WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

malware infection: trying to type in data entry fields triggers pop-up

Started by wotanidiot , Nov 10 2013 11:52 AM

malware infection

This topic is locked

36 replies to this topic

#1 wotanidiot

Authentic Member

Authentic Member
22 posts

Posted 10 November 2013 - 11:52 AM

Hi, I think I have a malware infection? Every time I try to type something into a data entry field it triggers a pop-up window, or opens an unwanted website in a new tag. Double underscored words now appear in text, which are links to further unwanted websites. I could be wrong, but I think this started when I tried to install software from this website: http://www.free-tv-video-online.me/ to stream content (hence my user name!).

I am running avast with real time protection enabled, and PCtools with real time protection disabled. Next is my Highjack This log and Startup list, followed by a list of URL's that are popping-up - srv and rvzr are the most persistent.

I've run malwarebytes and cc cleaner in safe mode. malwarebytes found and removed several 'infections', now, the 'srv' and 'rvzr' windows still pop-up but are blank other than the text 'adds not from this site' in small letters.

Needless to say, most activity on the Internet is running quite slowly.

I would be very grateful if you could help me remove this problem. Thank you.

Highjack This log:

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 09:50:52, on 10/11/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

C:\WINDOWS\TPPALDR.EXE

C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe

C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe

C:\Program Files\AdFender\AdFender.exe

C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll

O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE

O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe

O4 - HKLM\..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: AdFender.lnk = C:\Program Files\AdFender\AdFender.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: NCProTray.lnk = ?

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1369314406283

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1369320571843

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe

--------------------------------

End of file - 10195 bytes

---

StartupList report, 10/11/2013, 17:42:15

StartupList version: 1.52.2

Started from : C:\Documents and Settings\Owner\Desktop\HijackThis.EXE

Detected: Windows XP SP3 (WinNT 5.01.2600)

Detected: Internet Explorer v8.00 (8.00.6001.18702)

* Using default options

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

C:\WINDOWS\TPPALDR.EXE

C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe

C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe

C:\Program Files\AdFender\AdFender.exe

C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Documents and Settings\Owner\Desktop\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

AdFender.lnk = C:\Program Files\AdFender\AdFender.exe

Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

NCProTray.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

StartCCC = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

RTHDCPL = RTHDCPL.EXE

Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe

MSC = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

avast = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

TPP Auto Loader = C:\WINDOWS\TPPALDR.EXE

Conime = %windir%\system32\conime.exe

EKStatusMonitor = C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe

WINDVDPatch = CTHELPER.EXE

UpdReg = C:\WINDOWS\UpdReg.EXE

Jet Detection = C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe

CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

TkBellExe = "C:\program files\real\realplayer\update\realsched.exe" -osboot

ISTray = "C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

swg = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

Spotify Web Helper = "C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe"

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

[CTStartup]

CTStartup = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /play

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

Browser Guard BHO - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7}

(no name) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA}

BitComet ClickCapture - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}

(no name) - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

(no name) - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

(no name) - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

--------------------------------------------------

Enumerating Task Scheduler jobs:

avast! Emergency Update.job

GoogleUpdateTaskMachineCore.job

GoogleUpdateTaskMachineUA.job

Microsoft Antimalware Scheduled Scan.job

RealDownloaderDownloaderScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job

RealDownloaderRealUpgradeLogonTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job

RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job

RealPlayerRealUpgradeLogonTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job

RealPlayerRealUpgradeScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job

--------------------------------------------------

Enumerating Download Program Files:

[WUWebControl Class]

InProcServer32 = C:\WINDOWS\system32\wuweb.dll

CODEBASE = http://www.update.mi...b?1369314406283

[MUWebControl Class]

InProcServer32 = C:\WINDOWS\system32\muweb.dll

CODEBASE = http://www.update.mi...b?1369320571843

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------

End of report, 8,843 bytes

Report generated in 0.531 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

List of Pop-up URL's:

**deleted list of possibly infected links**

Advertisements

Register to Remove

#2 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 11 November 2013 - 08:17 PM

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

Having said that.... Let's get going!!
----------

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
Double click dds to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt

Attach.txt
----------

Please download TDSSKiller

Double click TDSSKiller.exe
Press Start Scan but do nothing else as we are just looking for what is there.
If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
Attach the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------

#3 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 13 November 2013 - 07:35 PM

Still here?

#4 wotanidiot

Authentic Member

Authentic Member
22 posts

Posted 14 November 2013 - 09:53 AM

Hello yes, sorry, I'm still here. Have downloaded dds, tdsskiller and AdwCleaner. Will run and submit logs within the next couple of days (having to do some TAX stuff right now). Thank you for helping me, will be right back onto it ASAP.

#5 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 14 November 2013 - 01:31 PM

No problem....thanks for letting me know.

#6 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 17 November 2013 - 10:24 AM

Still need help?

#7 wotanidiot

Authentic Member

Authentic Member
22 posts

Posted 18 November 2013 - 11:35 AM

Yes please, I still need help! I have the logs and will add them in order: dds log, dds attach, tdsskiller report, AdwCleaner [RO].

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Owner at 14:04:36 on 2013-11-18

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1791.918 [GMT 0:00]

AV: PC Tools Spyware Doctor *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ================

C:\WINDOWS\system32\Ati2evxx.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

C:\WINDOWS\TPPALDR.EXE

C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\AdFender\AdFender.exe

C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe

C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

============== Pseudo HJT Report ===============

uStart Page = hxxp://uk.yahoo.com/

uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll

BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Spotify Web Helper] "c:\documents and settings\owner\application data\spotify\data\SpotifyWebHelper.exe"

mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [TPP Auto Loader] c:\windows\TPPALDR.EXE

mRun: [Conime] c:\windows\system32\conime.exe

mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe

mRun: [WINDVDPatch] CTHELPER.EXE

mRun: [UpdReg] c:\windows\UpdReg.EXE

mRun: [Jet Detection] c:\program files\creative\sblive\program\ADGJDet.exe

mRun: [CTStartup] c:\program files\creative\splash screen\CTEaxSpl.EXE /run

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k

mRun: [ISTray] "c:\program files\pc tools\pc tools security\pctsGui.exe" /hideGUI

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adfender.lnk - c:\program files\adfender\AdFender.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1369314406283

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369320571843

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{C6053F85-E4E6-423E-A872-BD18370BA919} : DHCPNameServer = 192.168.1.1

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

============= SERVICES / DRIVERS ===============

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-25 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-25 177864]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 214696]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2013-11-7 368616]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2013-11-7 342168]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2013-11-7 909728]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-25 770344]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-25 369584]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2013-11-7 260760]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2013-11-7 202280]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-5-25 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-25 66336]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-25 46808]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2013-11-7 580728]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2013-3-15 395640]

R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2013-1-15 780152]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2013-11-7 403416]

R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2013-11-7 1162360]

R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2013-11-7 62688]

R3 pctplsm;pctplsm;c:\windows\system32\drivers\pctplsm.sys [2013-11-7 68272]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-5-23 1691480]

S4 Aswbomsna;Aswbomsna; [x]

=============== File Associations ===============

ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe"

=============== Created Last 30 ================

2013-11-17 10:07:22 7796464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f044293-9fed-439f-8831-d09bd9994809}\mpengine.dll

2013-11-16 03:14:18 7796464 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-11-07 21:39:51 -------- d-----w- c:\documents and settings\owner\local settings\application data\Threat Expert

2013-11-07 21:37:29 62688 ----a-w- c:\windows\system32\drivers\PCTBD.sys

2013-11-07 21:37:25 769144 ----a-w- c:\windows\BDTSupport.dll

2013-11-07 21:37:23 150648 ----a-w- c:\windows\SGDetectionTool.dll

2013-11-07 21:37:21 2280568 ----a-w- c:\windows\PCTBDCore.dll

2013-11-07 21:37:21 1690744 ----a-w- c:\windows\PCTBDRes.dll

2013-11-07 21:35:39 260760 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2013-11-07 21:35:24 19464 ----a-w- c:\windows\system32\drivers\pctBTFix.sys

