Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91700 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

malware infection: trying to type in data entry fields triggers pop-up

malware infection

  • This topic is locked This topic is locked
36 replies to this topic

#1 wotanidiot

wotanidiot

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 10 November 2013 - 11:52 AM

Hi, I think I have a malware infection? Every time I try to type something into a data entry field it triggers a pop-up window, or opens an unwanted website in a new tag. Double underscored words now appear in text, which are links to further unwanted websites. I could be wrong, but I think this started when I tried to install software from this website: http://www.free-tv-video-online.me/ to stream content (hence my user name!).

 

I am running avast with real time protection enabled, and PCtools with real time protection disabled. Next is my Highjack This log and Startup list, followed by a list of URL's  that are popping-up - srv and rvzr are the most persistent.

 

I've run malwarebytes and cc cleaner in safe mode. malwarebytes found and removed several 'infections', now, the 'srv' and 'rvzr' windows still pop-up but are blank other than the text 'adds not from this site' in small letters.

 

Needless to say, most activity on the Internet is running quite slowly.

 

I would be very grateful if you could help me remove this problem. Thank you.

 

Highjack This log:

 

 Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 09:50:52, on 10/11/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
 
 
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
C:\Program Files\AdFender\AdFender.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AdFender.lnk = C:\Program Files\AdFender\AdFender.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1369314406283
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1369320571843
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
 
--------------------------------
End of file - 10195 bytes
 
---
 
StartupList report, 10/11/2013, 17:42:15
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Owner\Desktop\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v8.00 (8.00.6001.18702)
* Using default options
==================================================
 
Running processes:
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
C:\Program Files\AdFender\AdFender.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
 
--------------------------------------------------
 
Listing of startup folders:
 
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
AdFender.lnk = C:\Program Files\AdFender\AdFender.exe
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
NCProTray.lnk = ?
 
--------------------------------------------------
 
Checking Windows NT UserInit:
 
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
 
--------------------------------------------------
 
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
 
StartCCC = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
RTHDCPL = RTHDCPL.EXE
Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
MSC = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
avast = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
TPP Auto Loader = C:\WINDOWS\TPPALDR.EXE
Conime = %windir%\system32\conime.exe
EKStatusMonitor = C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
WINDVDPatch = CTHELPER.EXE
UpdReg = C:\WINDOWS\UpdReg.EXE
Jet Detection = C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
TkBellExe = "C:\program files\real\realplayer\update\realsched.exe"  -osboot
ISTray = "C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
 
--------------------------------------------------
 
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
 
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
swg = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Spotify Web Helper = "C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe"
 
--------------------------------------------------
 
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
 
[CTStartup]
CTStartup = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /play
 
--------------------------------------------------
 
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
 
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
 
Shell & screensaver key from Registry:
 
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
 
Policies Shell key:
 
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
 
--------------------------------------------------
 
 
Enumerating Browser Helper Objects:
 
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Browser Guard BHO - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
(no name) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA}
BitComet ClickCapture - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
(no name) - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
(no name) - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
 
--------------------------------------------------
 
Enumerating Task Scheduler jobs:
 
avast! Emergency Update.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
Microsoft Antimalware Scheduled Scan.job
RealDownloaderDownloaderScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
RealDownloaderRealUpgradeLogonTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
RealPlayerRealUpgradeLogonTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
RealPlayerRealUpgradeScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
 
--------------------------------------------------
 
Enumerating Download Program Files:
 
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
 
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
 
--------------------------------------------------
 
Enumerating ShellServiceObjectDelayLoad items:
 
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
 
--------------------------------------------------
End of report, 8,843 bytes
Report generated in 0.531 seconds
 
Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only
 
 
 
 
List of Pop-up URL's:
 
**deleted list of possibly infected links**

    Advertisements

Register to Remove


#2 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 11 November 2013 - 08:17 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 

Please download DDS from either of these links
 
LINK 1
LINK 2
 
and save it to your desktop.

  • Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:
 
DDS.txt
 
Attach.txt
----------
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 

81mYIKe.jpgAdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


Posted Image
 
 

#3 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 13 November 2013 - 07:35 PM

Still here?


Posted Image
 
 

#4 wotanidiot

wotanidiot

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 14 November 2013 - 09:53 AM

Hello yes, sorry, I'm still here. Have downloaded dds, tdsskiller and AdwCleaner. Will run and submit logs within the next couple of days (having to do some TAX stuff right now). Thank you for helping me, will be right back onto it ASAP.



#5 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 14 November 2013 - 01:31 PM

No problem....thanks for letting me know.  :)


Posted Image
 
 

#6 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 17 November 2013 - 10:24 AM

Still need help?  :)


Posted Image
 
 

#7 wotanidiot

wotanidiot

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 18 November 2013 - 11:35 AM

Yes please, I still need help! I have the logs and will add them in order: dds log, dds attach, tdsskiller report, AdwCleaner [RO].

