Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Problems after running avast root kit scan

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Problems after running avast root kit scan

Unread postby rmrrar » June 5th, 2013, 1:00 pm

I had Installed avast free version anti virus and the antivirus had done a rootkit scan after it was done all my pics, documenta and all were missing, my desktop background image was gone too. Now my desktop pc will not allow me to run windows update and keeps changing my defult search provider.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by HP_Administrator at 11:11:43 on 2013-06-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1263 [GMT -5:00]
.
AV: PC Tools AntiVirus Free *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://kabam.com/
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - <orphaned>
uRun: [Google Update] "c:\documents and settings\hp_administrator.robs\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ISTray] "c:\program files\pc tools\pc tools security\pctsGui.exe" /hideGUI
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
Trusted Zone: trymedia.com
Trusted Zone: trymedia.com
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/wind ... 5823579578
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 5823797671
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2020512A-B488-41C9-A986-A65E71F43C44} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-10-13 383368]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-10-13 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-10-13 909728]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-10-13 203120]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-10-13 402368]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-10-13 1118680]
RUnknown RegFilter;RegFilter; [x]
RUnknown UrlFilter;UrlFilter; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-10-13 575448]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2012-7-13 769432]
S3 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero8\incd\NBHRegInCDSrv.exe [2008-2-28 53032]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-10-13 70768]
S3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-9 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-05-24 11:06:21 0 ----a-w- c:\program files\GUT1C.tmp
2013-05-24 11:06:21 -------- d-----w- c:\program files\GUM1B.tmp
.
==================== Find3M ====================
.
2013-05-24 11:11:32 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-24 11:11:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17:14 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28:55 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 11:13:01.31 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/11/2012 4:52:19 PM
System Uptime: 6/5/2013 9:50:00 AM (2 hours ago)
.
Motherboard: Hewleet-Packard | | Asterope
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | CPU 1 | 2799/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 178 GiB total, 89.567 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.455 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP293: 2/26/2013 7:51:59 AM - System Checkpoint
RP294: 2/27/2013 10:19:16 PM - System Checkpoint
RP295: 3/22/2013 8:30:03 AM - Software Distribution Service 3.0
RP296: 3/22/2013 9:56:10 AM - Revo Uninstaller's restore point - Advanced SystemCare 6
RP297: 3/22/2013 9:59:31 AM - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.70.0.1100
RP298: 3/25/2013 11:39:52 AM - System Checkpoint
RP299: 4/4/2013 6:21:11 PM - System Checkpoint
RP300: 4/8/2013 7:58:06 PM - System Checkpoint
RP301: 4/9/2013 8:21:34 PM - System Checkpoint
RP302: 4/10/2013 9:12:55 PM - System Checkpoint
RP303: 4/11/2013 2:00:17 AM - Software Distribution Service 3.0
RP304: 4/27/2013 6:07:18 PM - System Checkpoint
RP305: 5/24/2013 6:10:07 AM - Software Distribution Service 3.0
RP306: 6/5/2013 10:14:03 AM - Installed Microsoft Fix it 50777
RP307: 6/5/2013 10:34:34 AM - Revo Uninstaller's restore point - WinRAR Password Cracker
RP308: 6/5/2013 10:34:48 AM - Removed WinRAR Password Cracker
RP309: 6/5/2013 10:36:20 AM - Revo Uninstaller's restore point - Smart Defrag 2
RP310: 6/5/2013 10:38:06 AM - Revo Uninstaller's restore point - IObit Malware Fighter
.
==== Installed Programs ======================
.
Active@ ISO Burner
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.02)
Agere Systems PCI-SV92PP Soft Modem
ATI Control Panel
ATI Display Driver
Browser Guard 4.0
CopyTrans Suite Remove Only
DISCover
GemMaster Mystic
Glary Undelete 1.8.0.468
Glary Utilities 2.52.0.1698
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Boot Optimizer
HP DVD Play 1.0
HP Game Console and games
HP Multimedia Keyboard Software
K-Lite Codec Pack 7.0.0 (Standard)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft User-Mode Driver Framework Feature Pack 1.0
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
Otto
PC-Doctor 5 for Windows
PC Tools AntiVirus Free 9.0
RealPlayer
Realtek High Definition Audio Driver
Remove IntelliMover Demo
Revo Uninstaller 1.94
Ricochet Lost Worlds from HP Media Center (remove only)
SCRABBLE from HP Media Center (remove only)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
Slingo Deluxe from HP Media Center (remove only)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2492386)
Updates from HP (remove only)
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
6/5/2013 9:51:50 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
6/5/2013 9:51:08 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am
Advertisement
Register to Remove

Re: Problems after running avast root kit scan

Unread postby Gary R » June 8th, 2013, 11:23 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Problems after running avast root kit scan

Unread postby Gary R » June 8th, 2013, 11:38 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi rmrrar

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
Important As I said earlier removing Malware is a potentially hazardous thing to do, so to increase our chances of recovery in the event of something unexpected happening, I'd like you to make a backup of your Registry before we start to clean your computer.
  • Download ERUNT to your desktop
  • Alternate Download
  • Double-click on erunt_setup.exe to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Not much of concern showing in your DDS logs, I'll need you to run some further scans for me to see if we can see what's causing your problems.

I see no signs of Avast on your computer. Have you uninstalled it? Because if you have, and Avast has removed something critical, then when you uninstalled Avast you will have removed any potential quarantine files that Avast may have made, and we will not be able to recover them.

I do see PCTools Anti-Virus on your computer, is this the free version, and if so, how long have you had it installed, because as far as I'm aware that is no longer properly supported. PCTools was taken over by Symantec, who make Norton, and they're therefore not likely to want to support a program that is in direct competition with their own product.

Please post answers to the questions above.

Next

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Next

Please download Farbar Service Scanner ... by Farbar and save it to your Desktop.
  • Double click FSS.exe to run it. (Vista - W7 users: Please right click on FSS.exe and select Run As Administrator).
  • Select the following options ....
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press the Scan button.
  • When finished, a text file named FSS.txt will be created on your desktop.
  • Copy/Paste the contents in your reply please.

Summary of the logs I need from you in your next post:
  • Please post replies to the questions I asked about Avast and PCTools.
  • OTL.txt
  • Extras.txt
  • TDSSKiller log
  • FSS.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Problems after running avast root kit scan

Unread postby rmrrar » June 11th, 2013, 12:51 am

hello, I am currently backing up all data and will be posting requested info shortly, thanks rmrrar
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Problems after running avast root kit scan

Unread postby rmrrar » June 12th, 2013, 8:47 am

I was able to run the registry backup using erunt, u said to not go any futher till u said to , did u want me to do the next steps now ?
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Problems after running avast root kit scan

Unread postby rmrrar » June 12th, 2013, 11:36 am

OTL logfile created on: 6/12/2013 10:21:17 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator.ROBS\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 64.92% Memory free
4.69 Gb Paging File | 4.12 Gb Available in Paging File | 87.89% Paging File free
Paging file location(s): C:\pagefile.sys 2974 2974 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.84 Gb Total Space | 81.67 Gb Free Space | 45.93% Space Free | Partition Type: NTFS
Drive D: | 8.45 Gb Total Space | 0.45 Gb Free Space | 5.38% Space Free | Partition Type: FAT32

Computer Name: ROBS | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/12 10:19:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.ROBS\My Documents\Downloads\OTL.exe
PRC - [2013/05/29 00:27:40 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/12/21 12:19:46 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/06/22 15:34:12 | 002,673,624 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
PRC - [2012/06/22 15:34:12 | 001,118,680 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
PRC - [2012/06/22 14:21:50 | 000,402,368 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
PRC - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 18:38:58 | 001,440,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/29 00:27:38 | 000,393,168 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll
MOD - [2013/05/29 00:27:35 | 004,051,408 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.110\pdf.dll
MOD - [2013/05/29 00:26:36 | 001,597,392 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll
MOD - [2013/01/02 01:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/06/22 15:34:06 | 000,157,656 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\NetworkLayer\PCTCFHook.dll
MOD - [2012/06/22 15:33:48 | 000,091,608 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\avengine\sdkBSCtrl.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - [2013/06/12 07:11:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2012/06/22 15:34:12 | 001,118,680 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/06/22 14:21:50 | 000,402,368 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/06/22 11:38:46 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/02/28 18:39:08 | 000,053,032 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - [2008/02/28 18:38:58 | 001,440,552 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe -- (InCDsrvR)
SRV - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) [On_Demand | Stopped] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004/09/29 22:14:36 | 000,069,632 | ---- | M] (HP) [Boot | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/02/10 03:46:00 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/06/22 15:34:52 | 000,203,120 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/06/22 11:39:14 | 000,070,768 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2012/04/23 12:36:50 | 000,383,368 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2012/02/28 11:43:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2012/02/28 11:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2009/03/09 05:03:24 | 000,121,984 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/02/11 12:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/02/28 18:38:58 | 000,040,360 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2008/02/28 18:38:58 | 000,017,448 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\system32\drivers\InCDrec.sys -- (InCDRec)
DRV - [2008/02/28 18:38:48 | 000,128,424 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2008/02/28 18:38:48 | 000,038,952 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2005/12/12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/10/27 16:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005/10/20 18:01:56 | 001,095,009 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/20 16:00:04 | 000,243,328 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2005/08/13 23:35:00 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/29 19:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/11/05 09:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2000235922-4029125667-1786599257-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-21-2000235922-4029125667-1786599257-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-21-2000235922-4029125667-1786599257-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-21-2000235922-4029125667-1786599257-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-21-2000235922-4029125667-1786599257-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://kabam.com/
IE - HKU\S-1-5-21-2000235922-4029125667-1786599257-1008\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-2000235922-4029125667-1786599257-1008\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2000235922-4029125667-1786599257-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2000235922-4029125667-1786599257-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/21 12:22:35 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: HP Product Detection Plugin for Mozilla (Disabled) = C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.19.2_0\plugins/npProductDetectPlugin.dll
CHR - plugin: HP Active Check Plugin (Disabled) = C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.19.2_0\plugins/npAclmPlugin.dll
CHR - plugin: HP Pit Plugin (Disabled) = C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.19.2_0\plugins/npPitPlugin.dll
CHR - plugin: Advanced SystemCare 6 (Disabled) = C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin/ASCPlugin_Protect.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Disabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Disabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Disabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Disabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Google Update (Disabled) = C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Disabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Disabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Disabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Disabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Disabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: YouTube = C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealDownloader = C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2004/08/10 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\S-1-5-21-2000235922-4029125667-1786599257-1008\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-2000235922-4029125667-1786599257-1008\..\Toolbar\WebBrowser: (no name) - {A2C38B93-BA23-408E-B2B5-2254FB8E9D5D} - No CLSID value found.
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator.YOUR-4DACD0EA75\Start Menu\Programs\StartUp\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000235922-4029125667-1786599257-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 5823579578 (Reg Error: Value error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 5823797671 (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2020512A-B488-41C9-A986-A65E71F43C44}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk C:\
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.0nf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/12 07:39:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2013/06/12 07:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/06/12 07:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/06/08 07:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.ROBS\Desktop\testdisk-6.14-WIP
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/12 10:16:03 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000235922-4029125667-1786599257-1008UA.job
[2013/06/12 10:15:24 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2000235922-4029125667-1786599257-1008.job
[2013/06/12 10:15:18 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2000235922-4029125667-1786599257-1008.job
[2013/06/12 10:15:14 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2013/06/12 10:15:14 | 000,000,322 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2000235922-4029125667-1786599257-1008.job
[2013/06/12 10:14:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/12 10:14:02 | 2079,772,672 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/12 07:37:32 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.ROBS\Desktop\ERUNT.lnk
[2013/06/12 07:11:27 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/12 07:11:23 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/06/12 07:11:23 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/06/12 06:27:05 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2000235922-4029125667-1786599257-1008.job
[2013/06/12 06:25:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/08 09:12:01 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2013/06/08 08:12:18 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/08 07:25:44 | 000,001,053 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.ROBS\Desktop\Shortcut to _SIAA0D.TMP.lnk
[2013/06/08 06:16:00 | 000,000,980 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000235922-4029125667-1786599257-1008Core.job
[2013/06/07 06:22:46 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.ROBS\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/07 06:22:46 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.ROBS\Desktop\Google Chrome.lnk
[2013/05/24 06:47:16 | 000,192,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/24 06:27:42 | 000,623,695 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2013/05/24 06:26:01 | 000,523,104 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/24 06:26:01 | 000,095,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/24 06:21:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/12 07:37:32 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.ROBS\Desktop\ERUNT.lnk
[2013/06/08 10:15:39 | 000,001,053 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.ROBS\Desktop\Shortcut to _SIAA0D.TMP.lnk
[2012/11/28 02:19:54 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/10/13 10:29:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/08/24 10:54:29 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\dt.dat
[2012/08/14 14:59:37 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.ROBS\Application Data\wklnhst.dat
[2012/08/11 17:59:16 | 000,001,726 | ---- | C] () -- C:\WINDOWS\ndinst.exe
[2012/08/11 16:54:59 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/11 16:54:59 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\fusioncache.dat
[2012/01/14 10:46:00 | 000,767,960 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2012/01/14 10:46:00 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll1042.old
[2010/03/03 01:28:25 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/09/22 10:47:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/07/02 12:06:40 | 000,000,538 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2008/07/14 12:37:30 | 000,000,050 | ---- | C] () -- C:\Documents and Settings\All Users\lxdi

========== ZeroAccess Check ==========

[2005/08/30 22:58:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/05/04 13:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2008/12/07 02:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup
[2012/08/14 12:54:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2006/04/01 02:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2010/04/05 02:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2008/01/01 02:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innova Electronics Corp
[2013/02/09 22:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/08/17 09:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/05/14 01:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LxThumbs
[2012/10/07 11:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/12/14 23:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/04/09 20:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/04/25 00:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/03/01 09:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nFoLmMn06300
[2009/06/29 19:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/03/28 14:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/12/14 23:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009/01/28 18:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2013/06/12 10:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/18 00:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2006/12/02 05:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/21 05:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2012/11/03 21:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/10/19 06:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 01:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/06 03:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2013/02/09 22:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
[2013/02/09 22:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2009/09/10 19:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5760A8B

< End of report >

OTL Extras logfile created on: 6/12/2013 10:21:17 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator.ROBS\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 64.92% Memory free
4.69 Gb Paging File | 4.12 Gb Available in Paging File | 87.89% Paging File free
Paging file location(s): C:\pagefile.sys 2974 2974 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.84 Gb Total Space | 81.67 Gb Free Space | 45.93% Space Free | Partition Type: NTFS
Drive D: | 8.45 Gb Total Space | 0.45 Gb Free Space | 5.38% Space Free | Partition Type: FAT32