2013-11-07 21:35:06 71752 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2013-11-07 21:35:06 68272 ----a-w- c:\windows\system32\drivers\pctplsm.sys

2013-11-07 21:34:04 -------- d-----w- c:\program files\PC Tools

2013-11-07 21:23:44 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2013-11-07 21:23:44 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys

2013-11-07 21:23:38 368616 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2013-11-07 21:23:38 163288 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2013-11-07 21:23:33 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2013-11-07 21:23:28 -------- d-----w- c:\program files\common files\PC Tools

2013-11-07 21:22:01 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2013-11-07 21:21:56 -------- d-----w- c:\documents and settings\owner\application data\TestApp

2013-10-30 22:09:35 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes

2013-10-30 22:09:12 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2013-10-30 22:09:09 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-10-30 22:09:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-10-27 17:49:37 -------- d-----w- c:\documents and settings\all users\application data\WinterSoft

2013-10-27 17:49:33 -------- d-----w- c:\program files\Ss-Helper

2013-10-27 17:49:22 -------- d-----w- c:\documents and settings\all users\application data\782f7c59d7d0d60

2013-10-27 17:49:21 -------- d-----w- c:\program files\DownloAdd okeeeper

2013-10-27 17:49:21 -------- d-----w- c:\documents and settings\all users\application data\DownloAdd okeeeper

2013-10-27 17:46:37 -------- d-----w- c:\documents and settings\all users\application data\InstallMate

2013-10-21 19:40:21 -------- d-----w- c:\documents and settings\owner\application data\KODAK AiO Home Center2019381136

==================== Find3M ====================

2013-10-27 17:34:48 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-10-27 17:34:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-13 07:25:38 920064 ----a-w- c:\windows\system32\wininet.dll

2013-10-13 07:25:08 43520 ------w- c:\windows\system32\licmgr10.dll

2013-10-13 07:25:02 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-10-13 07:24:17 18944 ----a-w- c:\windows\system32\corpol.dll

2013-10-13 06:57:59 385024 ------w- c:\windows\system32\html.iec

2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll

2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll

2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll

2013-10-05 01:14:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll

2013-09-27 09:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-09-10 18:22:29 499712 ----a-w- c:\windows\system32\msvcp71.dll

2013-09-10 18:22:29 348160 ----a-w- c:\windows\system32\msvcr71.dll

2013-08-30 07:48:13 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-08-30 07:48:12 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-08-30 07:48:12 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-08-30 07:48:11 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-08-30 07:47:40 41664 ----a-w- c:\windows\avastSS.scr

2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys

2001-10-05 10:53:04 21866 ----a-w- c:\program files\common files\tppupd2k.dll

============= FINISH: 14:05:58.12 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_2012-11-20.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 23/05/2013 12:25:35

System Uptime: 18/11/2013 08:06:02 (6 hours ago)

Motherboard: BIOSTAR Group | | A780LB

Processor: AMD Athlon™ 64 X2 Dual Core Processor 5000+ | CPU 1 | 2600/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 166.939 GiB free.

D: is FIXED (NTFS) - 38 GiB total, 36.825 GiB free.

E: is CDROM ()

F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP114: 20/08/2013 15:05:31 - System Checkpoint

RP115: 23/08/2013 21:44:00 - System Checkpoint

RP116: 24/08/2013 21:52:19 - System Checkpoint

RP117: 26/08/2013 20:40:29 - System Checkpoint

RP118: 27/08/2013 20:51:24 - System Checkpoint

RP119: 30/08/2013 21:07:21 - System Checkpoint

RP120: 31/08/2013 20:25:03 - Software Distribution Service 3.0

RP121: 01/09/2013 20:01:02 - Software Distribution Service 3.0

RP122: 02/09/2013 08:58:51 - Software Distribution Service 3.0

RP123: 03/09/2013 18:05:10 - System Checkpoint

RP124: 04/09/2013 12:57:21 - Software Distribution Service 3.0

RP125: 06/09/2013 17:24:16 - Software Distribution Service 3.0

RP126: 07/09/2013 18:46:45 - Software Distribution Service 3.0

RP127: 09/09/2013 08:33:47 - Software Distribution Service 3.0

RP128: 10/09/2013 19:20:40 - Software Distribution Service 3.0

RP129: 12/09/2013 00:02:56 - Software Distribution Service 3.0

RP130: 12/09/2013 09:10:53 - Software Distribution Service 3.0

RP131: 12/09/2013 20:50:12 - Software Distribution Service 3.0

RP132: 14/09/2013 17:17:34 - Software Distribution Service 3.0

RP133: 15/09/2013 17:56:13 - System Checkpoint

RP134: 16/09/2013 08:23:23 - Software Distribution Service 3.0

RP135: 17/09/2013 19:43:42 - Software Distribution Service 3.0

RP136: 19/09/2013 22:12:40 - Software Distribution Service 3.0

RP137: 21/09/2013 20:12:29 - Software Distribution Service 3.0

RP138: 22/09/2013 02:17:45 - Software Distribution Service 3.0

RP139: 23/09/2013 08:54:30 - Software Distribution Service 3.0

RP140: 24/09/2013 09:07:44 - System Checkpoint

RP141: 24/09/2013 20:15:09 - Software Distribution Service 3.0

RP142: 26/09/2013 19:44:17 - Software Distribution Service 3.0

RP143: 27/09/2013 20:33:53 - Software Distribution Service 3.0

RP144: 29/09/2013 02:18:30 - Software Distribution Service 3.0

RP145: 29/09/2013 20:20:39 - Software Distribution Service 3.0

RP146: 30/09/2013 20:21:02 - System Checkpoint

RP147: 02/10/2013 16:57:53 - Software Distribution Service 3.0

RP148: 03/10/2013 18:54:18 - System Checkpoint

RP149: 04/10/2013 18:58:42 - Software Distribution Service 3.0

RP150: 05/10/2013 21:05:25 - System Checkpoint

RP151: 05/10/2013 21:20:47 - Software Distribution Service 3.0

RP152: 06/10/2013 21:22:22 - Software Distribution Service 3.0

RP153: 08/10/2013 18:19:07 - Software Distribution Service 3.0

RP154: 09/10/2013 18:29:36 - System Checkpoint

RP155: 09/10/2013 22:26:30 - Software Distribution Service 3.0

RP156: 10/10/2013 22:26:51 - Software Distribution Service 3.0

RP157: 11/10/2013 03:00:15 - Software Distribution Service 3.0

RP158: 12/10/2013 21:24:03 - Software Distribution Service 3.0

RP159: 13/10/2013 01:54:42 - Software Distribution Service 3.0

RP160: 13/10/2013 03:00:15 - Software Distribution Service 3.0

RP161: 13/10/2013 21:25:23 - Software Distribution Service 3.0

RP162: 15/10/2013 20:21:55 - Software Distribution Service 3.0

RP163: 16/10/2013 21:52:14 - Software Distribution Service 3.0

RP164: 17/10/2013 22:20:04 - Software Distribution Service 3.0

RP165: 19/10/2013 18:46:14 - Software Distribution Service 3.0

RP166: 21/10/2013 18:30:39 - Software Distribution Service 3.0

RP167: 22/10/2013 19:14:01 - Software Distribution Service 3.0

RP168: 23/10/2013 19:39:26 - Software Distribution Service 3.0

RP169: 24/10/2013 19:49:39 - Software Distribution Service 3.0

RP170: 25/10/2013 20:18:04 - Software Distribution Service 3.0

RP171: 26/10/2013 20:51:32 - Software Distribution Service 3.0

RP172: 27/10/2013 23:28:57 - System Checkpoint

RP173: 28/10/2013 16:29:34 - Software Distribution Service 3.0

RP174: 29/10/2013 19:43:14 - Software Distribution Service 3.0

RP175: 30/10/2013 19:58:09 - Software Distribution Service 3.0

RP176: 31/10/2013 22:18:42 - Software Distribution Service 3.0

RP177: 02/11/2013 20:34:24 - Software Distribution Service 3.0

RP178: 04/11/2013 19:36:34 - Software Distribution Service 3.0

RP179: 06/11/2013 08:29:15 - Software Distribution Service 3.0

RP180: 07/11/2013 19:30:08 - Software Distribution Service 3.0

RP181: 08/11/2013 20:16:37 - Software Distribution Service 3.0

RP182: 10/11/2013 09:56:19 - Software Distribution Service 3.0

RP183: 11/11/2013 19:12:35 - Software Distribution Service 3.0

RP184: 13/11/2013 19:47:43 - Software Distribution Service 3.0

RP185: 15/11/2013 17:40:40 - Software Distribution Service 3.0

RP186: 16/11/2013 03:00:21 - Software Distribution Service 3.0

RP187: 16/11/2013 03:14:11 - Software Distribution Service 3.0

RP188: 17/11/2013 10:07:14 - Software Distribution Service 3.0

==== Installed Programs ======================

AdFender

Adobe Acrobat 5.0

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop CS

Adobe Reader XI (11.0.05)

aioscnnr

AMD Processor Driver

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Parental Control & Encoder

avast! Free Antivirus

BitComet 1.36

Browser Guard 4.0

C4USelfUpdater

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center HydraVision Full

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

center

Combined Community Codec Pack 2013-08-01

Compatibility Pack for the 2007 Office system

eMule

essentials

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976002-v5)

Kodak AIO Printer

KODAK AiO Software

LightScribe 1.4.39.1

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office FrontPage 2003

Microsoft Office OneNote 2003

Microsoft Office Professional Edition 2003

Microsoft Office Project Professional 2003

Microsoft Office Visio Professional 2003

Microsoft Security Client

Microsoft Security Essentials

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSXML 6.0 Parser

Natural Color Pro

Nero Suite

Notepad++

PC Tools Spyware Doctor 9.1

PreReq

QuarkXPress Passport 5.0

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

RealUpgrade 1.1

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2829530)

Security Update for Windows Internet Explorer 8 (KB2838727)

Security Update for Windows Internet Explorer 8 (KB2846071)

Security Update for Windows Internet Explorer 8 (KB2847204)

Security Update for Windows Internet Explorer 8 (KB2862772)

Security Update for Windows Internet Explorer 8 (KB2870699)

Security Update for Windows Internet Explorer 8 (KB2879017)

Security Update for Windows Internet Explorer 8 (KB2888505)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB2834904-v2)

Security Update for Windows Media Player (KB2834904)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219-v2)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135-v2)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB2813170)

Security Update for Windows XP (KB2813345)

Security Update for Windows XP (KB2820197)

Security Update for Windows XP (KB2820917)

Security Update for Windows XP (KB2829361)

Security Update for Windows XP (KB2829530)

Security Update for Windows XP (KB2834886)

Security Update for Windows XP (KB2839229)

Security Update for Windows XP (KB2845187)

Security Update for Windows XP (KB2847311)

Security Update for Windows XP (KB2849470)

Security Update for Windows XP (KB2850851)

Security Update for Windows XP (KB2850869)

Security Update for Windows XP (KB2859537)

Security Update for Windows XP (KB2862152)

Security Update for Windows XP (KB2862330)

Security Update for Windows XP (KB2862335)

Security Update for Windows XP (KB2864063)

Security Update for Windows XP (KB2868626)

Security Update for Windows XP (KB2876217)

Security Update for Windows XP (KB2876315)

Security Update for Windows XP (KB2876331)

Security Update for Windows XP (KB2883150)

Security Update for Windows XP (KB2900986)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

Skins

Sound Blaster Live!

Spotify

TPP Storage Driver Installation

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2749655)

Update for Windows XP (KB2863058)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB973815)

USB Storage Adapter (TPP)

USB Storage Adapter V2 (TPP)

USB Storage Adapter V3 (TPP)

VLC media player 2.0.8

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

WinRAR archiver

==== Event Viewer Messages From Past Week ========

15/11/2013 18:20:24, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.161.2051.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10003.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

15/11/2013 17:55:10, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.161.2051.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10003.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

11/11/2013 20:40:02, error: PCTCore [280] - The item store is corrupted: @5644.

11/11/2013 20:40:01, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume G:.

11/11/2013 20:32:05, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.

11/11/2013 19:01:16, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address B8975A3C4138 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

14:11:42.0828 4160 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

14:11:48.0062 4160 ============================================================

14:11:48.0062 4160 Current date / time: 2013/11/18 14:11:48.0062

14:11:48.0062 4160 SystemInfo:

14:11:48.0062 4160

14:11:48.0062 4160 OS Version: 5.1.2600 ServicePack: 3.0

14:11:48.0062 4160 Product type: Workstation

14:11:48.0062 4160 ComputerName: OWNER-3FC151321

14:11:48.0062 4160 UserName: Owner

14:11:48.0062 4160 Windows directory: C:\WINDOWS

14:11:48.0062 4160 System windows directory: C:\WINDOWS

14:11:48.0062 4160 Processor architecture: Intel x86

14:11:48.0062 4160 Number of processors: 2

14:11:48.0062 4160 Page size: 0x1000

14:11:48.0062 4160 Boot type: Normal boot

14:11:48.0062 4160 ============================================================

14:11:49.0984 4160 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

14:11:50.0000 4160 Drive \Device\Harddisk1\DR1 - Size: 0x9924A7E00 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x1385, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

14:11:50.0109 4160 Drive \Device\Harddisk2\DR4 - Size: 0x7B000000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

14:11:50.0109 4160 ============================================================

14:11:50.0109 4160 \Device\Harddisk0\DR0:

14:11:50.0109 4160 MBR partitions:

14:11:50.0109 4160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1

14:11:50.0109 4160 \Device\Harddisk1\DR1:

14:11:50.0109 4160 MBR partitions:

14:11:50.0109 4160 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4C8ED06

14:11:50.0109 4160 \Device\Harddisk2\DR4:

14:11:50.0109 4160 MBR partitions:

14:11:50.0109 4160 \Device\Harddisk2\DR4\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3D7FC1

14:11:50.0109 4160 ============================================================

14:11:50.0109 4160 C: <-> \Device\Harddisk0\DR0\Partition1

14:11:50.0140 4160 D: <-> \Device\Harddisk1\DR1\Partition1

14:11:50.0140 4160 ============================================================

14:11:50.0140 4160 Initialize success

14:11:50.0140 4160 ============================================================

14:11:53.0609 1920 ============================================================

14:11:53.0609 1920 Scan started

14:11:53.0609 1920 Mode: Manual;

14:11:53.0609 1920 ============================================================

14:11:54.0406 1920 ================ Scan system memory ========================

14:11:55.0359 1920 System memory - ok

14:11:55.0359 1920 ================ Scan services =============================

14:11:55.0437 1920 Abiosdsk - ok

14:11:55.0453 1920 abp480n5 - ok

14:11:55.0500 1920 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

14:11:55.0500 1920 ACPI - ok

14:11:55.0546 1920 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

14:11:55.0546 1920 ACPIEC - ok

14:11:55.0625 1920 [ 5DDC0A8D2CD60BDA593DDAF45821CE08 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

14:11:55.0953 1920 Adobe LM Service - ok

14:11:55.0953 1920 adpu160m - ok

14:11:56.0000 1920 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

14:11:56.0000 1920 aec - ok

14:11:56.0046 1920 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

14:11:56.0062 1920 AFD - ok

14:11:56.0062 1920 Aha154x - ok

14:11:56.0078 1920 aic78u2 - ok

14:11:56.0093 1920 aic78xx - ok

14:11:56.0125 1920 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

14:11:56.0125 1920 Alerter - ok

14:11:56.0156 1920 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

14:11:56.0156 1920 ALG - ok

14:11:56.0156 1920 AliIde - ok

14:11:56.0234 1920 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys

14:11:56.0265 1920 Ambfilt - ok

14:11:56.0296 1920 [ 6E58654CB25730B2579E45E1FD116A47 ] amdide C:\WINDOWS\system32\DRIVERS\amdide.sys

14:11:56.0296 1920 amdide - ok

14:11:56.0343 1920 [ EFBB0956BAED786E137351B5CA272AEF ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys

14:11:56.0343 1920 AmdK8 - ok

14:11:56.0359 1920 amsint - ok

14:11:56.0359 1920 AppMgmt - ok

14:11:56.0375 1920 asc - ok

14:11:56.0390 1920 asc3350p - ok

14:11:56.0390 1920 asc3550 - ok

14:11:56.0562 1920 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

14:11:56.0562 1920 aspnet_state - ok

14:11:56.0578 1920 Aswbomsna - ok

14:11:56.0593 1920 [ B9FE438B3CAD82B2014710349A2022F7 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys

14:11:56.0593 1920 aswFsBlk - ok

14:11:56.0609 1920 [ AE5549DD21F6DE06406031EF1D51ACC3 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys

14:11:56.0609 1920 aswMonFlt - ok

14:11:56.0640 1920 [ D084D0A7A66619FC29776CBBB9D5FA55 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys

14:11:56.0640 1920 AswRdr - ok

14:11:56.0640 1920 [ FA72FA503F580C3C628DD8C7D7622E37 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys

14:11:56.0640 1920 aswRvrt - ok

14:11:56.0671 1920 [ 4D53349D848C6BADB3D4ACBE98C27676 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys

14:11:56.0687 1920 aswSnx - ok

14:11:56.0734 1920 [ 813024DFD54A41B3AFAE2B1E2796CB80 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys

14:11:56.0750 1920 aswSP - ok

14:11:56.0796 1920 [ 5E18413310134130D7772F0668698CB7 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys

14:11:56.0796 1920 aswTdi - ok

14:11:56.0796 1920 [ A5F637D61719D37A5B4868C385E363C0 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys

14:11:56.0812 1920 aswVmm - ok

14:11:56.0828 1920 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

14:11:56.0828 1920 AsyncMac - ok

14:11:56.0843 1920 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

14:11:56.0843 1920 atapi - ok

14:11:56.0859 1920 Atdisk - ok

14:11:56.0921 1920 [ D140E4A4994C031D58D0F62AD4EF5507 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe

14:11:56.0921 1920 Ati HotKey Poller - ok

14:11:57.0000 1920 [ 460741BEFBFC91C88934620BC546D172 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe

14:11:57.0015 1920 ATI Smart - ok

14:11:57.0156 1920 [ 6660B58E893499FB5CC7F92923D3F720 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

14:11:57.0296 1920 ati2mtag - ok

14:11:57.0312 1920 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

14:11:57.0312 1920 Atmarpc - ok

14:11:57.0328 1920 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

14:11:57.0328 1920 AudioSrv - ok

14:11:57.0375 1920 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

14:11:57.0375 1920 audstub - ok

14:11:57.0468 1920 [ 9330941C8F6DF417F6DBBE998DB6687E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe

14:11:57.0468 1920 avast! Antivirus - ok

14:11:57.0515 1920 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

14:11:57.0531 1920 Beep - ok

14:11:57.0671 1920 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

14:11:57.0718 1920 BITS - ok

14:11:57.0781 1920 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

14:11:57.0781 1920 Browser - ok

14:11:57.0890 1920 [ 52C724DAC8ADDC50F593E331A9863979 ] Browser Defender Update Service C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

14:11:57.0906 1920 Browser Defender Update Service - ok

14:11:57.0953 1920 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

14:11:57.0984 1920 cbidf2k - ok

14:11:58.0000 1920 cd20xrnt - ok

14:11:58.0062 1920 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

14:11:58.0093 1920 Cdaudio - ok

14:11:58.0171 1920 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

14:11:58.0218 1920 Cdfs - ok

14:11:58.0312 1920 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

14:11:58.0343 1920 Cdrom - ok

14:11:58.0359 1920 Changer - ok

14:11:58.0375 1920 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

14:11:58.0375 1920 CiSvc - ok

14:11:58.0390 1920 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

14:11:58.0406 1920 ClipSrv - ok

14:11:58.0437 1920 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:11:58.0437 1920 clr_optimization_v2.0.50727_32 - ok

14:11:58.0453 1920 CmdIde - ok

14:11:58.0468 1920 COMSysApp - ok

14:11:58.0500 1920 Cpqarray - ok

14:11:58.0562 1920 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

14:11:58.0562 1920 CryptSvc - ok

14:11:58.0625 1920 [ 23D6D320C0D236784EF0CCF7CBF6C1C0 ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys

14:11:58.0625 1920 ctac32k - ok

14:11:58.0671 1920 [ 16693A385321CEAC8F24A53070EFC378 ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys

14:11:58.0812 1920 ctaud2k - ok

14:11:58.0859 1920 [ 71007BD2E1E26927FE3E4EB00C0BEEDF ] ctljystk C:\WINDOWS\system32\DRIVERS\ctljystk.sys

14:11:58.0875 1920 ctljystk - ok

14:11:58.0890 1920 [ 53B99368D26AB1BE9C3842976DF5543C ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys

14:11:58.0890 1920 ctprxy2k - ok

14:11:58.0906 1920 [ 73746E147E50249B790BC631891063B5 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys

14:11:58.0921 1920 ctsfm2k - ok

14:11:58.0921 1920 dac2w2k - ok

14:11:58.0937 1920 dac960nt - ok

14:11:59.0000 1920 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

14:11:59.0031 1920 DcomLaunch - ok

14:11:59.0078 1920 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

14:11:59.0078 1920 Dhcp - ok

14:11:59.0125 1920 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

14:11:59.0125 1920 Disk - ok

14:11:59.0140 1920 dmadmin - ok

14:11:59.0203 1920 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

14:11:59.0234 1920 dmboot - ok

14:11:59.0265 1920 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

14:11:59.0265 1920 dmio - ok

14:11:59.0296 1920 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

14:11:59.0296 1920 dmload - ok

14:11:59.0312 1920 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

14:11:59.0328 1920 dmserver - ok

14:11:59.0359 1920 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

14:11:59.0359 1920 DMusic - ok

14:11:59.0421 1920 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

14:11:59.0421 1920 Dnscache - ok

14:11:59.0453 1920 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

14:11:59.0468 1920 Dot3svc - ok

14:11:59.0484 1920 dpti2o - ok

14:11:59.0515 1920 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

14:11:59.0515 1920 drmkaud - ok

14:11:59.0531 1920 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

14:11:59.0531 1920 EapHost - ok

14:11:59.0578 1920 [ 01F83E1B5DCE05F5CB7D99113CA9E890 ] emu10k C:\WINDOWS\system32\drivers\emu10k1m.sys

14:11:59.0593 1920 emu10k - ok

14:11:59.0625 1920 [ 7FFA171CCE6A8BFC774862A578BA39A2 ] emu10k1 C:\WINDOWS\system32\drivers\ctlfacem.sys

14:11:59.0625 1920 emu10k1 - ok

14:11:59.0640 1920 [ A75959F10B6B536982F872B55FC6CE27 ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys

14:11:59.0656 1920 emupia - ok

14:11:59.0703 1920 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

14:11:59.0703 1920 ERSvc - ok

14:11:59.0765 1920 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

14:11:59.0781 1920 Eventlog - ok

14:11:59.0921 1920 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

14:11:59.0937 1920 EventSystem - ok

14:11:59.0984 1920 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

14:11:59.0984 1920 Fastfat - ok

14:12:00.0046 1920 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

14:12:00.0062 1920 FastUserSwitchingCompatibility - ok

14:12:00.0093 1920 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys

14:12:00.0093 1920 Fdc - ok

14:12:00.0109 1920 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

14:12:00.0125 1920 Fips - ok

14:12:00.0125 1920 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

14:12:00.0140 1920 Flpydisk - ok

14:12:00.0187 1920 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys

14:12:00.0187 1920 FltMgr - ok

14:12:00.0281 1920 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

14:12:00.0296 1920 FontCache3.0.0.0 - ok

14:12:00.0296 1920 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

14:12:00.0312 1920 Fs_Rec - ok

14:12:00.0343 1920 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

14:12:00.0343 1920 Ftdisk - ok

14:12:00.0390 1920 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys

14:12:00.0390 1920 gameenum - ok

14:12:00.0406 1920 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

14:12:00.0421 1920 Gpc - ok

14:12:00.0515 1920 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

14:12:00.0515 1920 gupdate - ok

14:12:00.0515 1920 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

14:12:00.0531 1920 gupdatem - ok

14:12:00.0578 1920 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

14:12:00.0593 1920 gusvc - ok

14:12:00.0671 1920 [ BCB3281BFC4EEB8D82932669490013CD ] ha10kx2k C:\WINDOWS\system32\drivers\ha10kx2k.sys

14:12:00.0734 1920 ha10kx2k - ok

14:12:00.0812 1920 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

14:12:00.0812 1920 HDAudBus - ok

14:12:00.0906 1920 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

14:12:00.0906 1920 helpsvc - ok

14:12:00.0921 1920 HidServ - ok

14:12:01.0046 1920 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

14:12:01.0046 1920 HidUsb - ok

14:12:01.0093 1920 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

14:12:01.0109 1920 hkmsvc - ok

14:12:01.0125 1920 hpn - ok

14:12:01.0171 1920 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

14:12:01.0187 1920 HTTP - ok

14:12:01.0234 1920 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

14:12:01.0234 1920 HTTPFilter - ok

14:12:01.0250 1920 i2omgmt - ok

14:12:01.0265 1920 i2omp - ok

14:12:01.0281 1920 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

14:12:01.0296 1920 i8042prt - ok

14:12:01.0437 1920 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

14:12:01.0468 1920 idsvc - ok

14:12:01.0515 1920 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

14:12:01.0515 1920 Imapi - ok

14:12:01.0578 1920 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

14:12:01.0593 1920 ImapiService - ok

14:12:01.0609 1920 ini910u - ok

14:12:01.0875 1920 [ 5D138ADC44C43BF37634C8E528D75B1F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys

14:12:02.0046 1920 IntcAzAudAddService - ok

14:12:02.0078 1920 IntelIde - ok

14:12:02.0156 1920 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

14:12:02.0156 1920 Ip6Fw - ok

14:12:02.0203 1920 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

14:12:02.0203 1920 IpFilterDriver - ok

14:12:02.0218 1920 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

14:12:02.0218 1920 IpInIp - ok

14:12:02.0250 1920 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

14:12:02.0250 1920 IpNat - ok

14:12:02.0281 1920 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

14:12:02.0281 1920 IPSec - ok

14:12:02.0296 1920 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

14:12:02.0312 1920 IRENUM - ok

14:12:02.0343 1920 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

14:12:02.0343 1920 isapnp - ok

14:12:02.0375 1920 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

14:12:02.0375 1920 Kbdclass - ok

14:12:02.0390 1920 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

14:12:02.0406 1920 kmixer - ok

14:12:02.0515 1920 [ 140692763A50BFFF322CDC076300587E ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

14:12:02.0531 1920 Kodak AiO Network Discovery Service - ok

14:12:02.0546 1920 [ E29F999616D7C08B0E91296908C47CAF ] Kodak AiO Status Monitor Service C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

14:12:02.0562 1920 Kodak AiO Status Monitor Service - ok

14:12:02.0578 1920 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

14:12:02.0593 1920 KSecDD - ok

14:12:02.0625 1920 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll

14:12:02.0625 1920 LanmanServer - ok

14:12:02.0671 1920 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

14:12:02.0687 1920 lanmanworkstation - ok

14:12:02.0687 1920 lbrtfdc - ok

14:12:02.0750 1920 [ 575ED0F5DCB34E5C243D2A7EBC860484 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

14:12:02.0750 1920 LightScribeService - ok

14:12:02.0796 1920 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

14:12:02.0796 1920 LmHosts - ok

14:12:02.0843 1920 [ F627E9DA4D3D8DC05A15B68944302F14 ] MagicTune C:\WINDOWS\system32\drivers\MTiCtwl.sys

14:12:02.0843 1920 MagicTune - ok

14:12:02.0875 1920 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

14:12:02.0875 1920 Messenger - ok

14:12:02.0906 1920 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

14:12:02.0906 1920 mnmdd - ok

14:12:02.0921 1920 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

14:12:02.0921 1920 mnmsrvc - ok

14:12:02.0953 1920 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

14:12:02.0953 1920 Modem - ok

14:12:03.0000 1920 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys

14:12:03.0031 1920 Monfilt - ok

14:12:03.0062 1920 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

14:12:03.0062 1920 Mouclass - ok

14:12:03.0109 1920 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

14:12:03.0109 1920 mouhid - ok

14:12:03.0125 1920 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

14:12:03.0125 1920 MountMgr - ok

14:12:03.0171 1920 [ E77DC03DD3C8E5A388BF9EED2A28F3D1 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys

14:12:03.0171 1920 MpFilter - ok

14:12:03.0453 1920 [ 06D4F934E09C359B0EFBFB3146F1D910 ] MpKsld018bf69 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F044293-9FED-439F-8831-D09BD9994809}\MpKsld018bf69.sys

14:12:03.0453 1920 MpKsld018bf69 - ok

14:12:03.0453 1920 mraid35x - ok

14:12:03.0484 1920 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

14:12:03.0515 1920 MRxDAV - ok

14:12:03.0640 1920 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

14:12:03.0671 1920 MRxSmb - ok

14:12:03.0703 1920 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

14:12:03.0703 1920 MSDTC - ok

14:12:03.0765 1920 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

14:12:03.0765 1920 Msfs - ok

14:12:03.0765 1920 MSIServer - ok

14:12:03.0796 1920 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

14:12:03.0796 1920 MSKSSRV - ok

14:12:03.0843 1920 [ B0F49DA36F30922F5DDC3B623B778FCE ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

14:12:03.0843 1920 MsMpSvc - ok

14:12:03.0875 1920 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

14:12:03.0875 1920 MSPCLOCK - ok

14:12:03.0890 1920 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

14:12:03.0890 1920 MSPQM - ok

14:12:03.0937 1920 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

14:12:03.0937 1920 mssmbios - ok

14:12:03.0968 1920 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

14:12:03.0968 1920 Mup - ok

14:12:04.0000 1920 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

14:12:04.0015 1920 napagent - ok

14:12:04.0031 1920 [ F627E9DA4D3D8DC05A15B68944302F14 ] NCPro C:\WINDOWS\system32\drivers\MTictwl.sys

14:12:04.0046 1920 NCPro - ok

14:12:04.0062 1920 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

14:12:04.0062 1920 NDIS - ok

14:12:04.0093 1920 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

14:12:04.0093 1920 NdisTapi - ok

14:12:04.0140 1920 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

14:12:04.0156 1920 Ndisuio - ok

14:12:04.0156 1920 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

14:12:04.0171 1920 NdisWan - ok

14:12:04.0218 1920 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

14:12:04.0218 1920 NDProxy - ok

14:12:04.0265 1920 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

14:12:04.0265 1920 NetBIOS - ok

14:12:04.0281 1920 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

14:12:04.0281 1920 NetBT - ok

14:12:04.0406 1920 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

14:12:04.0421 1920 NetDDE - ok

14:12:04.0421 1920 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

14:12:04.0421 1920 NetDDEdsdm - ok

14:12:04.0468 1920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

14:12:04.0468 1920 Netlogon - ok

14:12:04.0531 1920 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

14:12:04.0531 1920 Netman - ok

14:12:04.0593 1920 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:12:04.0593 1920 NetTcpPortSharing - ok

14:12:04.0640 1920 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

14:12:04.0640 1920 Nla - ok

14:12:04.0656 1920 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

14:12:04.0656 1920 Npfs - ok

14:12:04.0687 1920 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

14:12:04.0687 1920 Ntfs - ok

14:12:04.0703 1920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

14:12:04.0703 1920 NtLmSsp - ok

14:12:04.0718 1920 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

14:12:04.0734 1920 NtmsSvc - ok

14:12:04.0765 1920 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

14:12:04.0765 1920 Null - ok

14:12:04.0812 1920 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

14:12:04.0812 1920 NwlnkFlt - ok

14:12:04.0812 1920 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

14:12:04.0812 1920 NwlnkFwd - ok

14:12:04.0890 1920 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:12:04.0890 1920 ose - ok

14:12:04.0906 1920 [ 64DE7FDE0AAC66F721ADDD1E0394E664 ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys

14:12:04.0921 1920 ossrv - ok

14:12:04.0968 1920 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

14:12:04.0968 1920 Parport - ok

14:12:04.0984 1920 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

14:12:04.0984 1920 PartMgr - ok

14:12:05.0031 1920 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

14:12:05.0031 1920 ParVdm - ok

14:12:05.0062 1920 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

14:12:05.0062 1920 PCI - ok

14:12:05.0062 1920 PCIDump - ok

14:12:05.0078 1920 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

14:12:05.0078 1920 PCIIde - ok

14:12:05.0125 1920 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

14:12:05.0125 1920 Pcmcia - ok

14:12:05.0156 1920 [ 9DCE45B0DC51EBB7CD7063F8C3B086D0 ] PCTBD C:\WINDOWS\system32\Drivers\PCTBD.sys

14:12:05.0156 1920 PCTBD - ok

14:12:05.0187 1920 [ 07D9D16537B6969F2BBE00485F10D5BA ] PCTCore C:\WINDOWS\system32\drivers\PCTCore.sys

14:12:05.0203 1920 PCTCore - ok

14:12:05.0234 1920 [ 3C9FD593E95B98C642B4486CD122C2FB ] pctDS C:\WINDOWS\system32\drivers\pctDS.sys

14:12:05.0234 1920 pctDS - ok

14:12:05.0296 1920 [ DB6B6E47165B9647B215CEEB4DB33B87 ] pctEFA C:\WINDOWS\system32\drivers\pctEFA.sys

14:12:05.0312 1920 pctEFA - ok

14:12:05.0359 1920 [ AE500FF14A222636CD10D346C37A52C4 ] pctgntdi C:\WINDOWS\system32\drivers\pctgntdi.sys

14:12:05.0359 1920 pctgntdi - ok

14:12:05.0375 1920 [ 53CE0E9078360553FAB0BFFF1C1ECF4F ] pctplsm C:\WINDOWS\system32\drivers\pctplsm.sys

14:12:05.0375 1920 pctplsm - ok

14:12:05.0437 1920 [ 9A073A09F22C63247964B946F04CB8A4 ] PCTSD C:\WINDOWS\system32\Drivers\PCTSD.sys

14:12:05.0437 1920 PCTSD - ok

14:12:05.0437 1920 PDCOMP - ok

14:12:05.0453 1920 PDFRAME - ok

14:12:05.0468 1920 PDRELI - ok

14:12:05.0468 1920 PDRFRAME - ok

14:12:05.0484 1920 perc2 - ok

14:12:05.0500 1920 perc2hib - ok

14:12:05.0578 1920 [ 2F5532F9B0F903B26847DA674B4F55B2 ] PfModNT C:\WINDOWS\system32\PfModNT.sys

14:12:05.0578 1920 PfModNT - ok

14:12:05.0593 1920 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

14:12:05.0609 1920 PlugPlay - ok

14:12:05.0625 1920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

14:12:05.0625 1920 PolicyAgent - ok

14:12:05.0640 1920 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

14:12:05.0640 1920 PptpMiniport - ok

14:12:05.0671 1920 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys

14:12:05.0671 1920 Processor - ok

14:12:05.0687 1920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

14:12:05.0687 1920 ProtectedStorage - ok

14:12:05.0687 1920 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

14:12:05.0687 1920 PSched - ok

14:12:05.0703 1920 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

14:12:05.0703 1920 Ptilink - ok

14:12:05.0703 1920 ql1080 - ok

14:12:05.0718 1920 Ql10wnt - ok

14:12:05.0734 1920 ql12160 - ok

14:12:05.0734 1920 ql1240 - ok

14:12:05.0750 1920 ql1280 - ok

14:12:05.0812 1920 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

14:12:05.0812 1920 RasAcd - ok

14:12:05.0843 1920 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

14:12:05.0843 1920 RasAuto - ok

14:12:05.0875 1920 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

14:12:05.0875 1920 Rasl2tp - ok

14:12:05.0890 1920 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

14:12:05.0906 1920 RasMan - ok

14:12:05.0906 1920 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

14:12:05.0906 1920 RasPppoe - ok

14:12:05.0921 1920 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

14:12:05.0921 1920 Raspti - ok

14:12:05.0937 1920 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

14:12:05.0953 1920 Rdbss - ok

14:12:05.0968 1920 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

14:12:05.0968 1920 RDPCDD - ok

14:12:06.0015 1920 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

14:12:06.0015 1920 RDPWD - ok

14:12:06.0062 1920 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

14:12:06.0062 1920 RDSessMgr - ok

14:12:06.0156 1920 [ 96EFEC24346A8EB1157E80523079ADDC ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

14:12:06.0156 1920 RealNetworks Downloader Resolver Service - ok

14:12:06.0203 1920 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

14:12:06.0203 1920 redbook - ok

14:12:06.0250 1920 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

14:12:06.0250 1920 RemoteAccess - ok

14:12:06.0265 1920 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

14:12:06.0265 1920 RpcLocator - ok

14:12:06.0312 1920 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

14:12:06.0328 1920 RpcSs - ok

14:12:06.0359 1920 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

14:12:06.0359 1920 RSVP - ok

14:12:06.0421 1920 [ D3578C3806ED545E5C36B2A20F5C0B5A ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

14:12:06.0421 1920 RTLE8023xp - ok

14:12:06.0468 1920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

14:12:06.0468 1920 SamSs - ok

14:12:06.0500 1920 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

14:12:06.0500 1920 SCardSvr - ok

14:12:06.0531 1920 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

14:12:06.0531 1920 Schedule - ok

14:12:06.0593 1920 [ AE88672774DF12BEDF76768E52D23424 ] sdAuxService C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe

14:12:06.0593 1920 sdAuxService - ok

14:12:06.0734 1920 [ 5FC31ADB3B47E00349B92E57117D2C07 ] sdCoreService C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe

14:12:06.0765 1920 sdCoreService - ok

14:12:06.0796 1920 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

14:12:06.0796 1920 Secdrv - ok

14:12:06.0843 1920 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

14:12:06.0843 1920 seclogon - ok

14:12:06.0859 1920 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

14:12:06.0859 1920 SENS - ok

14:12:06.0875 1920 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys

14:12:06.0890 1920 Serial - ok

14:12:06.0921 1920 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

14:12:06.0937 1920 Sfloppy - ok

14:12:06.0968 1920 [ 0B1A5E9CACB5CDD54A2815107BD7C772 ] sfman C:\WINDOWS\system32\drivers\sfmanm.sys

14:12:06.0968 1920 sfman - ok

14:12:07.0000 1920 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

14:12:07.0000 1920 SharedAccess - ok

14:12:07.0046 1920 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

14:12:07.0062 1920 ShellHWDetection - ok

14:12:07.0062 1920 Simbad - ok

14:12:07.0078 1920 Sparrow - ok

14:12:07.0140 1920 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

14:12:07.0140 1920 splitter - ok

14:12:07.0171 1920 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

14:12:07.0187 1920 Spooler - ok

14:12:07.0234 1920 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

14:12:07.0234 1920 sr - ok

14:12:07.0250 1920 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

14:12:07.0250 1920 srservice - ok

14:12:07.0281 1920 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

14:12:07.0296 1920 Srv - ok

14:12:07.0312 1920 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

14:12:07.0328 1920 SSDPSRV - ok

14:12:07.0359 1920 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys

14:12:07.0359 1920 StillCam - ok

14:12:07.0406 1920 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

14:12:07.0421 1920 stisvc - ok

14:12:07.0437 1920 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

14:12:07.0437 1920 swenum - ok

14:12:07.0453 1920 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

14:12:07.0453 1920 swmidi - ok

14:12:07.0453 1920 SwPrv - ok

14:12:07.0468 1920 symc810 - ok

14:12:07.0468 1920 symc8xx - ok

14:12:07.0484 1920 sym_hi - ok

14:12:07.0500 1920 sym_u3 - ok

14:12:07.0515 1920 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

14:12:07.0515 1920 sysaudio - ok

14:12:07.0546 1920 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

14:12:07.0546 1920 SysmonLog - ok

14:12:07.0593 1920 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

14:12:07.0593 1920 TapiSrv - ok

14:12:07.0625 1920 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

14:12:07.0625 1920 Tcpip - ok

14:12:07.0656 1920 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

14:12:07.0656 1920 TDPIPE - ok

14:12:07.0671 1920 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

14:12:07.0671 1920 TDTCP - ok

14:12:07.0687 1920 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

14:12:07.0687 1920 TermDD - ok

14:12:07.0734 1920 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

14:12:07.0734 1920 TermService - ok

14:12:07.0859 1920 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

14:12:07.0859 1920 Themes - ok

14:12:07.0875 1920 TosIde - ok

14:12:07.0921 1920 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

14:12:07.0937 1920 TrkWks - ok

14:12:07.0984 1920 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

14:12:07.0984 1920 Udfs - ok

14:12:08.0000 1920 ultra - ok

14:12:08.0046 1920 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

14:12:08.0062 1920 Update - ok

14:12:08.0093 1920 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

14:12:08.0109 1920 upnphost - ok

14:12:08.0125 1920 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

14:12:08.0140 1920 UPS - ok

14:12:08.0171 1920 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

14:12:08.0171 1920 usbehci - ok

14:12:08.0187 1920 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

14:12:08.0187 1920 usbhub - ok

14:12:08.0234 1920 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys

14:12:08.0234 1920 usbohci - ok

14:12:08.0281 1920 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

14:12:08.0281 1920 USBSTOR - ok

14:12:08.0312 1920 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

14:12:08.0312 1920 VgaSave - ok

14:12:08.0328 1920 ViaIde - ok

14:12:08.0343 1920 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

14:12:08.0343 1920 VolSnap - ok

14:12:08.0390 1920 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

14:12:08.0406 1920 VSS - ok

14:12:08.0468 1920 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

14:12:08.0484 1920 W32Time - ok

14:12:08.0500 1920 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

14:12:08.0515 1920 Wanarp - ok

14:12:08.0515 1920 WDICA - ok

14:12:08.0546 1920 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

14:12:08.0546 1920 wdmaud - ok

14:12:08.0578 1920 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

14:12:08.0593 1920 WebClient - ok

14:12:08.0734 1920 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

14:12:08.0765 1920 winmgmt - ok

14:12:08.0828 1920 [ 581176F60885AEF8F78C6E38DCC3CDF9 ] WMDM PMSP Service C:\WINDOWS\system32\MsPMSPSv.exe

14:12:08.0859 1920 WMDM PMSP Service - ok

14:12:09.0000 1920 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

14:12:09.0062 1920 WmdmPmSN - ok

14:12:09.0109 1920 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

14:12:09.0109 1920 WmiAcpi - ok

14:12:09.0171 1920 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

14:12:09.0171 1920 WmiApSrv - ok

14:12:09.0218 1920 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

14:12:09.0546 1920 WMPNetworkSvc - ok

14:12:09.0562 1920 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys

14:12:09.0562 1920 WpdUsb - ok

14:12:09.0609 1920 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

14:12:09.0625 1920 wscsvc - ok

14:12:09.0640 1920 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

14:12:09.0640 1920 wuauserv - ok

14:12:09.0671 1920 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

14:12:09.0687 1920 WudfPf - ok

14:12:09.0687 1920 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

14:12:09.0687 1920 WudfRd - ok

14:12:09.0734 1920 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

14:12:09.0734 1920 WudfSvc - ok

14:12:09.0781 1920 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

14:12:09.0796 1920 WZCSVC - ok

14:12:09.0828 1920 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

14:12:09.0843 1920 xmlprov - ok

14:12:09.0843 1920 ================ Scan global ===============================

14:12:09.0875 1920 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

14:12:09.0921 1920 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll

14:12:09.0937 1920 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll

14:12:09.0953 1920 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

14:12:09.0968 1920 [Global] - ok

14:12:09.0968 1920 ================ Scan MBR ==================================

14:12:10.0062 1920 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

14:12:10.0265 1920 \Device\Harddisk0\DR0 - ok

14:12:10.0281 1920 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1

14:12:10.0546 1920 \Device\Harddisk1\DR1 - ok

14:12:10.0562 1920 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk2\DR4

14:12:21.0843 1920 \Device\Harddisk2\DR4 - ok

14:12:21.0843 1920 ================ Scan VBR ==================================

14:12:21.0859 1920 [ A1984FF766E92DCF44D70DAC78BE0BC0 ] \Device\Harddisk0\DR0\Partition1

14:12:21.0859 1920 \Device\Harddisk0\DR0\Partition1 - ok

14:12:21.0875 1920 [ EF55127C6CC16A02FE7B808DEC51F755 ] \Device\Harddisk1\DR1\Partition1

14:12:21.0875 1920 \Device\Harddisk1\DR1\Partition1 - ok

14:12:21.0890 1920 [ 6B8D7DF780ACE4A26D9DF87F07CDCC88 ] \Device\Harddisk2\DR4\Partition1

14:12:21.0890 1920 \Device\Harddisk2\DR4\Partition1 - ok

14:12:21.0890 1920 ============================================================

14:12:21.0890 1920 Scan finished

14:12:21.0890 1920 ============================================================

14:12:21.0921 4320 Detected object count: 0

14:12:21.0921 4320 Actual detected object count: 0

# AdwCleaner v3.012 - Report created 18/11/2013 at 17:21:03

# Updated 11/11/2013 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Owner - OWNER-3FC151321

# Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found C:\Documents and Settings\All Users\Application Data\DownloAdd okeeeper

Folder Found C:\Program Files\DownloAdd okeeeper

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Found : HKLM\Software\SP Global

Key Found : HKLM\Software\SProtector

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v31.0.1650.57

[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1015 octets] - [18/11/2013 17:21:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1075 octets] ##########

Thank you again for looking at this for me.

#8 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 19 November 2013 - 06:33 AM

Hi,

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
----------

#9 wotanidiot

Authentic Member

Authentic Member
22 posts

Posted 03 December 2013 - 05:29 AM

Thank you Jeff. I will get back to you as quickly as I can. I'm sorry I did not respond sooner; up until now, replies have come through in my email account, but this one didn't. Thanks again for your help.

#10 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 03 December 2013 - 06:28 AM

Ok no problem.

Advertisements

Register to Remove

#11 wotanidiot

Authentic Member

Authentic Member
22 posts

Posted 03 December 2013 - 03:03 PM

Hello again, I have the log C:\Combofix.txt. Have come straight on here (protected) with this so not sure how successful it's been, but have already noticed double underscores seem not to be present. Look forward to your feedback on log.

ComboFix 13-11-23.02 - Owner 03/12/2013 20:30:47.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1791.1138 [GMT 0:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlbkijojjfgcojdkdlpbfniilapcodpp
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlbkijojjfgcojdkdlpbfniilapcodpp\1.6\background.html
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlbkijojjfgcojdkdlpbfniilapcodpp\1.6\content.js
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlbkijojjfgcojdkdlpbfniilapcodpp\1.6\lsdb.js
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlbkijojjfgcojdkdlpbfniilapcodpp\1.6\manifest.json
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlbkijojjfgcojdkdlpbfniilapcodpp\1.6\sqlite.js
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlbkijojjfgcojdkdlpbfniilapcodpp\1.6\Z1MO.js
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlbkijojjfgcojdkdlpbfniilapcodpp_0.localstorage-journal
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlbkijojjfgcojdkdlpbfniilapcodpp_0.localstorage
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET41.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-11-03 to 2013-12-03 )))))))))))))))))))))))))))))))
.
.
2013-12-03 19:43 . 2013-12-03 19:43 40392 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F17D7AA1-9677-4E22-BB12-73F5C810FBC5}\MpKsle771d6d1.sys
2013-12-03 19:42 . 2013-12-03 19:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\KODAK AiO Home Center489310287
2013-12-02 17:44 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F17D7AA1-9677-4E22-BB12-73F5C810FBC5}\mpengine.dll
2013-12-01 11:53 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-27 23:33 . 2013-11-27 23:33 -------- d-----w- c:\program files\Anvisoft
2013-11-27 23:33 . 2013-11-27 23:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Anvisoft
2013-11-26 23:43 . 2013-11-26 23:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVAST Software
2013-11-24 11:42 . 2013-11-24 11:42 -------- d-----w- c:\documents and settings\Owner\Application Data\AVAST Software
2013-11-18 17:20 . 2013-11-18 17:21 -------- d-----w- C:\AdwCleaner
2013-11-07 21:39 . 2013-11-07 21:39 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
2013-11-07 21:37 . 2012-10-23 17:40 62688 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2013-11-07 21:37 . 2012-10-23 17:40 769144 ----a-w- c:\windows\BDTSupport.dll
2013-11-07 21:37 . 2012-10-23 17:40 150648 ----a-w- c:\windows\SGDetectionTool.dll
2013-11-07 21:22 . 2013-11-07 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2013-11-07 21:21 . 2013-11-07 21:21 -------- d-----w- c:\documents and settings\Owner\Application Data\TestApp
2013-11-07 20:38 . 2013-11-07 20:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2013-11-05 20:22 . 2013-11-05 20:22 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-03 18:41 . 2013-05-23 13:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-03 18:41 . 2013-05-23 13:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-24 11:39 . 2013-05-25 19:06 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-24 11:39 . 2013-05-25 19:06 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-24 11:39 . 2013-05-25 19:06 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-24 11:39 . 2013-05-25 19:06 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-11-24 11:39 . 2013-05-25 19:06 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-24 11:39 . 2013-05-25 19:06 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-24 11:39 . 2013-05-25 19:06 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-24 11:39 . 2013-05-25 19:06 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-24 11:39 . 2013-05-25 19:06 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-24 11:39 . 2013-05-25 19:05 43152 ----a-w- c:\windows\avastSS.scr
2013-11-19 10:21 . 2013-05-23 14:16 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-13 07:25 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2008-04-14 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2013-10-12 15:56 . 2008-04-14 12:00 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2008-04-14 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2008-04-14 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2013-05-23 13:25 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-27 09:53 . 2013-01-20 14:59 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-10 18:22 . 2013-06-23 20:40 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-09-10 18:22 . 2013-06-23 20:40 348160 ----a-w- c:\windows\system32\msvcr71.dll
2001-10-05 10:53 . 2013-05-25 19:52 21866 ----a-w- c:\program files\Common Files\tppupd2k.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-24 11:38 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-05-25 39408]
"Spotify Web Helper"="c:\documents and settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2013-10-05 1140736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"TPP Auto Loader"="c:\windows\TPPALDR.EXE" [2001-10-05 118784]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"WINDVDPatch"="CTHELPER.EXE" [2002-02-07 40960]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-09-10 295512]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-24 3568312]
"ToolbarTray"="c:\program files\Anvisoft\Slim Toolbar\ToolbarTray.exe" [2013-10-28 818872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AdFender.lnk - c:\program files\AdFender\AdFender.exe -autostart [2013-5-29 3225712]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-6-14 113664]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE /tsr [2007-4-19 64864]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2013-5-25 49220]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\AdFender\\AdFender.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Spotify\\spotify.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15515:TCP"= 15515:TCP:BitComet 15515 TCP
"15515:UDP"= 15515:UDP:BitComet 15515 UDP
"9322:TCP"= 9322:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [25/05/2013 19:06 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [25/05/2013 19:06 178304]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [07/11/2013 21:23 368616]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [07/11/2013 21:23 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [07/11/2013 21:23 909728]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25/05/2013 19:06 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25/05/2013 19:06 403440]
R1 MpKsle771d6d1;MpKsle771d6d1;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F17D7AA1-9677-4E22-BB12-73F5C810FBC5}\MpKsle771d6d1.sys [03/12/2013 19:43 40392]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [07/11/2013 21:35 260760]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [07/11/2013 21:23 202280]
R2 astsvr;Anvi Slim Toolbar Guard Service;c:\program files\Anvisoft\Slim Toolbar\ToolBarService.exe [28/10/2013 06:56 119480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/05/2013 19:06 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [25/05/2013 19:06 70384]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [07/11/2013 21:37 580728]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [15/03/2013 14:07 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [15/01/2013 12:07 780152]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [14/08/2013 14:19 39056]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [07/11/2013 21:37 62688]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [23/05/2013 11:49 1691480]
S3 pctplsm;pctplsm;c:\windows\system32\drivers\pctplsm.sys [07/11/2013 21:35 68272]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [07/11/2013 21:34 403416]
S4 Aswbomsna;Aswbomsna; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLE771D6D1
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 22:30 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-25 11:38]
.
2013-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-25 19:06]
.
2013-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-25 19:06]
.
2013-12-03 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 15:01]
.
2013-11-23 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14 14:19]
.
2013-12-03 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 14:19]
.
2013-12-03 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 14:19]
.
2013-12-03 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 16:13]
.
2013-12-02 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 16:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-03 20:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h???\????????\?w? ?w???????w???w4???????.??w4???????4????>?s4????????&3?????\??? ??? ???\???\???????????5?B~e?B~\???\???????h?a??????C@?\???\???$??s????\??????s\????&3?5??s?&3??C@?x???`|?w\?????@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2013-12-03 20:48:43
ComboFix-quarantined-files.txt 2013-12-03 20:48
.
Pre-Run: 114,892,972,032 bytes free
Post-Run: 116,488,114,176 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 9E323EABF60282BDEF80406F01C88460
8F558EB6672622401DA993E1E865C861

#12 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 03 December 2013 - 08:53 PM

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.

c:\program files\Common Files\tppupd2k.dll

Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.
----------

#13 wotanidiot

Authentic Member

Authentic Member
22 posts

Posted 06 December 2013 - 05:42 AM

Hi Jeff, I have the link and have added it below.

Am I right in saying I would need to re-install Google Chrome or should I wait?

Cheers.

https://www.virustot...sis/1386281510/

#14 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 06 December 2013 - 07:05 AM

No I don't see any reason to remove Chrome.

ComboFix

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

ClearJavaCache::

File::
c:\Program Files\BitComet\BitComet.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitComet\\BitComet.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15515:TCP"=-
"15515:UDP"=-

Driver::
Aswbomsna
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix may request an update; please allow it.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.