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Owner at 14:04:36 on 2013-11-18
Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.1791.918 [GMT 0:00]
.
AV: PC Tools Spyware Doctor *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AdFender\AdFender.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.yahoo.com/
uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Spotify Web Helper] "c:\documents and settings\owner\application data\spotify\data\SpotifyWebHelper.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [TPP Auto Loader] c:\windows\TPPALDR.EXE
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Jet Detection] c:\program files\creative\sblive\program\ADGJDet.exe
mRun: [CTStartup] c:\program files\creative\splash screen\CTEaxSpl.EXE /run
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [ISTray] "c:\program files\pc tools\pc tools security\pctsGui.exe" /hideGUI
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adfender.lnk - c:\program files\adfender\AdFender.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1369314406283
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369320571843
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C6053F85-E4E6-423E-A872-BD18370BA919} : DHCPNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-25 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-25 177864]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 214696]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2013-11-7 368616]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2013-11-7 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2013-11-7 909728]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-25 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-25 369584]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2013-11-7 260760]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2013-11-7 202280]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-5-25 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-25 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-25 46808]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2013-11-7 580728]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2013-3-15 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2013-1-15 780152]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2013-11-7 403416]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2013-11-7 1162360]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2013-11-7 62688]
R3 pctplsm;pctplsm;c:\windows\system32\drivers\pctplsm.sys [2013-11-7 68272]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-5-23 1691480]
S4 Aswbomsna;Aswbomsna; [x]
.
=============== File Associations ===============
.
ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe"
.
=============== Created Last 30 ================
.
2013-11-17 10:07:22 7796464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f044293-9fed-439f-8831-d09bd9994809}\mpengine.dll
2013-11-16 03:14:18 7796464 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-11-07 21:39:51 -------- d-----w- c:\documents and settings\owner\local settings\application data\Threat Expert
2013-11-07 21:37:29 62688 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2013-11-07 21:37:25 769144 ----a-w- c:\windows\BDTSupport.dll
2013-11-07 21:37:23 150648 ----a-w- c:\windows\SGDetectionTool.dll
2013-11-07 21:37:21 2280568 ----a-w- c:\windows\PCTBDCore.dll
2013-11-07 21:37:21 1690744 ----a-w- c:\windows\PCTBDRes.dll
2013-11-07 21:35:39 260760 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2013-11-07 21:35:24 19464 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2013-11-07 21:35:06 71752 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2013-11-07 21:35:06 68272 ----a-w- c:\windows\system32\drivers\pctplsm.sys
2013-11-07 21:34:04 -------- d-----w- c:\program files\PC Tools
2013-11-07 21:23:44 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2013-11-07 21:23:44 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2013-11-07 21:23:38 368616 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2013-11-07 21:23:38 163288 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2013-11-07 21:23:33 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2013-11-07 21:23:28 -------- d-----w- c:\program files\common files\PC Tools
2013-11-07 21:22:01 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2013-11-07 21:21:56 -------- d-----w- c:\documents and settings\owner\application data\TestApp
2013-10-30 22:09:35 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2013-10-30 22:09:12 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-10-30 22:09:09 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-30 22:09:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-27 17:49:37 -------- d-----w- c:\documents and settings\all users\application data\WinterSoft
2013-10-27 17:49:33 -------- d-----w- c:\program files\Ss-Helper
2013-10-27 17:49:22 -------- d-----w- c:\documents and settings\all users\application data\782f7c59d7d0d60
2013-10-27 17:49:21 -------- d-----w- c:\program files\DownloAdd okeeeper
2013-10-27 17:49:21 -------- d-----w- c:\documents and settings\all users\application data\DownloAdd okeeeper
2013-10-27 17:46:37 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2013-10-21 19:40:21 -------- d-----w- c:\documents and settings\owner\application data\KODAK AiO Home Center2019381136
.
==================== Find3M  ====================
.
2013-10-27 17:34:48 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-27 17:34:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-13 07:25:38 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25:08 43520 ------w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25:02 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24:17 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57:59 385024 ------w- c:\windows\system32\html.iec
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-27 09:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-10 18:22:29 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-09-10 18:22:29 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-08-30 07:48:13 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48:12 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48:12 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48:11 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47:40 41664 ----a-w- c:\windows\avastSS.scr
2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
2001-10-05 10:53:04 21866 ----a-w- c:\program files\common files\tppupd2k.dll
.
============= FINISH: 14:05:58.12 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 23/05/2013 12:25:35
System Uptime: 18/11/2013 08:06:02 (6 hours ago)
.
Motherboard: BIOSTAR Group |  | A780LB
Processor: AMD Athlon™ 64 X2 Dual Core Processor 5000+ | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 166.939 GiB free.
D: is FIXED (NTFS) - 38 GiB total, 36.825 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP114: 20/08/2013 15:05:31 - System Checkpoint
RP115: 23/08/2013 21:44:00 - System Checkpoint
RP116: 24/08/2013 21:52:19 - System Checkpoint
RP117: 26/08/2013 20:40:29 - System Checkpoint
RP118: 27/08/2013 20:51:24 - System Checkpoint
RP119: 30/08/2013 21:07:21 - System Checkpoint
RP120: 31/08/2013 20:25:03 - Software Distribution Service 3.0
RP121: 01/09/2013 20:01:02 - Software Distribution Service 3.0
RP122: 02/09/2013 08:58:51 - Software Distribution Service 3.0
RP123: 03/09/2013 18:05:10 - System Checkpoint
RP124: 04/09/2013 12:57:21 - Software Distribution Service 3.0
RP125: 06/09/2013 17:24:16 - Software Distribution Service 3.0
RP126: 07/09/2013 18:46:45 - Software Distribution Service 3.0
RP127: 09/09/2013 08:33:47 - Software Distribution Service 3.0
RP128: 10/09/2013 19:20:40 - Software Distribution Service 3.0
RP129: 12/09/2013 00:02:56 - Software Distribution Service 3.0
RP130: 12/09/2013 09:10:53 - Software Distribution Service 3.0
RP131: 12/09/2013 20:50:12 - Software Distribution Service 3.0
RP132: 14/09/2013 17:17:34 - Software Distribution Service 3.0
RP133: 15/09/2013 17:56:13 - System Checkpoint
RP134: 16/09/2013 08:23:23 - Software Distribution Service 3.0
RP135: 17/09/2013 19:43:42 - Software Distribution Service 3.0
RP136: 19/09/2013 22:12:40 - Software Distribution Service 3.0
RP137: 21/09/2013 20:12:29 - Software Distribution Service 3.0
RP138: 22/09/2013 02:17:45 - Software Distribution Service 3.0
RP139: 23/09/2013 08:54:30 - Software Distribution Service 3.0
RP140: 24/09/2013 09:07:44 - System Checkpoint
RP141: 24/09/2013 20:15:09 - Software Distribution Service 3.0
RP142: 26/09/2013 19:44:17 - Software Distribution Service 3.0
RP143: 27/09/2013 20:33:53 - Software Distribution Service 3.0
RP144: 29/09/2013 02:18:30 - Software Distribution Service 3.0
RP145: 29/09/2013 20:20:39 - Software Distribution Service 3.0
RP146: 30/09/2013 20:21:02 - System Checkpoint
RP147: 02/10/2013 16:57:53 - Software Distribution Service 3.0
RP148: 03/10/2013 18:54:18 - System Checkpoint
RP149: 04/10/2013 18:58:42 - Software Distribution Service 3.0
RP150: 05/10/2013 21:05:25 - System Checkpoint
RP151: 05/10/2013 21:20:47 - Software Distribution Service 3.0
RP152: 06/10/2013 21:22:22 - Software Distribution Service 3.0
RP153: 08/10/2013 18:19:07 - Software Distribution Service 3.0
RP154: 09/10/2013 18:29:36 - System Checkpoint
RP155: 09/10/2013 22:26:30 - Software Distribution Service 3.0
RP156: 10/10/2013 22:26:51 - Software Distribution Service 3.0
RP157: 11/10/2013 03:00:15 - Software Distribution Service 3.0
RP158: 12/10/2013 21:24:03 - Software Distribution Service 3.0
RP159: 13/10/2013 01:54:42 - Software Distribution Service 3.0
RP160: 13/10/2013 03:00:15 - Software Distribution Service 3.0
RP161: 13/10/2013 21:25:23 - Software Distribution Service 3.0
RP162: 15/10/2013 20:21:55 - Software Distribution Service 3.0
RP163: 16/10/2013 21:52:14 - Software Distribution Service 3.0
RP164: 17/10/2013 22:20:04 - Software Distribution Service 3.0
RP165: 19/10/2013 18:46:14 - Software Distribution Service 3.0
RP166: 21/10/2013 18:30:39 - Software Distribution Service 3.0
RP167: 22/10/2013 19:14:01 - Software Distribution Service 3.0
RP168: 23/10/2013 19:39:26 - Software Distribution Service 3.0
RP169: 24/10/2013 19:49:39 - Software Distribution Service 3.0
RP170: 25/10/2013 20:18:04 - Software Distribution Service 3.0
RP171: 26/10/2013 20:51:32 - Software Distribution Service 3.0
RP172: 27/10/2013 23:28:57 - System Checkpoint
RP173: 28/10/2013 16:29:34 - Software Distribution Service 3.0
RP174: 29/10/2013 19:43:14 - Software Distribution Service 3.0
RP175: 30/10/2013 19:58:09 - Software Distribution Service 3.0
RP176: 31/10/2013 22:18:42 - Software Distribution Service 3.0
RP177: 02/11/2013 20:34:24 - Software Distribution Service 3.0
RP178: 04/11/2013 19:36:34 - Software Distribution Service 3.0
RP179: 06/11/2013 08:29:15 - Software Distribution Service 3.0
RP180: 07/11/2013 19:30:08 - Software Distribution Service 3.0
RP181: 08/11/2013 20:16:37 - Software Distribution Service 3.0
RP182: 10/11/2013 09:56:19 - Software Distribution Service 3.0
RP183: 11/11/2013 19:12:35 - Software Distribution Service 3.0
RP184: 13/11/2013 19:47:43 - Software Distribution Service 3.0
RP185: 15/11/2013 17:40:40 - Software Distribution Service 3.0
RP186: 16/11/2013 03:00:21 - Software Distribution Service 3.0
RP187: 16/11/2013 03:14:11 - Software Distribution Service 3.0
RP188: 17/11/2013 10:07:14 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
AdFender
Adobe Acrobat 5.0
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS
Adobe Reader XI (11.0.05)
aioscnnr
AMD Processor Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Parental Control & Encoder
avast! Free Antivirus
BitComet 1.36
Browser Guard 4.0
C4USelfUpdater
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
center
Combined Community Codec Pack 2013-08-01
Compatibility Pack for the 2007 Office system
eMule
essentials
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Kodak AIO Printer
KODAK AiO Software
LightScribe  1.4.39.1
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 6.0 Parser
Natural Color Pro
Nero Suite
Notepad++
PC Tools Spyware Doctor 9.1
PreReq
QuarkXPress Passport 5.0
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2829530)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skins
Sound Blaster Live!
Spotify
TPP Storage Driver Installation
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
USB Storage Adapter (TPP)
USB Storage Adapter V2 (TPP)
USB Storage Adapter V3 (TPP)
VLC media player 2.0.8
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
15/11/2013 18:20:24, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.161.2051.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:   Previous Engine Version: 1.1.10003.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
15/11/2013 17:55:10, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.161.2051.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:   Previous Engine Version: 1.1.10003.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
11/11/2013 20:40:02, error: PCTCore [280]  - The item store is corrupted: @5644.
11/11/2013 20:40:01, error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume G:.
11/11/2013 20:32:05, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.
11/11/2013 19:01:16, error: Dhcp [1002]  - The IP address lease 192.168.1.2 for the Network Card with network address B8975A3C4138 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 
14:11:42.0828 4160  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:11:48.0062 4160  ============================================================
14:11:48.0062 4160  Current date / time: 2013/11/18 14:11:48.0062
14:11:48.0062 4160  SystemInfo:
14:11:48.0062 4160  
14:11:48.0062 4160  OS Version: 5.1.2600 ServicePack: 3.0
14:11:48.0062 4160  Product type: Workstation
14:11:48.0062 4160  ComputerName: OWNER-3FC151321
14:11:48.0062 4160  UserName: Owner
14:11:48.0062 4160  Windows directory: C:\WINDOWS
14:11:48.0062 4160  System windows directory: C:\WINDOWS
14:11:48.0062 4160  Processor architecture: Intel x86
14:11:48.0062 4160  Number of processors: 2
14:11:48.0062 4160  Page size: 0x1000
14:11:48.0062 4160  Boot type: Normal boot
14:11:48.0062 4160  ============================================================
14:11:49.0984 4160  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:11:50.0000 4160  Drive \Device\Harddisk1\DR1 - Size: 0x9924A7E00 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x1385, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:11:50.0109 4160  Drive \Device\Harddisk2\DR4 - Size: 0x7B000000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:11:50.0109 4160  ============================================================
14:11:50.0109 4160  \Device\Harddisk0\DR0:
14:11:50.0109 4160  MBR partitions:
14:11:50.0109 4160  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
14:11:50.0109 4160  \Device\Harddisk1\DR1:
14:11:50.0109 4160  MBR partitions:
14:11:50.0109 4160  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4C8ED06
14:11:50.0109 4160  \Device\Harddisk2\DR4:
14:11:50.0109 4160  MBR partitions:
14:11:50.0109 4160  \Device\Harddisk2\DR4\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3D7FC1
14:11:50.0109 4160  ============================================================
14:11:50.0109 4160  C: <-> \Device\Harddisk0\DR0\Partition1
14:11:50.0140 4160  D: <-> \Device\Harddisk1\DR1\Partition1
14:11:50.0140 4160  ============================================================
14:11:50.0140 4160  Initialize success
14:11:50.0140 4160  ============================================================
14:11:53.0609 1920  ============================================================
14:11:53.0609 1920  Scan started
14:11:53.0609 1920  Mode: Manual; 
14:11:53.0609 1920  ============================================================
14:11:54.0406 1920  ================ Scan system memory ========================
14:11:55.0359 1920  System memory - ok
14:11:55.0359 1920  ================ Scan services =============================
14:11:55.0437 1920  Abiosdsk - ok
14:11:55.0453 1920  abp480n5 - ok
14:11:55.0500 1920  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:11:55.0500 1920  ACPI - ok
14:11:55.0546 1920  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
14:11:55.0546 1920  ACPIEC - ok
14:11:55.0625 1920  [ 5DDC0A8D2CD60BDA593DDAF45821CE08 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
14:11:55.0953 1920  Adobe LM Service - ok
14:11:55.0953 1920  adpu160m - ok
14:11:56.0000 1920  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:11:56.0000 1920  aec - ok
14:11:56.0046 1920  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:11:56.0062 1920  AFD - ok
14:11:56.0062 1920  Aha154x - ok
14:11:56.0078 1920  aic78u2 - ok
14:11:56.0093 1920  aic78xx - ok
14:11:56.0125 1920  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:11:56.0125 1920  Alerter - ok
14:11:56.0156 1920  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
14:11:56.0156 1920  ALG - ok
14:11:56.0156 1920  AliIde - ok
14:11:56.0234 1920  [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
14:11:56.0265 1920  Ambfilt - ok
14:11:56.0296 1920  [ 6E58654CB25730B2579E45E1FD116A47 ] amdide          C:\WINDOWS\system32\DRIVERS\amdide.sys
14:11:56.0296 1920  amdide - ok
14:11:56.0343 1920  [ EFBB0956BAED786E137351B5CA272AEF ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:11:56.0343 1920  AmdK8 - ok
14:11:56.0359 1920  amsint - ok
14:11:56.0359 1920  AppMgmt - ok
14:11:56.0375 1920  asc - ok
14:11:56.0390 1920  asc3350p - ok
14:11:56.0390 1920  asc3550 - ok
14:11:56.0562 1920  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:11:56.0562 1920  aspnet_state - ok
14:11:56.0578 1920  Aswbomsna - ok
14:11:56.0593 1920  [ B9FE438B3CAD82B2014710349A2022F7 ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
14:11:56.0593 1920  aswFsBlk - ok
14:11:56.0609 1920  [ AE5549DD21F6DE06406031EF1D51ACC3 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
14:11:56.0609 1920  aswMonFlt - ok
14:11:56.0640 1920  [ D084D0A7A66619FC29776CBBB9D5FA55 ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
14:11:56.0640 1920  AswRdr - ok
14:11:56.0640 1920  [ FA72FA503F580C3C628DD8C7D7622E37 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
14:11:56.0640 1920  aswRvrt - ok
14:11:56.0671 1920  [ 4D53349D848C6BADB3D4ACBE98C27676 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
14:11:56.0687 1920  aswSnx - ok
14:11:56.0734 1920  [ 813024DFD54A41B3AFAE2B1E2796CB80 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
14:11:56.0750 1920  aswSP - ok
14:11:56.0796 1920  [ 5E18413310134130D7772F0668698CB7 ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
14:11:56.0796 1920  aswTdi - ok
14:11:56.0796 1920  [ A5F637D61719D37A5B4868C385E363C0 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
14:11:56.0812 1920  aswVmm - ok
14:11:56.0828 1920  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:11:56.0828 1920  AsyncMac - ok
14:11:56.0843 1920  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:11:56.0843 1920  atapi - ok
14:11:56.0859 1920  Atdisk - ok
