Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Rootkit.0Access, Trojan.FakeMS and more

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Rootkit.0Access, Trojan.FakeMS and more

Unread postby NinaB » January 20th, 2014, 1:15 am

Hi,

My husband's computer, running Windows XP, SP3 is infected by a number of things. Malwarebytes anti malware has detected:

Trojan.FakeMS
Rootkit.0Access.Gen
Trojan.Zaccess.IJ
Rootkit.0Access
Trojan.Agent.RND
Trojan.AGENT.FSA42

These things were also quarantined by my husband's Comodo Internet Security Premium and it looks like Malwarebytes detected them within the Comodo quarantine. While Malwarebytes was running, Comodo occasionally seemed to notice one of the malware programs and prompt me to click "clean", which I did. Malwarebytes also said it had deleted the malware on reboot, but it does seem unable to delete the rootkit or all the trojans, even after I ran a full scan three times. I am somewhat concerned that Comodo and Malwarebytes may be interfering with each other, but I am not sure what it is safe to turn off at this point. I am concerned that leaving Comodo Defense+ in training mode in the past may have allowed this malware to enter.

My husband does not know how he got this malware. He is careful about opening untrustworthy email attachments. His internet use is mainly confined to email, facebook, a yahoo group, and ordinary web browsing, mainly of sites related to linguistics or aviation history.

What I need to know is what is still infecting the computer and how to remove it. The computer is running much more slowly than usual. I very much appreciate any advice you can give me as to how to proceed.

HERE IS THE DDS.txt LOG:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Ron at 23:08:28 on 2014-01-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.2131 [GMT -5:00]
.
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\real\realplayer\update\realsched.exe
C:\Program Files\D-Link\DWA-125 revA\AirNCFG.exe
C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: AutorunsDisabled - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Adobe Reader Synchronizer] "c:\program files\adobe\reader 10.0\reader\AdobeCollabSync.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [D-Link D-Link DWA-125] c:\program files\d-link\dwa-125 reva\AirNCFG.exe
mRun: [D-Link DWA-125 WZCSLDR2] c:\program files\d-link\dwa-125 reva\WZCSLDR2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} - hxxps://horizons.istaria.com/controls/launcher.ocx
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdat ... /opuc3.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsup ... gctlsr.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.5.7.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 9942960015
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{337A570C-2A59-4E67-89B1-99ECC47A12C7} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
AppInit_DLLs= c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - c:\interlog\eudora\EuShlExt.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ron\application data\mozilla\firefox\profiles\s6a166hv.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://tvlistings.cogeco.ca/tvgrid.shtm ... =1&hilite=
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [2006-8-3 17792]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-9-10 18096]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-10 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-9-10 32640]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2009-6-30 3026]
R2 ANPD;ANPD Service;c:\windows\system32\ANPD.SYS [2013-3-30 29411]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-9-10 1990464]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-3-30 21992]
R2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files\d-link\dwa-125 reva\ANIWConnService.exe [2013-3-30 53248]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R3 rt2870;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Drt2870.sys [2013-3-30 1174976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 D_Link_DWA-125;D_Link_DWA-125 Service;c:\program files\d-link\dwa-125 reva\ANIWZCSdS.exe [2013-3-30 126976]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\wlndis50.sys --> c:\windows\system32\drivers\wlndis50.sys [?]
S3 Arfumftr;Trust RF-Mouse filter driver;c:\windows\system32\drivers\arfumftr.sys --> c:\windows\system32\drivers\Arfumftr.sys [?]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\rtl8192su.sys --> c:\windows\system32\drivers\RTL8192su.sys [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-3-29 13464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?]
.
=============== File Associations ===============
.
.txt: <filetype is not registered>
.js: <filetype is not registered>
.
=============== Created Last 30 ================
.
2014-01-17 00:09:17 -------- d-----w- c:\documents and settings\ron\local settings\application data\SecondLife
2014-01-16 02:57:48 -------- d-----w- c:\program files\SecondLifeViewer
.
==================== Find3M ====================
.
2013-12-22 15:33:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-22 15:33:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2012-08-08 22:56:40 4024320 ----a-w- c:\program files\GUT24.tmp
2000-12-12 15:17:40 100432 ------w- c:\program files\Win2000PPAHotfix.exe
.
============= FINISH: 23:09:34.17 ===============

HERE IS THE Attach.txt LOG:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/25/2006 1:28:56 PM
System Uptime: 1/19/2014 10:34:23 PM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 0M2035
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2991/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 28.517 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D891028&REV_01\4&1C660DD6&0&08F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D891028&REV_01\4&1C660DD6&0&08F0
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1101835823C04
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1101835823C04
Service: NIC1394
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01571028&REV_02\4&1C660DD6&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01571028&REV_02\4&1C660DD6&0&40F0
Service: E100B
.
==== System Restore Points ===================
.
RP1999: 10/22/2013 6:18:39 PM - System Checkpoint
RP2000: 10/23/2013 6:56:55 PM - System Checkpoint
RP2001: 10/24/2013 7:55:41 PM - System Checkpoint
RP2002: 10/25/2013 8:28:41 PM - System Checkpoint
RP2003: 10/26/2013 9:14:40 PM - System Checkpoint
RP2004: 10/27/2013 10:16:14 PM - System Checkpoint
RP2005: 10/28/2013 10:21:18 PM - System Checkpoint
RP2006: 10/29/2013 11:04:48 PM - System Checkpoint
RP2007: 10/30/2013 11:07:59 PM - System Checkpoint
RP2008: 10/31/2013 11:26:22 PM - System Checkpoint
RP2009: 11/2/2013 12:25:42 AM - System Checkpoint
RP2010: 11/2/2013 11:39:08 PM - System Checkpoint
RP2011: 11/4/2013 12:32:10 AM - System Checkpoint
RP2012: 11/5/2013 1:05:48 AM - System Checkpoint
RP2013: 11/6/2013 1:09:00 AM - System Checkpoint
RP2014: 11/7/2013 1:27:43 AM - System Checkpoint
RP2015: 11/8/2013 3:10:22 PM - System Checkpoint
RP2016: 11/9/2013 6:04:07 PM - System Checkpoint
RP2017: 11/10/2013 6:44:21 PM - System Checkpoint
RP2018: 11/11/2013 7:21:51 PM - System Checkpoint
RP2019: 11/12/2013 9:51:47 PM - System Checkpoint
RP2020: 11/13/2013 10:43:42 PM - System Checkpoint
RP2021: 11/14/2013 11:18:21 PM - System Checkpoint
RP2022: 11/15/2013 11:25:18 PM - System Checkpoint
RP2023: 11/17/2013 12:09:09 AM - System Checkpoint
RP2024: 11/18/2013 12:30:14 AM - System Checkpoint
RP2025: 11/19/2013 1:21:06 AM - System Checkpoint
RP2026: 11/20/2013 1:24:55 AM - System Checkpoint
RP2027: 11/21/2013 3:46:48 PM - System Checkpoint
RP2028: 11/22/2013 6:23:19 PM - System Checkpoint
RP2029: 11/23/2013 6:31:06 PM - System Checkpoint
RP2030: 11/24/2013 10:24:36 PM - System Checkpoint
RP2031: 11/25/2013 11:23:14 PM - System Checkpoint
RP2032: 11/26/2013 11:34:01 PM - System Checkpoint
RP2033: 11/28/2013 12:08:07 AM - System Checkpoint
RP2034: 11/29/2013 1:14:10 AM - System Checkpoint
RP2035: 11/30/2013 2:06:43 AM - System Checkpoint
RP2036: 12/1/2013 2:16:14 AM - System Checkpoint
RP2037: 12/2/2013 6:19:43 PM - System Checkpoint
RP2038: 12/3/2013 6:21:29 PM - System Checkpoint
RP2039: 12/4/2013 8:42:34 PM - System Checkpoint
RP2040: 12/5/2013 11:44:32 PM - System Checkpoint
RP2041: 12/6/2013 11:50:50 PM - System Checkpoint
RP2042: 12/8/2013 12:14:20 AM - System Checkpoint
RP2043: 12/9/2013 12:40:30 AM - System Checkpoint
RP2044: 12/10/2013 1:53:07 AM - System Checkpoint
RP2045: 12/11/2013 5:58:11 PM - System Checkpoint
RP2046: 12/12/2013 6:33:46 PM - System Checkpoint
RP2047: 12/13/2013 7:06:35 PM - System Checkpoint
RP2048: 12/14/2013 7:12:33 PM - System Checkpoint
RP2049: 12/15/2013 7:23:29 PM - System Checkpoint
RP2050: 12/16/2013 8:12:44 PM - System Checkpoint
RP2051: 12/17/2013 9:49:54 PM - System Checkpoint
RP2052: 12/18/2013 10:31:28 PM - System Checkpoint
RP2053: 12/20/2013 12:06:46 AM - System Checkpoint
RP2054: 12/21/2013 12:27:40 AM - System Checkpoint
RP2055: 12/22/2013 1:25:54 AM - System Checkpoint
RP2056: 12/23/2013 12:21:28 PM - System Checkpoint
RP2057: 12/24/2013 12:59:32 PM - System Checkpoint
RP2058: 12/25/2013 1:07:12 PM - System Checkpoint
RP2059: 12/26/2013 2:46:45 PM - System Checkpoint
RP2060: 12/27/2013 3:01:31 PM - System Checkpoint
RP2061: 12/28/2013 5:32:05 PM - System Checkpoint
RP2062: 12/29/2013 6:39:36 PM - System Checkpoint
RP2063: 12/30/2013 8:40:45 PM - System Checkpoint
RP2064: 12/31/2013 9:18:59 PM - System Checkpoint
RP2065: 1/1/2014 11:46:34 PM - System Checkpoint
RP2066: 1/3/2014 12:25:43 AM - System Checkpoint
RP2067: 1/4/2014 12:54:26 AM - System Checkpoint
RP2068: 1/5/2014 11:51:47 AM - System Checkpoint
RP2069: 1/6/2014 12:44:47 PM - System Checkpoint
RP2070: 1/7/2014 1:13:18 PM - System Checkpoint
RP2071: 1/8/2014 2:45:09 PM - System Checkpoint
RP2072: 1/9/2014 3:01:20 PM - System Checkpoint
RP2073: 1/10/2014 6:21:12 PM - System Checkpoint
RP2074: 1/11/2014 6:31:57 PM - System Checkpoint
RP2075: 1/12/2014 6:37:23 PM - System Checkpoint
RP2076: 1/13/2014 6:39:32 PM - System Checkpoint
RP2077: 1/14/2014 9:29:46 PM - System Checkpoint
RP2078: 1/15/2014 10:29:42 PM - System Checkpoint
RP2079: 1/16/2014 11:36:37 PM - System Checkpoint
RP2080: 1/18/2014 12:14:47 AM - System Checkpoint
RP2081: 1/19/2014 12:30:23 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
==== End Of File ===========================


Thank you for your help.
NinaB
Regular Member
 
Posts: 30
Joined: January 25th, 2006, 10:46 am
Location: Ontario
Advertisement
Register to Remove

Re: Rootkit.0Access, Trojan.FakeMS and more

Unread postby Gary R » January 20th, 2014, 6:37 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Rootkit.0Access, Trojan.FakeMS and more

Unread postby Gary R » January 20th, 2014, 6:58 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi NinaB

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
Important As I said earlier removing Malware is a potentially hazardous thing to do, so to increase our chances of recovery in the event of something unexpected happening, I'd like you to make a backup of your Registry before we start to clean your computer.
  • Download ERUNT to your desktop
  • Alternate Download
  • Double-click on erunt_setup.exe to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There's not a whole lot showing in your DDS logs, however the infections detected by malwarebytes and quarantined by Comodo on your husband's machine ...
Rootkit.0Access.Gen
Trojan.Zaccess.IJ
Rootkit.0Access


... indicate that he may have been infected with an infection known as Zero Access, which is quite a serious one. So what I'd like to do is run some more scans to determine whether he has had a full blown Zero Access attack or whether it was caught early before it had time to fully install.

Please do the following for me ...

First

  • Download FRST to your Desktop.
  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Next

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING FOUND AT THIS POINT

Summary of the logs I need from you in your next post:
  • FRST.txt
  • Addition.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Rootkit.0Access, Trojan.FakeMS and more

Unread postby NinaB » January 20th, 2014, 10:13 am

Thank you Gary R. Here is FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2014 04
Ran by Ron (administrator) on RON2 on 20-01-2014 08:53:17
Running from C:\Documents and Settings\Ron\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) ===================

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
() C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
(Creative Technology Ltd) C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(D-Link Corp.) C:\Program Files\D-Link\DWA-125 revA\AirNCFG.exe
(Wireless Service) C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CTSysVol] - C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [49152 2002-10-29] (Creative Technology Ltd)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048 2012-11-07] (COMODO)
HKLM\...\Run: [TkBellExe] - C:\Program Files\real\realplayer\update\realsched.exe [295072 2012-12-28] (RealNetworks, Inc.)
HKLM\...\Run: [D-Link D-Link DWA-125] - C:\Program Files\D-Link\DWA-125 revA\AirNCFG.exe [1074496 2011-06-10] (D-Link Corp.)
HKLM\...\Run: [D-Link DWA-125 WZCSLDR2] - C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe [122880 2010-07-12] (Wireless Service)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\crypt32chain: crypt32.dll [X]
Winlogon\Notify\cryptnet: cryptnet.dll [X]
Winlogon\Notify\cscdll: cscdll.dll [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\Schedule: wlnotify.dll [X]
Winlogon\Notify\sclgntfy: sclgntfy.dll [X]
Winlogon\Notify\SensLogn: WlNotify.dll [X]
Winlogon\Notify\termsrv: wlnotify.dll [X]
Winlogon\Notify\WgaLogon: WgaLogon.dll [X]
Winlogon\Notify\wlballoon: wlnotify.dll [X]
HKCU\...\Run: [Adobe Reader Synchronizer] - C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1272704 2013-12-18] (Adobe Systems Incorporated)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-07-19] (Google Inc.)
AppInit_DLLs: C:\WINDOWS\system32\guard32.dll => C:\WINDOWS\system32\guard32.dll [301264 2012-11-07] (COMODO)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEE6B814B1BA8CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {FA73AE1B-4BA9-4E8B-832B-54A287FF1B7F} - No File
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/ ... ontrol.cab
DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} https://horizons.istaria.com/controls/launcher.ocx
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsup ... gctlsr.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.5.7.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 9942960015
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} http://www.live365.com/players/play365.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\interlog\eudora\EuShlExt.dll [86016 2006-08-17] (Qualcomm Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\s6a166hv.default
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://tvlistings.cogeco.ca/tvgrid.shtm ... =1&hilite=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\s6a166hv.default\searchplugins\wot-safe-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fast.png
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fast.xml
FF Extension: WOT - C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\s6a166hv.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-19]
CHR Extension: (Google Drive) - C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-19]
CHR Extension: (YouTube) - C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-19]
CHR Extension: (Google Search) - C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-19]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-19]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-19]
CHR Extension: (Chrome In-App Payments service) - C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-18]
CHR Extension: (Gmail) - C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-19]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\DOCUME~1\Nina\LOCALS~1\Temp\ccex.crx [2013-10-09]

========================== Services (Whitelisted) =================

R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-07] (COMODO)
R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTSvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd)
S2 D_Link_DWA-125; C:\Program Files\D-Link\DWA-125 revA\ANIWZCSdS.exe [126976 2010-07-12] (Wireless Service)
R2 D_Link_DWA-125_WPS; C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-07-12] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161768 2012-09-09] (Oracle Corporation)
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2006-08-07] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation)
S4 Symantec Core LC; "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" [x]

==================== Drivers (Whitelisted) ====================

R1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
R2 ANPD; C:\WINDOWS\system32\ANPD.sys [29411 2013-03-30] ()
S3 bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [4272 2003-08-28] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [18096 2012-11-07] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [497952 2012-11-07] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [32640 2012-11-07] (COMODO)
R3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [98600 2007-04-18] (Creative Technology Ltd)
S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.)
R3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [546048 2007-04-12] (Creative Technology Ltd)
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347128 2007-04-10] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [168192 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [94976 2007-04-12] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.)
R3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [560384 2007-04-12] (Creative Technology Ltd)
S3 Eplpdx02; C:\WINDOWS\system32\Drivers\EPLPDX02.SYS [70084 2001-08-09] (MK Systems CO., LTD.)
S3 GTNDIS5; C:\WINDOWS\system32\GTNDIS5.SYS [15872 2003-09-25] (Printing Communications Assoc., Inc. (PCAUSA))
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [797992 2007-04-10] (Creative Technology Ltd)
R3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [163112 2007-04-10] (Creative Technology Ltd)
S3 hap17v2k; C:\Windows\System32\drivers\hap17v2k.sys [189736 2007-04-10] (Creative Technology Ltd)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16080 2003-03-09] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP)
R1 hwinterface; C:\Windows\System32\Drivers\hwinterface.sys [3026 2009-06-30] (Logix4u)
R0 Inspect; C:\Windows\System32\DRIVERS\inspect.sys [99080 2012-11-07] (COMODO)
R2 MCSTRM; C:\Windows\System32\Drivers\MCSTRM.sys [8413 2006-08-07] (RealNetworks, Inc.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [30816 2008-05-23] (Intel Corporation )
R2 PfModNT; C:\WINDOWS\System32\drivers\PfModNT.sys [16168 2007-04-10] (Creative Technology Ltd.)
R0 ppa; C:\Windows\System32\DRIVERS\ppa.sys [17792 2001-08-17] (Microsoft Corporation)
R3 rt2870; C:\Windows\System32\DRIVERS\Drt2870.sys [1174976 2011-04-25] (Ralink Technology, Corp.)
S3 RT73; C:\Windows\System32\DRIVERS\rt73.sys [245248 2005-11-24] (Ralink Technology, Corp.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2013-08-09] ()
R2 symlcbrd; C:\WINDOWS\System32\drivers\symlcbrd.sys [10344 2006-07-25] (Symantec Corporation)
S1 Amfilter; system32\DRIVERS\Amfilter.sys [x]
S3 Amusbprt; system32\DRIVERS\Amusbprt.sys [x]
S3 Arfumftr; system32\DRIVERS\Arfumftr.sys [x]
S3 COMMONFX; system32\drivers\COMMONFX.SYS [x]
S3 COMMONFX.SYS; \SystemRoot\System32\drivers\COMMONFX.SYS [x]
S3 CTAUDFX; system32\drivers\CTAUDFX.SYS [x]
S3 CTAUDFX.SYS; \SystemRoot\System32\drivers\CTAUDFX.SYS [x]
S3 CTERFXFX; system32\drivers\CTERFXFX.SYS [x]
S3 CTERFXFX.SYS; \SystemRoot\System32\drivers\CTERFXFX.SYS [x]
S3 CTSBLFX; system32\drivers\CTSBLFX.SYS [x]
S3 CTSBLFX.SYS; \SystemRoot\System32\drivers\CTSBLFX.SYS [x]
S3 GEARAspiWDM; System32\Drivers\GEARAspiWDM.sys [x]
S4 IntelIde; No ImagePath
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 WLNdis50; system32\DRIVERS\wlndis50.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-20 08:53 - 2014-01-20 08:53 - 00020031 _____ C:\Documents and Settings\Ron\Desktop\FRST.txt
2014-01-20 08:52 - 2014-01-20 08:52 - 00000000 ____D C:\Documents and Settings\Ron\Desktop\maybe not
2014-01-20 08:48 - 2014-01-20 08:48 - 00000000 ____D C:\FRST
2014-01-20 08:42 - 2014-01-20 08:42 - 01221120 _____ (Farbar) C:\Documents and Settings\Ron\Desktop\FRST.exe
2014-01-20 08:37 - 2014-01-20 08:37 - 00000000 ____D C:\Documents and Settings\Ron\Desktop\nina storage
2014-01-20 08:36 - 2014-01-20 08:36 - 00000000 ____D C:\WINDOWS\ERDNT
2014-01-20 08:35 - 2014-01-20 08:35 - 00000592 _____ C:\Documents and Settings\Ron\Desktop\ERUNT.lnk
2014-01-20 08:35 - 2014-01-20 08:35 - 00000000 ____D C:\Program Files\ERUNT
2014-01-20 08:35 - 2014-01-20 08:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-01-19 22:52 - 2014-01-19 22:48 - 00688992 ____R (Swearware) C:\Documents and Settings\Ron\Desktop\dds.com
2014-01-16 19:11 - 2014-01-16 19:11 - 00000000 _____ C:\conversation.log
2014-01-16 19:09 - 2014-01-16 23:21 - 00000000 ____D C:\Documents and Settings\Ron\Local Settings\Application Data\SecondLife
2014-01-16 19:09 - 2014-01-16 19:12 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\SecondLife
2014-01-15 21:59 - 2014-01-15 21:59 - 00000828 _____ C:\Documents and Settings\All Users\Desktop\Second Life Viewer.lnk
2014-01-15 21:59 - 2014-01-15 21:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Second Life Viewer
2014-01-15 21:57 - 2014-01-16 19:42 - 00000000 ____D C:\Program Files\SecondLifeViewer
2014-01-15 13:30 - 2014-01-15 13:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-12 23:42 - 2014-01-12 23:42 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Comodo Log Files

==================== One Month Modified Files and Folders =======

2014-01-20 08:53 - 2014-01-20 08:53 - 00020031 _____ C:\Documents and Settings\Ron\Desktop\FRST.txt
2014-01-20 08:53 - 2009-06-16 14:05 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{10F937A0-76A6-444E-A646-B3B467BB5D82}.job
2014-01-20 08:52 - 2014-01-20 08:52 - 00000000 ____D C:\Documents and Settings\Ron\Desktop\maybe not
2014-01-20 08:49 - 2009-05-23 10:25 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2014-01-20 08:48 - 2014-01-20 08:48 - 00000000 ____D C:\FRST
2014-01-20 08:42 - 2014-01-20 08:42 - 01221120 _____ (Farbar) C:\Documents and Settings\Ron\Desktop\FRST.exe
2014-01-20 08:40 - 2012-10-11 18:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-20 08:37 - 2014-01-20 08:37 - 00000000 ____D C:\Documents and Settings\Ron\Desktop\nina storage
2014-01-20 08:36 - 2014-01-20 08:36 - 00000000 ____D C:\WINDOWS\ERDNT
2014-01-20 08:35 - 2014-01-20 08:35 - 00000592 _____ C:\Documents and Settings\Ron\Desktop\ERUNT.lnk
2014-01-20 08:35 - 2014-01-20 08:35 - 00000000 ____D C:\Program Files\ERUNT
2014-01-20 08:35 - 2014-01-20 08:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-01-20 08:03 - 2006-07-25 13:02 - 01962705 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-20 08:00 - 2013-03-30 21:17 - 00003284 _____ C:\WINDOWS\system32\ANIWZCS{337A570C-2A59-4E67-89B1-99ECC47A12C7}
2014-01-20 08:00 - 2013-03-30 21:15 - 00000004 _____ C:\WINDOWS\system32\ANIWZCSUSERNAME{337A570C-2A59-4E67-89B1-99ECC47A12C7}
2014-01-20 08:00 - 2012-12-28 11:55 - 00000282 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-861567501-1532298954-725345543-1006.job
2014-01-20 08:00 - 2012-12-28 11:55 - 00000274 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-861567501-1532298954-725345543-1006.job
2014-01-20 08:00 - 2012-10-11 21:32 - 00000274 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-861567501-1532298954-725345543-1006.job
2014-01-20 08:00 - 2006-07-25 05:39 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-20 08:00 - 2006-07-25 05:39 - 00000049 _____ C:\WINDOWS\wiaservc.log
2014-01-20 08:00 - 2003-07-16 11:46 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-20 07:59 - 2013-12-02 22:56 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ceefdb9fbd5fac.job
2014-01-20 07:59 - 2013-07-19 11:26 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ce849cc14a702e.job
2014-01-20 07:59 - 2013-01-03 23:25 - 00000296 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-861567501-1532298954-725345543-1006.job
2014-01-20 07:59 - 2010-04-26 13:01 - 00000276 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-861567501-1532298954-725345543-1004.job
2014-01-20 07:59 - 2006-07-25 12:44 - 00032640 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-20 07:59 - 2006-07-25 12:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-20 00:46 - 2012-10-11 19:21 - 00000178 ___SH C:\Documents and Settings\Ron\ntuser.ini
2014-01-19 23:42 - 2012-10-12 07:32 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Attachments
2014-01-19 22:48 - 2014-01-19 22:52 - 00688992 ____R (Swearware) C:\Documents and Settings\Ron\Desktop\dds.com
2014-01-19 22:28 - 2012-10-11 19:21 - 00000000 ____D C:\Documents and Settings\Ron
2014-01-19 03:49 - 2006-10-14 09:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB922819$
2014-01-19 01:33 - 2013-01-03 23:25 - 00000304 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-861567501-1532298954-725345543-1006.job
2014-01-19 00:34 - 2013-05-15 08:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820197$
2014-01-18 23:25 - 2013-01-03 23:25 - 00000322 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-861567501-1532298954-725345543-1006.job
2014-01-18 11:26 - 2012-10-14 14:04 - 00000658 _____ C:\Documents and Settings\Ron\Desktop\Dictionary.url
2014-01-16 23:21 - 2014-01-16 19:09 - 00000000 ____D C:\Documents and Settings\Ron\Local Settings\Application Data\SecondLife
2014-01-16 19:42 - 2014-01-15 21:57 - 00000000 ____D C:\Program Files\SecondLifeViewer
2014-01-16 19:12 - 2014-01-16 19:09 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\SecondLife
2014-01-16 19:11 - 2014-01-16 19:11 - 00000000 _____ C:\conversation.log
2014-01-16 19:08 - 2012-10-11 19:41 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\Skype
2014-01-16 18:00 - 2013-04-06 18:21 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-01-16 11:03 - 2013-07-19 11:19 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-01-16 01:04 - 2008-04-09 08:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB945553$
2014-01-15 21:59 - 2014-01-15 21:59 - 00000828 _____ C:\Documents and Settings\All Users\Desktop\Second Life Viewer.lnk
2014-01-15 21:59 - 2014-01-15 21:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Second Life Viewer
2014-01-15 14:17 - 2012-10-13 11:32 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2014-01-15 13:36 - 2013-08-15 01:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-15 13:30 - 2014-01-15 13:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 13:30 - 2006-07-25 16:50 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-13 18:30 - 2010-04-26 13:01 - 00000284 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-1532298954-725345543-1004.job
2014-01-12 23:42 - 2014-01-12 23:42 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Comodo Log Files
2014-01-10 11:47 - 2012-10-11 21:32 - 00000282 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-1532298954-725345543-1006.job
2014-01-07 12:37 - 2012-10-11 22:47 - 00002497 _____ C:\Documents and Settings\Ron\Desktop\MS Word 2003.lnk
2013-12-22 10:33 - 2012-10-11 18:11 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-22 10:33 - 2011-06-29 09:49 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

ZeroAccess:
C:\RECYCLER\S-1-5-21-861567501-1532298954-725345543-1006\$420ec18978986ba67daf62dfe8c48ea8

Some content of TEMP:
====================
C:\Documents and Settings\Ron\Local Settings\Temp\lvvcbcmbqgywjcoyarx.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
NinaB
Regular Member
 
Posts: 30
Joined: January 25th, 2006, 10:46 am
Location: Ontario

Re: Rootkit.0Access, Trojan.FakeMS and more

Unread postby NinaB » January 20th, 2014, 10:15 am

Here is Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2014 04
Ran by Ron at 2014-01-20 08:54:08
Running from C:\Documents and Settings\Ron\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: COMODO Antivirus (Disabled - Up to date) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall (Disabled) {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612 - Adobe Systems, Inc.)
Alt-Latin (Version: 1.0.3.13 - Kino)
Amazon Kindle (Version: - Amazon)
Before You Know It 3.6 Lite (Version: 3.6 - Transparent Language, Inc.)
CCleaner (Version: 4.07 - Piriform)
COMODO Internet Security (Version: 5.0.31564.1135 - COMODO Group Inc.)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
CPUID CPU-Z 1.60 (Version: - )
Critical Update for Windows Media Player 11 (KB959772) (Version: - Microsoft Corporation)
CuteFTP 8 Home (Version: 8.0.4 - GlobalSCAPE)
Dell Driver Reset Tool (Version: 1.02.0000 - Dell Inc.)
D-Link DWA-125 (Version: - D-Link)
DriverUpdate (Version: 2.2.30452 - SlimWare Utilities, Inc.)
ERUNT 1.1j (Version: - Lars Hederer)
Eudora (Version: 7.0 - )
Express Burn (Version: - NCH Software)
Express Rip (Version: - NCH Software)
Goddess_Live Toolbar (Version: - )
Google Chrome (Version: 32.0.1700.76 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
HijackThis 2.0.2 (Version: 2.0.2 - TrendMicro)
HP Memories Disc (Version: 1.0.4.805 - Hewlett-Packard Company)
HP OrderReminder (Version: 2.1 - )
HP Photo and Imaging 2.0 - All-in-One (Version: 1.10.0000 - Hewlett-Packard Company) Hidden
HP Photo and Imaging 2.0 - All-in-One Drivers (Version: 1.10.0000 - Hewlett-Packard Company) Hidden
HP Photo and Imaging 2.0 - hp psc 1200 series (Version: - )
hp psc 1200 series (Version: 1.10.0000 - Hewlett-Packard Company) Hidden
hpg4850QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
HTML Help Workshop (Version: - )
Intel(R) Network Connections (Version: 13.1.0.0 - Intel)
Java 7 Update 7 (Version: 7.0.70 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
LaserJet 1018 (Version: - )
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft IntelliPoint 6.2 (Version: 6.20.182.0 - Microsoft)
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSM2MSI_gstudio (Version: 2.0 - Pantaray)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Windows 2000/XP Display Drivers (Version: - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Plan3D (Version: 1.0.43 - Plan3D)
PowerDVD (Version: - )
Radio365 (Version: 2.2.0.5 - Live365, Inc.)
RealDownloader (Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recordpad (Version: - NCH Swift Sound)
SecondLifeViewer (remove only) (Version: - )
Skype Click to Call (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.3 (Version: 6.3.105 - Skype Technologies S.A.)
Sound Blaster Audigy 2 (Version: - )
Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster v3.5.1 (Version: 3.5.1 - Javacool Software LLC)
StarMessage Screen Saver (Version: - )
StarMessage Special Edition Screen Saver (Version: - )
Switch Sound File Converter (Version: - NCH Software)
Symantec KB-DocID:2003093015493306 (Version: 1.0.0.1 - Symantec Corporation) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
VLC media player 1.1.11 (Version: 1.1.11 - VideoLAN)
WavePad Sound Editor (Version: - NCH Software)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.5.0530.0 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20061107.210142 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (Version: 4.01.0 - win.rar GmbH)
WinZip (Version: 10.0 (6685) - WinZip Computing LP)
WOT for Internet Explorer (Version: 11.9.28.0 - WOT Services Oy)
ZillaTube 4.8 (Version: 4.8 - ZillaTube, Inc.)

==================== Restore Points =========================

22-10-2013 22:18:39 System Checkpoint
23-10-2013 22:56:55 System Checkpoint
24-10-2013 23:55:41 System Checkpoint
26-10-2013 00:28:41 System Checkpoint
27-10-2013 01:14:40 System Checkpoint
28-10-2013 02:16:14 System Checkpoint
29-10-2013 02:21:18 System Checkpoint
30-10-2013 03:04:48 System Checkpoint
31-10-2013 03:07:59 System Checkpoint
01-11-2013 03:26:22 System Checkpoint
02-11-2013 04:25:42 System Checkpoint
03-11-2013 04:39:08 System Checkpoint
04-11-2013 05:32:10 System Checkpoint
05-11-2013 06:05:48 System Checkpoint
06-11-2013 06:09:00 System Checkpoint
07-11-2013 06:27:43 System Checkpoint
08-11-2013 20:10:22 System Checkpoint
09-11-2013 23:04:07 System Checkpoint
10-11-2013 23:44:21 System Checkpoint
12-11-2013 00:21:51 System Checkpoint
13-11-2013 02:51:47 System Checkpoint
14-11-2013 03:43:42 System Checkpoint
15-11-2013 04:18:21 System Checkpoint
16-11-2013 04:25:18 System Checkpoint
17-11-2013 05:09:09 System Checkpoint
18-11-2013 05:30:14 System Checkpoint
19-11-2013 06:21:06 System Checkpoint
20-11-2013 06:24:55 System Checkpoint
21-11-2013 20:46:48 System Checkpoint
22-11-2013 23:23:19 System Checkpoint
23-11-2013 23:31:06 System Checkpoint
25-11-2013 03:24:36 System Checkpoint
26-11-2013 04:23:14 System Checkpoint
27-11-2013 04:34:01 System Checkpoint
28-11-2013 05:08:07 System Checkpoint
29-11-2013 06:14:10 System Checkpoint
30-11-2013 07:06:43 System Checkpoint
01-12-2013 07:16:14 System Checkpoint
02-12-2013 23:19:43 System Checkpoint
03-12-2013 23:21:29 System Checkpoint
05-12-2013 01:42:34 System Checkpoint
06-12-2013 04:44:32 System Checkpoint
07-12-2013 04:50:50 System Checkpoint
08-12-2013 05:14:20 System Checkpoint
09-12-2013 05:40:30 System Checkpoint
10-12-2013 06:53:07 System Checkpoint
11-12-2013 22:58:11 System Checkpoint
12-12-2013 23:33:46 System Checkpoint
14-12-2013 00:06:35 System Checkpoint
15-12-2013 00:12:33 System Checkpoint
16-12-2013 00:23:29 System Checkpoint
17-12-2013 01:12:44 System Checkpoint
18-12-2013 02:49:54 System Checkpoint
19-12-2013 03:31:28 System Checkpoint
20-12-2013 05:06:46 System Checkpoint
21-12-2013 05:27:40 System Checkpoint
22-12-2013 06:25:54 System Checkpoint
23-12-2013 17:21:28 System Checkpoint
24-12-2013 17:59:32 System Checkpoint
25-12-2013 18:07:12 System Checkpoint
26-12-2013 19:46:45 System Checkpoint
27-12-2013 20:01:31 System Checkpoint
28-12-2013 22:32:05 System Checkpoint
29-12-2013 23:39:36 System Checkpoint
31-12-2013 01:40:45 System Checkpoint
01-01-2014 02:18:59 System Checkpoint
02-01-2014 04:46:34 System Checkpoint
03-01-2014 05:25:43 System Checkpoint
04-01-2014 05:54:26 System Checkpoint
05-01-2014 16:51:47 System Checkpoint
06-01-2014 17:44:47 System Checkpoint
07-01-2014 18:13:18 System Checkpoint
08-01-2014 19:45:09 System Checkpoint
09-01-2014 20:01:20 System Checkpoint
10-01-2014 23:21:12 System Checkpoint
11-01-2014 23:31:57 System Checkpoint
12-01-2014 23:37:23 System Checkpoint
13-01-2014 23:39:32 System Checkpoint
15-01-2014 02:29:46 System Checkpoint
16-01-2014 03:29:42 System Checkpoint
17-01-2014 04:36:37 System Checkpoint
18-01-2014 05:14:47 System Checkpoint
19-01-2014 05:30:23 System Checkpoint

==================== Hosts content: ==========================

2003-07-16 11:23 - 2010-09-23 20:02 - 00416129 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 1800searchonline.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1350060236.job => C:\Program Files\HP\Digital Imaging\Bin\hpqfrucl.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ce849cc14a702e.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ceefdb9fbd5fac.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-861567501-1532298954-725345543-1006.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-861567501-1532298954-725345543-1006.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-861567501-1532298954-725345543-1006.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-861567501-1532298954-725345543-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-861567501-1532298954-725345543-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-861567501-1532298954-725345543-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-861567501-1532298954-725345543-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-1532298954-725345543-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-1532298954-725345543-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{10F937A0-76A6-444E-A646-B3B467BB5D82}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2011-10-21 08:16 - 2012-10-04 19:33 - 00070352 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2011-07-23 08:48 - 2011-05-28 21:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2013-03-30 21:15 - 2013-03-30 21:15 - 00315392 _____ () C:\WINDOWS\system32\ANPDApi.dll
2013-03-30 21:14 - 2010-05-13 09:58 - 00294912 _____ () C:\Program Files\D-Link\DWA-125 revA\WlanApp.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:57176330
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5CE91C67
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5D10C56A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:64170090
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8B157BEF
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:92EDCBF3
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:971DCCE2
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A774141A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:ADFAD95A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CC6A54A8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:FEF0DEE7

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel(R) PRO/100 VE Network Connection
Description: Intel(R) PRO/100 VE Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: E100B
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/20/2014 08:00:01 AM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (01/19/2014 11:16:21 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (01/19/2014 10:35:02 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (01/19/2014 11:28:14 AM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (01/19/2014 03:49:47 AM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (01/19/2014 00:35:30 AM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (01/18/2014 05:34:54 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (01/18/2014 10:30:31 AM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (01/17/2014 00:08:28 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (01/16/2014 10:54:28 AM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.


System errors:
=============
Error: (01/20/2014 08:01:27 AM) (Source: Service Control Manager) (User: )
Description: The Wireless Lan NDIS Protocol I/O Control service failed to start due to the following error:
%%2

Error: (01/19/2014 11:17:45 PM) (Source: Service Control Manager) (User: )
Description: The Wireless Lan NDIS Protocol I/O Control service failed to start due to the following error:
%%2

Error: (01/19/2014 10:36:24 PM) (Source: Service Control Manager) (User: )
Description: The Wireless Lan NDIS Protocol I/O Control service failed to start due to the following error:
%%2

Error: (01/19/2014 11:29:40 AM) (Source: Service Control Manager) (User: )
Description: The Wireless Lan NDIS Protocol I/O Control service failed to start due to the following error:
%%2

Error: (01/19/2014 03:51:08 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ppa

Error: (01/19/2014 03:51:08 AM) (Source: Service Control Manager) (User: )
Description: The Wireless Lan NDIS Protocol I/O Control service failed to start due to the following error:
%%2

Error: (01/19/2014 00:36:56 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ppa

Error: (01/19/2014 00:36:56 AM) (Source: Service Control Manager) (User: )
Description: The Wireless Lan NDIS Protocol I/O Control service failed to start due to the following error:
%%2

Error: (01/19/2014 00:35:31 AM) (Source: Print) (User: NT AUTHORITY)
Description: Sharing printer failed + 1722, Printer hp psc 1200 series share name hppsc120.

Error: (01/18/2014 05:36:18 PM) (Source: Service Control Manager) (User: )
Description: The Wireless Lan NDIS Protocol I/O Control service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (01/20/2014 08:00:01 AM) (Source: SecurityCenter)(User: )
Description:

Error: (01/19/2014 11:16:21 PM) (Source: SecurityCenter)(User: )
Description:

Error: (01/19/2014 10:35:02 PM) (Source: SecurityCenter)(User: )
Description:

Error: (01/19/2014 11:28:14 AM) (Source: SecurityCenter)(User: )
Description:

Error: (01/19/2014 03:49:47 AM) (Source: SecurityCenter)(User: )
Description:

Error: (01/19/2014 00:35:30 AM) (Source: SecurityCenter)(User: )
Description:

Error: (01/18/2014 05:34:54 PM) (Source: SecurityCenter)(User: )
Description:

Error: (01/18/2014 10:30:31 AM) (Source: SecurityCenter)(User: )
Description:

Error: (01/17/2014 00:08:28 PM) (Source: SecurityCenter)(User: )
Description:

Error: (01/16/2014 10:54:28 AM) (Source: SecurityCenter)(User: )
Description:


==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 2559 MB
Available physical RAM: 1690.66 MB
Total Pagefile: 4452.37 MB
Available Pagefile: 3637.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.5 GB) (Free:28.35 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (STORAGE) (Removable) (Total:15.01 GB) (Free:14.94 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 9DC96E9E)
Partition 1: (Active) - (Size=74 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0B)

==================== End Of Log ============================
NinaB
Regular Member
 
Posts: 30
Joined: January 25th, 2006, 10:46 am
Location: Ontario

Re: Rootkit.0Access, Trojan.FakeMS and more

Unread postby NinaB » January 20th, 2014, 10:17 am

Here is the TDSSKiller log:

09:04:50.0953 1348 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:04:52.0968 1348 ============================================================
09:04:52.0968 1348 Current date / time: 2014/01/20 09:04:52.0968
09:04:52.0968 1348 SystemInfo:
09:04:52.0968 1348
09:04:52.0968 1348 OS Version: 5.1.2600 ServicePack: 3.0
09:04:52.0968 1348 Product type: Workstation
09:04:52.0968 1348 ComputerName: RON2
09:04:52.0968 1348 UserName: Ron
09:04:52.0968 1348 Windows directory: C:\WINDOWS
09:04:52.0968 1348 System windows directory: C:\WINDOWS
09:04:52.0968 1348 Processor architecture: Intel x86
09:04:52.0968 1348 Number of processors: 2
09:04:52.0968 1348 Page size: 0x1000
09:04:52.0968 1348 Boot type: Normal boot
09:04:52.0968 1348 ============================================================
09:04:54.0765 1348 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:04:54.0781 1348 Drive \Device\Harddisk1\DR4 - Size: 0x3C1800000 (15.02 Gb), SectorSize: 0x200, Cylinders: 0x7A9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:04:54.0781 1348 ============================================================
09:04:54.0781 1348 \Device\Harddisk0\DR0:
09:04:54.0781 1348 MBR partitions:
09:04:54.0781 1348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
09:04:54.0781 1348 \Device\Harddisk1\DR4:
09:04:54.0781 1348 MBR partitions:
09:04:54.0781 1348 \Device\Harddisk1\DR4\Partition1: MBR, Type 0xB, StartLBA 0x800, BlocksNum 0x1E0B800
09:04:54.0781 1348 ============================================================
09:04:54.0828 1348 C: <-> \Device\Harddisk0\DR0\Partition1
09:04:54.0828 1348 ============================================================
09:04:54.0828 1348 Initialize success
09:04:54.0828 1348 ============================================================
09:05:25.0406 2332 ============================================================
09:05:25.0406 2332 Scan started
09:05:25.0406 2332 Mode: Manual;
09:05:25.0406 2332 ============================================================
09:05:26.0703 2332 ================ Scan system memory ========================
09:05:26.0703 2332 System memory - ok
09:05:26.0703 2332 ================ Scan services =============================
09:05:26.0828 2332 Abiosdsk - ok
09:05:26.0828 2332 abp480n5 - ok
09:05:26.0875 2332 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:05:26.0875 2332 ACPI - ok
09:05:26.0906 2332 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
09:05:26.0906 2332 ACPIEC - ok
09:05:27.0000 2332 [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:05:27.0000 2332 AdobeFlashPlayerUpdateSvc - ok
09:05:27.0015 2332 adpu160m - ok
09:05:27.0046 2332 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:05:27.0046 2332 aec - ok
09:05:27.0093 2332 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
09:05:27.0093 2332 AFD - ok
09:05:27.0140 2332 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
09:05:27.0250 2332 AFS2K - ok
09:05:27.0296 2332 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
09:05:27.0296 2332 agp440 - ok
09:05:27.0296 2332 Aha154x - ok
09:05:27.0312 2332 aic78u2 - ok
09:05:27.0328 2332 aic78xx - ok
09:05:27.0359 2332 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
09:05:27.0359 2332 Alerter - ok
09:05:27.0406 2332 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
09:05:27.0406 2332 ALG - ok
09:05:27.0421 2332 AliIde - ok
09:05:27.0421 2332 Amfilter - ok
09:05:27.0437 2332 amsint - ok
09:05:27.0437 2332 Amusbprt - ok
09:05:27.0500 2332 [ D33B28D9ED695CCF9520D70D825F9D85 ] ANPD C:\WINDOWS\system32\ANPD.sys
09:05:27.0578 2332 ANPD - ok
09:05:27.0625 2332 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
09:05:27.0625 2332 AppMgmt - ok
09:05:27.0640 2332 Arfumftr - ok
09:05:27.0656 2332 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:05:27.0656 2332 Arp1394 - ok
09:05:27.0656 2332 asc - ok
09:05:27.0671 2332 asc3350p - ok
09:05:27.0671 2332 asc3550 - ok
09:05:27.0812 2332 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:05:27.0828 2332 aspnet_state - ok
09:05:27.0859 2332 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:05:27.0859 2332 AsyncMac - ok
09:05:27.0906 2332 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
09:05:27.0906 2332 atapi - ok
09:05:27.0921 2332 Atdisk - ok
09:05:27.0953 2332 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:05:27.0953 2332 Atmarpc - ok
09:05:28.0000 2332 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:05:28.0000 2332 AudioSrv - ok
09:05:28.0046 2332 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:05:28.0046 2332 audstub - ok
09:05:28.0093 2332 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:05:28.0093 2332 Beep - ok
09:05:28.0156 2332 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
09:05:28.0171 2332 BITS - ok
09:05:28.0218 2332 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
09:05:28.0296 2332 Browser - ok
09:05:28.0328 2332 [ C915A416F265149471D74E0815C928B2 ] bvrp_pci C:\WINDOWS\system32\drivers\bvrp_pci.sys
09:05:28.0406 2332 bvrp_pci - ok
09:05:28.0421 2332 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:05:28.0437 2332 cbidf2k - ok
09:05:28.0437 2332 cd20xrnt - ok
09:05:28.0484 2332 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:05:28.0484 2332 Cdaudio - ok
09:05:28.0515 2332 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:05:28.0515 2332 Cdfs - ok
09:05:28.0531 2332 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:05:28.0531 2332 Cdrom - ok
09:05:28.0546 2332 Changer - ok
09:05:28.0578 2332 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
09:05:28.0593 2332 CiSvc - ok
09:05:28.0609 2332 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:05:28.0609 2332 ClipSrv - ok
09:05:28.0640 2332 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:05:28.0750 2332 clr_optimization_v2.0.50727_32 - ok
09:05:28.0812 2332 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:05:28.0812 2332 clr_optimization_v4.0.30319_32 - ok
09:05:29.0000 2332 [ 2A2D72271844C52F004901A60312B96A ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
09:05:29.0015 2332 cmdAgent - ok
09:05:29.0062 2332 [ 26F9E72754B2DBC53977E92B647A6ABA ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
09:05:29.0171 2332 cmderd - ok
09:05:29.0234 2332 [ 9181CC4D007ADBE21DB9A11BFECAFEF5 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
09:05:29.0359 2332 cmdGuard - ok
09:05:29.0375 2332 [ C5A9FB50E8CA7FD99F256255FEE71580 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
09:05:29.0453 2332 cmdHlp - ok
09:05:29.0468 2332 CmdIde - ok
09:05:29.0468 2332 COMMONFX - ok
09:05:29.0515 2332 [ 1EF05B641E9A67DED74AC8AD40055DBF ] COMMONFX.DLL C:\WINDOWS\system32\COMMONFX.DLL
09:05:29.0593 2332 COMMONFX.DLL - ok
09:05:29.0609 2332 COMMONFX.SYS - ok
09:05:29.0609 2332 COMSysApp - ok
09:05:29.0625 2332 Cpqarray - ok
09:05:29.0656 2332 [ 3411FDF098AA20193EEE5FFA36BA43B2 ] cpuz135 C:\WINDOWS\system32\drivers\cpuz135_x32.sys
09:05:29.0656 2332 cpuz135 - ok
09:05:29.0703 2332 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\System32\CTSvcCDA.EXE
09:05:29.0718 2332 Creative Service for CDROM Access - ok
09:05:29.0750 2332 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:05:29.0750 2332 CryptSvc - ok
09:05:29.0781 2332 [ 6191A973461852A09D643609E1D5F7C6 ] CT20XUT.DLL C:\WINDOWS\system32\CT20XUT.DLL
09:05:29.0890 2332 CT20XUT.DLL - ok
09:05:29.0968 2332 [ 8AC5F77E30E37D2D11BD99EFF0C53D8C ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys
09:05:30.0062 2332 ctac32k - ok
09:05:30.0109 2332 [ 673241D314E932F4890509AE8EBF26DB ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys
09:05:30.0234 2332 ctaud2k - ok
09:05:30.0250 2332 CTAUDFX - ok
09:05:30.0281 2332 [ 472B82D7E549E7FAB428852E4D16F21D ] CTAUDFX.DLL C:\WINDOWS\system32\CTAUDFX.DLL
09:05:30.0375 2332 CTAUDFX.DLL - ok
09:05:30.0390 2332 CTAUDFX.SYS - ok
09:05:30.0437 2332 [ ED316D4C3D39C5B6C23DE067E275C183 ] ctdvda2k C:\WINDOWS\system32\drivers\ctdvda2k.sys
09:05:30.0531 2332 ctdvda2k - ok
09:05:30.0562 2332 [ 6A57F82009563AEE8826F117E1D3C72C ] CTEAPSFX.DLL C:\WINDOWS\system32\CTEAPSFX.DLL
09:05:30.0671 2332 CTEAPSFX.DLL - ok
09:05:30.0703 2332 [ C8AC1FFAEADD655193D7B1811A572D8D ] CTEDSPFX.DLL C:\WINDOWS\system32\CTEDSPFX.DLL
09:05:30.0796 2332 CTEDSPFX.DLL - ok
09:05:30.0859 2332 [ 44495D9DAF675257D00B25B041EE6667 ] CTEDSPIO.DLL C:\WINDOWS\system32\CTEDSPIO.DLL
09:05:30.0953 2332 CTEDSPIO.DLL - ok
09:05:31.0000 2332 [ 8E90B1762CB42E2FC76DAC9210C83C66 ] CTEDSPSY.DLL C:\WINDOWS\system32\CTEDSPSY.DLL
09:05:31.0093 2332 CTEDSPSY.DLL - ok
09:05:31.0093 2332 CTERFXFX - ok
09:05:31.0125 2332 [ D3FBD9983325435B06795F29CB57ED3D ] CTERFXFX.DLL C:\WINDOWS\system32\CTERFXFX.DLL
09:05:31.0218 2332 CTERFXFX.DLL - ok
09:05:31.0234 2332 CTERFXFX.SYS - ok
09:05:31.0296 2332 [ 2C48E9D8CA703964463F27AE341115B7 ] CTEXFIFX.DLL C:\WINDOWS\system32\CTEXFIFX.DLL
09:05:31.0406 2332 CTEXFIFX.DLL - ok
09:05:31.0453 2332 [ F7657C598E7C29C6683C1E4A8DD68884 ] CTHWIUT.DLL C:\WINDOWS\system32\CTHWIUT.DLL
09:05:31.0531 2332 CTHWIUT.DLL - ok
09:05:31.0562 2332 [ 34E7F8A499FD8361DF14FEDB724C0AD3 ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys
09:05:31.0671 2332 ctprxy2k - ok
09:05:31.0671 2332 CTSBLFX - ok
09:05:31.0703 2332 [ 679AE21EB7F48A08184813AEBABDEC7C ] CTSBLFX.DLL C:\WINDOWS\system32\CTSBLFX.DLL
09:05:31.0812 2332 CTSBLFX.DLL - ok
09:05:31.0828 2332 CTSBLFX.SYS - ok
09:05:31.0843 2332 [ 32098497CB4DFE9EA7660FA62DD91060 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys
09:05:31.0921 2332 ctsfm2k - ok
09:05:31.0937 2332 dac2w2k - ok
09:05:31.0937 2332 dac960nt - ok
09:05:31.0984 2332 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:05:32.0000 2332 DcomLaunch - ok
09:05:32.0031 2332 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:05:32.0031 2332 Dhcp - ok
09:05:32.0062 2332 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:05:32.0062 2332 Disk - ok
09:05:32.0078 2332 dmadmin - ok
09:05:32.0125 2332 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:05:32.0140 2332 dmboot - ok
09:05:32.0171 2332 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:05:32.0187 2332 dmio - ok
09:05:32.0218 2332 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:05:32.0218 2332 dmload - ok
09:05:32.0250 2332 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
09:05:32.0250 2332 dmserver - ok
09:05:32.0281 2332 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:05:32.0281 2332 DMusic - ok
09:05:32.0312 2332 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:05:32.0312 2332 Dnscache - ok
09:05:32.0359 2332 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
09:05:32.0359 2332 Dot3svc - ok
09:05:32.0359 2332 dpti2o - ok
09:05:32.0406 2332 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:05:32.0406 2332 drmkaud - ok
09:05:32.0515 2332 [ F195FBC375342BD25C936982245A8FB0 ] D_Link_DWA-125 C:\Program Files\D-Link\DWA-125 revA\ANIWZCSdS.exe
09:05:32.0625 2332 D_Link_DWA-125 - ok
09:05:32.0671 2332 [ C062A2B158ED9C643D24F8E33A607C9F ] D_Link_DWA-125_WPS C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe
09:05:32.0781 2332 D_Link_DWA-125_WPS - ok
09:05:32.0812 2332 [ AC9CF17EE2AE003C98EB4F5336C38058 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:05:32.0812 2332 E100B - ok
09:05:32.0859 2332 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
09:05:32.0859 2332 EapHost - ok
09:05:32.0906 2332 [ 2885F72D2DAFFD0329272F12E16D6579 ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys
09:05:32.0984 2332 emupia - ok
09:05:33.0015 2332 [ F9472131367D39435D750F5FA3D23582 ] Eplpdx02 C:\WINDOWS\system32\Drivers\EPLPDX02.SYS
09:05:33.0093 2332 Eplpdx02 - ok
09:05:33.0140 2332 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:05:33.0140 2332 ERSvc - ok
09:05:33.0187 2332 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
09:05:33.0203 2332 Eventlog - ok
09:05:33.0250 2332 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
09:05:33.0265 2332 EventSystem - ok
09:05:33.0296 2332 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:05:33.0296 2332 Fastfat - ok
09:05:33.0343 2332 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:05:33.0359 2332 FastUserSwitchingCompatibility - ok
09:05:33.0375 2332 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
09:05:33.0375 2332 Fdc - ok
09:05:33.0390 2332 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:05:33.0390 2332 Fips - ok
09:05:33.0453 2332 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:05:33.0468 2332 FLEXnet Licensing Service - ok
09:05:33.0484 2332 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:05:33.0484 2332 Flpydisk - ok
09:05:33.0515 2332 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
09:05:33.0531 2332 FltMgr - ok
09:05:33.0578 2332 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:05:33.0593 2332 FontCache3.0.0.0 - ok
09:05:33.0625 2332 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:05:33.0625 2332 Fs_Rec - ok
09:05:33.0640 2332 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:05:33.0640 2332 Ftdisk - ok
09:05:33.0656 2332 GEARAspiWDM - ok
09:05:33.0687 2332 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:05:33.0687 2332 Gpc - ok
09:05:33.0734 2332 [ FC80052194D5708254A346568F0E77C0 ] GTNDIS5 C:\WINDOWS\system32\GTNDIS5.SYS
09:05:33.0812 2332 GTNDIS5 - ok
09:05:33.0921 2332 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:05:33.0921 2332 gupdate - ok
09:05:33.0937 2332 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:05:33.0937 2332 gupdatem - ok
09:05:33.0984 2332 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:05:33.0984 2332 gusvc - ok
09:05:34.0031 2332 [ DA2C735B66D2E7B739F9A46146581A9D ] ha10kx2k C:\WINDOWS\system32\drivers\ha10kx2k.sys
09:05:34.0187 2332 ha10kx2k - ok
09:05:34.0203 2332 [ 5C7D6D68796E4621B4168C879908DAE0 ] hap16v2k C:\WINDOWS\system32\drivers\hap16v2k.sys
09:05:34.0296 2332 hap16v2k - ok
09:05:34.0328 2332 [ A595B88AD16D8B5693DDF08113CAF30E ] hap17v2k C:\WINDOWS\system32\drivers\hap17v2k.sys
09:05:34.0421 2332 hap17v2k - ok
09:05:34.0484 2332 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:05:34.0484 2332 helpsvc - ok
09:05:34.0546 2332 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
09:05:34.0546 2332 HidServ - ok
09:05:34.0593 2332 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:05:34.0593 2332 hidusb - ok
09:05:34.0640 2332 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
09:05:34.0640 2332 hkmsvc - ok
09:05:34.0640 2332 hpn - ok
09:05:34.0671 2332 [ 863CC3A82C63C9F60ACF2E85D5310620 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:05:34.0765 2332 HPZid412 - ok
09:05:34.0781 2332 [ 08CB72E95DD75B61F2966B311D0E4366 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:05:34.0843 2332 HPZipr12 - ok
09:05:34.0859 2332 [ CA990306ED4EF732AF9695BFF24FC96F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:05:34.0937 2332 HPZius12 - ok
09:05:34.0984 2332 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:05:34.0984 2332 HTTP - ok
09:05:35.0031 2332 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:05:35.0031 2332 HTTPFilter - ok
09:05:35.0062 2332 [ 448BB2FE30F1DDE9EAA4F0E87B52B687 ] hwinterface C:\WINDOWS\system32\Drivers\hwinterface.sys
09:05:35.0171 2332 hwinterface - ok
09:05:35.0171 2332 i2omgmt - ok
09:05:35.0187 2332 i2omp - ok
09:05:35.0218 2332 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:05:35.0218 2332 i8042prt - ok
09:05:35.0265 2332 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:05:35.0281 2332 IDriverT - ok
09:05:35.0328 2332 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:05:35.0343 2332 idsvc - ok
09:05:35.0390 2332 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:05:35.0390 2332 Imapi - ok
09:05:35.0437 2332 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
09:05:35.0437 2332 ImapiService - ok
09:05:35.0453 2332 ini910u - ok
09:05:35.0500 2332 [ E1DF634BEC066B3D4FFE437BCB78C282 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
09:05:35.0578 2332 Inspect - ok
09:05:35.0578 2332 IntelIde - ok
09:05:35.0625 2332 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:05:35.0625 2332 intelppm - ok
09:05:35.0656 2332 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
09:05:35.0656 2332 ip6fw - ok
09:05:35.0687 2332 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:05:35.0687 2332 IpFilterDriver - ok
09:05:35.0703 2332 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:05:35.0703 2332 IpInIp - ok
09:05:35.0750 2332 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:05:35.0750 2332 IpNat - ok
09:05:35.0765 2332 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:05:35.0765 2332 IPSec - ok
09:05:35.0796 2332 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:05:35.0796 2332 IRENUM - ok
09:05:35.0843 2332 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:05:35.0843 2332 isapnp - ok
09:05:35.0984 2332 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
09:05:35.0984 2332 JavaQuickStarterService - ok
09:05:36.0031 2332 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:05:36.0046 2332 Kbdclass - ok
09:05:36.0078 2332 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:05:36.0078 2332 kbdhid - ok
09:05:36.0125 2332 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:05:36.0140 2332 kmixer - ok
09:05:36.0187 2332 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:05:36.0187 2332 KSecDD - ok
09:05:36.0250 2332 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
09:05:36.0343 2332 lanmanserver - ok
09:05:36.0390 2332 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:05:36.0406 2332 lanmanworkstation - ok
09:05:36.0406 2332 lbrtfdc - ok
09:05:36.0453 2332 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:05:36.0453 2332 LmHosts - ok
09:05:36.0500 2332 [ B8EAC4507EB4655377B1E094FCE7F12E ] Macromedia Licensing Service C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
09:05:36.0593 2332 Macromedia Licensing Service - ok
09:05:36.0640 2332 [ 5BB01B9F582259D1FB7653C5C1DA3653 ] MCSTRM C:\WINDOWS\system32\drivers\MCSTRM.sys
09:05:36.0734 2332 MCSTRM - ok
09:05:36.0765 2332 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
09:05:36.0781 2332 Messenger - ok
09:05:36.0812 2332 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:05:36.0812 2332 mnmdd - ok
09:05:36.0843 2332 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
09:05:36.0859 2332 mnmsrvc - ok
09:05:36.0890 2332 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:05:36.0906 2332 Modem - ok
09:05:36.0921 2332 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
09:05:36.0937 2332 MODEMCSA - ok
09:05:36.0984 2332 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:05:36.0984 2332 Mouclass - ok
09:05:37.0015 2332 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:05:37.0015 2332 mouhid - ok
09:05:37.0046 2332 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:05:37.0046 2332 MountMgr - ok
09:05:37.0125 2332 [ 3B9398E0146855B1DC0E3D9769C80F01 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:05:37.0125 2332 MozillaMaintenance - ok
09:05:37.0125 2332 mraid35x - ok
09:05:37.0140 2332 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:05:37.0156 2332 MRxDAV - ok
09:05:37.0203 2332 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:05:37.0218 2332 MRxSmb - ok
09:05:37.0250 2332 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
09:05:37.0265 2332 MSDTC - ok
09:05:37.0296 2332 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:05:37.0296 2332 Msfs - ok
09:05:37.0296 2332 MSIServer - ok
09:05:37.0328 2332 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:05:37.0343 2332 MSKSSRV - ok
09:05:37.0343 2332 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:05:37.0343 2332 MSPCLOCK - ok
09:05:37.0359 2332 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:05:37.0359 2332 MSPQM - ok
09:05:37.0390 2332 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:05:37.0390 2332 mssmbios - ok
09:05:37.0437 2332 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:05:37.0531 2332 Mup - ok
09:05:37.0578 2332 [ 03CA886BA148B6B9996BE1368DDC3FC0 ] NAL C:\WINDOWS\system32\Drivers\iqvw32.sys
09:05:37.0671 2332 NAL - ok
09:05:37.0718 2332 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
09:05:37.0734 2332 napagent - ok
09:05:37.0781 2332 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:05:37.0781 2332 NDIS - ok
09:05:37.0812 2332 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:05:37.0812 2332 NdisTapi - ok
09:05:37.0828 2332 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:05:37.0828 2332 Ndisuio - ok
09:05:37.0859 2332 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:05:37.0859 2332 NdisWan - ok
09:05:37.0921 2332 [ 2F597BB467E05B1FE3830EABD821B8E0 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:05:38.0000 2332 NDProxy - ok
09:05:38.0031 2332 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
09:05:38.0031 2332 NetBIOS - ok
09:05:38.0046 2332 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:05:38.0062 2332 NetBT - ok
09:05:38.0093 2332 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
09:05:38.0109 2332 NetDDE - ok
09:05:38.0109 2332 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:05:38.0109 2332 NetDDEdsdm - ok
09:05:38.0156 2332 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
09:05:38.0156 2332 Netlogon - ok
09:05:38.0187 2332 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
09:05:38.0187 2332 Netman - ok
09:05:38.0234 2332 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:05:38.0234 2332 NetTcpPortSharing - ok
09:05:38.0281 2332 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:05:38.0281 2332 NIC1394 - ok
09:05:38.0312 2332 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
09:05:38.0328 2332 Nla - ok
09:05:38.0328 2332 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:05:38.0343 2332 Npfs - ok
09:05:38.0359 2332 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:05:38.0375 2332 Ntfs - ok
09:05:38.0375 2332 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
09:05:38.0390 2332 NtLmSsp - ok
09:05:38.0421 2332 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:05:38.0437 2332 NtmsSvc - ok
09:05:38.0468 2332 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
09:05:38.0468 2332 Null - ok
09:05:38.0531 2332 [ 1685A86CE8DC5A70D307DCA625FB50E7 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:05:38.0656 2332 nv - ok
09:05:38.0671 2332 [ 697A09635E30D3722E1124EC33FACE15 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
09:05:38.0781 2332 NVSvc - ok
09:05:38.0828 2332 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:05:38.0828 2332 NwlnkFlt - ok
09:05:38.0843 2332 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:05:38.0843 2332 NwlnkFwd - ok
09:05:38.0890 2332 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:05:38.0890 2332 ohci1394 - ok
09:05:38.0937 2332 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
09:05:39.0015 2332 OMCI - ok
09:05:39.0062 2332 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:05:39.0062 2332 ose - ok
09:05:39.0093 2332 [ 61C85AFEAA6EF0C1B32D43F84F7BFBCF ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys
09:05:39.0203 2332 ossrv - ok
09:05:39.0250 2332 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
09:05:39.0250 2332 Parport - ok
09:05:39.0265 2332 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:05:39.0265 2332 PartMgr - ok
09:05:39.0312 2332 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:05:39.0328 2332 ParVdm - ok
09:05:39.0375 2332 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
09:05:39.0375 2332 PCI - ok
09:05:39.0390 2332 PCIDump - ok
09:05:39.0421 2332 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
09:05:39.0421 2332 PCIIde - ok
09:05:39.0468 2332 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
09:05:39.0468 2332 Pcmcia - ok
09:05:39.0484 2332 PDCOMP - ok
09:05:39.0484 2332 PDFRAME - ok
09:05:39.0500 2332 PDRELI - ok
09:05:39.0500 2332 PDRFRAME - ok
09:05:39.0515 2332 perc2 - ok
09:05:39.0515 2332 perc2hib - ok
09:05:39.0578 2332 [ 6DABB70783EF470492ADB7B9A6E60BF3 ] PfModNT C:\WINDOWS\System32\drivers\PfModNT.sys
09:05:39.0671 2332 PfModNT - ok
09:05:39.0687 2332 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
09:05:39.0687 2332 PlugPlay - ok
09:05:39.0718 2332 [ FB03F341FF5380394BF2EE52F1979925 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
09:05:39.0828 2332 Pml Driver HPZ12 - ok
09:05:39.0875 2332 [ B4F59A953EF9E507F0D00C3A68580B8B ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
09:05:39.0875 2332 Point32 - ok
09:05:39.0890 2332 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
09:05:39.0890 2332 PolicyAgent - ok
09:05:39.0937 2332 [ 411923A60E1FC2B136C77E6D50FC69BD ] ppa C:\WINDOWS\system32\DRIVERS\ppa.sys
09:05:39.0937 2332 ppa - ok
09:05:40.0000 2332 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:05:40.0015 2332 PptpMiniport - ok
09:05:40.0062 2332 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
09:05:40.0062 2332 Processor - ok
09:05:40.0109 2332 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:05:40.0109 2332 ProtectedStorage - ok
09:05:40.0156 2332 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:05:40.0156 2332 PSched - ok
09:05:40.0203 2332 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:05:40.0203 2332 Ptilink - ok
09:05:40.0218 2332 ql1080 - ok
09:05:40.0218 2332 Ql10wnt - ok
09:05:40.0234 2332 ql12160 - ok
09:05:40.0234 2332 ql1240 - ok
09:05:40.0250 2332 ql1280 - ok
09:05:40.0281 2332 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:05:40.0281 2332 RasAcd - ok
09:05:40.0328 2332 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:05:40.0328 2332 RasAuto - ok
09:05:40.0359 2332 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:05:40.0359 2332 Rasl2tp - ok
09:05:40.0406 2332 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:05:40.0406 2332 RasMan - ok
09:05:40.0421 2332 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:05:40.0421 2332 RasPppoe - ok
09:05:40.0437 2332 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:05:40.0437 2332 Raspti - ok
09:05:40.0453 2332 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:05:40.0468 2332 Rdbss - ok
09:05:40.0484 2332 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:05:40.0484 2332 RDPCDD - ok
09:05:40.0515 2332 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:05:40.0515 2332 rdpdr - ok
09:05:40.0578 2332 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:05:40.0656 2332 RDPWD - ok
09:05:40.0703 2332 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:05:40.0718 2332 RDSessMgr - ok
09:05:40.0781 2332 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
09:05:40.0875 2332 RealNetworks Downloader Resolver Service - ok
09:05:40.0906 2332 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:05:40.0906 2332 redbook - ok
09:05:40.0968 2332 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:05:40.0984 2332 RemoteAccess - ok
09:05:41.0031 2332 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
09:05:41.0031 2332 RemoteRegistry - ok
09:05:41.0062 2332 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
09:05:41.0078 2332 RpcLocator - ok
09:05:41.0109 2332 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
09:05:41.0125 2332 RpcSs - ok
09:05:41.0156 2332 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
09:05:41.0156 2332 RSVP - ok
09:05:41.0250 2332 [ 96D2743297929D7AC095172EE54CE7E7 ] rt2870 C:\WINDOWS\system32\DRIVERS\Drt2870.sys
09:05:41.0359 2332 rt2870 - ok
09:05:41.0390 2332 [ 7436BFD3A542CF6FF55097200031B293 ] RT73 C:\WINDOWS\system32\DRIVERS\rt73.sys
09:05:41.0500 2332 RT73 - ok
09:05:41.0500 2332 RTL8192su - ok
09:05:41.0531 2332 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
09:05:41.0531 2332 SamSs - ok
09:05:41.0562 2332 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:05:41.0562 2332 SCardSvr - ok
09:05:41.0609 2332 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:05:41.0625 2332 Schedule - ok
09:05:41.0656 2332 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:05:41.0656 2332 Secdrv - ok
09:05:41.0687 2332 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
09:05:41.0687 2332 seclogon - ok
09:05:41.0703 2332 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
09:05:41.0703 2332 SENS - ok
09:05:41.0734 2332 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
09:05:41.0734 2332 serenum - ok
09:05:41.0765 2332 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
09:05:41.0765 2332 Serial - ok
09:05:41.0796 2332 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
09:05:41.0796 2332 Sfloppy - ok
09:05:41.0859 2332 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
09:05:41.0859 2332 SharedAccess - ok
09:05:41.0875 2332 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:05:41.0890 2332 ShellHWDetection - ok
09:05:41.0890 2332 Simbad - ok
09:05:42.0187 2332 [ 9F712B26EE3B0242DE997A42FD302E2C ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
09:05:42.0234 2332 Skype C2C Service - ok
09:05:42.0328 2332 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
09:05:42.0578 2332 SkypeUpdate - ok
09:05:42.0593 2332 Sparrow - ok
09:05:42.0625 2332 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:05:42.0625 2332 splitter - ok
09:05:42.0656 2332 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:05:42.0734 2332 Spooler - ok
09:05:42.0750 2332 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:05:42.0750 2332 sr - ok
09:05:42.0796 2332 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
09:05:42.0796 2332 srservice - ok
09:05:42.0843 2332 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:05:42.0843 2332 Srv - ok
09:05:42.0875 2332 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:05:42.0875 2332 SSDPSRV - ok
09:05:42.0921 2332 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:05:42.0937 2332 stisvc - ok
09:05:42.0968 2332 [ 965F4DD2870F83642BC9CC7B4F1A1C7B ] SWDUMon C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
09:05:43.0062 2332 SWDUMon - ok
09:05:43.0093 2332 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:05:43.0093 2332 swenum - ok
09:05:43.0109 2332 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:05:43.0109 2332 swmidi - ok
09:05:43.0125 2332 SwPrv - ok
09:05:43.0140 2332 Symantec Core LC - ok
09:05:43.0156 2332 symc810 - ok
09:05:43.0171 2332 symc8xx - ok
09:05:43.0218 2332 [ B226F8A4D780ACDF76145B58BB791D5B ] symlcbrd C:\WINDOWS\System32\drivers\symlcbrd.sys
09:05:43.0312 2332 symlcbrd - ok
09:05:43.0328 2332 sym_hi - ok
09:05:43.0328 2332 sym_u3 - ok
09:05:43.0343 2332 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:05:43.0359 2332 sysaudio - ok
09:05:43.0390 2332 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:05:43.0390 2332 SysmonLog - ok
09:05:43.0453 2332 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:05:43.0453 2332 TapiSrv - ok
09:05:43.0500 2332 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:05:43.0500 2332 Tcpip - ok
09:05:43.0531 2332 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:05:43.0531 2332 TDPIPE - ok
09:05:43.0546 2332 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:05:43.0546 2332 TDTCP - ok
09:05:43.0593 2332 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:05:43.0593 2332 TermDD - ok
09:05:43.0640 2332 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
09:05:43.0656 2332 TermService - ok
09:05:43.0671 2332 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
09:05:43.0671 2332 Themes - ok
09:05:43.0718 2332 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
09:05:43.0718 2332 TlntSvr - ok
09:05:43.0718 2332 TosIde - ok
09:05:43.0781 2332 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:05:43.0781 2332 TrkWks - ok
09:05:43.0812 2332 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:05:43.0812 2332 Udfs - ok
09:05:43.0828 2332 ultra - ok
09:05:43.0875 2332 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:05:43.0890 2332 Update - ok
09:05:43.0937 2332 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
09:05:43.0953 2332 upnphost - ok
09:05:43.0984 2332 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
09:05:43.0984 2332 UPS - ok
09:05:44.0046 2332 [ 1B611611C28D2DF25BC057D79C6F13FC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:05:44.0156 2332 usbccgp - ok
09:05:44.0171 2332 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:05:44.0250 2332 usbehci - ok
09:05:44.0281 2332 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:05:44.0281 2332 usbhub - ok
09:05:44.0312 2332 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:05:44.0312 2332 usbprint - ok
09:05:44.0359 2332 [ F8EDE2B6928970DCE3D5614C27D9E7F6 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:05:44.0453 2332 usbscan - ok
09:05:44.0484 2332 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:05:44.0484 2332 USBSTOR - ok
09:05:44.0531 2332 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:05:44.0531 2332 usbuhci - ok
09:05:44.0562 2332 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:05:44.0562 2332 VgaSave - ok
09:05:44.0578 2332 ViaIde - ok
09:05:44.0593 2332 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:05:44.0593 2332 VolSnap - ok
09:05:44.0640 2332 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
09:05:44.0640 2332 VSS - ok
09:05:44.0671 2332 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
09:05:44.0687 2332 W32Time - ok
09:05:44.0718 2332 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:05:44.0718 2332 Wanarp - ok
09:05:44.0718 2332 WDICA - ok
09:05:44.0734 2332 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:05:44.0750 2332 wdmaud - ok
09:05:44.0781 2332 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
09:05:44.0781 2332 WebClient - ok
09:05:44.0859 2332 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:05:44.0859 2332 winmgmt - ok
09:05:44.0890 2332 WLNdis50 - ok
09:05:44.0937 2332 [ 581176F60885AEF8F78C6E38DCC3CDF9 ] WMDM PMSP Service C:\WINDOWS\System32\MsPMSPSv.exe
09:05:45.0031 2332 WMDM PMSP Service - ok
09:05:45.0062 2332 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
09:05:45.0062 2332 WmdmPmSN - ok
09:05:45.0125 2332 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
09:05:45.0125 2332 Wmi - ok
09:05:45.0171 2332 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
09:05:45.0171 2332 WmiApSrv - ok
09:05:45.0265 2332 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
09:05:45.0265 2332 WMPNetworkSvc - ok
09:05:45.0359 2332 [ 15673BD0B86150CB8E27766059C72A9B ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:05:45.0484 2332 WPFFontCache_v0400 - ok
09:05:45.0515 2332 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:05:45.0515 2332 wscsvc - ok
09:05:45.0531 2332 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:05:45.0531 2332 wuauserv - ok
09:05:45.0578 2332 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:05:45.0578 2332 WudfPf - ok
09:05:45.0593 2332 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:05:45.0593 2332 WudfRd - ok
09:05:45.0625 2332 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
09:05:45.0625 2332 WudfSvc - ok
09:05:45.0671 2332 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:05:45.0687 2332 WZCSVC - ok
09:05:45.0734 2332 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:05:45.0734 2332 xmlprov - ok
09:05:45.0750 2332 ================ Scan global ===============================
09:05:45.0796 2332 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
09:05:45.0859 2332 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
09:05:46.0031 2332 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
09:05:46.0046 2332 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
09:05:46.0046 2332 [Global] - ok
09:05:46.0046 2332 ================ Scan MBR ==================================
09:05:46.0078 2332 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:05:46.0281 2332 \Device\Harddisk0\DR0 - ok
09:05:46.0281 2332 [ 66D0B28C8B44E531D0C19F436252ABAA ] \Device\Harddisk1\DR4
09:05:46.0296 2332 \Device\Harddisk1\DR4 - ok
09:05:46.0296 2332 ================ Scan VBR ==================================
09:05:46.0296 2332 [ 9A4CD995AAF4BF72CFD3221750309370 ] \Device\Harddisk0\DR0\Partition1
09:05:46.0296 2332 \Device\Harddisk0\DR0\Partition1 - ok
09:05:46.0296 2332 [ ED624718858744590E62543F380F0289 ] \Device\Harddisk1\DR4\Partition1
09:05:46.0312 2332 \Device\Harddisk1\DR4\Partition1 - ok
09:05:46.0312 2332 ============================================================
09:05:46.0312 2332 Scan finished
09:05:46.0312 2332 ============================================================
09:05:46.0328 0140 Detected object count: 0
09:05:46.0328 0140 Actual detected object count: 0
NinaB
Regular Member
 
Posts: 30
Joined: January 25th, 2006, 10:46 am
Location: Ontario

Re: Rootkit.0Access, Trojan.FakeMS and more

Unread postby Gary R » January 20th, 2014, 12:38 pm

I don't see signs of a fully active Zero Access infection, but there's no doubt that you have been infected with it to some degree ...

ZeroAccess:
C:\RECYCLER\S-1-5-21-861567501-1532298954-725345543-1006\$420ec18978986ba67daf62dfe8c48ea8


... quite how heavily is difficult to say since the infection has been partially removed.

Zero Access is an infection with remote access capabilities so please take time to carefully read all THIS topic, then let me know how you want to proceed.


I would also like to point out to you that Microsoft ceases support for Windows XP in April of this year, which will mean that from then on it will be impossible to secure your computer against further infection, and I would like you to read THIS topic written by askey127, one of our teachers here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Rootkit.0Access, Trojan.FakeMS and more

Unread postby NinaB » January 21st, 2014, 3:52 pm

Hi Gary,

My husband would like to get a new computer before April, but it will take us a while to research the options. So in the meantime we would like to repave the XP. I think I can handle this, using the the instructions you have linked. We have a Windows re-installation CD for his computer. He has most of his important files already backed up. I have already scanned his backup storage with malwarebytes and did not find any infections. I understand from what I have read that image, video and music files are likely to be safe, and that .doc and .docx could contain macros but are less dangerous than executable files. Pictures, videos, music and .doc/.docx are the types of files he has backed up. If I have scanned the backup media with malwarebytes and found nothing is it probably safe to used those backup files? What about Eudora 7.1 data files? These are not backed up yet, but he very much wants to keep them because they contain information he is using for his research and writing. If I scan them with malwarebytes and nothing is found can I trust them?

Nina
NinaB
Regular Member
 
Posts: 30
Joined: January 25th, 2006, 10:46 am
Location: Ontario

Re: Rootkit.0Access, Trojan.FakeMS and more

Unread postby Gary R » January 21st, 2014, 6:11 pm

I would think it unlikely that the Eudora files would be selected as a "carrier" for any infection, of course anything is possible, but the balance of probability is that they're likely to be clean.

It's a good policy to scan them first of course, and if they prove to be clean (as I expect they will) then I can't think of a good reason not to back them up before you repave.

Good luck with your re-format.

Keep safe.

Gary

In view of your decision to repave, this topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware