Police Ransom Virus

[Fiery]

Good, that is the entire log

Please download ERUNT from here to your USB and transfer it to your infected PC.

• Install ERUNT by following the prompts
  (use the default install settings but say no to the part that asks you to add ERUNT to the start-up folder.
• Start ERUNT by double clicking on the desktop icon or choosing to
• Choose a location for the backup
  (The default location is C:\WINDOWS\ERDNT)
• Make sure that boxes beside System Registry and Current User Registry are checked
  
  
• Press OK
• Press YES to create the folder.

Next, please follow the instructions below VERY carefully and make sure you highlight everything in the Quote box (Don't hightlight the word Quote: though)

<hr>

Open up Notepad and copy & paste the following:

killall::

File::
c:\documents and settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js

Folder::
c:\documents and settings\Jane\Application Data\searchresultstb

RegNULL::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81ACBB45-06B6-AC1D-98EF-D6ECE7754907}\InProcServer32*]

ClearJavaCache::

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe

* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below

<hr>

Next, download TDSSkiller from here to your USB and transfer it to your infected PC.

• Double-Click on TDSSKiller.exe to run the application
• When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
• After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
  
  
• click Start scan .
  
• If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
• If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.

Post the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt

<hr>
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• When it prompts you to try their 30-day trail, click decline
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

<hr>

Let me know how your system is running after performing all these scans.

 

[edward1]

Good, that is the entire log

Please download ERUNT from here to your USB and transfer it to your infected PC.

• Install ERUNT by following the prompts
  (use the default install settings but say no to the part that asks you to add ERUNT to the start-up folder.
• Start ERUNT by double clicking on the desktop icon or choosing to
• Choose a location for the backup
  (The default location is C:\WINDOWS\ERDNT)
• Make sure that boxes beside System Registry and Current User Registry are checked
  
  
• Press OK
• Press YES to create the folder.

Next, please follow the instructions below VERY carefully and make sure you highlight everything in the Quote box (Don't hightlight the word Quote: though)

<hr>

Open up Notepad and copy & paste the following:

killall::

File::
c:\documents and settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js

Folder::
c:\documents and settings\Jane\Application Data\searchresultstb

RegNULL::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81ACBB45-06B6-AC1D-98EF-D6ECE7754907}\InProcServer32*]

ClearJavaCache::

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe

* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below

<hr>

Next, download TDSSkiller from here to your USB and transfer it to your infected PC.

• Double-Click on TDSSKiller.exe to run the application
• When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
• After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
  
  
• click Start scan .
  
• If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
• If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.

Post the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt

<hr>
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• When it prompts you to try their 30-day trail, click decline
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

<hr>

Let me know how your system is running after performing all these scans.

Hi Fiery. All seems well. Very well indeed for which very many thanks. I just need to sort my internet connections. Currently I am having to swap a dialup to my broadband between machines and want to get back to wireless to laptop and ethernet to pc.
Below are the logs you requested:-
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.06.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jane :: PETERCOMPUTERNO [administrator]

06/01/2013 16:01:53
mbam-log-2013-01-06 (16-01-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 341571
Time elapsed: 8 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.

(end)
15:37:59.0000 3656 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:37:59.0015 3656 ============================================================
15:37:59.0015 3656 Current date / time: 2013/01/06 15:37:59.0015
15:37:59.0015 3656 SystemInfo:
15:37:59.0015 3656
15:37:59.0015 3656 OS Version: 5.1.2600 ServicePack: 3.0
15:37:59.0015 3656 Product type: Workstation
15:37:59.0015 3656 ComputerName: PETERCOMPUTERNO
15:37:59.0015 3656 UserName: Jane
15:37:59.0015 3656 Windows directory: C:\WINDOWS
15:37:59.0015 3656 System windows directory: C:\WINDOWS
15:37:59.0015 3656 Processor architecture: Intel x86
15:37:59.0015 3656 Number of processors: 2
15:37:59.0031 3656 Page size: 0x1000
15:37:59.0031 3656 Boot type: Normal boot
15:37:59.0031 3656 ============================================================
15:38:00.0312 3656 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:38:00.0359 3656 Drive \Device\Harddisk1\DR4 - Size: 0x1CDC7E800 (7.22 Gb), SectorSize: 0x200, Cylinders: 0x3AD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:38:00.0359 3656 ============================================================
15:38:00.0359 3656 \Device\Harddisk0\DR0:
15:38:00.0375 3656 MBR partitions:
15:38:00.0375 3656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
15:38:00.0375 3656 \Device\Harddisk1\DR4:
15:38:00.0375 3656 MBR partitions:
15:38:00.0375 3656 \Device\Harddisk1\DR4\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xE6DDA1
15:38:00.0375 3656 ============================================================
15:38:00.0406 3656 C: <-> \Device\Harddisk0\DR0\Partition1
15:38:00.0406 3656 ============================================================
15:38:00.0406 3656 Initialize success
15:38:00.0406 3656 ============================================================
15:38:24.0093 3692 Deinitialize success.
Sorry, I did merge the two desktop items as instructed but they have separated and I don't know where the log is.

 

[Fiery]

Hi, the combofix log should be in c:\ or C:\Qoobox\ . It should be called ComboFix2.txt . You may have to separate the log into 2 replies.

Also, copy and paste the last half of the TDSS log. Post the combofix and TDSS log in separate replies.

Fiery

 

[edward1]

Hi. Here is second half of TDSS :-
15:42:35.0312 3784 C:\WINDOWS\system32\drivers\afd.sys - ok
15:42:35.0328 3784 [ 7C9F0A2AB17D52261A9252A2EB320884 ] C:\WINDOWS\system32\drivers\aswRdr.sys
15:42:35.0328 3784 C:\WINDOWS\system32\drivers\aswRdr.sys - ok
15:42:35.0328 3784 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
15:42:35.0328 3784 C:\WINDOWS\system32\drivers\netbios.sys - ok
15:42:35.0328 3784 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
15:42:35.0328 3784 C:\WINDOWS\system32\drivers\rdbss.sys - ok
15:42:35.0343 3784 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
15:42:35.0343 3784 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
15:42:35.0343 3784 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
15:42:35.0343 3784 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
15:42:35.0343 3784 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
15:42:35.0343 3784 C:\WINDOWS\system32\drivers\fips.sys - ok
15:42:35.0359 3784 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] C:\WINDOWS\system32\drivers\aswSnx.sys
15:42:35.0359 3784 C:\WINDOWS\system32\drivers\aswSnx.sys - ok
15:42:35.0359 3784 [ 67B558895695545FB0568B7541F3BCA7 ] C:\WINDOWS\system32\drivers\aswSP.sys
15:42:35.0359 3784 C:\WINDOWS\system32\drivers\aswSP.sys - ok
15:42:35.0359 3784 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
15:42:35.0359 3784 C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys - ok
15:42:35.0375 3784 [ 149A8F7ADF9742554DC323E290551E3E ] C:\WINDOWS\system32\drivers\aavmker4.sys
15:42:35.0375 3784 C:\WINDOWS\system32\drivers\aavmker4.sys - ok
15:42:35.0375 3784 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
15:42:35.0375 3784 C:\WINDOWS\system32\smss.exe - ok
15:42:35.0375 3784 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
15:42:35.0375 3784 C:\WINDOWS\system32\ntdll.dll - ok
15:42:35.0390 3784 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
15:42:35.0390 3784 C:\WINDOWS\system32\autochk.exe - ok
15:42:35.0390 3784 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
15:42:35.0390 3784 C:\WINDOWS\system32\sfcfiles.dll - ok
15:42:35.0390 3784 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
15:42:35.0390 3784 C:\WINDOWS\system32\drivers\cdfs.sys - ok
15:42:35.0406 3784 [ A32426D9B14A089EAA1D922E0C5801A9 ] C:\WINDOWS\system32\drivers\usbstor.sys
15:42:35.0406 3784 C:\WINDOWS\system32\drivers\usbstor.sys - ok
15:42:35.0406 3784 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
15:42:35.0406 3784 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
15:42:35.0406 3784 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
15:42:35.0406 3784 C:\WINDOWS\system32\drivers\hidclass.sys - ok
15:42:35.0421 3784 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
15:42:35.0421 3784 C:\WINDOWS\system32\drivers\hidusb.sys - ok
15:42:35.0421 3784 [ 8525B88D8E902E7B587FCA034B298693 ] C:\WINDOWS\system32\drivers\alcacr.sys
15:42:35.0421 3784 C:\WINDOWS\system32\drivers\alcacr.sys - ok
15:42:35.0421 3784 [ 4C9577888C53243E2991456F510488A1 ] C:\WINDOWS\system32\drivers\alcaudsl.sys
15:42:35.0421 3784 C:\WINDOWS\system32\drivers\alcaudsl.sys - ok
15:42:35.0437 3784 [ 66065EF8736CD9A4EE0F8B02055F45B5 ] C:\WINDOWS\system32\drivers\alcawh.sys
15:42:35.0437 3784 C:\WINDOWS\system32\drivers\alcawh.sys - ok
15:42:35.0437 3784 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
15:42:35.0437 3784 C:\WINDOWS\system32\drivers\mouhid.sys - ok
15:42:35.0437 3784 [ 0940030D5A5869067CCC03E3B0B8DEC7 ] C:\WINDOWS\system32\drivers\alcan5wn.sys
15:42:35.0437 3784 C:\WINDOWS\system32\drivers\alcan5wn.sys - ok
15:42:35.0453 3784 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
15:42:35.0453 3784 C:\WINDOWS\system32\drivers\wmilib.sys - ok
15:42:35.0453 3784 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
15:42:35.0453 3784 C:\WINDOWS\system32\drivers\atapi.sys - ok
15:42:35.0453 3784 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
15:42:35.0453 3784 C:\WINDOWS\system32\drivers\dxapi.sys - ok
15:42:35.0468 3784 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
15:42:35.0468 3784 C:\WINDOWS\system32\watchdog.sys - ok
15:42:35.0468 3784 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:42:35.0468 3784 C:\WINDOWS\system32\basesrv.dll - ok
15:42:35.0468 3784 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
15:42:35.0468 3784 C:\WINDOWS\system32\csrsrv.dll - ok
15:42:35.0484 3784 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
15:42:35.0484 3784 C:\WINDOWS\system32\csrss.exe - ok
15:42:35.0484 3784 [ F984CAE54E536681B209F7816D8F68DA ] C:\WINDOWS\system32\win32k.sys
15:42:35.0484 3784 C:\WINDOWS\system32\win32k.sys - ok
15:42:35.0484 3784 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:42:35.0484 3784 C:\WINDOWS\system32\winsrv.dll - ok
15:42:35.0500 3784 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
15:42:35.0500 3784 C:\WINDOWS\system32\gdi32.dll - ok
15:42:35.0500 3784 [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
15:42:35.0500 3784 C:\WINDOWS\system32\kernel32.dll - ok
15:42:35.0500 3784 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
15:42:35.0500 3784 C:\WINDOWS\system32\user32.dll - ok
15:42:35.0515 3784 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
15:42:35.0515 3784 C:\WINDOWS\system32\drivers\dxg.sys - ok
15:42:35.0515 3784 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
15:42:35.0515 3784 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
15:42:35.0515 3784 [ 8FE3F0F6B5ECC139381D192E71E88A1B ] C:\WINDOWS\system32\nv4_disp.dll
15:42:35.0515 3784 C:\WINDOWS\system32\nv4_disp.dll - ok
15:42:35.0531 3784 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
15:42:35.0531 3784 C:\WINDOWS\system32\vga.dll - ok
15:42:35.0531 3784 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
15:42:35.0531 3784 C:\WINDOWS\system32\winlogon.exe - ok
15:42:35.0531 3784 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
15:42:35.0531 3784 C:\WINDOWS\system32\advapi32.dll - ok
15:42:35.0546 3784 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
15:42:35.0546 3784 C:\WINDOWS\system32\rpcrt4.dll - ok
15:42:35.0546 3784 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
15:42:35.0546 3784 C:\WINDOWS\system32\secur32.dll - ok
15:42:35.0546 3784 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
15:42:35.0546 3784 C:\WINDOWS\system32\authz.dll - ok
15:42:35.0562 3784 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
15:42:35.0562 3784 C:\WINDOWS\system32\msvcrt.dll - ok
15:42:35.0562 3784 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
15:42:35.0562 3784 C:\WINDOWS\system32\crypt32.dll - ok
15:42:35.0578 3784 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
15:42:35.0578 3784 C:\WINDOWS\system32\msasn1.dll - ok
15:42:35.0578 3784 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
15:42:35.0578 3784 C:\WINDOWS\system32\nddeapi.dll - ok
15:42:35.0578 3784 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
15:42:35.0578 3784 C:\WINDOWS\system32\netapi32.dll - ok
15:42:35.0593 3784 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
15:42:35.0593 3784 C:\WINDOWS\system32\profmap.dll - ok
15:42:35.0593 3784 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
15:42:35.0593 3784 C:\WINDOWS\system32\userenv.dll - ok
15:42:35.0593 3784 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
15:42:35.0593 3784 C:\WINDOWS\system32\psapi.dll - ok
15:42:35.0609 3784 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
15:42:35.0609 3784 C:\WINDOWS\system32\regapi.dll - ok
15:42:35.0609 3784 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
15:42:35.0609 3784 C:\WINDOWS\system32\setupapi.dll - ok
15:42:35.0609 3784 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
15:42:35.0609 3784 C:\WINDOWS\system32\imagehlp.dll - ok
15:42:35.0625 3784 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
15:42:35.0625 3784 C:\WINDOWS\system32\version.dll - ok
15:42:35.0625 3784 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
15:42:35.0625 3784 C:\WINDOWS\system32\winsta.dll - ok
15:42:35.0625 3784 [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
15:42:35.0625 3784 C:\WINDOWS\system32\wintrust.dll - ok
15:42:35.0640 3784 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
15:42:35.0640 3784 C:\WINDOWS\system32\imm32.dll - ok
15:42:35.0640 3784 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
15:42:35.0640 3784 C:\WINDOWS\system32\ws2help.dll - ok
15:42:35.0640 3784 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
15:42:35.0640 3784 C:\WINDOWS\system32\ws2_32.dll - ok
15:42:35.0656 3784 [ DAB9952E3626D84E74CBF4958B1B1F52 ] C:\WINDOWS\system32\kbduk.dll
15:42:35.0656 3784 C:\WINDOWS\system32\kbduk.dll - ok
15:42:35.0656 3784 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
15:42:35.0656 3784 C:\WINDOWS\system32\kbdus.dll - ok
15:42:35.0656 3784 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
15:42:35.0656 3784 C:\WINDOWS\system32\msgina.dll - ok
15:42:35.0671 3784 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
15:42:35.0671 3784 C:\WINDOWS\system32\comctl32.dll - ok
15:42:35.0671 3784 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
15:42:35.0671 3784 C:\WINDOWS\system32\odbc32.dll - ok
15:42:35.0671 3784 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
15:42:35.0671 3784 C:\WINDOWS\system32\comdlg32.dll - ok
15:42:35.0687 3784 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
15:42:35.0687 3784 C:\WINDOWS\system32\shell32.dll - ok
15:42:35.0687 3784 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
15:42:35.0687 3784 C:\WINDOWS\system32\shlwapi.dll - ok
15:42:35.0687 3784 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
15:42:35.0687 3784 C:\WINDOWS\system32\sxs.dll - ok
15:42:35.0703 3784 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
15:42:35.0703 3784 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
15:42:35.0703 3784 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
15:42:35.0703 3784 C:\WINDOWS\system32\odbcint.dll - ok
15:42:35.0703 3784 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
15:42:35.0703 3784 C:\WINDOWS\system32\ole32.dll - ok
15:42:35.0718 3784 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
15:42:35.0718 3784 C:\WINDOWS\system32\sfc.dll - ok
15:42:35.0718 3784 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
15:42:35.0718 3784 C:\WINDOWS\system32\sfc_os.dll - ok
15:42:35.0718 3784 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
15:42:35.0718 3784 C:\WINDOWS\system32\shsvcs.dll - ok
15:42:35.0734 3784 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
15:42:35.0734 3784 C:\WINDOWS\system32\apphelp.dll - ok
15:42:35.0734 3784 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
15:42:35.0734 3784 C:\WINDOWS\system32\lsass.exe - ok
15:42:35.0734 3784 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:42:35.0734 3784 C:\WINDOWS\system32\services.exe - ok
15:42:35.0750 3784 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
15:42:35.0750 3784 C:\WINDOWS\system32\lsasrv.dll - ok
15:42:35.0750 3784 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
15:42:35.0750 3784 C:\WINDOWS\system32\msvcp60.dll - ok
15:42:35.0750 3784 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
15:42:35.0765 3784 C:\WINDOWS\system32\ncobjapi.dll - ok
15:42:35.0781 3784 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
15:42:35.0781 3784 C:\WINDOWS\system32\mpr.dll - ok
15:42:35.0796 3784 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
15:42:35.0796 3784 C:\WINDOWS\system32\scesrv.dll - ok
15:42:35.0796 3784 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
15:42:35.0796 3784 C:\WINDOWS\system32\ntdsapi.dll - ok
15:42:35.0796 3784 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
15:42:35.0796 3784 C:\WINDOWS\system32\umpnpmgr.dll - ok
15:42:35.0812 3784 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
15:42:35.0812 3784 C:\WINDOWS\system32\dnsapi.dll - ok
15:42:35.0812 3784 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
15:42:35.0812 3784 C:\WINDOWS\system32\shimeng.dll - ok
15:42:35.0812 3784 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
15:42:35.0812 3784 C:\WINDOWS\AppPatch\acadproc.dll - ok
15:42:35.0828 3784 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
15:42:35.0828 3784 C:\WINDOWS\system32\wldap32.dll - ok
15:42:35.0828 3784 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
15:42:35.0828 3784 C:\WINDOWS\system32\samlib.dll - ok
15:42:35.0828 3784 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
15:42:35.0828 3784 C:\WINDOWS\system32\samsrv.dll - ok
15:42:35.0843 3784 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
15:42:35.0843 3784 C:\WINDOWS\AppPatch\acgenral.dll - ok
15:42:35.0843 3784 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
15:42:35.0843 3784 C:\WINDOWS\system32\cryptdll.dll - ok
15:42:35.0843 3784 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll
15:42:35.0843 3784 C:\WINDOWS\system32\oleaut32.dll - ok
15:42:35.0859 3784 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
15:42:35.0859 3784 C:\WINDOWS\system32\winmm.dll - ok
15:42:35.0859 3784 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
15:42:35.0859 3784 C:\WINDOWS\system32\msacm32.dll - ok
15:42:35.0859 3784 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
15:42:35.0859 3784 C:\WINDOWS\system32\uxtheme.dll - ok
15:42:35.0875 3784 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
15:42:35.0875 3784 C:\WINDOWS\system32\digest.dll - ok
15:42:35.0875 3784 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
15:42:35.0875 3784 C:\WINDOWS\system32\msapsspc.dll - ok
15:42:35.0875 3784 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
15:42:35.0875 3784 C:\WINDOWS\system32\msnsspc.dll - ok
15:42:35.0890 3784 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
15:42:35.0890 3784 C:\WINDOWS\system32\msvcrt40.dll - ok
15:42:35.0890 3784 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
15:42:35.0890 3784 C:\WINDOWS\system32\schannel.dll - ok
15:42:35.0890 3784 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
15:42:35.0890 3784 C:\WINDOWS\system32\msctfime.ime - ok
15:42:35.0906 3784 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
15:42:35.0906 3784 C:\WINDOWS\system32\msprivs.dll - ok
15:42:35.0906 3784 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
15:42:35.0906 3784 C:\WINDOWS\system32\kerberos.dll - ok
15:42:35.0906 3784 [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll
15:42:35.0906 3784 C:\WINDOWS\system32\atmfd.dll - ok
15:42:35.0921 3784 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
15:42:35.0921 3784 C:\WINDOWS\system32\msv1_0.dll - ok
15:42:35.0921 3784 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
15:42:35.0921 3784 C:\WINDOWS\system32\iphlpapi.dll - ok
15:42:35.0937 3784 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
15:42:35.0937 3784 C:\WINDOWS\system32\netlogon.dll - ok
15:42:35.0937 3784 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
15:42:35.0937 3784 C:\WINDOWS\system32\w32time.dll - ok
15:42:35.0937 3784 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
15:42:35.0937 3784 C:\WINDOWS\system32\wdigest.dll - ok
15:42:35.0953 3784 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
15:42:35.0953 3784 C:\WINDOWS\system32\rsaenh.dll - ok
15:42:35.0953 3784 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
15:42:35.0953 3784 C:\WINDOWS\system32\winscard.dll - ok
15:42:35.0953 3784 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
15:42:35.0953 3784 C:\WINDOWS\system32\wtsapi32.dll - ok
15:42:35.0968 3784 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
15:42:35.0968 3784 C:\WINDOWS\system32\scecli.dll - ok
15:42:35.0968 3784 [ 8B75BA256BCADA2B73FFA5BD77AA9E6C ] C:\Program Files\Emsisoft Anti-Malware\a2service.exe
15:42:35.0968 3784 C:\Program Files\Emsisoft Anti-Malware\a2service.exe - ok
15:42:35.0968 3784 [ 30614551284E3789466080B90272C253 ] C:\Program Files\Emsisoft Anti-Malware\a2engine.dll
15:42:35.0968 3784 C:\Program Files\Emsisoft Anti-Malware\a2engine.dll - ok
15:42:35.0984 3784 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
15:42:35.0984 3784 C:\WINDOWS\system32\msimg32.dll - ok
15:42:35.0984 3784 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
15:42:35.0984 3784 C:\WINDOWS\system32\winspool.drv - ok
15:42:35.0984 3784 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
15:42:35.0984 3784 C:\WINDOWS\system32\mswsock.dll - ok
15:42:36.0000 3784 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
15:42:36.0000 3784 C:\WINDOWS\system32\wsock32.dll - ok
15:42:36.0000 3784 [ 26D44E84F0223809B1D9C39959A656C5 ] C:\Program Files\Emsisoft Anti-Malware\quarantine.dll
15:42:36.0000 3784 C:\Program Files\Emsisoft Anti-Malware\quarantine.dll - ok
15:42:36.0000 3784 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
15:42:36.0000 3784 C:\WINDOWS\system32\logonui.exe - ok
15:42:36.0015 3784 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
15:42:36.0015 3784 C:\WINDOWS\system32\duser.dll - ok
15:42:36.0015 3784 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
15:42:36.0015 3784 C:\WINDOWS\system32\oleacc.dll - ok
15:42:36.0015 3784 [ 72E7F2A2C25BC51979BAC7270FD93420 ] C:\Program Files\Emsisoft Anti-Malware\t3.dll
15:42:36.0015 3784 C:\Program Files\Emsisoft Anti-Malware\t3.dll - ok
15:42:36.0031 3784 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
15:42:36.0031 3784 C:\WINDOWS\system32\clbcatq.dll - ok
15:42:36.0031 3784 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
15:42:36.0031 3784 C:\WINDOWS\system32\comres.dll - ok
15:42:36.0031 3784 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
15:42:36.0031 3784 C:\WINDOWS\system32\shgina.dll - ok
15:42:36.0046 3784 [ A3FCB48559DA33E600D8AF16BC467F3C ] C:\Program Files\Emsisoft Anti-Malware\a2core32.dll
15:42:36.0046 3784 C:\Program Files\Emsisoft Anti-Malware\a2core32.dll - ok
15:42:36.0046 3784 [ EB38F568D21259B410D252A40B39366A ] C:\Program Files\Emsisoft Anti-Malware\a2dix86.dll
15:42:36.0046 3784 C:\Program Files\Emsisoft Anti-Malware\a2dix86.dll - ok
15:42:36.0046 3784 [ 5D43C9A33F18C707BA169AFDA88BDF30 ] C:\WINDOWS\system32\fltlib.dll
15:42:36.0046 3784 C:\WINDOWS\system32\fltlib.dll - ok
15:42:36.0062 3784 [ 1332C1024E641C6C9F3CECA5293CEF42 ] C:\Program Files\Emsisoft Anti-Malware\a2update.dll
15:42:36.0062 3784 C:\Program Files\Emsisoft Anti-Malware\a2update.dll - ok
15:42:36.0062 3784 [ F432EB8D1D84A565167107E2EF001473 ] C:\Program Files\Emsisoft Anti-Malware\a2wsc.dll
15:42:36.0062 3784 C:\Program Files\Emsisoft Anti-Malware\a2wsc.dll - ok
15:42:36.0062 3784 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
15:42:36.0062 3784 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
15:42:36.0078 3784 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
15:42:36.0078 3784 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
15:42:36.0078 3784 [ DE6ED95AEF259979B2830450072A627B ] C:\WINDOWS\system32\drivers\aswFsBlk.sys
15:42:36.0078 3784 C:\WINDOWS\system32\drivers\aswFsBlk.sys - ok
15:42:36.0078 3784 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
15:42:36.0078 3784 C:\WINDOWS\system32\ntmarta.dll - ok
15:42:36.0093 3784 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
15:42:36.0093 3784 C:\WINDOWS\system32\svchost.exe - ok
15:42:36.0093 3784 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
15:42:36.0093 3784 C:\WINDOWS\system32\rpcss.dll - ok
15:42:36.0093 3784 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
15:42:36.0093 3784 C:\WINDOWS\system32\xpsp2res.dll - ok
15:42:36.0109 3784 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
15:42:36.0109 3784 C:\WINDOWS\system32\eventlog.dll - ok
15:42:36.0109 3784 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
15:42:36.0109 3784 C:\WINDOWS\system32\hnetcfg.dll - ok
15:42:36.0109 3784 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
15:42:36.0109 3784 C:\WINDOWS\system32\wshtcpip.dll - ok
15:42:36.0125 3784 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
15:42:36.0125 3784 C:\WINDOWS\system32\rasadhlp.dll - ok
15:42:36.0125 3784 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
15:42:36.0125 3784 C:\WINDOWS\system32\winrnr.dll - ok
15:42:36.0140 3784 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
15:42:36.0140 3784 C:\WINDOWS\system32\cscdll.dll - ok
15:42:36.0140 3784 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] C:\WINDOWS\system32\WudfSvc.dll
15:42:36.0140 3784 C:\WINDOWS\system32\WudfSvc.dll - ok
15:42:36.0140 3784 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
15:42:36.0140 3784 C:\WINDOWS\system32\dimsntfy.dll - ok
15:42:36.0156 3784 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
15:42:36.0156 3784 C:\WINDOWS\system32\wlnotify.dll - ok
15:42:36.0156 3784 [ 708E6997420592E033CF01B60E6E4223 ] C:\WINDOWS\system32\WudfPlatform.dll
15:42:36.0156 3784 C:\WINDOWS\system32\WudfPlatform.dll - ok
15:42:36.0156 3784 [ 019E1D51A7A40E5C4B2A866A351715D9 ] C:\Program Files\HitmanPro\hmpsched.exe
15:42:36.0156 3784 C:\Program Files\HitmanPro\hmpsched.exe - ok
15:42:36.0171 3784 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
15:42:36.0171 3784 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
15:42:36.0171 3784 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
15:42:36.0171 3784 C:\WINDOWS\system32\dhcpcsvc.dll - ok
15:42:36.0171 3784 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
15:42:36.0171 3784 C:\WINDOWS\system32\dnsrslvr.dll - ok
15:42:36.0171 3784 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
15:42:36.0171 3784 C:\WINDOWS\system32\lmhsvc.dll - ok
15:42:36.0187 3784 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
15:42:36.0187 3784 C:\WINDOWS\system32\wzcsvc.dll - ok
15:42:36.0187 3784 [ 72F2CFC7653FB5ABB85789D28E26A643 ] C:\WINDOWS\system32\atl.dll
15:42:36.0187 3784 C:\WINDOWS\system32\atl.dll - ok
15:42:36.0187 3784 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
15:42:36.0187 3784 C:\WINDOWS\system32\eapolqec.dll - ok
15:42:36.0203 3784 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
15:42:36.0203 3784 C:\WINDOWS\system32\qutil.dll - ok
15:42:36.0203 3784 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
15:42:36.0203 3784 C:\WINDOWS\system32\rtutils.dll - ok
15:42:36.0218 3784 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
15:42:36.0218 3784 C:\WINDOWS\system32\wmi.dll - ok
15:42:36.0218 3784 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
15:42:36.0218 3784 C:\WINDOWS\system32\dot3api.dll - ok
15:42:36.0218 3784 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
15:42:36.0218 3784 C:\WINDOWS\system32\esent.dll - ok
15:42:36.0234 3784 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
15:42:36.0234 3784 C:\WINDOWS\system32\rastls.dll - ok
15:42:36.0234 3784 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
15:42:36.0234 3784 C:\WINDOWS\system32\cryptui.dll - ok
15:42:36.0234 3784 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
15:42:36.0234 3784 C:\WINDOWS\system32\cscui.dll - ok
15:42:36.0250 3784 [ 9AD88EA663124336E88EB031F917CE20 ] C:\WINDOWS\system32\wininet.dll
15:42:36.0250 3784 C:\WINDOWS\system32\wininet.dll - ok
15:42:36.0250 3784 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
15:42:36.0250 3784 C:\WINDOWS\system32\powrprof.dll - ok
15:42:36.0250 3784 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
15:42:36.0250 3784 C:\WINDOWS\system32\normaliz.dll - ok
15:42:36.0265 3784 [ 3E2F3E2F4A82B7FAE23BAB864FB0F837 ] C:\WINDOWS\system32\dpcdll.dll
15:42:36.0265 3784 C:\WINDOWS\system32\dpcdll.dll - ok
15:42:36.0265 3784 [ BCA608797A3E8EEC0094CD6D596D77D7 ] C:\WINDOWS\system32\urlmon.dll
15:42:36.0265 3784 C:\WINDOWS\system32\urlmon.dll - ok
15:42:36.0265 3784 [ CFB2E8C127E26C1A8E0EE358AF9965F7 ] C:\Program Files\HitmanPro\HitmanPro.exe
15:42:36.0265 3784 C:\Program Files\HitmanPro\HitmanPro.exe - ok
15:42:36.0281 3784 [ 994B77915EA49A467CDA144806AE42D6 ] C:\WINDOWS\system32\iertutil.dll
15:42:36.0281 3784 C:\WINDOWS\system32\iertutil.dll - ok
15:42:36.0281 3784 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
15:42:36.0281 3784 C:\WINDOWS\system32\userinit.exe - ok
15:42:36.0281 3784 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
15:42:36.0281 3784 C:\WINDOWS\explorer.exe - ok
15:42:36.0296 3784 [ 99A4C177D9942B536C0F15448A14BB93 ] C:\WINDOWS\system32\browseui.dll
15:42:36.0296 3784 C:\WINDOWS\system32\browseui.dll - ok
15:42:36.0296 3784 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
15:42:36.0296 3784 C:\WINDOWS\system32\mprapi.dll - ok
15:42:36.0296 3784 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
15:42:36.0296 3784 C:\WINDOWS\system32\activeds.dll - ok
15:42:36.0312 3784 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
15:42:36.0312 3784 C:\WINDOWS\system32\adsldpc.dll - ok
15:42:36.0312 3784 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
15:42:36.0312 3784 C:\WINDOWS\system32\rasapi32.dll - ok
15:42:36.0312 3784 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
15:42:36.0312 3784 C:\WINDOWS\system32\rasman.dll - ok
15:42:36.0328 3784 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
15:42:36.0328 3784 C:\WINDOWS\system32\tapi32.dll - ok
15:42:36.0328 3784 [ 05BE013E0A9E5BE60870E885CB703832 ] C:\WINDOWS\system32\shdocvw.dll
15:42:36.0328 3784 C:\WINDOWS\system32\shdocvw.dll - ok
15:42:36.0328 3784 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
15:42:36.0328 3784 C:\WINDOWS\system32\riched20.dll - ok
15:42:36.0343 3784 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
15:42:36.0343 3784 C:\WINDOWS\system32\raschap.dll - ok
15:42:36.0343 3784 [ 84F0BE324EE111338589F448C3E8BAB2 ] C:\WINDOWS\system32\drivers\aswmon2.sys
15:42:36.0343 3784 C:\WINDOWS\system32\drivers\aswmon2.sys - ok
15:42:36.0343 3784 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
15:42:36.0343 3784 C:\WINDOWS\system32\netman.dll - ok
15:42:36.0359 3784 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
15:42:36.0359 3784 C:\WINDOWS\system32\netshell.dll - ok
15:42:36.0359 3784 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
15:42:36.0359 3784 C:\WINDOWS\system32\credui.dll - ok
15:42:36.0359 3784 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
15:42:36.0359 3784 C:\WINDOWS\system32\dot3dlg.dll - ok
15:42:36.0375 3784 [ 38D332A6D56AF32635675F132548343E ] C:\WINDOWS\system32\drivers\fastfat.sys
15:42:36.0375 3784 C:\WINDOWS\system32\drivers\fastfat.sys - ok
15:42:36.0375 3784 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
15:42:36.0375 3784 C:\WINDOWS\system32\onex.dll - ok
15:42:36.0375 3784 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
15:42:36.0375 3784 C:\WINDOWS\system32\eappcfg.dll - ok
15:42:36.0390 3784 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
15:42:36.0390 3784 C:\WINDOWS\system32\eappprxy.dll - ok
15:42:36.0390 3784 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
15:42:36.0390 3784 C:\WINDOWS\system32\wzcsapi.dll - ok
15:42:36.0390 3784 [ 4D153BDE01AA3FD33414199052051549 ] C:\Program Files\AVAST Software\Avast\ashShell.dll
15:42:36.0390 3784 C:\Program Files\AVAST Software\Avast\ashShell.dll - ok
15:42:36.0406 3784 [ B316906B4A04DD39985350D29DE31068 ] C:\Program Files\AVAST Software\Avast\1033\Base.dll
15:42:36.0406 3784 C:\Program Files\AVAST Software\Avast\1033\Base.dll - ok
15:42:36.0406 3784 [ EB398DED91CFF2F425610EAA2CCF2A23 ] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
15:42:36.0406 3784 C:\Program Files\AVAST Software\Avast\aswCmnBS.dll - ok
15:42:36.0421 3784 [ 8FA553E9AE69808D99C164733A0F9590 ] C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:42:36.0421 3784 C:\Program Files\AVAST Software\Avast\AvastSvc.exe - ok
15:42:36.0421 3784 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
15:42:36.0421 3784 C:\WINDOWS\system32\msi.dll - ok
15:42:36.0421 3784 [ 178B51198B7B46CD3C5E744474459A63 ] C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
15:42:36.0421 3784 C:\Program Files\AVAST Software\Avast\aswCmnOS.dll - ok
15:42:36.0421 3784 [ BABE99A18A382A5E2F99B48E0BC3E0D4 ] C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
15:42:36.0421 3784 C:\Program Files\AVAST Software\Avast\aswCmnIS.dll - ok
15:42:36.0437 3784 [ 7538050656FE5D63CB4B80349DD1CFE3 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
15:42:36.0437 3784 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll - ok
15:42:36.0437 3784 [ B2EEE3DEE31F50E082E9C720A6D7757D ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
15:42:36.0437 3784 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll - ok
15:42:36.0437 3784 [ 55AFA63F5F2A6CED0C09E2AFE57ECA8D ] C:\Program Files\AVAST Software\Avast\ashBase.dll
15:42:36.0437 3784 C:\Program Files\AVAST Software\Avast\ashBase.dll - ok
15:42:36.0453 3784 [ C515CAEC6B3C6970007954C0250A124C ] C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
15:42:36.0453 3784 C:\Program Files\AVAST Software\Avast\aswEngLdr.dll - ok
15:42:36.0453 3784 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
15:42:36.0453 3784 C:\WINDOWS\system32\desk.cpl - ok
15:42:36.0453 3784 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
15:42:36.0453 3784 C:\WINDOWS\system32\themeui.dll - ok
15:42:36.0468 3784 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
15:42:36.0468 3784 C:\WINDOWS\system32\dbghelp.dll - ok
15:42:36.0468 3784 [ 977C54291BFA6FEE7FF865630E51757B ] C:\Program Files\AVAST Software\Avast\ashServ.dll
15:42:36.0468 3784 C:\Program Files\AVAST Software\Avast\ashServ.dll - ok
15:42:36.0484 3784 [ 045EE3DC56B12B404DC07848D8597C66 ] C:\Program Files\AVAST Software\Avast\aswAux.dll
15:42:36.0484 3784 C:\Program Files\AVAST Software\Avast\aswAux.dll - ok
15:42:36.0484 3784 [ 16CE3ED063923253905341C9AF850FE7 ] C:\Program Files\AVAST Software\Avast\ashTask.dll
15:42:36.0484 3784 C:\Program Files\AVAST Software\Avast\ashTask.dll - ok
15:42:36.0484 3784 [ 4FF19AC422B7709D786DE58B385C9647 ] C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
15:42:36.0484 3784 C:\Program Files\AVAST Software\Avast\ashTaskEx.dll - ok
15:42:36.0500 3784 [ FCA9CC8611654B790DD6242BF862B7F5 ] C:\Program Files\AVAST Software\Avast\aswLog.dll
15:42:36.0500 3784 C:\Program Files\AVAST Software\Avast\aswLog.dll - ok
15:42:36.0500 3784 [ 12B9869E74F9E698F550F04F8989C591 ] C:\Program Files\AVAST Software\Avast\aswProperty.dll
15:42:36.0500 3784 C:\Program Files\AVAST Software\Avast\aswProperty.dll - ok
15:42:36.0500 3784 [ F186897E0A3B9D0784041221D0265069 ] C:\Program Files\AVAST Software\Avast\aswSqLt.dll
15:42:36.0500 3784 C:\Program Files\AVAST Software\Avast\aswSqLt.dll - ok
15:42:36.0515 3784 [ 6F367A9B88CFDD46F42C1D11E5CB7964 ] C:\Program Files\AVAST Software\Avast\Aavm4h.dll
15:42:36.0515 3784 C:\Program Files\AVAST Software\Avast\Aavm4h.dll - ok
15:42:36.0515 3784 [ C2434DEA392826C1687D9BD7FA4845BC ] C:\Program Files\AVAST Software\Avast\AavmRpch.dll
15:42:36.0515 3784 C:\Program Files\AVAST Software\Avast\AavmRpch.dll - ok
15:42:36.0515 3784 [ 264B5D8F4C70A26749FF2CEDDE06BA30 ] C:\Program Files\AVAST Software\Avast\aswDld.dll
15:42:36.0515 3784 C:\Program Files\AVAST Software\Avast\aswDld.dll - ok
15:42:36.0531 3784 [ 902F670F58193A2BC30AA342B11B2C7B ] C:\Program Files\AVAST Software\Avast\aswIdle.dll
15:42:36.0531 3784 C:\Program Files\AVAST Software\Avast\aswIdle.dll - ok
15:42:36.0531 3784 [ 273FD83FC8C4E12F8C55381674F92A44 ] C:\Program Files\AVAST Software\Avast\aswStrm.dll
15:42:36.0531 3784 C:\Program Files\AVAST Software\Avast\aswStrm.dll - ok
15:42:36.0531 3784 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
15:42:36.0531 3784 C:\WINDOWS\system32\schedsvc.dll - ok
15:42:36.0546 3784 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
15:42:36.0546 3784 C:\WINDOWS\system32\msidle.dll - ok
15:42:36.0546 3784 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
15:42:36.0546 3784 C:\WINDOWS\system32\spoolsv.exe - ok
15:42:36.0546 3784 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
15:42:36.0546 3784 C:\WINDOWS\system32\audiosrv.dll - ok
15:42:36.0562 3784 [ E5B6C6ACDBE581AF7B9F6D9DCF4D9DE8 ] C:\Program Files\AVAST Software\Avast\defs\13010501\aswEngin.dll
15:42:36.0562 3784 C:\Program Files\AVAST Software\Avast\defs\13010501\aswEngin.dll - ok
15:42:36.0562 3784 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
15:42:36.0562 3784 C:\WINDOWS\system32\wkssvc.dll - ok
15:42:36.0562 3784 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
15:42:36.0562 3784 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
15:42:36.0578 3784 [ 24A64BA361E24CFCA2E68DBE66584957 ] C:\Program Files\AVAST Software\Avast\defs\13010501\aswCmnOS.dll
15:42:36.0578 3784 C:\Program Files\AVAST Software\Avast\defs\13010501\aswCmnOS.dll - ok
15:42:36.0578 3784 [ D4A7D2F81FF187B20ABD95F8AD788B6D ] C:\Program Files\AVAST Software\Avast\defs\13010501\aswCmnIS.dll
15:42:36.0578 3784 C:\Program Files\AVAST Software\Avast\defs\13010501\aswCmnIS.dll - ok
15:42:36.0578 3784 [ D94E28DCD7ECE4FB522E42B11A355980 ] C:\Program Files\AVAST Software\Avast\defs\13010501\aswCmnBS.dll
15:42:36.0578 3784 C:\Program Files\AVAST Software\Avast\defs\13010501\aswCmnBS.dll - ok
15:42:36.0593 3784 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
15:42:36.0593 3784 C:\WINDOWS\system32\webclnt.dll - ok
15:42:36.0593 3784 [ 65F140A94CA3524968D341B80651BEBD ] C:\Program Files\AVAST Software\Avast\defs\13010501\aswScan.dll
15:42:36.0593 3784 C:\Program Files\AVAST Software\Avast\defs\13010501\aswScan.dll - ok
15:42:36.0609 3784 [ 39E5000F00D779C139E5E11368B36A44 ] C:\Program Files\AVAST Software\Avast\defs\13010501\aswRep.dll
15:42:36.0609 3784 C:\Program Files\AVAST Software\Avast\defs\13010501\aswRep.dll - ok
15:42:36.0609 3784 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
15:42:36.0609 3784 C:\WINDOWS\system32\drivers\parport.sys - ok
15:42:36.0609 3784 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
15:42:36.0609 3784 C:\WINDOWS\system32\cryptsvc.dll - ok
15:42:36.0625 3784 [ 605CB6D612F3AC6ABF0C944893B5082D ] C:\Program Files\AVAST Software\Avast\defs\13010501\aswFiDb.dll
15:42:36.0625 3784 C:\Program Files\AVAST Software\Avast\defs\13010501\aswFiDb.dll - ok
15:42:36.0625 3784 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
15:42:36.0625 3784 C:\WINDOWS\system32\certcli.dll - ok
15:42:36.0625 3784 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
15:42:36.0625 3784 C:\WINDOWS\system32\es.dll - ok
15:42:36.0640 3784 [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files\Google\Update\GoogleUpdate.exe
15:42:36.0640 3784 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
15:42:36.0640 3784 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
15:42:36.0640 3784 C:\WINDOWS\system32\ersvc.dll - ok
15:42:36.0640 3784 [ D39712E480E1946BA0396ABD7A86BD23 ] C:\Program Files\Google\Update\1.3.21.129\goopdate.dll
15:42:36.0640 3784 C:\Program Files\Google\Update\1.3.21.129\goopdate.dll - ok
15:42:36.0656 3784 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
15:42:36.0656 3784 C:\WINDOWS\system32\actxprxy.dll - ok
15:42:36.0656 3784 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
15:42:36.0656 3784 C:\WINDOWS\system32\cmd.exe - ok
15:42:36.0656 3784 [ 903C8C110131B8A71501514B61A17761 ] C:\WINDOWS\system32\ieframe.dll
15:42:36.0656 3784 C:\WINDOWS\system32\ieframe.dll - ok
15:42:36.0671 3784 [ B591E761161D1EF547D76EF236EAA6A5 ] C:\Program Files\Java\jre7\bin\jqs.exe
15:42:36.0671 3784 C:\Program Files\Java\jre7\bin\jqs.exe - ok
15:42:36.0671 3784 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
15:42:36.0671 3784 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
15:42:36.0671 3784 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
15:42:36.0671 3784 C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
15:42:36.0687 3784 [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
15:42:36.0687 3784 C:\WINDOWS\system32\hidserv.dll - ok
15:42:36.0687 3784 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
15:42:36.0687 3784 C:\WINDOWS\system32\wdmaud.drv - ok
15:42:36.0687 3784 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
15:42:36.0687 3784 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
15:42:36.0703 3784 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
15:42:36.0703 3784 C:\WINDOWS\system32\hid.dll - ok
15:42:36.0703 3784 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
15:42:36.0703 3784 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
15:42:36.0703 3784 [ 9A7F1691F76E019C11481B6355125072 ] C:\Program Files\Real\RealUpgrade\realupgrade.exe
15:42:36.0703 3784 C:\Program Files\Real\RealUpgrade\realupgrade.exe - ok
15:42:36.0718 3784 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
15:42:36.0718 3784 C:\WINDOWS\system32\drivers\splitter.sys - ok
15:42:36.0718 3784 [ 9970C2AA0E9D7F8BDBCC481130AC385D ] C:\Program Files\Google\Update\1.3.21.129\GoogleCrashHandler.exe
15:42:36.0718 3784 C:\Program Files\Google\Update\1.3.21.129\GoogleCrashHandler.exe - ok
15:42:36.0718 3784 [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
15:42:36.0718 3784 C:\WINDOWS\system32\mstask.dll - ok
15:42:36.0734 3784 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
15:42:36.0734 3784 C:\WINDOWS\system32\drivers\aec.sys - ok
15:42:36.0734 3784 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
15:42:36.0734 3784 C:\WINDOWS\system32\drivers\swmidi.sys - ok
15:42:36.0734 3784 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
15:42:36.0734 3784 C:\WINDOWS\system32\drivers\dmusic.sys - ok
15:42:36.0750 3784 [ 7B1D4032FA5330F4A3E1829DF0C557BA ] C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
15:42:36.0750 3784 C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe - ok
15:42:36.0750 3784 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
15:42:36.0750 3784 C:\WINDOWS\system32\drivers\kmixer.sys - ok
15:42:36.0750 3784 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
15:42:36.0750 3784 C:\WINDOWS\system32\pdh.dll - ok
15:42:36.0765 3784 [ 0E37FBFA79D349D672456923EC5FBBE3 ] C:\WINDOWS\system32\msvcr100.dll
15:42:36.0765 3784 C:\WINDOWS\system32\msvcr100.dll - ok
15:42:36.0765 3784 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
15:42:36.0765 3784 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
15:42:36.0765 3784 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
15:42:36.0765 3784 C:\WINDOWS\system32\odbcbcp.dll - ok
15:42:36.0781 3784 [ BC83108B18756547013ED443B8CDB31B ] C:\WINDOWS\system32\msvcp100.dll
15:42:36.0781 3784 C:\WINDOWS\system32\msvcp100.dll - ok
15:42:36.0781 3784 [ 7F19838AC317C34FCED020BE529AF71E ] C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
15:42:36.0781 3784 C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe - ok
15:42:36.0781 3784 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
15:42:36.0781 3784 C:\WINDOWS\system32\msacm32.drv - ok
15:42:36.0796 3784 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
15:42:36.0796 3784 C:\WINDOWS\system32\midimap.dll - ok
15:42:36.0796 3784 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
15:42:36.0796 3784 C:\WINDOWS\system32\srvsvc.dll - ok
15:42:36.0812 3784 [ 36E24031C29E6BB6F905CCB41FC987C0 ] C:\WINDOWS\system32\nvsvc32.exe
15:42:36.0812 3784 C:\WINDOWS\system32\nvsvc32.exe - ok
15:42:36.0812 3784 [ 8F9D6B4AB86A39319078814ABBDD40BC ] C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll
15:42:36.0812 3784 C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll - ok
15:42:36.0812 3784 [ 343600EA1D8F0E8FD12EE81230FB0CCF ] C:\WINDOWS\system32\nvcpl.dll
15:42:36.0812 3784 C:\WINDOWS\system32\nvcpl.dll - ok
15:42:36.0828 3784 [ D025E95247353BA8ADB53CFF3A4E5BBB ] C:\Program Files\AVAST Software\Avast\Setup\setiface.dll
15:42:36.0828 3784 C:\Program Files\AVAST Software\Avast\Setup\setiface.dll - ok
15:42:36.0828 3784 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
15:42:36.0828 3784 C:\WINDOWS\system32\netmsg.dll - ok
15:42:36.0828 3784 [ EF14502139880F7C3DDCF0D7CA12F370 ] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:42:36.0828 3784 C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe - ok
15:42:36.0843 3784 [ 47188B0092466FD476E23DEA70CC1D4F ] C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll
15:42:36.0843 3784 C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll - ok
15:42:36.0843 3784 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
15:42:36.0843 3784 C:\WINDOWS\system32\winhttp.dll - ok
15:42:36.0843 3784 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
15:42:36.0843 3784 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
15:42:36.0859 3784 [ F87D1E6A944E10C75D26937119B939AA ] C:\WINDOWS\system32\nvrseng.dll
15:42:36.0859 3784 C:\WINDOWS\system32\nvrseng.dll - ok
15:42:36.0859 3784 [ F4368554A61B2860B3F376797C985FF6 ] C:\WINDOWS\system32\nvapi.dll
15:42:36.0859 3784 C:\WINDOWS\system32\nvapi.dll - ok
15:42:36.0859 3784 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
15:42:36.0859 3784 C:\WINDOWS\system32\drivers\srv.sys - ok
15:42:36.0875 3784 [ B738C8D2BEDF569E8E4100BE1FA32F2E ] C:\Program Files\AVAST Software\Avast\defs\13010501\algo.dll
15:42:36.0875 3784 C:\Program Files\AVAST Software\Avast\defs\13010501\algo.dll - ok
15:42:36.0875 3784 [ A07D27411BC9806F8145E75C31A88670 ] C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll
15:42:36.0875 3784 C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll - ok
15:42:36.0875 3784 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
15:42:36.0875 3784 C:\WINDOWS\system32\ipsecsvc.dll - ok
15:42:36.0890 3784 [ 1B89CF5B5C12F5DA383DFFFD4F3D6667 ] C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
15:42:36.0890 3784 C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe - ok
15:42:36.0890 3784 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
15:42:36.0890 3784 C:\WINDOWS\system32\oakley.dll - ok
15:42:36.0890 3784 [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
15:42:36.0890 3784 C:\WINDOWS\system32\perfos.dll - ok
15:42:36.0906 3784 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
15:42:36.0906 3784 C:\WINDOWS\system32\winipsec.dll - ok
15:42:36.0906 3784 [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
15:42:36.0906 3784 C:\WINDOWS\system32\perfdisk.dll - ok
15:42:36.0906 3784 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
15:42:36.0906 3784 C:\WINDOWS\system32\pstorsvc.dll - ok
15:42:36.0921 3784 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
15:42:36.0921 3784 C:\WINDOWS\system32\seclogon.dll - ok
15:42:36.0921 3784 [ 0D77554B62A9090EB05ECBB96058646E ] C:\Program Files\TalkTalk\bin\sprtsvc.exe
15:42:36.0921 3784 C:\Program Files\TalkTalk\bin\sprtsvc.exe - ok
15:42:36.0921 3784 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
15:42:36.0921 3784 C:\WINDOWS\system32\sens.dll - ok
15:42:36.0937 3784 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
15:42:36.0937 3784 C:\WINDOWS\system32\srsvc.dll - ok
15:42:36.0937 3784 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
15:42:36.0937 3784 C:\WINDOWS\system32\psbase.dll - ok
15:42:36.0937 3784 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
15:42:36.0937 3784 C:\WINDOWS\system32\wiaservc.dll - ok
15:42:36.0953 3784 [ 0E8BE65DAA22027624A7289090E3841E ] C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe
15:42:36.0953 3784 C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe - ok
15:42:36.0953 3784 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
15:42:36.0953 3784 C:\WINDOWS\system32\dssenh.dll - ok
15:42:36.0953 3784 [ 3199A477F0F06EEDE41BD55179F8EB05 ] C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
15:42:36.0953 3784 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe - ok
15:42:36.0968 3784 [ B997C867D7A252B8ED50E427425EBE81 ] C:\Program Files\TalkTalk\bin\sprtsched.dll
15:42:36.0968 3784 C:\Program Files\TalkTalk\bin\sprtsched.dll - ok
15:42:36.0968 3784 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
15:42:36.0968 3784 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
15:42:36.0968 3784 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
15:42:36.0968 3784 C:\WINDOWS\system32\cfgmgr32.dll - ok
15:42:36.0984 3784 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
15:42:36.0984 3784 C:\WINDOWS\system32\mscms.dll - ok
15:42:36.0984 3784 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
15:42:36.0984 3784 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
15:42:36.0984 3784 [ 85FCEA2958822100EA11B4E54B94710D ] C:\Program Files\TalkTalk\bin\sprtfod.dll
15:42:36.0984 3784 C:\Program Files\TalkTalk\bin\sprtfod.dll - ok
15:42:37.0000 3784 [ C2FA196F8DD651F04E120C7214F18FD1 ] C:\Program Files\TalkTalk\bin\libeay32.dll
15:42:37.0000 3784 C:\Program Files\TalkTalk\bin\libeay32.dll - ok
15:42:37.0000 3784 [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
15:42:37.0000 3784 C:\WINDOWS\system32\trkwks.dll - ok
15:42:37.0000 3784 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
15:42:37.0000 3784 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
15:42:37.0015 3784 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
15:42:37.0015 3784 C:\WINDOWS\system32\vssapi.dll - ok
15:42:37.0015 3784 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
15:42:37.0015 3784 C:\WINDOWS\system32\wuauserv.dll - ok
15:42:37.0015 3784 [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
15:42:37.0015 3784 C:\WINDOWS\system32\browser.dll - ok
15:42:37.0031 3784 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
15:42:37.0031 3784 C:\WINDOWS\system32\wuaueng.dll - ok
15:42:37.0031 3784 [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
15:42:37.0031 3784 C:\WINDOWS\system32\rundll32.exe - ok
15:42:37.0031 3784 [ B1CC240B3B818E460929F4228039527E ] C:\Program Files\TalkTalk\bin\sprtsync.dll
15:42:37.0031 3784 C:\Program Files\TalkTalk\bin\sprtsync.dll - ok
15:42:37.0046 3784 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\DOCUME~1\Jane\LOCALS~1\temp\88AF3A39-8D16-4AED-A5B6-50BE6821CD7B.exe
15:42:37.0046 3784 C:\DOCUME~1\Jane\LOCALS~1\temp\88AF3A39-8D16-4AED-A5B6-50BE6821CD7B.exe - ok
15:42:37.0046 3784 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
15:42:37.0046 3784 C:\WINDOWS\system32\spoolss.dll - ok
15:42:37.0046 3784 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
15:42:37.0046 3784 C:\WINDOWS\system32\localspl.dll - ok
15:42:37.0062 3784 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
15:42:37.0062 3784 C:\WINDOWS\system32\cnbjmon.dll - ok
15:42:37.0062 3784 [ 43BAE2A78DE14F25979D09647F4B681D ] C:\WINDOWS\system32\CNMLM81.DLL
15:42:37.0062 3784 C:\WINDOWS\system32\CNMLM81.DLL - ok
15:42:37.0062 3784 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
15:42:37.0078 3784 C:\WINDOWS\system32\pjlmon.dll - ok
15:42:37.0078 3784 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
15:42:37.0078 3784 C:\WINDOWS\system32\tcpmon.dll - ok
15:42:37.0078 3784 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
15:42:37.0078 3784 C:\WINDOWS\system32\usbmon.dll - ok
15:42:37.0093 3784 [ FEC3ACE4D5E9B8B13C401941EE50F476 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD81.DLL
15:42:37.0093 3784 C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD81.DLL - ok
15:42:37.0093 3784 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
15:42:37.0093 3784 C:\WINDOWS\system32\cabinet.dll - ok
15:42:37.0093 3784 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
15:42:37.0093 3784 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
15:42:37.0109 3784 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
15:42:37.0109 3784 C:\WINDOWS\system32\mspatcha.dll - ok
15:42:37.0109 3784 [ 0E3D30F8CDD82E7E64938459CA90D9F0 ] C:\PROGRA~1\WINDOW~2\wmpband.dll
15:42:37.0109 3784 C:\PROGRA~1\WINDOW~2\wmpband.dll - ok
15:42:37.0109 3784 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
15:42:37.0109 3784 C:\WINDOWS\system32\ipnathlp.dll - ok
15:42:37.0125 3784 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
15:42:37.0125 3784 C:\WINDOWS\system32\win32spl.dll - ok
15:42:37.0125 3784 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
15:42:37.0125 3784 C:\WINDOWS\system32\netrap.dll - ok
15:42:37.0125 3784 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
15:42:37.0125 3784 C:\WINDOWS\system32\inetpp.dll - ok
15:42:37.0140 3784 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
15:42:37.0140 3784 C:\WINDOWS\system32\wscsvc.dll - ok
15:42:37.0140 3784 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
15:42:37.0140 3784 C:\WINDOWS\system32\wups.dll - ok
15:42:37.0140 3784 [ 880F7ED2DF24DB14AF96C6D797958796 ] C:\WINDOWS\system32\wbem\wbemdisp.dll
15:42:37.0140 3784 C:\WINDOWS\system32\wbem\wbemdisp.dll - ok
15:42:37.0156 3784 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
15:42:37.0156 3784 C:\WINDOWS\system32\wups2.dll - ok
15:42:37.0156 3784 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
15:42:37.0156 3784 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
15:42:37.0156 3784 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
15:42:37.0156 3784 C:\WINDOWS\system32\linkinfo.dll - ok
15:42:37.0171 3784 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
15:42:37.0171 3784 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
15:42:37.0171 3784 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
15:42:37.0171 3784 C:\WINDOWS\system32\ntshrui.dll - ok
15:42:37.0171 3784 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
15:42:37.0171 3784 C:\WINDOWS\system32\verclsid.exe - ok
15:42:37.0187 3784 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
15:42:37.0187 3784 C:\WINDOWS\system32\wbem\esscli.dll - ok
15:42:37.0187 3784 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
15:42:37.0187 3784 C:\WINDOWS\system32\wbem\fastprox.dll - ok
15:42:37.0187 3784 [ 21C8A24455FDAFC9D6D8BCD38D62B10B ] C:\WINDOWS\system32\HdAShCut.exe
15:42:37.0187 3784 C:\WINDOWS\system32\HdAShCut.exe - ok
15:42:37.0203 3784 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
15:42:37.0203 3784 C:\WINDOWS\system32\comsvcs.dll - ok
15:42:37.0203 3784 [ D40191AA225638AB20E59524CDD74030 ] C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
15:42:37.0203 3784 C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe - ok
15:42:37.0203 3784 [ 5516C26A6AF8EB4E2CAB48EC98A74398 ] C:\Program Files\HP\HP Software Update\hpwuschd2.exe
15:42:37.0203 3784 C:\Program Files\HP\HP Software Update\hpwuschd2.exe - ok
15:42:37.0218 3784 [ 96FD5C0623BBC0988EFC431AD3E35EB4 ] C:\WINDOWS\system32\HdAudRes.dll
15:42:37.0218 3784 C:\WINDOWS\system32\HdAudRes.dll - ok
15:42:37.0218 3784 [ 6E70704C2568ED01CDDF6291F5043763 ] C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
15:42:37.0218 3784 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE - ok
15:42:37.0218 3784 [ B63E5C7807334A3A8F731062F15462CC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
15:42:37.0218 3784 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
15:42:37.0234 3784 [ 9E03DC5AB51CFD0190541CE2038D819D ] C:\WINDOWS\system32\usp10.dll
15:42:37.0234 3784 C:\WINDOWS\system32\usp10.dll - ok
15:42:37.0234 3784 [ 3E4C03CEFAD8DE135263236B61A49C90 ] C:\WINDOWS\system32\NeroCheck.exe
15:42:37.0234 3784 C:\WINDOWS\system32\NeroCheck.exe - ok
15:42:37.0234 3784 [ 255E405D801CF01247390F38F92D8042 ] C:\Program Files\Unlocker\UnlockerAssistant.exe
15:42:37.0234 3784 C:\Program Files\Unlocker\UnlockerAssistant.exe - ok
15:42:37.0250 3784 [ D2DAD71C96C113ED07F7BB79AD831C28 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
15:42:37.0250 3784 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
15:42:37.0250 3784 [ 083649EF692A066880C9326020915AFE ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
15:42:37.0250 3784 C:\Program Files\AVAST Software\Avast\AvastUI.exe - ok
15:42:37.0250 3784 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
15:42:37.0250 3784 C:\WINDOWS\system32\colbact.dll - ok
15:42:37.0265 3784 [ ABBEE3E367F6E6ED415D33C78121FFA9 ] C:\Program Files\Unlocker\UnlockerHook.dll
15:42:37.0265 3784 C:\Program Files\Unlocker\UnlockerHook.dll - ok
15:42:37.0265 3784 [ 92DA9EDE07390B4352B29DD82079E398 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
15:42:37.0265 3784 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
15:42:37.0265 3784 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
15:42:37.0265 3784 C:\WINDOWS\system32\sensapi.dll - ok
15:42:37.0281 3784 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
15:42:37.0281 3784 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
15:42:37.0281 3784 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
15:42:37.0281 3784 C:\WINDOWS\system32\mtxclu.dll - ok
15:42:37.0281 3784 [ 21068163E9BDCF06F92E10E3868C1B4A ] C:\Program Files\Canon\MyPrinter\BJMYRES.DLL
15:42:37.0281 3784 C:\Program Files\Canon\MyPrinter\BJMYRES.DLL - ok
15:42:37.0296 3784 [ 7290A6DD34862278DF9E26D96E5A95D8 ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
15:42:37.0296 3784 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
15:42:37.0296 3784 [ 2FDFA845DCE5D6A843E413F18307561A ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
15:42:37.0296 3784 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
15:42:37.0296 3784 [ 8DDA2B606279753601F9415DA503CA63 ] C:\Program Files\QuickTime\QTTask.exe
15:42:37.0312 3784 C:\Program Files\QuickTime\QTTask.exe - ok
15:42:37.0312 3784 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
15:42:37.0312 3784 C:\WINDOWS\system32\clusapi.dll - ok
15:42:37.0312 3784 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
15:42:37.0312 3784 C:\WINDOWS\system32\resutils.dll - ok
15:42:37.0328 3784 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
15:42:37.0328 3784 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
15:42:37.0328 3784 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
15:42:37.0328 3784 C:\WINDOWS\system32\upnp.dll - ok
15:42:37.0328 3784 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
15:42:37.0328 3784 C:\WINDOWS\system32\ssdpapi.dll - ok
15:42:37.0343 3784 [ 6E0F29BD0E792618FF285AB094F4DCEF ] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
15:42:37.0343 3784 C:\Program Files\NVIDIA Corporation\nview\nwiz.exe - ok
15:42:37.0343 3784 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
15:42:37.0343 3784 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
15:42:37.0343 3784 [ 638C7596B493F5F77DB9EF6BAD8FE46C ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
15:42:37.0343 3784 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
15:42:37.0359 3784 [ 78865ABC5F5D13190F8B35BD9044714A ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
15:42:37.0359 3784 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
15:42:37.0359 3784 [ F4E7979D8ADEBEEDEAD33019A5BD52BF ] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
15:42:37.0359 3784 C:\Program Files\Microsoft IntelliPoint\ipoint.exe - ok
15:42:37.0359 3784 [ 48E6868781B4E8BF4B77DBEC7694BCE8 ] C:\Program Files\Real\RealPlayer\Update\realsched.exe
15:42:37.0359 3784 C:\Program Files\Real\RealPlayer\Update\realsched.exe - ok
15:42:37.0375 3784 [ 68C1D8F0F11F14079B446C7DE4A096CE ] C:\WINDOWS\system32\nvmctray.dll
15:42:37.0375 3784 C:\WINDOWS\system32\nvmctray.dll - ok
15:42:37.0375 3784 [ FF9831030678C7B6D70BAC00F68F8976 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
15:42:37.0375 3784 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
15:42:37.0375 3784 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
15:42:37.0375 3784 C:\WINDOWS\system32\wuauclt.exe - ok
15:42:37.0390 3784 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
15:42:37.0390 3784 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
15:42:37.0390 3784 [ 6BF7676296D5359AFC135A5397000053 ] C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe
15:42:37.0390 3784 C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe - ok
15:42:37.0390 3784 [ 5AFB3BE737116B7696B0C2E74D357960 ] C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll
15:42:37.0390 3784 C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll - ok
15:42:37.0406 3784 [ 5A963C340DE1A01BA6E24945CE05D16A ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
15:42:37.0406 3784 C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
15:42:37.0406 3784 [ C98EF7E083579C0D588D0E909F48A90A ] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
15:42:37.0406 3784 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe - ok
15:42:37.0406 3784 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
15:42:37.0406 3784 C:\WINDOWS\system32\webcheck.dll - ok
15:42:37.0421 3784 [ B6C0136B90255E95F2E7717DF87A0E68 ] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
15:42:37.0421 3784 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE - ok
15:42:37.0421 3784 [ 3C6FA2F4D58611579B21798E0568F548 ] C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
15:42:37.0421 3784 C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
15:42:37.0421 3784 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
15:42:37.0421 3784 C:\WINDOWS\system32\mlang.dll - ok
15:42:37.0437 3784 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
15:42:37.0437 3784 C:\WINDOWS\system32\wbem\wbemess.dll - ok
15:42:37.0437 3784 [ 161ADD7F4201B55536954C0A1FEE2828 ] C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll
15:42:37.0437 3784 C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll - ok
15:42:37.0437 3784 [ F4BC62990E7E5C29799A895B80FC3177 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
15:42:37.0437 3784 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
15:42:37.0453 3784 [ 179EED57FED3C7422A559633641032BA ] C:\Program Files\AVAST Software\Avast\aswUtil.dll
15:42:37.0453 3784 C:\Program Files\AVAST Software\Avast\aswUtil.dll - ok
15:42:37.0453 3784 [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
15:42:37.0453 3784 C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok
15:42:37.0453 3784 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
15:42:37.0453 3784 C:\WINDOWS\system32\stobject.dll - ok
15:42:37.0468 3784 [ D32584BE69090F06B62339B2D863C24E ] C:\Program Files\NVIDIA Corporation\nview\nView.dll
15:42:37.0468 3784 C:\Program Files\NVIDIA Corporation\nview\nView.dll - ok
15:42:37.0468 3784 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
15:42:37.0468 3784 C:\WINDOWS\system32\netcfgx.dll - ok
15:42:37.0468 3784 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
15:42:37.0468 3784 C:\WINDOWS\system32\batmeter.dll - ok
15:42:37.0484 3784 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\55430841.sys
15:42:37.0484 3784 C:\WINDOWS\system32\drivers\55430841.sys - ok
15:42:37.0484 3784 [ 216E4EA52296D3DD1B49CD3E906C7C30 ] C:\Program Files\NVIDIA

 

[Fiery]

Hi,

Just copy the very last 20 lines of the TDSS log.

And did you find the combofix log?

 

[edward1]

Hi,

Just copy the very last 20 lines of the TDSS log.

And did you find the combofix log?

15:42:38.0046 3784 [ CB91CCFA95601066772A004550B55A85 ] C:\Program Files\Java\jre7\bin\jpeg.dll
15:42:38.0046 3784 C:\Program Files\Java\jre7\bin\jpeg.dll - ok
15:42:38.0062 3784 [ 2E4A927544CDA0279501AA757FFFB538 ] C:\Program Files\Java\jre7\bin\net.dll
15:42:38.0062 3784 C:\Program Files\Java\jre7\bin\net.dll - ok
15:42:38.0062 3784 [ 805766A11E747A44C7C5FBD7F26E9001 ] C:\Program Files\Java\jre7\bin\nio.dll
15:42:38.0062 3784 C:\Program Files\Java\jre7\bin\nio.dll - ok
15:42:38.0062 3784 [ 2D168A9627CFCE9C5AC20A90E54D66D4 ] C:\Program Files\Java\jre7\bin\verify.dll
15:42:38.0078 3784 C:\Program Files\Java\jre7\bin\verify.dll - ok
15:42:38.0078 3784 [ 9D54D4A8C18081F398FEC0D839340542 ] C:\Program Files\Java\jre7\bin\zip.dll
15:42:38.0078 3784 C:\Program Files\Java\jre7\bin\zip.dll - ok
15:42:38.0078 3784 [ 2898035F522BA2989BBA8B9CFB020FD2 ] C:\Program Files\AVAST Software\Avast\defs\13010501\aspColl.dll
15:42:38.0078 3784 C:\Program Files\AVAST Software\Avast\defs\13010501\aspColl.dll - ok
15:42:38.0078 3784 ============================================================
15:42:38.0078 3784 Scan finished
15:42:38.0078 3784 ============================================================
15:42:38.0187 3776 Detected object count: 1
15:42:38.0187 3776 Actual detected object count: 1
15:42:59.0984 3776 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:59.0984 3776 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:43:50.0406 0296 Deinitialize success



Here are the last lines. I have searched everywhere for the ComboFix log but it must have gone astray between machines. I remember doing it and I remember merging the two icons which now have mysteriously separated. My apologies for that. What do you suggest now?

 

[Fiery]

Hi,

Can you download a new copy of combofix and run it again?

 

[edward1]

Hi Fiery. Scan done. Here is the report. Thanks for your patience.
ComboFix 13-01-06.01 - Jane 07/01/2013 20:39:56.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.341 [GMT 0:00]
Running from: D:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-07 to 2013-01-07 )))))))))))))))))))))))))))))))
.
.
2013-01-05 09:59 . 2013-01-05 09:59 -------- d-----w- c:\documents and settings\Jane\Application Data\SUPERAntiSpyware.com
2013-01-05 09:59 . 2013-01-05 09:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2012-12-31 20:54 . 2012-12-31 20:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2012-12-31 20:54 . 2012-12-31 20:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2012-12-31 10:20 . 2012-12-31 10:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-12-31 08:52 . 2013-01-05 21:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HitmanPro
2012-12-31 08:50 . 2012-12-31 08:50 -------- d-----w- c:\documents and settings\Jane\Application Data\Malwarebytes
2012-12-31 08:50 . 2012-12-31 08:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2012-12-29 12:13 . 2013-01-06 16:22 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-12-28 18:15 . 2012-12-28 19:57 2933 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js
2012-12-18 11:44 . 2012-12-18 11:44 -------- d-----w- c:\program files\Common Files\xing shared
2012-12-18 11:44 . 2012-12-18 11:44 153296 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2012-12-18 11:43 . 2012-12-18 11:43 124056 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2012-12-17 15:18 . 2012-12-17 15:18 -------- d-----w- c:\documents and settings\Jane\Application Data\searchresultstb
2012-12-14 10:03 . 2012-12-14 10:03 -------- d-----w- c:\program files\Microsoft IntelliPoint
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-18 11:43 . 2009-05-21 19:21 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-12-18 11:43 . 2009-05-21 17:57 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 10:09 . 2012-03-31 16:24 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-14 10:09 . 2012-01-13 09:02 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-03 15:40 . 2012-12-04 16:46 1874280 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-03 15:40 . 2012-10-19 14:19 5955584 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-03 15:40 . 2012-10-19 14:19 889192 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-03 15:40 . 2012-02-09 21:40 7606272 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-03 15:40 . 2012-02-09 21:40 2611560 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-03 15:40 . 2012-02-09 21:40 2441728 ----a-w- c:\windows\system32\nvapi.dll
2012-12-03 15:40 . 2012-02-09 21:40 19460096 ----a-w- c:\windows\system32\nvoglnt.dll
2012-12-03 15:40 . 2012-02-09 21:40 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-03 15:40 . 2012-02-09 21:40 1011048 ----a-w- c:\windows\system32\nvdispco32.dll
2012-12-03 15:40 . 2011-04-11 09:51 11053992 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-12-03 15:40 . 2008-04-14 00:12 4153600 ----a-w- c:\windows\system32\nv4_disp.dll
2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-12-01 04:56 . 2012-12-04 16:52 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-12-01 04:56 . 2012-12-04 16:52 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-12-01 04:56 . 2012-12-04 16:52 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-12-01 04:56 . 2012-12-04 16:52 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-12-01 04:56 . 2012-12-04 16:52 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-12-01 04:56 . 2012-12-04 16:52 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-12-01 04:56 . 2012-12-04 16:52 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-12-01 04:56 . 2012-12-04 16:52 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-12-01 04:56 . 2012-12-04 16:52 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-12-01 04:56 . 2012-12-04 16:52 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-12-01 04:53 . 2012-10-19 14:22 15524712 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 04:53 . 2012-10-19 14:22 164712 ----a-w- c:\windows\system32\nvsvc32.exe
2012-12-01 04:53 . 2012-10-19 14:22 143720 ----a-w- c:\windows\system32\nvcolor.exe
2012-12-01 04:53 . 2012-10-19 14:22 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-01 04:52 . 2012-10-19 14:22 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02 . 2004-08-04 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-09-29 18:47 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-10-30 22:51 . 2012-07-11 13:47 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-07-11 13:47 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-07-11 13:47 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2012-07-11 13:47 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-07-11 13:47 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2012-07-11 13:47 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2012-07-11 13:47 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-07-11 13:47 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2012-07-11 13:46 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-07-11 13:46 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-25 03:12 . 2012-10-25 03:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 03:12 . 2012-10-25 03:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-12-01 19:57 . 2012-12-01 19:56 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-19 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-12-01 15524712]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-12-01 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-12-03 1982312]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-12-18 295072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Deluge\\deluge.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [21/11/2012 00:53 17904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/07/2012 13:47 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/07/2012 13:47 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [21/11/2012 00:53 3069752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/07/2012 13:47 21256]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [06/01/2013 15:58 398184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28/04/2010 20:24 682344]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [09/08/2012 12:02 38608]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 13:42 148768]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [23/01/2012 04:43 92592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/01/2013 15:58 21104]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [21/11/2012 00:53 54072]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17/04/2012 18:48 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17/04/2012 18:48 8576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 10:09]
.
2012-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-01-07 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-11 22:50]
.
2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 13:47]
.
2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 13:47]
.
2012-12-14 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 15:52]
.
2013-01-07 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-08-09 12:04]
.
2013-01-07 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09 12:02]
.
2013-01-07 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09 12:02]
.
2013-01-07 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2013-01-05 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2013-01-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2012-12-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mytalktalk.co.uk
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.mytalktalk.co.uk/
uSearchAssistant =
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-99676561.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-07 20:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81ACBB45-06B6-AC1D-98EF-D6ECE7754907}\InProcServer32*]
"jabjhlfinlaeedbeehda"=hex:6a,61,70,61,6f,6f,62,63,62,66,63,6f,70,6b,62,63,68,
69,67,68,00,fa
"iabjnjpdmjongamdek"=hex:6a,61,70,61,6e,6c,6f,62,70,62,64,6d,6c,64,6e,66,6d,61,
61,69,00,f8
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(288)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-01-07 20:53:06
ComboFix-quarantined-files.txt 2013-01-07 20:53
ComboFix2.txt 2013-01-05 12:42
.
Pre-Run: 180,522,168,320 bytes free
Post-Run: 180,519,002,112 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - D7198AD6CAA0C3E2B81892E6B1089C66

 

[Fiery]

Hi, please try the below again.

Open up Notepad and copy & paste the following:

killall::

File::
c:\documents and settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js

Folder::
c:\documents and settings\Jane\Application Data\searchresultstb

RegNULL::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81ACBB45-06B6-AC1D-98EF-D6ECE7754907}\InProcServer32*]

ClearJavaCache::

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe

* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below

 

[edward1]

Hi, please try the below again.

Open up Notepad and copy & paste the following:

killall::

File::
c:\documents and settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js

Folder::
c:\documents and settings\Jane\Application Data\searchresultstb

RegNULL::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81ACBB45-06B6-AC1D-98EF-D6ECE7754907}\InProcServer32*]

ClearJavaCache::

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe

* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below

I get as far as moving the CFscript on to ComboFix. The process starts with the green script in the box and I notice the two icons drifting apart back to heir original positions. AutoScan then opens but there is no result after over an hour. I have tried procedure twice now.

 

[Fiery]

Hi,

Ok, we will use OTL to fix this.

Open OTL. Under custom scan/fixes, copy and paste the following:

• 
  
  :Files
  c:\documents and settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js
  c:\documents and settings\Jane\Application Data\searchresultstb
  ipconfig /flushdns /c
  
  :reg
  [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81ACBB45-06B6-AC1D-98EF-D6ECE7754907}\InProcServer32*]
  
  :Commands
  [EMPTYTEMP]
  [reboot]
  

Then click Run Fix. Post the log afterwards.

 

[edward1]

Hi,

Ok, we will use OTL to fix this.

Open OTL. Under custom scan/fixes, copy and paste the following:

• 
  
  :Files
  c:\documents and settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js
  c:\documents and settings\Jane\Application Data\searchresultstb
  ipconfig /flushdns /c
  
  :reg
  [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81ACBB45-06B6-AC1D-98EF-D6ECE7754907}\InProcServer32*]
  
  :Commands
  [EMPTYTEMP]
  [reboot]
  

Then click Run Fix. Post the log afterwards.

I tried to download OTL on infected PC but download was frozen and had to shut down.
Downloaded on laptop and even changed name. Transferred to PC with flash drive, managed to open and paste commands but it would not run. Tried again to no avail.

 

[Fiery]

Please do the following in safe mode. If you don't know how to access safe mode, follow the instructions here

Download and run RKill
Download mirror 1 - Download mirror 2 - Download mirror 3

• Save it to your Desktop.
• Double click the RKill desktop icon.
• It will quickly run. If it does not run, try another download link from above.

<img title="RKILL Command prompt" src="http://malwaretips.com/images/removalguide/rkill2.png" alt="[Image: run-rkill-2.png]" width="507" height="256" border="0" />

• When Rkill has completed its task, it will <>generate a log</>. You can then <>proceed with the rest of the guide</>.

<img title="RKILL LOG" src="http://malwaretips.com/images/removalguide/rkill3.png" alt="[Image: XP Defender 2013 rkill3.jpg]" width="414" height="187" border="0" /></li>
</ol><br>
<br><>WARNING: Do not reboot your computer after running RKill as the malware process will start again , preventing you from properly performing the next step.</>

Download avenger.zip... © by Swandog46

1. Unzip/extract it to a folder on your desktop.
2. Double click on avenger.exe to run it. Click "OK"...at the prompt.
3. Check the box... "Scan for rootkits"
4. Uncheck the box... "Automatically disable any rootkits found"...if checked.
5. Copy all of the text in the code box (below) and paste it in the text box in The Avenger
   

   Files to delete:
   c:\documents and settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js
   
   Folders to delete:
   c:\documents and settings\Jane\Application Data\searchresultstb
   
   Registry keys to delete:
   HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81ACBB45-06B6-AC1D-98EF-D6ECE7754907}\InProcServer32*

6. Click the Execute button.
7. Click "Yes" at the 2 prompts:
   • "Are you sure you want to execute the current script?".
   • "First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?".
8. Your PC will automatically reboot.
   Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require 2 (two) reboots to complete its operation.
   If that is the case, it will force a BSOD (Blue Screen of Death) error ...on the first reboot. This is normal & expected behavior.
9. After your PC has completed the necessary reboots, a log should automatically open.
   If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).

Please post the contents of the avenger.txt log, in your next reply.

 

[edward1]

Please do the following in safe mode. If you don't know how to access safe mode, follow the instructions here

Download and run RKill
Download mirror 1 - Download mirror 2 - Download mirror 3

• Save it to your Desktop.
• Double click the RKill desktop icon.
• It will quickly run. If it does not run, try another download link from above.

<img title="RKILL Command prompt" src="http://malwaretips.com/images/removalguide/rkill2.png" alt="[Image: run-rkill-2.png]" width="507" height="256" border="0" />

• When Rkill has completed its task, it will <>generate a log</>. You can then <>proceed with the rest of the guide</>.

<img title="RKILL LOG" src="http://malwaretips.com/images/removalguide/rkill3.png" alt="[Image: XP Defender 2013 rkill3.jpg]" width="414" height="187" border="0" /></li>
</ol><br>
<br><>WARNING: Do not reboot your computer after running RKill as the malware process will start again , preventing you from properly performing the next step.</>

Download avenger.zip... © by Swandog46

1. Unzip/extract it to a folder on your desktop.
2. Double click on avenger.exe to run it. Click "OK"...at the prompt.
3. Check the box... "Scan for rootkits"
4. Uncheck the box... "Automatically disable any rootkits found"...if checked.
5. Copy all of the text in the code box (below) and paste it in the text box in The Avenger
   

   Files to delete:
   c:\documents and settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js
   
   Folders to delete:
   c:\documents and settings\Jane\Application Data\searchresultstb
   
   Registry keys to delete:
   HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81ACBB45-06B6-AC1D-98EF-D6ECE7754907}\InProcServer32*

6. Click the Execute button.
7. Click "Yes" at the 2 prompts:
   • "Are you sure you want to execute the current script?".
   • "First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?".
8. Your PC will automatically reboot.
   Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require 2 (two) reboots to complete its operation.
   If that is the case, it will force a BSOD (Blue Screen of Death) error ...on the first reboot. This is normal & expected behavior.
9. After your PC has completed the necessary reboots, a log should automatically open.
   If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).

Please post the contents of the avenger.txt log, in your next reply.

Here is avenger log

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\documents and settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js" deleted successfully.
Folder "c:\documents and settings\Jane\Application Data\searchresultstb" deleted successfully.

Error: registry key "HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81ACBB45-06B6-AC1D-98EF-D6ECE7754907}\InProcServer32*" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81ACBB45-06B6-AC1D-98EF-D6ECE7754907}\InProcServer32*" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

 

[Fiery]

Sounds like the virus is infecting the tools we are using. Let's try to remove it outside the standard windows operating system.

Please print these instruction out so that you know what you are doing

• Download OTLPENet.exe to your desktop
• Download Farbar Recovery Scan Tool and save it to a flash drive.
• Download List Parts and save it to the flash drive also.
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• Wait for the CD to detect your hardware and load the operating system
• Your system should now display a Reatogo desktop
  Note : as you are running from CD it is not exactly speedy
• Insert the USB with FRST
• Locate the flash drive with FRST and double click
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
• Next click List Parts and then click Scan
  It will make a log Results.txt on the flash drive. Please copy and paste it to your reply.

 

[edward1]

Sounds like the virus is infecting the tools we are using. Let's try to remove it outside the standard windows operating system.

Please print these instruction out so that you know what you are doing

• Download OTLPENet.exe to your desktop
• Download Farbar Recovery Scan Tool and save it to a flash drive.
• Download List Parts and save it to the flash drive also.
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• Wait for the CD to detect your hardware and load the operating system
• Your system should now display a Reatogo desktop
  Note : as you are running from CD it is not exactly speedy
• Insert the USB with FRST
• Locate the flash drive with FRST and double click
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
• Next click List Parts and then click Scan
  It will make a log Results.txt on the flash drive. Please copy and paste it to your reply.

Hi Fiery. I have got as far as confirmation of a successful cd burn but I entered BIOS and set cd as first and hard drive as second but unfortunately Windows opens in the usual way. This is uncharted territory for me. Have I misunderstood the instructions?

 

[Fiery]

Hi,

Can you go into the BIOS again and check if booting from the CD is first? You may not have saved the setting. Also, make sure your CD is in your infected PC's Cd-drive when it boots up

 

[edward1]

Hi,

Can you go into the BIOS again and check if booting from the CD is first? You may not have saved the setting. Also, make sure your CD is in your infected PC's Cd-drive when it boots up

Have checked. Cd is first and saved. Cd is in machine.

 

[Fiery]

Are there any messages when you boot the computer? Does it say: Press any key to boot CD or anything before the windows logo appears?

 

[edward1]

Are there any messages when you boot the computer? Does it say: Press any key to boot CD or anything before the windows logo appears?

On reflection, I did initially get things wrong and disabled all but cd rom. It was then that I did get a message "Reboot and select proper boot device or insert boot media..................and press any key."
Pressing a key just repeated the message.