14:11:56.0921 1920  [ D140E4A4994C031D58D0F62AD4EF5507 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:11:56.0921 1920  Ati HotKey Poller - ok
14:11:57.0000 1920  [ 460741BEFBFC91C88934620BC546D172 ] ATI Smart       C:\WINDOWS\system32\ati2sgag.exe
14:11:57.0015 1920  ATI Smart - ok
14:11:57.0156 1920  [ 6660B58E893499FB5CC7F92923D3F720 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:11:57.0296 1920  ati2mtag - ok
14:11:57.0312 1920  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:11:57.0312 1920  Atmarpc - ok
14:11:57.0328 1920  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:11:57.0328 1920  AudioSrv - ok
14:11:57.0375 1920  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:11:57.0375 1920  audstub - ok
14:11:57.0468 1920  [ 9330941C8F6DF417F6DBBE998DB6687E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:11:57.0468 1920  avast! Antivirus - ok
14:11:57.0515 1920  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:11:57.0531 1920  Beep - ok
14:11:57.0671 1920  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
14:11:57.0718 1920  BITS - ok
14:11:57.0781 1920  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
14:11:57.0781 1920  Browser - ok
14:11:57.0890 1920  [ 52C724DAC8ADDC50F593E331A9863979 ] Browser Defender Update Service C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
14:11:57.0906 1920  Browser Defender Update Service - ok
14:11:57.0953 1920  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:11:57.0984 1920  cbidf2k - ok
14:11:58.0000 1920  cd20xrnt - ok
14:11:58.0062 1920  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:11:58.0093 1920  Cdaudio - ok
14:11:58.0171 1920  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:11:58.0218 1920  Cdfs - ok
14:11:58.0312 1920  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:11:58.0343 1920  Cdrom - ok
14:11:58.0359 1920  Changer - ok
14:11:58.0375 1920  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:11:58.0375 1920  CiSvc - ok
14:11:58.0390 1920  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:11:58.0406 1920  ClipSrv - ok
14:11:58.0437 1920  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:11:58.0437 1920  clr_optimization_v2.0.50727_32 - ok
14:11:58.0453 1920  CmdIde - ok
14:11:58.0468 1920  COMSysApp - ok
14:11:58.0500 1920  Cpqarray - ok
14:11:58.0562 1920  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:11:58.0562 1920  CryptSvc - ok
14:11:58.0625 1920  [ 23D6D320C0D236784EF0CCF7CBF6C1C0 ] ctac32k         C:\WINDOWS\system32\drivers\ctac32k.sys
14:11:58.0625 1920  ctac32k - ok
14:11:58.0671 1920  [ 16693A385321CEAC8F24A53070EFC378 ] ctaud2k         C:\WINDOWS\system32\drivers\ctaud2k.sys
14:11:58.0812 1920  ctaud2k - ok
14:11:58.0859 1920  [ 71007BD2E1E26927FE3E4EB00C0BEEDF ] ctljystk        C:\WINDOWS\system32\DRIVERS\ctljystk.sys
14:11:58.0875 1920  ctljystk - ok
14:11:58.0890 1920  [ 53B99368D26AB1BE9C3842976DF5543C ] ctprxy2k        C:\WINDOWS\system32\drivers\ctprxy2k.sys
14:11:58.0890 1920  ctprxy2k - ok
14:11:58.0906 1920  [ 73746E147E50249B790BC631891063B5 ] ctsfm2k         C:\WINDOWS\system32\drivers\ctsfm2k.sys
14:11:58.0921 1920  ctsfm2k - ok
14:11:58.0921 1920  dac2w2k - ok
14:11:58.0937 1920  dac960nt - ok
14:11:59.0000 1920  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:11:59.0031 1920  DcomLaunch - ok
14:11:59.0078 1920  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:11:59.0078 1920  Dhcp - ok
14:11:59.0125 1920  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:11:59.0125 1920  Disk - ok
14:11:59.0140 1920  dmadmin - ok
14:11:59.0203 1920  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:11:59.0234 1920  dmboot - ok
14:11:59.0265 1920  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:11:59.0265 1920  dmio - ok
14:11:59.0296 1920  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:11:59.0296 1920  dmload - ok
14:11:59.0312 1920  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:11:59.0328 1920  dmserver - ok
14:11:59.0359 1920  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:11:59.0359 1920  DMusic - ok
14:11:59.0421 1920  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:11:59.0421 1920  Dnscache - ok
14:11:59.0453 1920  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
14:11:59.0468 1920  Dot3svc - ok
14:11:59.0484 1920  dpti2o - ok
14:11:59.0515 1920  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:11:59.0515 1920  drmkaud - ok
14:11:59.0531 1920  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
14:11:59.0531 1920  EapHost - ok
14:11:59.0578 1920  [ 01F83E1B5DCE05F5CB7D99113CA9E890 ] emu10k          C:\WINDOWS\system32\drivers\emu10k1m.sys
14:11:59.0593 1920  emu10k - ok
14:11:59.0625 1920  [ 7FFA171CCE6A8BFC774862A578BA39A2 ] emu10k1         C:\WINDOWS\system32\drivers\ctlfacem.sys
14:11:59.0625 1920  emu10k1 - ok
14:11:59.0640 1920  [ A75959F10B6B536982F872B55FC6CE27 ] emupia          C:\WINDOWS\system32\drivers\emupia2k.sys
14:11:59.0656 1920  emupia - ok
14:11:59.0703 1920  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:11:59.0703 1920  ERSvc - ok
14:11:59.0765 1920  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
14:11:59.0781 1920  Eventlog - ok
14:11:59.0921 1920  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
14:11:59.0937 1920  EventSystem - ok
14:11:59.0984 1920  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:11:59.0984 1920  Fastfat - ok
14:12:00.0046 1920  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:12:00.0062 1920  FastUserSwitchingCompatibility - ok
14:12:00.0093 1920  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
14:12:00.0093 1920  Fdc - ok
14:12:00.0109 1920  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:12:00.0125 1920  Fips - ok
14:12:00.0125 1920  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
14:12:00.0140 1920  Flpydisk - ok
14:12:00.0187 1920  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:12:00.0187 1920  FltMgr - ok
14:12:00.0281 1920  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:12:00.0296 1920  FontCache3.0.0.0 - ok
14:12:00.0296 1920  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:12:00.0312 1920  Fs_Rec - ok
14:12:00.0343 1920  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:12:00.0343 1920  Ftdisk - ok
14:12:00.0390 1920  [ 065639773D8B03F33577F6CDAEA21063 ] gameenum        C:\WINDOWS\system32\DRIVERS\gameenum.sys
14:12:00.0390 1920  gameenum - ok
14:12:00.0406 1920  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:12:00.0421 1920  Gpc - ok
14:12:00.0515 1920  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
14:12:00.0515 1920  gupdate - ok
14:12:00.0515 1920  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
14:12:00.0531 1920  gupdatem - ok
14:12:00.0578 1920  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:12:00.0593 1920  gusvc - ok
14:12:00.0671 1920  [ BCB3281BFC4EEB8D82932669490013CD ] ha10kx2k        C:\WINDOWS\system32\drivers\ha10kx2k.sys
14:12:00.0734 1920  ha10kx2k - ok
14:12:00.0812 1920  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:12:00.0812 1920  HDAudBus - ok
14:12:00.0906 1920  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:12:00.0906 1920  helpsvc - ok
14:12:00.0921 1920  HidServ - ok
14:12:01.0046 1920  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:12:01.0046 1920  HidUsb - ok
14:12:01.0093 1920  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
14:12:01.0109 1920  hkmsvc - ok
14:12:01.0125 1920  hpn - ok
14:12:01.0171 1920  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:12:01.0187 1920  HTTP - ok
14:12:01.0234 1920  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:12:01.0234 1920  HTTPFilter - ok
14:12:01.0250 1920  i2omgmt - ok
14:12:01.0265 1920  i2omp - ok
14:12:01.0281 1920  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:12:01.0296 1920  i8042prt - ok
14:12:01.0437 1920  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:12:01.0468 1920  idsvc - ok
14:12:01.0515 1920  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:12:01.0515 1920  Imapi - ok
14:12:01.0578 1920  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:12:01.0593 1920  ImapiService - ok
14:12:01.0609 1920  ini910u - ok
14:12:01.0875 1920  [ 5D138ADC44C43BF37634C8E528D75B1F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:12:02.0046 1920  IntcAzAudAddService - ok
14:12:02.0078 1920  IntelIde - ok
14:12:02.0156 1920  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:12:02.0156 1920  Ip6Fw - ok
14:12:02.0203 1920  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:12:02.0203 1920  IpFilterDriver - ok
14:12:02.0218 1920  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:12:02.0218 1920  IpInIp - ok
14:12:02.0250 1920  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:12:02.0250 1920  IpNat - ok
14:12:02.0281 1920  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:12:02.0281 1920  IPSec - ok
14:12:02.0296 1920  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:12:02.0312 1920  IRENUM - ok
14:12:02.0343 1920  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:12:02.0343 1920  isapnp - ok
14:12:02.0375 1920  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:12:02.0375 1920  Kbdclass - ok
14:12:02.0390 1920  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:12:02.0406 1920  kmixer - ok
14:12:02.0515 1920  [ 140692763A50BFFF322CDC076300587E ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
14:12:02.0531 1920  Kodak AiO Network Discovery Service - ok
14:12:02.0546 1920  [ E29F999616D7C08B0E91296908C47CAF ] Kodak AiO Status Monitor Service C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
14:12:02.0562 1920  Kodak AiO Status Monitor Service - ok
14:12:02.0578 1920  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:12:02.0593 1920  KSecDD - ok
14:12:02.0625 1920  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
14:12:02.0625 1920  LanmanServer - ok
14:12:02.0671 1920  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:12:02.0687 1920  lanmanworkstation - ok
14:12:02.0687 1920  lbrtfdc - ok
14:12:02.0750 1920  [ 575ED0F5DCB34E5C243D2A7EBC860484 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:12:02.0750 1920  LightScribeService - ok
14:12:02.0796 1920  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:12:02.0796 1920  LmHosts - ok
14:12:02.0843 1920  [ F627E9DA4D3D8DC05A15B68944302F14 ] MagicTune       C:\WINDOWS\system32\drivers\MTiCtwl.sys
14:12:02.0843 1920  MagicTune - ok
14:12:02.0875 1920  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:12:02.0875 1920  Messenger - ok
14:12:02.0906 1920  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:12:02.0906 1920  mnmdd - ok
14:12:02.0921 1920  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
14:12:02.0921 1920  mnmsrvc - ok
14:12:02.0953 1920  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:12:02.0953 1920  Modem - ok
14:12:03.0000 1920  [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
14:12:03.0031 1920  Monfilt - ok
14:12:03.0062 1920  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:12:03.0062 1920  Mouclass - ok
14:12:03.0109 1920  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:12:03.0109 1920  mouhid - ok
14:12:03.0125 1920  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:12:03.0125 1920  MountMgr - ok
14:12:03.0171 1920  [ E77DC03DD3C8E5A388BF9EED2A28F3D1 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
14:12:03.0171 1920  MpFilter - ok
14:12:03.0453 1920  [ 06D4F934E09C359B0EFBFB3146F1D910 ] MpKsld018bf69   c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F044293-9FED-439F-8831-D09BD9994809}\MpKsld018bf69.sys
14:12:03.0453 1920  MpKsld018bf69 - ok
14:12:03.0453 1920  mraid35x - ok
14:12:03.0484 1920  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:12:03.0515 1920  MRxDAV - ok
14:12:03.0640 1920  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:12:03.0671 1920  MRxSmb - ok
14:12:03.0703 1920  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:12:03.0703 1920  MSDTC - ok
14:12:03.0765 1920  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:12:03.0765 1920  Msfs - ok
14:12:03.0765 1920  MSIServer - ok
14:12:03.0796 1920  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:12:03.0796 1920  MSKSSRV - ok
14:12:03.0843 1920  [ B0F49DA36F30922F5DDC3B623B778FCE ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:12:03.0843 1920  MsMpSvc - ok
14:12:03.0875 1920  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:12:03.0875 1920  MSPCLOCK - ok
14:12:03.0890 1920  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:12:03.0890 1920  MSPQM - ok
14:12:03.0937 1920  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:12:03.0937 1920  mssmbios - ok
14:12:03.0968 1920  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:12:03.0968 1920  Mup - ok
14:12:04.0000 1920  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
14:12:04.0015 1920  napagent - ok
14:12:04.0031 1920  [ F627E9DA4D3D8DC05A15B68944302F14 ] NCPro           C:\WINDOWS\system32\drivers\MTictwl.sys
14:12:04.0046 1920  NCPro - ok
14:12:04.0062 1920  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:12:04.0062 1920  NDIS - ok
14:12:04.0093 1920  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:12:04.0093 1920  NdisTapi - ok
14:12:04.0140 1920  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:12:04.0156 1920  Ndisuio - ok
14:12:04.0156 1920  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:12:04.0171 1920  NdisWan - ok
14:12:04.0218 1920  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:12:04.0218 1920  NDProxy - ok
14:12:04.0265 1920  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:12:04.0265 1920  NetBIOS - ok
14:12:04.0281 1920  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:12:04.0281 1920  NetBT - ok
14:12:04.0406 1920  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:12:04.0421 1920  NetDDE - ok
14:12:04.0421 1920  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:12:04.0421 1920  NetDDEdsdm - ok
14:12:04.0468 1920  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:12:04.0468 1920  Netlogon - ok
14:12:04.0531 1920  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
14:12:04.0531 1920  Netman - ok
14:12:04.0593 1920  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:12:04.0593 1920  NetTcpPortSharing - ok
14:12:04.0640 1920  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
14:12:04.0640 1920  Nla - ok
14:12:04.0656 1920  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:12:04.0656 1920  Npfs - ok
14:12:04.0687 1920  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:12:04.0687 1920  Ntfs - ok
14:12:04.0703 1920  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:12:04.0703 1920  NtLmSsp - ok
14:12:04.0718 1920  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:12:04.0734 1920  NtmsSvc - ok
14:12:04.0765 1920  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:12:04.0765 1920  Null - ok
14:12:04.0812 1920  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:12:04.0812 1920  NwlnkFlt - ok
14:12:04.0812 1920  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:12:04.0812 1920  NwlnkFwd - ok
14:12:04.0890 1920  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:12:04.0890 1920  ose - ok
14:12:04.0906 1920  [ 64DE7FDE0AAC66F721ADDD1E0394E664 ] ossrv           C:\WINDOWS\system32\drivers\ctoss2k.sys
14:12:04.0921 1920  ossrv - ok
14:12:04.0968 1920  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
14:12:04.0968 1920  Parport - ok
14:12:04.0984 1920  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:12:04.0984 1920  PartMgr - ok
14:12:05.0031 1920  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:12:05.0031 1920  ParVdm - ok
14:12:05.0062 1920  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:12:05.0062 1920  PCI - ok
14:12:05.0062 1920  PCIDump - ok
14:12:05.0078 1920  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:12:05.0078 1920  PCIIde - ok
14:12:05.0125 1920  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
14:12:05.0125 1920  Pcmcia - ok
14:12:05.0156 1920  [ 9DCE45B0DC51EBB7CD7063F8C3B086D0 ] PCTBD           C:\WINDOWS\system32\Drivers\PCTBD.sys
14:12:05.0156 1920  PCTBD - ok
14:12:05.0187 1920  [ 07D9D16537B6969F2BBE00485F10D5BA ] PCTCore         C:\WINDOWS\system32\drivers\PCTCore.sys
14:12:05.0203 1920  PCTCore - ok
14:12:05.0234 1920  [ 3C9FD593E95B98C642B4486CD122C2FB ] pctDS           C:\WINDOWS\system32\drivers\pctDS.sys
14:12:05.0234 1920  pctDS - ok
14:12:05.0296 1920  [ DB6B6E47165B9647B215CEEB4DB33B87 ] pctEFA          C:\WINDOWS\system32\drivers\pctEFA.sys
14:12:05.0312 1920  pctEFA - ok
14:12:05.0359 1920  [ AE500FF14A222636CD10D346C37A52C4 ] pctgntdi        C:\WINDOWS\system32\drivers\pctgntdi.sys
14:12:05.0359 1920  pctgntdi - ok
14:12:05.0375 1920  [ 53CE0E9078360553FAB0BFFF1C1ECF4F ] pctplsm         C:\WINDOWS\system32\drivers\pctplsm.sys
14:12:05.0375 1920  pctplsm - ok
14:12:05.0437 1920  [ 9A073A09F22C63247964B946F04CB8A4 ] PCTSD           C:\WINDOWS\system32\Drivers\PCTSD.sys
14:12:05.0437 1920  PCTSD - ok
14:12:05.0437 1920  PDCOMP - ok
14:12:05.0453 1920  PDFRAME - ok
14:12:05.0468 1920  PDRELI - ok
14:12:05.0468 1920  PDRFRAME - ok
14:12:05.0484 1920  perc2 - ok
14:12:05.0500 1920  perc2hib - ok
14:12:05.0578 1920  [ 2F5532F9B0F903B26847DA674B4F55B2 ] PfModNT         C:\WINDOWS\system32\PfModNT.sys
14:12:05.0578 1920  PfModNT - ok
14:12:05.0593 1920  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
14:12:05.0609 1920  PlugPlay - ok
14:12:05.0625 1920  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:12:05.0625 1920  PolicyAgent - ok
14:12:05.0640 1920  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:12:05.0640 1920  PptpMiniport - ok
14:12:05.0671 1920  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
14:12:05.0671 1920  Processor - ok
14:12:05.0687 1920  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:12:05.0687 1920  ProtectedStorage - ok
14:12:05.0687 1920  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:12:05.0687 1920  PSched - ok
14:12:05.0703 1920  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:12:05.0703 1920  Ptilink - ok
14:12:05.0703 1920  ql1080 - ok
14:12:05.0718 1920  Ql10wnt - ok
14:12:05.0734 1920  ql12160 - ok
14:12:05.0734 1920  ql1240 - ok
14:12:05.0750 1920  ql1280 - ok
14:12:05.0812 1920  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:12:05.0812 1920  RasAcd - ok
14:12:05.0843 1920  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:12:05.0843 1920  RasAuto - ok
14:12:05.0875 1920  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:12:05.0875 1920  Rasl2tp - ok
14:12:05.0890 1920  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:12:05.0906 1920  RasMan - ok
14:12:05.0906 1920  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:12:05.0906 1920  RasPppoe - ok
14:12:05.0921 1920  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:12:05.0921 1920  Raspti - ok
14:12:05.0937 1920  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:12:05.0953 1920  Rdbss - ok
14:12:05.0968 1920  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:12:05.0968 1920  RDPCDD - ok
14:12:06.0015 1920  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:12:06.0015 1920  RDPWD - ok
14:12:06.0062 1920  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:12:06.0062 1920  RDSessMgr - ok