Computer Name: ROBS | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2000235922-4029125667-1786599257-1008\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.VZSQQUFCEEBFSE3VP2Z7ZI7AJY] -- C:\Documents and Settings\HP_Administrator.ROBS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Disabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Disabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Disabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Disabled:Updates from HP -- (Hewlett-Packard)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{35DD9A1D-B340-4F41-A8B0-6EEBFB119280}" = muvee autoProducer unPlugged 1.2
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{E073D315-3C54-44BF-A1B2-B5583AEA618C}" = muvee autoProducer 4.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"0AA27562-3C4E-4860-8742-7ADEBE2EFC43" = Ricochet Lost Worlds from HP Media Center (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"581538B9-2ED3-45E2-96CB-22AD8F811D2A" = Shrek 2 Ogre Bowler from HP Media Center (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"ATI Display Driver" = ATI Display Driver
"B2AA88B1-4920-462B-9F7C-019782B3C4DB" = Shooting Stars Pool from HP Media Center (remove only)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"B7217206-A362-446B-A0F7-A2622B82F821" = SCRABBLE from HP Media Center (remove only)
"Browser Defender_is1" = Browser Guard 4.0
"DISCover" = DISCover
"E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E" = Slingo Deluxe from HP Media Center (remove only)
"ERUNT_is1" = ERUNT 1.1j
"Glary Undelete_is1" = Glary Undelete 1.8.0.468
"Glary Utilities_is1" = Glary Utilities 2.52.0.1698
"HP Game Console" = HP Game Console and games
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"ie8" = Windows Internet Explorer 8
"IntelliMover Data Transfer Demo" = Remove IntelliMover Demo
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"RealPlayer 16.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.94
"Spyware Doctor" = PC Tools AntiVirus Free 9.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2000235922-4029125667-1786599257-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/8/2013 10:12:06 AM | Computer Name = ROBS | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0xC004F018

Error - 6/8/2013 10:12:06 AM | Computer Name = ROBS | Source = MatSvc | ID = 262148
Description = The MATS service encountered a failure when uploading data. hr=0xC004F018


Error - 6/8/2013 10:17:04 AM | Computer Name = ROBS | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0xC004F018

Error - 6/8/2013 10:17:04 AM | Computer Name = ROBS | Source = MatSvc | ID = 262148
Description = The MATS service encountered a failure when uploading data. hr=0xC004F018


Error - 6/12/2013 8:00:14 AM | Computer Name = ROBS | Source = NTBackup | ID = 8019
Description = End Operation: Warnings or errors were encountered. Consult the backup
report for more details.

Error - 6/12/2013 11:14:47 AM | Computer Name = ROBS | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0xC004F018

Error - 6/12/2013 11:14:47 AM | Computer Name = ROBS | Source = MatSvc | ID = 262148
Description = The MATS service encountered a failure when uploading data. hr=0xC004F018


Error - 6/12/2013 11:15:04 AM | Computer Name = ROBS | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0xC004F018

Error - 6/12/2013 11:15:04 AM | Computer Name = ROBS | Source = MatSvc | ID = 262148
Description = The MATS service encountered a failure when uploading data. hr=0xC004F018


Error - 6/12/2013 11:19:46 AM | Computer Name = ROBS | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0xC004F018

Error - 6/12/2013 11:19:46 AM | Computer Name = ROBS | Source = MatSvc | ID = 262148
Description = The MATS service encountered a failure when uploading data. hr=0xC004F018


[ System Events ]
Error - 6/8/2013 11:24:32 AM | Computer Name = ROBS | Source = PCTCore | ID = 327960
Description =

Error - 6/9/2013 11:51:32 PM | Computer Name = ROBS | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/12/2013 7:25:31 AM | Computer Name = ROBS | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/12/2013 7:31:03 AM | Computer Name = ROBS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ntmssvc with
arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}

Error - 6/12/2013 7:34:09 AM | Computer Name = ROBS | Source = PCTCore | ID = 327960
Description =

Error - 6/12/2013 7:35:15 AM | Computer Name = ROBS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ntmssvc with
arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}

Error - 6/12/2013 8:35:54 AM | Computer Name = ROBS | Source = PCTCore | ID = 327960
Description =

Error - 6/12/2013 11:14:27 AM | Computer Name = ROBS | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/12/2013 11:14:50 AM | Computer Name = ROBS | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 6/12/2013 11:16:23 AM | Computer Name = ROBS | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.


< End of report >
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Problems after running avast root kit scan

Unread postby rmrrar » June 12th, 2013, 11:47 am

10:35:01.0609 3272 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:35:02.0156 3272 ============================================================
10:35:02.0156 3272 Current date / time: 2013/06/12 10:35:02.0156
10:35:02.0156 3272 SystemInfo:
10:35:02.0156 3272
10:35:02.0187 3272 OS Version: 5.1.2600 ServicePack: 3.0
10:35:02.0187 3272 Product type: Workstation
10:35:02.0187 3272 ComputerName: ROBS
10:35:02.0187 3272 UserName: HP_Administrator
10:35:02.0187 3272 Windows directory: C:\WINDOWS
10:35:02.0187 3272 System windows directory: C:\WINDOWS
10:35:02.0187 3272 Processor architecture: Intel x86
10:35:02.0187 3272 Number of processors: 2
10:35:02.0187 3272 Page size: 0x1000
10:35:02.0187 3272 Boot type: Normal boot
10:35:02.0187 3272 ============================================================
10:35:03.0171 3272 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:35:03.0250 3272 ============================================================
10:35:03.0250 3272 \Device\Harddisk0\DR0:
10:35:03.0250 3272 MBR partitions:
10:35:03.0250 3272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x163ABFB0
10:35:03.0250 3272 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x163AFEB0, BlocksNum 0x10EDF11
10:35:03.0250 3272 ============================================================
10:35:03.0281 3272 C: <-> \Device\Harddisk0\DR0\Partition1
10:35:03.0296 3272 D: <-> \Device\Harddisk0\DR0\Partition2
10:35:03.0312 3272 ============================================================
10:35:03.0312 3272 Initialize success
10:35:03.0312 3272 ============================================================
10:36:32.0515 3580 ============================================================
10:36:32.0515 3580 Scan started
10:36:32.0515 3580 Mode: Manual;
10:36:32.0515 3580 ============================================================
10:36:33.0015 3580 ================ Scan system memory ========================
10:36:33.0015 3580 System memory - ok
10:36:33.0015 3580 ================ Scan services =============================
10:36:33.0171 3580 Abiosdsk - ok
10:36:33.0187 3580 abp480n5 - ok
10:36:33.0250 3580 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:36:33.0250 3580 ACPI - ok
10:36:33.0281 3580 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:36:33.0281 3580 ACPIEC - ok
10:36:33.0359 3580 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:36:33.0359 3580 AdobeFlashPlayerUpdateSvc - ok
10:36:33.0375 3580 adpu160m - ok
10:36:33.0406 3580 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:36:33.0406 3580 aec - ok
10:36:33.0437 3580 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:36:33.0437 3580 AFD - ok
10:36:33.0515 3580 [ 51A66C689AD9B9A953F75496209AE520 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
10:36:33.0531 3580 AgereSoftModem - ok
10:36:33.0531 3580 Aha154x - ok
10:36:33.0546 3580 aic78u2 - ok
10:36:33.0562 3580 aic78xx - ok
10:36:33.0609 3580 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:36:33.0609 3580 Alerter - ok
10:36:33.0625 3580 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
10:36:33.0625 3580 ALG - ok
10:36:33.0625 3580 AliIde - ok
10:36:33.0640 3580 amsint - ok
10:36:33.0687 3580 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
10:36:33.0687 3580 AppMgmt - ok
10:36:33.0718 3580 [ 00523019E3579C8F8A94457FE25F0F24 ] aracpi C:\WINDOWS\system32\DRIVERS\aracpi.sys
10:36:33.0718 3580 aracpi - ok
10:36:33.0734 3580 [ 9FEDAA46EB1A572AC4D9EE6B5F123CF2 ] arhidfltr C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
10:36:33.0734 3580 arhidfltr - ok
10:36:33.0750 3580 [ 82969576093CD983DD559F5A86F382B4 ] arkbcfltr C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
10:36:33.0750 3580 arkbcfltr - ok
10:36:33.0765 3580 [ 9B21791D8A78FAECE999FADBEBDA6C22 ] armoucfltr C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
10:36:33.0765 3580 armoucfltr - ok
10:36:33.0796 3580 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:36:33.0812 3580 Arp1394 - ok
10:36:33.0828 3580 [ 7A2DA7C7B0C524EF26A79F17A5C69FDE ] ARPolicy C:\WINDOWS\system32\DRIVERS\arpolicy.sys
10:36:33.0828 3580 ARPolicy - ok
10:36:33.0859 3580 [ 9A0D9B2E263BEDE80FB79DDBAD240EC1 ] ARSVC C:\WINDOWS\arservice.exe
10:36:33.0859 3580 ARSVC - ok
10:36:33.0875 3580 asc - ok
10:36:33.0890 3580 asc3350p - ok
10:36:33.0890 3580 asc3550 - ok
10:36:34.0015 3580 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:36:34.0015 3580 aspnet_state - ok
10:36:34.0031 3580 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:36:34.0031 3580 AsyncMac - ok
10:36:34.0078 3580 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:36:34.0078 3580 atapi - ok
10:36:34.0093 3580 Atdisk - ok
10:36:34.0156 3580 [ D21352BCAAB174948EB9672BC203BB0F ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
10:36:34.0156 3580 Ati HotKey Poller - ok
10:36:34.0250 3580 [ 7A6CF9F411A9C5BD5C442A1CD46AF401 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:36:34.0265 3580 ati2mtag - ok
10:36:34.0312 3580 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:36:34.0312 3580 Atmarpc - ok
10:36:34.0343 3580 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:36:34.0343 3580 AudioSrv - ok
10:36:34.0390 3580 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:36:34.0390 3580 audstub - ok
10:36:34.0406 3580 [ 7270D070173B20AC9487EA16BB08B45F ] bb-run C:\WINDOWS\system32\DRIVERS\bb-run.sys
10:36:34.0406 3580 bb-run - ok
10:36:34.0421 3580 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:36:34.0421 3580 Beep - ok
10:36:34.0468 3580 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
10:36:34.0484 3580 BITS - ok
10:36:34.0546 3580 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
10:36:34.0546 3580 Browser - ok
10:36:34.0671 3580 [ 7EFFCCD7B6EA4D3428F5B3ACE8DE8F5A ] Browser Defender Update Service C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
10:36:34.0671 3580 Browser Defender Update Service - ok
10:36:34.0718 3580 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:36:34.0718 3580 cbidf2k - ok
10:36:34.0718 3580 cd20xrnt - ok
10:36:34.0750 3580 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:36:34.0765 3580 Cdaudio - ok
10:36:34.0781 3580 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:36:34.0781 3580 Cdfs - ok
10:36:34.0828 3580 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:36:34.0828 3580 Cdrom - ok
10:36:34.0843 3580 Changer - ok
10:36:34.0890 3580 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:36:34.0890 3580 CiSvc - ok
10:36:34.0937 3580 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:36:34.0937 3580 ClipSrv - ok
10:36:35.0015 3580 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:36:35.0031 3580 clr_optimization_v2.0.50727_32 - ok
10:36:35.0062 3580 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:36:35.0062 3580 clr_optimization_v4.0.30319_32 - ok
10:36:35.0078 3580 CmdIde - ok
10:36:35.0093 3580 COMSysApp - ok
10:36:35.0109 3580 Cpqarray - ok
10:36:35.0125 3580 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:36:35.0125 3580 CryptSvc - ok
10:36:35.0140 3580 dac2w2k - ok
10:36:35.0156 3580 dac960nt - ok
10:36:35.0187 3580 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:36:35.0203 3580 DcomLaunch - ok
10:36:35.0250 3580 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:36:35.0250 3580 Dhcp - ok
10:36:35.0281 3580 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:36:35.0281 3580 Disk - ok
10:36:35.0296 3580 dmadmin - ok
10:36:35.0343 3580 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:36:35.0359 3580 dmboot - ok
10:36:35.0359 3580 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:36:35.0375 3580 dmio - ok
10:36:35.0406 3580 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:36:35.0406 3580 dmload - ok
10:36:35.0437 3580 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:36:35.0437 3580 dmserver - ok
10:36:35.0468 3580 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:36:35.0468 3580 DMusic - ok
10:36:35.0500 3580 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:36:35.0500 3580 Dnscache - ok
10:36:35.0546 3580 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:36:35.0546 3580 Dot3svc - ok
10:36:35.0578 3580 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
10:36:35.0593 3580 dot4 - ok
10:36:35.0609 3580 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
10:36:35.0609 3580 Dot4Print - ok
10:36:35.0625 3580 [ 6EC3AF6BB5B30E488A0C559921F012E1 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
10:36:35.0625 3580 dot4usb - ok
10:36:35.0640 3580 dpti2o - ok
10:36:35.0671 3580 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:36:35.0671 3580 drmkaud - ok
10:36:35.0703 3580 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:36:35.0703 3580 EapHost - ok
10:36:35.0796 3580 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
10:36:35.0796 3580 ehRecvr - ok
10:36:35.0828 3580 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
10:36:35.0828 3580 ehSched - ok
10:36:35.0875 3580 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:36:35.0875 3580 ERSvc - ok
10:36:35.0906 3580 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
10:36:35.0906 3580 Eventlog - ok
10:36:35.0937 3580 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
10:36:35.0937 3580 EventSystem - ok
10:36:35.0968 3580 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:36:35.0968 3580 Fastfat - ok
10:36:36.0000 3580 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:36:36.0015 3580 FastUserSwitchingCompatibility - ok
10:36:36.0046 3580 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
10:36:36.0046 3580 Fax - ok
10:36:36.0093 3580 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
10:36:36.0093 3580 Fdc - ok
10:36:36.0109 3580 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:36:36.0109 3580 Fips - ok
10:36:36.0125 3580 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
10:36:36.0125 3580 Flpydisk - ok
10:36:36.0140 3580 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
10:36:36.0156 3580 FltMgr - ok
10:36:36.0234 3580 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:36:36.0234 3580 FontCache3.0.0.0 - ok
10:36:36.0250 3580 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:36:36.0250 3580 Fs_Rec - ok
10:36:36.0265 3580 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:36:36.0265 3580 Ftdisk - ok
10:36:36.0281 3580 [ 22399D3CE5840C6082844679CCA5D2FC ] ftsata2 C:\WINDOWS\system32\DRIVERS\ftsata2.sys
10:36:36.0296 3580 ftsata2 - ok
10:36:36.0328 3580 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:36:36.0328 3580 Gpc - ok
10:36:36.0343 3580 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:36:36.0343 3580 HDAudBus - ok
10:36:36.0421 3580 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:36:36.0421 3580 helpsvc - ok
10:36:36.0453 3580 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
10:36:36.0453 3580 HidServ - ok
10:36:36.0484 3580 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:36:36.0484 3580 HidUsb - ok
10:36:36.0515 3580 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:36:36.0531 3580 hkmsvc - ok
10:36:36.0531 3580 hpn - ok
10:36:36.0593 3580 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:36:36.0593 3580 HTTP - ok
10:36:36.0625 3580 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:36:36.0625 3580 HTTPFilter - ok
10:36:36.0625 3580 i2omgmt - ok
10:36:36.0640 3580 i2omp - ok
10:36:36.0671 3580 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:36:36.0671 3580 i8042prt - ok
10:36:36.0734 3580 [ 9A65E42664D1534B68512CAAD0EFE963 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
10:36:36.0750 3580 iaStor - ok
10:36:36.0828 3580 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:36:36.0828 3580 IDriverT - ok
10:36:36.0921 3580 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:36:36.0937 3580 idsvc - ok
10:36:36.0984 3580 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:36:36.0984 3580 Imapi - ok
10:36:37.0015 3580 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:36:37.0015 3580 ImapiService - ok
10:36:37.0046 3580 [ B0B3A4A43EAC52FA7F499243805D4BC6 ] InCDfs C:\WINDOWS\system32\drivers\InCDFs.sys
10:36:37.0046 3580 InCDfs - ok
10:36:37.0062 3580 [ 0ADBE6082853DEC90409EA4880BC596F ] InCDPass C:\WINDOWS\system32\drivers\InCDPass.sys
10:36:37.0078 3580 InCDPass - ok
10:36:37.0078 3580 [ E452D82608DBEFEF5F2865DFC2F41FBC ] InCDRec C:\WINDOWS\system32\drivers\InCDRec.sys
10:36:37.0093 3580 InCDRec - ok
10:36:37.0093 3580 [ 065665DFC381FABD8A9F35262B4DE222 ] incdrm C:\WINDOWS\system32\drivers\InCDRm.sys
10:36:37.0093 3580 incdrm - ok
10:36:37.0125 3580 InCDsrvR - ok
10:36:37.0140 3580 ini910u - ok
10:36:37.0359 3580 [ 14B48553BE78472D2BD3A518658A1710 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:36:37.0406 3580 IntcAzAudAddService - ok
10:36:37.0437 3580 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
10:36:37.0437 3580 IntelIde - ok
10:36:37.0484 3580 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:36:37.0484 3580 intelppm - ok
10:36:37.0515 3580 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
10:36:37.0515 3580 Ip6Fw - ok
10:36:37.0546 3580 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:36:37.0546 3580 IpFilterDriver - ok
10:36:37.0562 3580 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:36:37.0562 3580 IpInIp - ok
10:36:37.0578 3580 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:36:37.0578 3580 IpNat - ok
10:36:37.0593 3580 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:36:37.0593 3580 IPSec - ok
10:36:37.0625 3580 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:36:37.0625 3580 IRENUM - ok
10:36:37.0656 3580 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:36:37.0656 3580 isapnp - ok
10:36:37.0812 3580 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
10:36:37.0812 3580 JavaQuickStarterService - ok
10:36:37.0859 3580 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:36:37.0859 3580 Kbdclass - ok
10:36:37.0875 3580 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:36:37.0875 3580 kbdhid - ok
10:36:37.0906 3580 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:36:37.0906 3580 kmixer - ok
10:36:37.0953 3580 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:36:37.0953 3580 KSecDD - ok
10:36:37.0984 3580 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:36:37.0984 3580 lanmanserver - ok
10:36:38.0031 3580 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:36:38.0046 3580 lanmanworkstation - ok
10:36:38.0046 3580 lbrtfdc - ok
10:36:38.0125 3580 [ EE963D96BFD97E54BA6CE6D2AC58DE35 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
10:36:38.0125 3580 LightScribeService - ok
10:36:38.0156 3580 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:36:38.0156 3580 LmHosts - ok
10:36:38.0234 3580 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
10:36:38.0234 3580 MatSvc - ok
10:36:38.0281 3580 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
10:36:38.0296 3580 McrdSvc - ok
10:36:38.0296 3580 MCSTRM - ok
10:36:38.0359 3580 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
10:36:38.0359 3580 MDM - ok
10:36:38.0390 3580 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:36:38.0390 3580 Messenger - ok
10:36:38.0421 3580 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
10:36:38.0421 3580 MHN - ok
10:36:38.0453 3580 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
10:36:38.0453 3580 MHNDRV - ok
10:36:38.0484 3580 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:36:38.0484 3580 mnmdd - ok
10:36:38.0515 3580 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:36:38.0515 3580 mnmsrvc - ok
10:36:38.0562 3580 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:36:38.0562 3580 Modem - ok
10:36:38.0593 3580 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:36:38.0593 3580 Mouclass - ok
10:36:38.0640 3580 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:36:38.0640 3580 mouhid - ok
10:36:38.0671 3580 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:36:38.0671 3580 MountMgr - ok
10:36:38.0671 3580 mraid35x - ok
10:36:38.0703 3580 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:36:38.0703 3580 MRxDAV - ok
10:36:38.0734 3580 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:36:38.0734 3580 MRxSmb - ok
10:36:38.0765 3580 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:36:38.0765 3580 MSDTC - ok
10:36:38.0781 3580 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:36:38.0781 3580 Msfs - ok
10:36:38.0796 3580 MSIServer - ok
10:36:38.0812 3580 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:36:38.0812 3580 MSKSSRV - ok
10:36:38.0859 3580 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:36:38.0859 3580 MSPCLOCK - ok
10:36:38.0875 3580 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:36:38.0875 3580 MSPQM - ok
10:36:38.0921 3580 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:36:38.0921 3580 mssmbios - ok
10:36:38.0953 3580 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:36:38.0953 3580 Mup - ok
10:36:39.0000 3580 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
10:36:39.0000 3580 napagent - ok
10:36:39.0078 3580 [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
10:36:39.0109 3580 NAUpdate - ok
10:36:39.0140 3580 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:36:39.0140 3580 NDIS - ok
10:36:39.0171 3580 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:36:39.0171 3580 NdisTapi - ok
10:36:39.0218 3580 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:36:39.0218 3580 Ndisuio - ok
10:36:39.0234 3580 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:36:39.0234 3580 NdisWan - ok
10:36:39.0281 3580 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:36:39.0281 3580 NDProxy - ok
10:36:39.0328 3580 [ 33D7FF1BB39A9E4F42BA678728419981 ] NeroRegInCDSrv C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
10:36:39.0328 3580 NeroRegInCDSrv - ok
10:36:39.0328 3580 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:36:39.0328 3580 NetBIOS - ok
10:36:39.0359 3580 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:36:39.0359 3580 NetBT - ok
10:36:39.0390 3580 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
10:36:39.0390 3580 NetDDE - ok
10:36:39.0406 3580 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:36:39.0406 3580 NetDDEdsdm - ok
10:36:39.0437 3580 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:36:39.0453 3580 Netlogon - ok
10:36:39.0468 3580 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
10:36:39.0484 3580 Netman - ok
10:36:39.0531 3580 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:36:39.0531 3580 NetTcpPortSharing - ok
10:36:39.0562 3580 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:36:39.0562 3580 NIC1394 - ok
10:36:39.0578 3580 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
10:36:39.0593 3580 Nla - ok
10:36:39.0640 3580 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:36:39.0640 3580 Npfs - ok
10:36:39.0671 3580 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:36:39.0671 3580 Ntfs - ok
10:36:39.0687 3580 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:36:39.0703 3580 NtLmSsp - ok
10:36:39.0750 3580 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:36:39.0750 3580 NtmsSvc - ok
10:36:39.0796 3580 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
10:36:39.0796 3580 NuidFltr - ok
10:36:39.0843 3580 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:36:39.0843 3580 Null - ok
10:36:39.0875 3580 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:36:39.0875 3580 NwlnkFlt - ok
10:36:39.0890 3580 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:36:39.0890 3580 NwlnkFwd - ok
10:36:39.0906 3580 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:36:39.0906 3580 ohci1394 - ok
10:36:39.0953 3580 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:36:39.0953 3580 ose - ok
10:36:40.0000 3580 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
10:36:40.0000 3580 Parport - ok
10:36:40.0015 3580 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:36:40.0015 3580 PartMgr - ok
10:36:40.0062 3580 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:36:40.0062 3580 ParVdm - ok
10:36:40.0062 3580 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:36:40.0078 3580 PCI - ok
10:36:40.0078 3580 PCIDump - ok
10:36:40.0109 3580 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:36:40.0109 3580 PCIIde - ok
10:36:40.0171 3580 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:36:40.0171 3580 Pcmcia - ok
10:36:40.0187 3580 [ 6C9E2F69D99C025FD5CAB2228E495FA1 ] PCTBD C:\WINDOWS\system32\Drivers\PCTBD.sys
10:36:40.0187 3580 PCTBD - ok
10:36:40.0218 3580 [ F7DA28F2AB6CD32B2F76EE96EDAD8F20 ] PCTCore C:\WINDOWS\system32\drivers\PCTCore.sys
10:36:40.0218 3580 PCTCore - ok
10:36:40.0265 3580 [ 3C9FD593E95B98C642B4486CD122C2FB ] pctDS C:\WINDOWS\system32\drivers\pctDS.sys
10:36:40.0281 3580 pctDS - ok
10:36:40.0296 3580 [ DB6B6E47165B9647B215CEEB4DB33B87 ] pctEFA C:\WINDOWS\system32\drivers\pctEFA.sys
10:36:40.0312 3580 pctEFA - ok
10:36:40.0359 3580 [ 5E11C0C1BEE956DE9EAAC7ED086D8DB9 ] PCTSD C:\WINDOWS\system32\Drivers\PCTSD.sys
10:36:40.0359 3580 PCTSD - ok
10:36:40.0375 3580 PDCOMP - ok
10:36:40.0375 3580 PDFRAME - ok
10:36:40.0390 3580 PDRELI - ok
10:36:40.0390 3580 PDRFRAME - ok
10:36:40.0406 3580 perc2 - ok
10:36:40.0421 3580 perc2hib - ok
10:36:40.0453 3580 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
10:36:40.0453 3580 PlugPlay - ok
10:36:40.0500 3580 [ 9D84376931440F3679BEEF2A414FA493 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
10:36:40.0500 3580 Pml Driver HPZ12 - ok
10:36:40.0515 3580 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:36:40.0515 3580 PolicyAgent - ok
10:36:40.0562 3580 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:36:40.0562 3580 PptpMiniport - ok
10:36:40.0593 3580 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:36:40.0593 3580 ProtectedStorage - ok
10:36:40.0625 3580 [ 390C204CED3785609AB24E9C52054A84 ] Ps2 C:\WINDOWS\system32\DRIVERS\PS2.sys
10:36:40.0625 3580 Ps2 - ok
10:36:40.0640 3580 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:36:40.0640 3580 PSched - ok
10:36:40.0656 3580 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:36:40.0656 3580 Ptilink - ok
10:36:40.0687 3580 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:36:40.0687 3580 PxHelp20 - ok
10:36:40.0687 3580 ql1080 - ok
10:36:40.0703 3580 Ql10wnt - ok
10:36:40.0718 3580 ql12160 - ok
10:36:40.0718 3580 ql1240 - ok
10:36:40.0734 3580 ql1280 - ok
10:36:40.0781 3580 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:36:40.0781 3580 RasAcd - ok
10:36:40.0828 3580 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:36:40.0828 3580 RasAuto - ok
10:36:40.0859 3580 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:36:40.0859 3580 Rasl2tp - ok
10:36:40.0890 3580 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:36:40.0890 3580 RasMan - ok
10:36:40.0906 3580 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:36:40.0906 3580 RasPppoe - ok
10:36:40.0921 3580 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:36:40.0921 3580 Raspti - ok
10:36:40.0968 3580 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:36:40.0968 3580 Rdbss - ok
10:36:40.0984 3580 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:36:40.0984 3580 RDPCDD - ok
10:36:41.0000 3580 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:36:41.0015 3580 rdpdr - ok
10:36:41.0046 3580 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:36:41.0046 3580 RDPWD - ok
10:36:41.0093 3580 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:36:41.0093 3580 RDSessMgr - ok
10:36:41.0156 3580 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
10:36:41.0156 3580 RealNetworks Downloader Resolver Service - ok
10:36:41.0203 3580 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:36:41.0203 3580 redbook - ok
10:36:41.0250 3580 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:36:41.0250 3580 RemoteAccess - ok
10:36:41.0312 3580 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
10:36:41.0312 3580 RemoteRegistry - ok
10:36:41.0343 3580 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
10:36:41.0343 3580 RpcLocator - ok
10:36:41.0390 3580 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
10:36:41.0390 3580 RpcSs - ok
10:36:41.0437 3580 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:36:41.0437 3580 RSVP - ok
10:36:41.0468 3580 [ E2988349FE0567CBE4161CC653575A8E ] RT2500 C:\WINDOWS\system32\DRIVERS\RT2500.sys
10:36:41.0468 3580 RT2500 - ok
10:36:41.0531 3580 [ 581E74880AEB1DBA1CB5AC8E6E6C0A69 ] RT61 C:\WINDOWS\system32\DRIVERS\RT61.sys
10:36:41.0531 3580 RT61 - ok
10:36:41.0562 3580 [ EACD871FDBE85393D112782896C2D7DD ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
10:36:41.0562 3580 RTL8023xp - ok
10:36:41.0609 3580 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
10:36:41.0609 3580 rtl8139 - ok
10:36:41.0640 3580 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
10:36:41.0640 3580 SamSs - ok
10:36:41.0687 3580 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:36:41.0687 3580 SCardSvr - ok
10:36:41.0734 3580 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:36:41.0734 3580 Schedule - ok
10:36:41.0781 3580 [ CFEB26A26452D5337C2F3AADD8218FC3 ] sdAuxService C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
10:36:41.0843 3580 sdAuxService - ok
10:36:41.0937 3580 [ B906C04F469060F2DD7FCB84706B4493 ] sdCoreService C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
10:36:42.0000 3580 sdCoreService - ok
10:36:42.0046 3580 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:36:42.0046 3580 Secdrv - ok
10:36:42.0078 3580 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
10:36:42.0078 3580 seclogon - ok
10:36:42.0093 3580 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
10:36:42.0093 3580 SENS - ok
10:36:42.0140 3580 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
10:36:42.0140 3580 Serial - ok
10:36:42.0187 3580 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:36:42.0187 3580 Sfloppy - ok
10:36:42.0250 3580 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:36:42.0250 3580 SharedAccess - ok
10:36:42.0281 3580 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:36:42.0281 3580 ShellHWDetection - ok
10:36:42.0296 3580 Simbad - ok
10:36:42.0312 3580 Sparrow - ok
10:36:42.0328 3580 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:36:42.0328 3580 splitter - ok
10:36:42.0359 3580 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:36:42.0359 3580 Spooler - ok
10:36:42.0437 3580 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
10:36:42.0437 3580 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
10:36:42.0437 3580 sptd ( LockedFile.Multi.Generic ) - warning
10:36:42.0437 3580 sptd - detected LockedFile.Multi.Generic (1)
10:36:42.0468 3580 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:36:42.0468 3580 sr - ok
10:36:42.0515 3580 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
10:36:42.0515 3580 srservice - ok
10:36:42.0562 3580 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:36:42.0562 3580 Srv - ok
10:36:42.0593 3580 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:36:42.0593 3580 SSDPSRV - ok
10:36:42.0625 3580 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:36:42.0625 3580 stisvc - ok
10:36:42.0671 3580 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:36:42.0671 3580 swenum - ok
10:36:42.0687 3580 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:36:42.0687 3580 swmidi - ok
10:36:42.0703 3580 SwPrv - ok
10:36:42.0718 3580 symc810 - ok
10:36:42.0718 3580 symc8xx - ok
10:36:42.0734 3580 sym_hi - ok
10:36:42.0750 3580 sym_u3 - ok
10:36:42.0765 3580 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:36:42.0765 3580 sysaudio - ok
10:36:42.0796 3580 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:36:42.0796 3580 SysmonLog - ok
10:36:42.0828 3580 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:36:42.0843 3580 TapiSrv - ok
10:36:42.0890 3580 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:36:42.0890 3580 Tcpip - ok
10:36:42.0937 3580 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:36:42.0937 3580 TDPIPE - ok
10:36:42.0953 3580 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:36:42.0953 3580 TDTCP - ok
10:36:42.0984 3580 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:36:42.0984 3580 TermDD - ok
10:36:43.0015 3580 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
10:36:43.0031 3580 TermService - ok
10:36:43.0062 3580 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
10:36:43.0062 3580 Themes - ok
10:36:43.0109 3580 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
10:36:43.0109 3580 TlntSvr - ok
10:36:43.0109 3580 TosIde - ok
10:36:43.0140 3580 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:36:43.0140 3580 TrkWks - ok
10:36:43.0171 3580 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:36:43.0171 3580 Udfs - ok
10:36:43.0203 3580 ultra - ok
10:36:43.0234 3580 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:36:43.0234 3580 Update - ok
10:36:43.0265 3580 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:36:43.0281 3580 upnphost - ok
10:36:43.0296 3580 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
10:36:43.0296 3580 UPS - ok
10:36:43.0343 3580 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:36:43.0343 3580 usbccgp - ok
10:36:43.0359 3580 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:36:43.0359 3580 usbehci - ok
10:36:43.0406 3580 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:36:43.0406 3580 usbhub - ok
10:36:43.0421 3580 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:36:43.0421 3580 usbohci - ok
10:36:43.0437 3580 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:36:43.0437 3580 usbstor - ok
10:36:43.0468 3580 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:36:43.0468 3580 usbuhci - ok
10:36:43.0500 3580 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:36:43.0500 3580 VgaSave - ok
10:36:43.0515 3580 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
10:36:43.0515 3580 ViaIde - ok
10:36:43.0531 3580 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:36:43.0531 3580 VolSnap - ok
10:36:43.0578 3580 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
10:36:43.0578 3580 VSS - ok
10:36:43.0609 3580 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
10:36:43.0625 3580 W32Time - ok
10:36:43.0640 3580 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:36:43.0640 3580 Wanarp - ok
10:36:43.0687 3580 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
10:36:43.0703 3580 Wdf01000 - ok
10:36:43.0703 3580 WDICA - ok
10:36:43.0734 3580 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:36:43.0734 3580 wdmaud - ok
10:36:43.0765 3580 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:36:43.0765 3580 WebClient - ok
10:36:43.0859 3580 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:36:43.0859 3580 winmgmt - ok
10:36:43.0937 3580 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
10:36:43.0953 3580 WinRM - ok
10:36:44.0000 3580 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
10:36:44.0000 3580 WmdmPmSN - ok
10:36:44.0046 3580 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
10:36:44.0062 3580 Wmi - ok
10:36:44.0093 3580 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:36:44.0093 3580 WmiApSrv - ok
10:36:44.0187 3580 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
10:36:44.0187 3580 WMPNetworkSvc - ok
10:36:44.0281 3580 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:36:44.0281 3580 WPFFontCache_v0400 - ok
10:36:44.0328 3580 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:36:44.0328 3580 WS2IFSL - ok
10:36:44.0375 3580 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:36:44.0375 3580 wscsvc - ok
10:36:44.0375 3580 WSearch - ok
10:36:44.0421 3580 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:36:44.0437 3580 wuauserv - ok
10:36:44.0484 3580 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:36:44.0484 3580 WudfPf - ok
10:36:44.0515 3580 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:36:44.0515 3580 WudfRd - ok
10:36:44.0531 3580 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
10:36:44.0546 3580 WudfSvc - ok
10:36:44.0609 3580 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:36:44.0609 3580 WZCSVC - ok
10:36:44.0656 3580 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:36:44.0656 3580 xmlprov - ok
10:36:44.0671 3580 ================ Scan global ===============================
10:36:44.0703 3580 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:36:44.0765 3580 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
10:36:44.0781 3580 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
10:36:44.0796 3580 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:36:44.0812 3580 [Global] - ok
10:36:44.0812 3580 ================ Scan MBR ==================================
10:36:44.0828 3580 [ D11C727E03BB7318DCDA069B06E652F0 ] \Device\Harddisk0\DR0
10:36:45.0000 3580 \Device\Harddisk0\DR0 - ok
10:36:45.0000 3580 ================ Scan VBR ==================================
10:36:45.0000 3580 [ A3344D2086FD0C2EAFBA2CDB4D405509 ] \Device\Harddisk0\DR0\Partition1
10:36:45.0015 3580 \Device\Harddisk0\DR0\Partition1 - ok
10:36:45.0031 3580 [ 1F8914A61980D23825AF0A511A1EDF7C ] \Device\Harddisk0\DR0\Partition2
10:36:45.0046 3580 \Device\Harddisk0\DR0\Partition2 - ok
10:36:45.0046 3580 ============================================================
10:36:45.0046 3580 Scan finished
10:36:45.0046 3580 ============================================================
10:36:45.0062 3600 Detected object count: 1
10:36:45.0062 3600 Actual detected object count: 1
10:38:24.0171 3600 sptd ( LockedFile.Multi.Generic ) - skipped by user
10:38:24.0171 3600 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Problems after running avast root kit scan

Unread postby rmrrar » June 12th, 2013, 11:57 am

Hello again, I believe I got everything except the info about pc tools. I do have the free version installed and have been using it for 8 to 12 mos. as to the free version of avast, I did uninstall the program only b/c my pc wouldnt run hardly at all and avast advised me to do so when I called them about the problem, this was about a year ago unfortunately and I installed the pc tools after removing the free version avast. I hope I have answered all the questions that you had requested . I await your response. thanks rmrrar

Farbar Service Scanner Version: 31-05-2013 01
Ran by HP_Administrator (administrator) on 12-06-2013 at 10:45:24
Running from "C:\Documents and Settings\HP_Administrator.ROBS\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Problems after running avast root kit scan

Unread postby Gary R » June 13th, 2013, 3:42 pm

Sorry, I didn't get notification that you had replied.

I'm looking over your logs, and will be back as soon as possible.

My apologies for you having to wait so long.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Problems after running avast root kit scan

Unread postby Gary R » June 13th, 2013, 4:15 pm

Still no real signs of any Malware on your computer, though there are a few items that could do with attention.

First

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
IE - HKU\S-1-5-21-2000235922-4029125667-1786599257-1008\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\S-1-5-21-2000235922-4029125667-1786599257-1008\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-2000235922-4029125667-1786599257-1008\..\Toolbar\WebBrowser: (no name) - {A2C38B93-BA23-408E-B2B5-2254FB8E9D5D} - No CLSID value found.
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/Activ ... SDcode.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 5823579578 (Reg Error: Value error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 5823797671 (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[2013/02/09 22:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2008/04/25 00:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/10/19 06:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 01:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/06 03:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2013/02/09 22:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
[2013/02/09 22:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5760A8B

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.


Question ....

Do you know what the following 2 scheduled jobs are for ?

C:\WINDOWS\tasks\ConfigExec.job
C:\WINDOWS\tasks\DataUpload.job


Summary of the logs I need from you in your next post:

  • OTL fix log
  • E-Set log
  • Answer to the question about the scheduled jobs.

Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Problems after running avast root kit scan

Unread postby rmrrar » June 15th, 2013, 11:30 am

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2000235922-4029125667-1786599257-1008\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ not found.
Registry value HKEY_USERS\S-1-5-21-2000235922-4029125667-1786599257-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-2000235922-4029125667-1786599257-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A2C38B93-BA23-408E-B2B5-2254FB8E9D5D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2C38B93-BA23-408E-B2B5-2254FB8E9D5D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\ not found.
Starting removal of ActiveX control {0742B9EF-8C83-41CA-BFBA-830A59E23533}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0742B9EF-8C83-41CA-BFBA-830A59E23533}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0742B9EF-8C83-41CA-BFBA-830A59E23533}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0742B9EF-8C83-41CA-BFBA-830A59E23533}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0742B9EF-8C83-41CA-BFBA-830A59E23533}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0742B9EF-8C83-41CA-BFBA-830A59E23533}\ not found.
Starting removal of ActiveX control {6414512B-B978-451D-A0D8-FCFDF33E833C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ not found.
Starting removal of ActiveX control {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\WINDOWS\System32\SET1A2.tmp deleted successfully.
C:\WINDOWS\System32\SET1A5.tmp deleted successfully.
C:\WINDOWS\System32\SET1B1.tmp deleted successfully.
C:\WINDOWS\System32\SET1B5.tmp deleted successfully.
C:\WINDOWS\System32\SET1C0.tmp deleted successfully.
C:\WINDOWS\System32\SET1F1.tmp deleted successfully.
C:\WINDOWS\System32\SET1F5.tmp deleted successfully.
C:\WINDOWS\System32\SET1F6.tmp deleted successfully.
C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP\WiseCustomCall.dll deleted successfully.
C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\Program Files\GUM1B.tmp\GoogleCrashHandler.exe deleted successfully.
C:\Program Files\GUM1B.tmp\GoogleCrashHandler64.exe deleted successfully.
C:\Program Files\GUM1B.tmp\GoogleUpdate.exe deleted successfully.
C:\Program Files\GUM1B.tmp\GoogleUpdateBroker.exe deleted successfully.
C:\Program Files\GUM1B.tmp\GoogleUpdateHelper.msi deleted successfully.
C:\Program Files\GUM1B.tmp\GoogleUpdateOnDemand.exe deleted successfully.
C:\Program Files\GUM1B.tmp\GoogleUpdateSetup.exe deleted successfully.
C:\Program Files\GUM1B.tmp\goopdate.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_am.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_ar.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_bg.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_bn.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_ca.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_cs.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_da.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_de.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_el.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_en-GB.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_en.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_es-419.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_es.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_et.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_fa.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_fi.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_fil.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_fr.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_gu.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_hi.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_hr.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_hu.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_id.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_is.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_it.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_iw.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_ja.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_kn.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_ko.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_lt.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_lv.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_ml.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_mr.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_ms.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_nl.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_no.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_pl.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_pt-BR.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_pt-PT.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_ro.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_ru.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_sk.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_sl.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_sr.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_sv.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_sw.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_ta.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_te.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_th.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_tr.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_uk.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_ur.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_vi.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_zh-CN.dll deleted successfully.
C:\Program Files\GUM1B.tmp\goopdateres_zh-TW.dll deleted successfully.
C:\Program Files\GUM1B.tmp\npGoogleUpdate3.dll deleted successfully.
C:\Program Files\GUM1B.tmp\psmachine.dll deleted successfully.
C:\Program Files\GUM1B.tmp\psuser.dll deleted successfully.
C:\Program Files\GUM1B.tmp folder deleted successfully.
C:\Program Files\GUT1C.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\IObit\ASCDownloader folder moved successfully.
C:\Documents and Settings\All Users\Application Data\IObit\Advanced SystemCare V6 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\IObit folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Napster\TEMP folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Napster\image folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Napster\bin folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Napster folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{BDDB56DE-AE4E-48A2-B856-FB60C8498453} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C5760A8B deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\HP_Administrator.ROBS\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\HP_Administrator.ROBS\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Administrator.YOUR-4DACD0EA75
->Temp folder emptied: 27079702 bytes
->Temporary Internet Files folder emptied: 22257381 bytes
->FireFox cache emptied: 3486912 bytes
->Flash cache emptied: 0 bytes

User: Administrator.YOUR-4DACD0EA75.000
->Temp folder emptied: 23089111 bytes
->Temporary Internet Files folder emptied: 16407449 bytes
->Flash cache emptied: 300 bytes

User: Administrator.YOUR-4DACD0EA75.001
->Temp folder emptied: 31710871 bytes
->Temporary Internet Files folder emptied: 19091446 bytes
->FireFox cache emptied: 65809 bytes
->Flash cache emptied: 300 bytes

User: Administrator.YOUR-4DACD0EA75.002
->Temp folder emptied: 23089111 bytes
->Temporary Internet Files folder emptied: 16110929 bytes
->FireFox cache emptied: 65809 bytes
->Flash cache emptied: 300 bytes

User: All Users
->Flash cache emptied: 70 bytes

User: Default User
->Temp folder emptied: 27079702 bytes
->Temporary Internet Files folder emptied: 22257381 bytes
->FireFox cache emptied: 3486912 bytes
->Flash cache emptied: 300 bytes

User: HP_Administrator

User: HP_Administrator.ROBS
->Temp folder emptied: 24424635 bytes
->Temporary Internet Files folder emptied: 4923033 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 346703607 bytes
->Flash cache emptied: 937 bytes

User: HP_Administrator.YOUR-4DACD0EA75

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 182731 bytes
->Flash cache emptied: 405 bytes

User: NetworkService
->Temp folder emptied: 904506 bytes
->Temporary Internet Files folder emptied: 51319814 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1129543 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 202675050 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 22257381 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 849.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 06152013_101757

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Problems after running avast root kit scan

Unread postby rmrrar » June 15th, 2013, 1:39 pm

I am sorry But I dont know what the files mentioned are.


C:\Documents and Settings\HP_Administrator.ROBS\My Documents\Downloads\7zip-setup.exe multiple threats
C:\Documents and Settings\HP_Administrator.ROBS\My Documents\Downloads\7zip_freely_d157185.exe a variant of Win32/InstallIQ application
C:\Documents and Settings\HP_Administrator.ROBS\My Documents\Downloads\cbsidlm-tr1_10a-Active_ISO_Burner-ORG-10602452.exe Win32/DownloadAdmin.G application
C:\Documents and Settings\HP_Administrator.ROBS\My Documents\Downloads\cbsidlm-tr1_7-Revo_Uninstaller-ORG2-10687648.exe Win32/DownloadAdmin.D application
C:\Documents and Settings\HP_Administrator.ROBS\My Documents\Downloads\cbsidlm-tr1_8-Free_Opener-ORG2-75450719.exe Win32/DownloadAdmin.E application
C:\Documents and Settings\HP_Administrator.ROBS\My Documents\Downloads\cbsidlm-tr1_8-Password_Cracker-ORG2-10226556.exe Win32/DownloadAdmin.E application
C:\Documents and Settings\HP_Administrator.ROBS\My Documents\Downloads\SoftonicDownloader_for_iso-recorder.exe a variant of Win32/SoftonicDownloader.E application
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Problems after running avast root kit scan

Unread postby Gary R » June 15th, 2013, 2:37 pm

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\Documents and Settings\HP_Administrator.ROBS\My Documents\Downloads\7zip-setup.exe
C:\Documents and Settings\HP_Administrator.ROBS\My Documents\Downloads\7zip_freely_d157185.exe
C:\Documents and Settings\HP_Administrator.ROBS\My Documents\Downloads\cbsidlm-tr1_10a-Active_ISO_Burner-ORG-10602452.exe
C:\Documents and Settings\HP_Administrator.ROBS\My Documents\Downloads\cbsidlm-tr1_7-Revo_Uninstaller-ORG2-10687648.exe
C:\Documents and Settings\HP_Administrator.ROBS\My Documents\Downloads\cbsidlm-tr1_8-Free_Opener-ORG2-75450719.exe
C:\Documents and Settings\HP_Administrator.ROBS\My Documents\Downloads\cbsidlm-tr1_8-Password_Cracker-ORG2-10226556.exe
C:\Documents and Settings\HP_Administrator.ROBS\My Documents\Downloads\SoftonicDownloader_for_iso-recorder.exe
C:\WINDOWS\tasks\ConfigExec.job
C:\WINDOWS\tasks\DataUpload.job

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.
  • Also let me know how your computer is behaving now please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Problems after running avast root kit scan

Unread postby Gary R » June 18th, 2013, 3:57 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware