
23:15:37.0781 3016 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:15:37.0796 3016 wdmaud - ok
23:15:37.0812 3016 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:15:37.0828 3016 WebClient - ok
23:15:37.0843 3016 [ 473EE64C368CE2EED110376C11960259 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:15:37.0859 3016 winachsf - ok
23:15:37.0875 3016 [ 7ACC77E135A709AE0F7E1DF428A2F908 ] WinFLdrv C:\WINDOWS\system32\WinFLdrv.sys
23:15:37.0890 3016 Suspicious file (Hidden): C:\WINDOWS\system32\WinFLdrv.sys. md5: 7ACC77E135A709AE0F7E1DF428A2F908
23:15:37.0890 3016 WinFLdrv ( HiddenFile.Multi.Generic ) - warning
23:15:37.0890 3016 WinFLdrv - detected HiddenFile.Multi.Generic (1)
23:15:37.0921 3016 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:15:37.0937 3016 winmgmt - ok
23:15:37.0984 3016 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:15:37.0984 3016 WmdmPmSN - ok
23:15:38.0000 3016 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:15:38.0015 3016 Wmi - ok
23:15:38.0046 3016 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:15:38.0046 3016 WmiApSrv - ok
23:15:38.0078 3016 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:15:38.0078 3016 WS2IFSL - ok
23:15:38.0109 3016 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:15:38.0125 3016 wscsvc - ok
23:15:38.0140 3016 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:15:38.0140 3016 WSTCODEC - ok
23:15:38.0171 3016 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:15:38.0187 3016 wuauserv - ok
23:15:38.0218 3016 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:15:38.0218 3016 WudfPf - ok
23:15:38.0234 3016 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:15:38.0234 3016 WudfRd - ok
23:15:38.0265 3016 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:15:38.0281 3016 WudfSvc - ok
23:15:38.0312 3016 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:15:38.0328 3016 WZCSVC - ok
23:15:38.0359 3016 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:15:38.0375 3016 xmlprov - ok
23:15:38.0421 3016 [ 154FE6A5A608CD725266877901E883C2 ] ZD1211BU(ZyDAS) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
23:15:38.0421 3016 ZD1211BU(ZyDAS) - ok
23:15:38.0453 3016 ================ Scan global ===============================
23:15:38.0515 3016 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:15:38.0546 3016 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
23:15:38.0578 3016 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
23:15:38.0609 3016 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:15:38.0609 3016 [Global] - ok
23:15:38.0609 3016 ================ Scan MBR ==================================
23:15:38.0625 3016 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:15:38.0796 3016 \Device\Harddisk0\DR0 - ok
23:15:38.0796 3016 ================ Scan VBR ==================================
23:15:38.0796 3016 [ C0C8962BD6AD3677EE47FC30FD96802C ] \Device\Harddisk0\DR0\Partition1
23:15:38.0796 3016 \Device\Harddisk0\DR0\Partition1 - ok
23:15:38.0812 3016 [ E7498C396917B2AF0DB9C31A3BD88FFD ] \Device\Harddisk0\DR0\Partition2
23:15:38.0812 3016 \Device\Harddisk0\DR0\Partition2 - ok
23:15:38.0843 3016 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
23:15:38.0843 3016 \Device\Harddisk0\DR0\Partition3 - ok
23:15:38.0843 3016 ============================================================
23:15:38.0843 3016 Scan finished
23:15:38.0843 3016 ============================================================
23:15:38.0843 2152 Detected object count: 2
23:15:38.0843 2152 Actual detected object count: 2
23:15:59.0187 2152 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
23:15:59.0187 2152 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
23:15:59.0203 2152 WinFLdrv ( HiddenFile.Multi.Generic ) - skipped by user
23:15:59.0203 2152 WinFLdrv ( HiddenFile.Multi.Generic ) - User select action: Skip

Broni · May 24, 2013

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

mvongsa · May 24, 2013

Here's my combofix log:

ComboFix 13-05-23.02 - Sam 05/24/2013 0:23.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1417 [GMT -5:00]
Running from: c:\documents and settings\Sam\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Files Created from 2013-04-24 to 2013-05-24 )))))))))))))))))))))))))))))))
.
.
2013-05-23 09:09 . 2013-05-23 09:09 -------- d-----w- C:\VTRoot
2013-05-23 09:09 . 2013-05-24 01:05 44168 ----a-w- c:\windows\system32\drivers\fvstore.dat
2013-05-23 08:50 . 2013-05-09 08:59 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-23 08:50 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-23 08:50 . 2013-05-09 08:59 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-23 08:50 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-23 08:50 . 2013-05-09 08:59 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-23 08:50 . 2013-05-09 08:59 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-23 08:50 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-23 08:50 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-23 08:50 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-23 08:48 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-05-23 08:48 . 2013-05-23 08:48 -------- d-----w- c:\program files\AVAST Software
2013-05-23 08:46 . 2013-05-23 08:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-05-23 08:45 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-23 08:45 . 2013-05-23 08:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-23 08:40 . 2013-05-23 08:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO
2013-05-23 08:38 . 2013-05-23 08:38 -------- d-s---w- c:\documents and settings\All Users\Application Data\Shared Space
2013-05-23 08:26 . 2013-05-23 08:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\COMODO
2013-05-23 08:26 . 2013-05-23 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2013-05-23 08:25 . 2013-05-23 08:33 47368 ----a-w- c:\windows\system32\certsentry.dll
2013-05-23 08:25 . 2013-05-23 08:25 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\COMODO
2013-05-23 08:25 . 2013-05-23 08:45 -------- d-----w- c:\program files\Comodo
2013-05-23 08:25 . 2013-05-23 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2013-05-23 07:58 . 2013-05-23 07:58 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-05-23 00:35 . 2013-05-02 15:28 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-22 22:09 . 2013-05-22 22:09 -------- d-----w- c:\program files\Common Files\Java
2013-05-22 22:08 . 2013-05-22 22:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-25 16:05 . 2013-04-25 16:05 99392 ----a-w- c:\windows\system32\drivers\inspect.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-23 01:39 . 2013-01-10 02:39 664 ----a-w- c:\windows\system32\d3d9caps.tmp
2013-05-22 22:08 . 2012-08-17 17:26 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-05-22 22:08 . 2012-08-17 17:26 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-05-22 22:08 . 2010-09-25 17:40 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-22 21:53 . 2012-03-31 23:16 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-22 21:53 . 2011-06-07 19:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-23 20:04 . 2013-04-23 20:04 348048 ----a-w- c:\windows\system32\guard32.dll
2013-04-16 22:17 . 2008-04-14 10:42 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2008-04-14 10:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-16 22:17 . 2008-04-14 10:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-15 23:39 . 2013-04-15 23:39 592384 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2013-04-15 23:39 . 2013-04-15 23:39 32816 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-04-15 23:39 . 2013-04-15 23:39 18528 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-04-15 23:38 . 2013-04-15 23:38 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-04-15 23:38 . 2013-04-15 23:38 40656 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-04-15 23:38 . 2013-04-15 23:38 276688 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-04-12 23:28 . 2008-04-14 05:07 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2008-04-14 06:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-08 08:36 . 2008-04-14 10:42 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2008-04-14 05:54 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2008-04-14 06:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-27 07:56 . 2010-04-04 06:37 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-05-23 07:57 . 2013-05-23 07:57 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-12-21 . 710DEE44DFB67EB7D512E768856E52A4 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"nwiz"="nwiz.exe" [2006-05-09 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-09 86016]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"Qwest Personal Digital Vault"="c:\program files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe" [2009-12-18 1064808]
"QuickCare"="c:\program files\Qwest\Quickcare\bin\sprtcmd.exe" [2010-01-16 206120]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-04-15 3012816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
c:\documents and settings\Guest\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 19:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58016:TCP"= 58016:TCP

ando Media Booster
"58016:UDP"= 58016:UDP

ando Media Booster
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [5/23/2013 3:50 AM 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [5/23/2013 3:50 AM 174664]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [7/1/2011 12:55 PM 16024]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/23/2013 3:50 AM 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/23/2013 3:50 AM 368944]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [4/15/2013 6:39 PM 18528]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [4/15/2013 6:39 PM 592384]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [4/15/2013 6:39 PM 32816]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 5:42 AM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/23/2013 3:50 AM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [5/23/2013 3:50 AM 66336]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [7/1/2011 12:55 PM 220824]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728]
R2 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\Qwest\Quickcare\bin\sprtsvc.exe [8/8/2010 10:14 PM 206120]
R2 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\Qwest\Quickcare\bin\tgsrvc.exe [8/8/2010 10:14 PM 185640]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [10/16/2011 11:54 PM 17984]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [8/8/2010 1:31 AM 266240]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\Comodo\COMODO Internet Security\cmdvirth.exe [4/15/2013 6:38 PM 127184]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 49850858
*Deregistered* - 49850858
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-13 03:45 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 21:53]
.
2013-05-24 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-23 08:58]
.
2013-05-24 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-04-15 23:38]
.
2013-05-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-838170752-1801674531-1005Core.job
- c:\documents and settings\Monalisa\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-09-22 18:05]
.
2013-05-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-838170752-1801674531-1005UA.job
- c:\documents and settings\Monalisa\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-09-22 18:05]
.
2013-05-23 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-04-10 20:39]
.
2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-23 03:18]
.
2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-23 03:18]
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-838170752-1801674531-1003Core.job
- c:\documents and settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-11 07:23]
.
2013-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-838170752-1801674531-1003UA.job
- c:\documents and settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-11 07:23]
.
2013-05-23 c:\windows\Tasks\QuickConnectSupportTask.job
- c:\program files\Qwest\QuickConnect\QuickConnect.exe [2011-10-17 21:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.glarysoft.com/?src=iehome
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\b2pd2wan.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Glary Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.glarysoft.com/?src=ffhome
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - ExtSQL: 2013-05-23 03:49; wrc@avast.com; c:\progra~1\AVASTS~1\Avast\WebRep\FF
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.414:28
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.hpOld0 - hxxp://isearch.glarysoft.com/?src=ffhome
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=fadf3cd3eadc4408895a010c45edd45d&tu=10GX0008B2B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 44d06554000000000000001a6bcbd126
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15847
FF - user.js: extensions.zonealarm.vrsn - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsni - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.11.1117:18
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1025
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN16524721347397-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=fadf3cd3eadc4408895a010c45edd45d&tu=10GX0008B2B0008&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=fadf3cd3eadc4408895a010c45edd45d&tu=10GX0008B2B0008&sku=&tstsId=&ver=&
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ISW - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-24 00:36
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\system32\sys_drv.dat 6024 bytes
c:\windows\system32\sys_drv_2.dat 5020 bytes
c:\windows\system32\WinFLdrv.sys 17984 bytes executable
c:\documents and settings\Sam\Application Data\systemfl.$dk 990 bytes
.
scan completed successfully
hidden files: 4
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(952)
c:\windows\system32\guard32.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'explorer.exe'(2020)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(856)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2013-05-24 00:40:58
ComboFix-quarantined-files.txt 2013-05-24 05:40
.
Pre-Run: 40,356,335,616 bytes free
Post-Run: 40,703,680,512 bytes free
.
- - End Of File - - 7100E80E7045D93AD3A8D958B5EA9ACC

Broni · May 24, 2013

Please download Farbar Service Scanner Download Link and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

mvongsa · May 24, 2013

Farbar Service Scanner Version: 14-04-2013
Ran by Sam (administrator) on 24-05-2013 at 12:16:28
Running from "C:\Documents and Settings\Sam\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(9) BRIDGE(11) BridgeMP(10) cmdHlp(13) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) Tcpip6(8)
0x0D00000004000000010000000200000003000000090000000D000000080000000C0000000500000006000000070000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

Broni · May 24, 2013

I don't see anything malicious there.

In this forum, we make sure, your computer is free of malware and your computer is clean

Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck

mvongsa · May 24, 2013

Okay Thanks! I really appreciate all your patience and effort in helping me.

Broni · May 24, 2013

Inactive Bad Image Errors and some kind of virus...

Posts: 11 +0

Posts: 11 +0

Posts: 56,041 +517

Posts: 11 +0

Posts: 56,041 +517

Posts: 11 +0

Posts: 11 +0

Posts: 56,041 +517

Posts: 11 +0

Posts: 56,041 +517

Posts: 11 +0

Posts: 11 +0

Posts: 56,041 +517

Posts: 11 +0

Posts: 56,041 +517

Posts: 11 +0

Posts: 56,041 +517

Posts: 11 +0

Posts: 56,041 +517

Similar threads