14:12:06.0156 1920  [ 96EFEC24346A8EB1157E80523079ADDC ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
14:12:06.0156 1920  RealNetworks Downloader Resolver Service - ok
14:12:06.0203 1920  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:12:06.0203 1920  redbook - ok
14:12:06.0250 1920  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:12:06.0250 1920  RemoteAccess - ok
14:12:06.0265 1920  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:12:06.0265 1920  RpcLocator - ok
14:12:06.0312 1920  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
14:12:06.0328 1920  RpcSs - ok
14:12:06.0359 1920  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:12:06.0359 1920  RSVP - ok
14:12:06.0421 1920  [ D3578C3806ED545E5C36B2A20F5C0B5A ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
14:12:06.0421 1920  RTLE8023xp - ok
14:12:06.0468 1920  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:12:06.0468 1920  SamSs - ok
14:12:06.0500 1920  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:12:06.0500 1920  SCardSvr - ok
14:12:06.0531 1920  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:12:06.0531 1920  Schedule - ok
14:12:06.0593 1920  [ AE88672774DF12BEDF76768E52D23424 ] sdAuxService    C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
14:12:06.0593 1920  sdAuxService - ok
14:12:06.0734 1920  [ 5FC31ADB3B47E00349B92E57117D2C07 ] sdCoreService   C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
14:12:06.0765 1920  sdCoreService - ok
14:12:06.0796 1920  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:12:06.0796 1920  Secdrv - ok
14:12:06.0843 1920  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:12:06.0843 1920  seclogon - ok
14:12:06.0859 1920  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
14:12:06.0859 1920  SENS - ok
14:12:06.0875 1920  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
14:12:06.0890 1920  Serial - ok
14:12:06.0921 1920  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:12:06.0937 1920  Sfloppy - ok
14:12:06.0968 1920  [ 0B1A5E9CACB5CDD54A2815107BD7C772 ] sfman           C:\WINDOWS\system32\drivers\sfmanm.sys
14:12:06.0968 1920  sfman - ok
14:12:07.0000 1920  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
14:12:07.0000 1920  SharedAccess - ok
14:12:07.0046 1920  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:12:07.0062 1920  ShellHWDetection - ok
14:12:07.0062 1920  Simbad - ok
14:12:07.0078 1920  Sparrow - ok
14:12:07.0140 1920  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:12:07.0140 1920  splitter - ok
14:12:07.0171 1920  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:12:07.0187 1920  Spooler - ok
14:12:07.0234 1920  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:12:07.0234 1920  sr - ok
14:12:07.0250 1920  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
14:12:07.0250 1920  srservice - ok
14:12:07.0281 1920  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:12:07.0296 1920  Srv - ok
14:12:07.0312 1920  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:12:07.0328 1920  SSDPSRV - ok
14:12:07.0359 1920  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
14:12:07.0359 1920  StillCam - ok
14:12:07.0406 1920  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:12:07.0421 1920  stisvc - ok
14:12:07.0437 1920  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:12:07.0437 1920  swenum - ok
14:12:07.0453 1920  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:12:07.0453 1920  swmidi - ok
14:12:07.0453 1920  SwPrv - ok
14:12:07.0468 1920  symc810 - ok
14:12:07.0468 1920  symc8xx - ok
14:12:07.0484 1920  sym_hi - ok
14:12:07.0500 1920  sym_u3 - ok
14:12:07.0515 1920  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:12:07.0515 1920  sysaudio - ok
14:12:07.0546 1920  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:12:07.0546 1920  SysmonLog - ok
14:12:07.0593 1920  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:12:07.0593 1920  TapiSrv - ok
14:12:07.0625 1920  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:12:07.0625 1920  Tcpip - ok
14:12:07.0656 1920  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:12:07.0656 1920  TDPIPE - ok
14:12:07.0671 1920  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:12:07.0671 1920  TDTCP - ok
14:12:07.0687 1920  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:12:07.0687 1920  TermDD - ok
14:12:07.0734 1920  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
14:12:07.0734 1920  TermService - ok
14:12:07.0859 1920  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:12:07.0859 1920  Themes - ok
14:12:07.0875 1920  TosIde - ok
14:12:07.0921 1920  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:12:07.0937 1920  TrkWks - ok
14:12:07.0984 1920  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:12:07.0984 1920  Udfs - ok
14:12:08.0000 1920  ultra - ok
14:12:08.0046 1920  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:12:08.0062 1920  Update - ok
14:12:08.0093 1920  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:12:08.0109 1920  upnphost - ok
14:12:08.0125 1920  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
14:12:08.0140 1920  UPS - ok
14:12:08.0171 1920  [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:12:08.0171 1920  usbehci - ok
14:12:08.0187 1920  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:12:08.0187 1920  usbhub - ok
14:12:08.0234 1920  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:12:08.0234 1920  usbohci - ok
14:12:08.0281 1920  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:12:08.0281 1920  USBSTOR - ok
14:12:08.0312 1920  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:12:08.0312 1920  VgaSave - ok
14:12:08.0328 1920  ViaIde - ok
14:12:08.0343 1920  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
14:12:08.0343 1920  VolSnap - ok
14:12:08.0390 1920  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
14:12:08.0406 1920  VSS - ok
14:12:08.0468 1920  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
14:12:08.0484 1920  W32Time - ok
14:12:08.0500 1920  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:12:08.0515 1920  Wanarp - ok
14:12:08.0515 1920  WDICA - ok
14:12:08.0546 1920  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:12:08.0546 1920  wdmaud - ok
14:12:08.0578 1920  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:12:08.0593 1920  WebClient - ok
14:12:08.0734 1920  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:12:08.0765 1920  winmgmt - ok
14:12:08.0828 1920  [ 581176F60885AEF8F78C6E38DCC3CDF9 ] WMDM PMSP Service C:\WINDOWS\system32\MsPMSPSv.exe
14:12:08.0859 1920  WMDM PMSP Service - ok
14:12:09.0000 1920  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
14:12:09.0062 1920  WmdmPmSN - ok
14:12:09.0109 1920  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:12:09.0109 1920  WmiAcpi - ok
14:12:09.0171 1920  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:12:09.0171 1920  WmiApSrv - ok
14:12:09.0218 1920  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
14:12:09.0546 1920  WMPNetworkSvc - ok
14:12:09.0562 1920  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:12:09.0562 1920  WpdUsb - ok
14:12:09.0609 1920  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
14:12:09.0625 1920  wscsvc - ok
14:12:09.0640 1920  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:12:09.0640 1920  wuauserv - ok
14:12:09.0671 1920  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:12:09.0687 1920  WudfPf - ok
14:12:09.0687 1920  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:12:09.0687 1920  WudfRd - ok
14:12:09.0734 1920  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
14:12:09.0734 1920  WudfSvc - ok
14:12:09.0781 1920  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:12:09.0796 1920  WZCSVC - ok
14:12:09.0828 1920  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:12:09.0843 1920  xmlprov - ok
14:12:09.0843 1920  ================ Scan global ===============================
14:12:09.0875 1920  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:12:09.0921 1920  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
14:12:09.0937 1920  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
14:12:09.0953 1920  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:12:09.0968 1920  [Global] - ok
14:12:09.0968 1920  ================ Scan MBR ==================================
14:12:10.0062 1920  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:12:10.0265 1920  \Device\Harddisk0\DR0 - ok
14:12:10.0281 1920  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
14:12:10.0546 1920  \Device\Harddisk1\DR1 - ok
14:12:10.0562 1920  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk2\DR4
14:12:21.0843 1920  \Device\Harddisk2\DR4 - ok
14:12:21.0843 1920  ================ Scan VBR ==================================
14:12:21.0859 1920  [ A1984FF766E92DCF44D70DAC78BE0BC0 ] \Device\Harddisk0\DR0\Partition1
14:12:21.0859 1920  \Device\Harddisk0\DR0\Partition1 - ok
14:12:21.0875 1920  [ EF55127C6CC16A02FE7B808DEC51F755 ] \Device\Harddisk1\DR1\Partition1
14:12:21.0875 1920  \Device\Harddisk1\DR1\Partition1 - ok
14:12:21.0890 1920  [ 6B8D7DF780ACE4A26D9DF87F07CDCC88 ] \Device\Harddisk2\DR4\Partition1
14:12:21.0890 1920  \Device\Harddisk2\DR4\Partition1 - ok
14:12:21.0890 1920  ============================================================
14:12:21.0890 1920  Scan finished
14:12:21.0890 1920  ============================================================
14:12:21.0921 4320  Detected object count: 0
14:12:21.0921 4320  Actual detected object count: 0
 
# AdwCleaner v3.012 - Report created 18/11/2013 at 17:21:03
# Updated 11/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - OWNER-3FC151321
# Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found C:\Documents and Settings\All Users\Application Data\DownloAdd okeeeper
Folder Found C:\Program Files\DownloAdd okeeeper
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1015 octets] - [18/11/2013 17:21:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1075 octets] ##########
 
Thank you again for looking at this for me.

 



#8 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 19 November 2013 - 06:33 AM

Hi,
 
Please read through these instructions to familarize yourself with what to expect when this tool runs
 
Download ComboFix from one of these locations:
 
Link 1
Link 2
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
 


RCUpdate1.png

 
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
 
RC2-1.png
 
Click on Yes, to continue scanning for malware.
 
When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
 
Notes:
 
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
----------


Posted Image
 
 

#9 wotanidiot

wotanidiot

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 03 December 2013 - 05:29 AM

Thank you Jeff. I will get back to you as quickly as I can. I'm sorry I did not respond sooner; up until now, replies have come through in my email account, but this one didn't. Thanks again for your help.



#10 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 03 December 2013 - 06:28 AM

Ok no problem.  :)


Posted Image
 
 

    Advertisements

Register to Remove


#11 wotanidiot

wotanidiot

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 03 December 2013 - 03:03 PM

Hello again, I have the log C:\Combofix.txt. Have come straight on here (protected) with this so not sure how successful it's been, but have already noticed double underscores seem not to be present. Look forward to your feedback on log.

ComboFix 13-11-23.02 - Owner 03/12/2013 20:30:47.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1791.1138 [GMT 0:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlbkijojjfgcojdkdlpbfniilapcodpp
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlbkijojjfgcojdkdlpbfniilapcodpp\1.6\background.html
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlbkijojjfgcojdkdlpbfniilapcodpp\1.6\content.js
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlbkijojjfgcojdkdlpbfniilapcodpp\1.6\lsdb.js
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlbkijojjfgcojdkdlpbfniilapcodpp\1.6\manifest.json
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlbkijojjfgcojdkdlpbfniilapcodpp\1.6\sqlite.js
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlbkijojjfgcojdkdlpbfniilapcodpp\1.6\Z1MO.js
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlbkijojjfgcojdkdlpbfniilapcodpp_0.localstorage-journal
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlbkijojjfgcojdkdlpbfniilapcodpp_0.localstorage
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET41.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-11-03 to 2013-12-03 )))))))))))))))))))))))))))))))
.
.
2013-12-03 19:43 . 2013-12-03 19:43 40392 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F17D7AA1-9677-4E22-BB12-73F5C810FBC5}\MpKsle771d6d1.sys
2013-12-03 19:42 . 2013-12-03 19:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\KODAK AiO Home Center489310287
2013-12-02 17:44 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F17D7AA1-9677-4E22-BB12-73F5C810FBC5}\mpengine.dll
2013-12-01 11:53 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-27 23:33 . 2013-11-27 23:33 -------- d-----w- c:\program files\Anvisoft
2013-11-27 23:33 . 2013-11-27 23:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Anvisoft
2013-11-26 23:43 . 2013-11-26 23:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVAST Software
2013-11-24 11:42 . 2013-11-24 11:42 -------- d-----w- c:\documents and settings\Owner\Application Data\AVAST Software
2013-11-18 17:20 . 2013-11-18 17:21 -------- d-----w- C:\AdwCleaner
2013-11-07 21:39 . 2013-11-07 21:39 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
2013-11-07 21:37 . 2012-10-23 17:40 62688 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2013-11-07 21:37 . 2012-10-23 17:40 769144 ----a-w- c:\windows\BDTSupport.dll
2013-11-07 21:37 . 2012-10-23 17:40 150648 ----a-w- c:\windows\SGDetectionTool.dll
2013-11-07 21:22 . 2013-11-07 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2013-11-07 21:21 . 2013-11-07 21:21 -------- d-----w- c:\documents and settings\Owner\Application Data\TestApp
2013-11-07 20:38 . 2013-11-07 20:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2013-11-05 20:22 . 2013-11-05 20:22 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-03 18:41 . 2013-05-23 13:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-03 18:41 . 2013-05-23 13:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-24 11:39 . 2013-05-25 19:06 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-24 11:39 . 2013-05-25 19:06 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-24 11:39 . 2013-05-25 19:06 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-24 11:39 . 2013-05-25 19:06 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-11-24 11:39 . 2013-05-25 19:06 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-24 11:39 . 2013-05-25 19:06 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-24 11:39 . 2013-05-25 19:06 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-24 11:39 . 2013-05-25 19:06 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-24 11:39 . 2013-05-25 19:06 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-24 11:39 . 2013-05-25 19:05 43152 ----a-w- c:\windows\avastSS.scr
2013-11-19 10:21 . 2013-05-23 14:16 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-13 07:25 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2008-04-14 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2013-10-12 15:56 . 2008-04-14 12:00 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2008-04-14 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2008-04-14 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2013-05-23 13:25 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-27 09:53 . 2013-01-20 14:59 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-10 18:22 . 2013-06-23 20:40 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-09-10 18:22 . 2013-06-23 20:40 348160 ----a-w- c:\windows\system32\msvcr71.dll
2001-10-05 10:53 . 2013-05-25 19:52 21866 ----a-w- c:\program files\Common Files\tppupd2k.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-24 11:38 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-05-25 39408]
"Spotify Web Helper"="c:\documents and settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2013-10-05 1140736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"TPP Auto Loader"="c:\windows\TPPALDR.EXE" [2001-10-05 118784]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"WINDVDPatch"="CTHELPER.EXE" [2002-02-07 40960]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-09-10 295512]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-24 3568312]
"ToolbarTray"="c:\program files\Anvisoft\Slim Toolbar\ToolbarTray.exe" [2013-10-28 818872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AdFender.lnk - c:\program files\AdFender\AdFender.exe -autostart [2013-5-29 3225712]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-6-14 113664]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE /tsr [2007-4-19 64864]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2013-5-25 49220]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\AdFender\\AdFender.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Spotify\\spotify.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15515:TCP"= 15515:TCP:BitComet 15515 TCP
"15515:UDP"= 15515:UDP:BitComet 15515 UDP
"9322:TCP"= 9322:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [25/05/2013 19:06 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [25/05/2013 19:06 178304]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [07/11/2013 21:23 368616]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [07/11/2013 21:23 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [07/11/2013 21:23 909728]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25/05/2013 19:06 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25/05/2013 19:06 403440]
R1 MpKsle771d6d1;MpKsle771d6d1;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F17D7AA1-9677-4E22-BB12-73F5C810FBC5}\MpKsle771d6d1.sys [03/12/2013 19:43 40392]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [07/11/2013 21:35 260760]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [07/11/2013 21:23 202280]
R2 astsvr;Anvi Slim Toolbar Guard Service;c:\program files\Anvisoft\Slim Toolbar\ToolBarService.exe [28/10/2013 06:56 119480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/05/2013 19:06 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [25/05/2013 19:06 70384]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [07/11/2013 21:37 580728]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [15/03/2013 14:07 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [15/01/2013 12:07 780152]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [14/08/2013 14:19 39056]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [07/11/2013 21:37 62688]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [23/05/2013 11:49 1691480]
S3 pctplsm;pctplsm;c:\windows\system32\drivers\pctplsm.sys [07/11/2013 21:35 68272]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [07/11/2013 21:34 403416]
S4 Aswbomsna;Aswbomsna; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLE771D6D1
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 22:30 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-25 11:38]
.
2013-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-25 19:06]
.
2013-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-25 19:06]
.
2013-12-03 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 15:01]
.
2013-11-23 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14 14:19]
.
2013-12-03 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 14:19]
.
2013-12-03 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 14:19]
.
2013-12-03 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 16:13]
.
2013-12-02 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 16:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-03 20:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h???\????????\?w? ?w???????w???w4???????.??w4???????4????>?s4????????&3?????\??? ??? ???\???\???????????5?B~e?B~\???\???????h?a??????C@?\???\???$??s????\??????s\????&3?5??s?&3??C@?x???`|?w\?????@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2013-12-03 20:48:43
ComboFix-quarantined-files.txt 2013-12-03 20:48
.
Pre-Run: 114,892,972,032 bytes free
Post-Run: 116,488,114,176 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 9E323EABF60282BDEF80406F01C88460
8F558EB6672622401DA993E1E865C861

#12 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 03 December 2013 - 08:53 PM

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
c:\program files\Common Files\tppupd2k.dll

 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.
----------


Posted Image
 
 

#13 wotanidiot

wotanidiot

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 06 December 2013 - 05:42 AM

Hi Jeff, I have the link and have added it below.

Am I right in saying I would need to re-install Google Chrome or should I wait?

 

Cheers.

 

https://www.virustot...sis/1386281510/



#14 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 06 December 2013 - 07:05 AM

No I don't see any reason to remove Chrome.   :)
 
ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    File::
    c:\Program Files\BitComet\BitComet.exe
     
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\BitComet\\BitComet.exe"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "15515:TCP"=-
    "15515:UDP"=-
     
    Driver::
    Aswbomsna

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

 

Post the new log made by ComboFix and also let me know how your system is running now.  :)


Posted Image
 
 

#15 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 09 December 2013 - 11:57 AM

Still here??


Posted Image
 
 

Related Topics




Also tagged with one or more of these keywords: malware infection

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users