Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
81 - 100 of 137 Posts
Discussion starter · #81 ·
Mark1956 - I hope this works. It would not let me paste each log file icon so I did it this way...If this isn't right or you need it seperatly show me how to do it. I could copy but not paste? I am anxious to find out if this is what you needed.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Andrew at 13:45:24 on 2013-04-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.180 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=79
uURLSearchHooks: <No Name>: {8ba2cfef-a1bc-4964-aadc-33be1ae5a33c} -
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: SearchDonkey: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - c:\program files\searchdonkey\ie\common.dll
BHO: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Assistant BHO: {9b9dcae3-be34-424c-8d73-75e305a9e091} -
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: Toolbar BHO: {dc9051c2-8f55-479a-97a4-747980d9047f} -
BHO: Fast Free Converter 3.0: {DDA5D4B3-468F-4D62-9092-75142C6169B1} - c:\program files\fast free converter\fastfreeconverter\FastFreeConverter.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: WeatherBlink: {F20DE5E0-2A6E-4C54-985F-1CF59551CE39} -
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: WeatherBlink: {f20de5e0-2a6e-4c54-985f-1cf59551ce39} -
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Updater19962.exe] c:\documents and settings\andrew\local settings\application data\updater19962\Updater19962.exe /extensionid=19962 /extensionname='Supreme Savings' /chromeid=ihkeoookbpemkdccdccdmacnidhooohk /stayidle /delay=300
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [VMConsole.exe] c:\program files\sony\vaio media integrated server\platform\VMConsole.exe /windowmin
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WeatherBlink Search Scope Monitor] "c:\progra~1\weathe~2\bar\1.bin\gcsrchmn.exe" /m=2 /w /h
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\andrew\startm~1\programs\startup\fedexd~1.lnk - c:\program files\fedex\fedex desktop\FedEx Desktop.exe
StartupFolder: c:\docume~1\andrew\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\docume~1\andrew\startm~1\programs\startup\monito~2.lnk - c:\windows\system32\RunDll32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:8
mPolicies-Explorer: NoDriveTypeAutoRun = dword:8
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\NPJPI150.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1355269036203
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{22E42D94-0A99-44C2-8F52-9DD9943D560E} : DHCPNameServer = 10.0.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: igfxcui - igfxsrvc.dll
Notify: VESWinlogon - VESWinlogon.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.97\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-10-5 33112]
R1 MpKsl59312184;MpKsl59312184;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d58f032d-e6eb-447a-9a24-0eec2b0871fa}\MpKsl59312184.sys [2013-4-4 29904]
R2 FastFreeConverterUpdt;FastFreeConverterUpdt;c:\program files\fast free converter\FastFreeConverterUpdt.exe [2012-11-26 687104]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-10-5 722528]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-2-21 968880]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys --> c:\windows\system32\drivers\avgidshx.sys [?]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys --> c:\windows\system32\drivers\avglogx.sys [?]
S0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys --> c:\windows\system32\drivers\avgidsdriverx.sys [?]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys --> c:\windows\system32\drivers\avgidsshimx.sys [?]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S2 5613;5613;\??\c:\docume~1\andrew\locals~1\temp\5613.sys --> c:\docume~1\andrew\locals~1\temp\5613.sys [?]
S2 AlotService;ALOT Update Service;c:\documents and settings\andrew\application data\alotservice\alotservice.exe --> c:\documents and settings\andrew\application data\alotservice\alotservice.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg2013\avgidsagent.exe" --> c:\program files\avg\avg2013\avgidsagent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\avg\avg2013\avgwdsvc.exe" --> c:\program files\avg\avg2013\avgwdsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\symcpcculaunchsvc.exe /s --> c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [?]
S2 PCCUJobMgr;Common Client Job Manager Service;"c:\program files\norton pc checkup\engine\2.0.15.91\ccsvchst.exe" /s "pccujobmgr" /m "c:\program files\norton pc checkup\engine\2.0.15.91\dimaster.dll" /prefetch:1 --> c:\program files\norton pc checkup\engine\2.0.15.91\ccSvcHst.exe [?]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;"c:\program files\avg\avg pc tuneup\tuneuputilitiesservice32.exe" --> c:\program files\avg\avg pc tuneup\TuneUpUtilitiesService32.exe [?]
S2 WeatherBlinkService;WeatherBlinkService;c:\progra~1\weathe~2\bar\1.bin\gcbarsvc.exe --> c:\progra~1\weathe~2\bar\1.bin\gcbarsvc.exe [?]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\avg\avg pc tuneup\tuneuputilitiesdriver32.sys --> c:\program files\avg\avg pc tuneup\TuneUpUtilitiesDriver32.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.pif: <filetype is not registered>
.txt: <filetype is not registered>
.ini: <filetype is not registered>
.vbe: <filetype is not registered>
.jse: <filetype is not registered>
.wsf: <filetype is not registered>
.
=============== Created Last 30 ================
.
2013-04-04 20:18:53 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d58f032d-e6eb-447a-9a24-0eec2b0871fa}\MpKsl59312184.sys
2013-04-04 17:22:28 -------- d-----w- c:\program files\Tweaking.com
2013-04-03 23:49:37 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d58f032d-e6eb-447a-9a24-0eec2b0871fa}\offreg.dll
2013-04-03 23:18:00 7108640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d58f032d-e6eb-447a-9a24-0eec2b0871fa}\mpengine.dll
2013-04-03 23:16:57 237088 ----a-w- c:\windows\system32\MpSigStub.exe
2013-04-03 23:06:38 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-26 04:23:58 -------- d-----w- C:\d608f2bb5b323a930a256af12f5c77
2013-03-26 03:53:55 18096 ----a-w- c:\windows\system32\roboot.exe
2013-03-25 20:05:39 -------- d-----w- c:\program files\Tuguu SL
2013-03-25 17:18:01 -------- d-----w- c:\program files\SearchDonkey
2013-03-25 17:17:53 -------- d-----w- c:\documents and settings\andrew\AppData
2013-03-25 17:15:38 -------- d-----w- c:\documents and settings\all users\application data\W3i
2013-03-25 17:10:37 -------- d-----w- c:\program files\Fast Free Converter
2013-03-25 17:09:54 -------- d-----w- c:\program files\W3i
2013-03-17 14:50:48 12928 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-17 14:50:48 12928 -c--a-w- c:\windows\system32\dllcache\usb8023.sys
2013-03-16 14:59:23 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-03-16 14:59:23 -------- d-----w- c:\windows\system32\wbem\Repository
2013-03-16 14:55:09 -------- d-----w- c:\windows\pss
2013-03-13 15:22:34 -------- dc----w- c:\windows\ie8
2013-03-13 01:56:05 -------- d-----w- c:\documents and settings\andrew\application data\FedEx
2013-03-13 01:56:01 -------- d-----w- c:\documents and settings\andrew\application data\FedExDesktop.026F9BDCA0F141E500950436A5D33181EE6B8EF5.1
2013-03-13 01:53:31 -------- d-----w- c:\program files\FedEx
2013-03-12 17:58:39 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-03-12 17:57:49 -------- d-sh--w- C:\AI_RecycleBin
2013-03-12 17:56:37 -------- d-----w- c:\program files\Free Download Manager
2013-03-10 00:38:21 -------- d-----w- C:\Data
2013-03-09 23:29:46 -------- d-----w- c:\documents and settings\andrew\local settings\application data\Yahoo
2013-03-09 23:12:29 -------- d-----w- c:\windows\msdownld.tmp
2013-03-07 16:19:24 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2013-03-07 16:19:24 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2013-03-07 16:09:32 544616 ----a-w- c:\windows\system32\HPDiscoPMa011.dll
2013-03-07 16:09:24 488296 ----a-w- c:\windows\system32\HPWia1_DJ3050A_J611.dll
2013-03-07 16:09:24 1929576 ----a-w- c:\windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2013-03-07 16:09:16 429928 ----a-w- c:\windows\system32\hpinkstsa011.dll
2013-03-07 16:09:16 270696 ----a-w- c:\windows\system32\hpinkstsa011LM.dll
2013-03-07 16:09:15 216424 ----a-w- c:\windows\system32\hpinkcoia011.dll
.
==================== Find3M ====================
.
2013-03-17 16:51:01 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-17 16:51:00 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-21 19:32:51 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 18:21:54 5259504 ----a-w- c:\windows\uninst.exe
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-20 22:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 13:46:56.18 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/17/2008 11:36:42 AM
System Uptime: 4/4/2013 12:57:48 PM (1 hours ago)
Processor: Intel(R) Pentium(R) M processor 1.60GHz | N/A | 798/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 52.176 GiB free.
D: is Removable
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP153: 1/4/2013 1:45:15 PM - System Checkpoint
RP154: 1/5/2013 5:06:32 PM - System Checkpoint
RP155: 1/6/2013 7:23:33 PM - System Checkpoint
RP156: 1/8/2013 1:30:40 PM - System Checkpoint
RP157: 1/9/2013 5:00:09 PM - System Checkpoint
RP158: 1/15/2013 3:35:31 PM - System Checkpoint
RP159: 1/18/2013 2:14:44 PM - System Checkpoint
RP160: 1/18/2013 8:57:01 PM - Software Distribution Service 3.0
RP161: 1/21/2013 1:20:46 PM - System Checkpoint
RP162: 1/22/2013 3:31:32 PM - System Checkpoint
RP163: 1/23/2013 5:08:54 PM - System Checkpoint
RP164: 1/24/2013 5:13:16 PM - System Checkpoint
RP165: 1/24/2013 5:29:00 PM - Installed Smead Viewables
RP166: 1/31/2013 4:59:05 PM - System Checkpoint
RP167: 2/1/2013 5:07:19 PM - System Checkpoint
RP168: 2/2/2013 5:34:58 PM - System Checkpoint
RP169: 2/4/2013 1:46:13 PM - System Checkpoint
RP170: 2/5/2013 2:25:19 PM - System Checkpoint
RP171: 2/6/2013 5:14:47 PM - System Checkpoint
RP172: 2/7/2013 7:00:16 PM - System Checkpoint
RP173: 2/7/2013 11:33:51 PM - Removed Bonjour
RP174: 2/7/2013 11:38:00 PM - Removed Apple Software Update
RP175: 2/8/2013 12:25:18 AM - Removed AVG 2013
RP176: 2/8/2013 12:28:45 AM - Removed AVG 2013
RP177: 2/8/2013 12:31:11 AM - Removed AVG PC TuneUp
RP178: 2/8/2013 12:31:59 AM - Removed AVG PC TuneUp Language Pack (en-US)
RP179: 2/8/2013 1:49:27 AM - ARO 2012 - Before Installation
RP180: 2/8/2013 1:50:59 AM - ARO 2012 - Before Installation
RP181: 2/8/2013 1:51:26 AM - ARO 2012 - FIRST RUN
RP182: 2/8/2013 2:00:01 AM - ARO 2012 Fri, Feb 08, 13 01:59
RP183: 2/8/2013 2:10:51 AM - ARO 2012 - Before Installation
RP184: 2/8/2013 2:11:23 AM - ARO 2012- Before One Click
RP185: 2/8/2013 2:44:16 AM - Software Distribution Service 3.0
RP186: 2/8/2013 11:54:27 AM - Software Distribution Service 3.0
RP187: 2/8/2013 12:38:02 PM - Restore Operation
RP188: 2/9/2013 2:26:36 PM - System Checkpoint
RP189: 2/10/2013 5:38:13 PM - System Checkpoint
RP190: 2/12/2013 1:48:12 PM - System Checkpoint
RP191: 2/13/2013 5:05:38 PM - System Checkpoint
RP192: 2/15/2013 9:31:44 AM - System Checkpoint
RP193: 2/16/2013 3:47:40 PM - System Checkpoint
RP194: 2/17/2013 9:12:59 AM - Printer Driver Microsoft Office Document Image Writer Installed
RP195: 2/17/2013 11:03:25 PM - Software Distribution Service 3.0
RP196: 2/19/2013 2:16:38 PM - System Checkpoint
RP197: 2/20/2013 4:01:14 PM - System Checkpoint
RP198: 2/21/2013 4:35:24 PM - System Checkpoint
RP199: 2/23/2013 5:17:23 PM - System Checkpoint
RP200: 2/24/2013 5:24:48 PM - System Checkpoint
RP201: 2/27/2013 2:31:22 PM - System Checkpoint
RP202: 2/28/2013 5:57:31 PM - System Checkpoint
RP203: 3/1/2013 10:12:31 PM - System Checkpoint
RP204: 3/3/2013 7:30:13 PM - System Checkpoint
RP205: 3/5/2013 5:02:25 PM - System Checkpoint
RP206: 3/6/2013 6:54:47 PM - System Checkpoint
RP207: 3/8/2013 12:52:09 PM - System Checkpoint
RP208: 3/9/2013 3:14:48 PM - Installed Windows Internet Explorer 8.
RP209: 3/9/2013 3:16:49 PM - Software Distribution Service 3.0
RP210: 3/9/2013 3:43:12 PM - Software Distribution Service 3.0
RP211: 3/9/2013 10:00:26 PM - Removed Google Chrome
RP212: 3/9/2013 10:05:04 PM - Removed MSXML 4.0 SP2 (KB973688)
RP213: 3/10/2013 12:08:12 AM - Uniblue SpeedUpMyPC installation
RP214: 3/11/2013 11:36:05 AM - System Checkpoint
RP215: 3/12/2013 11:29:34 AM - Removed Strongvault Online Backup
RP216: 3/13/2013 8:15:52 AM - Software Distribution Service 3.0
RP217: 3/13/2013 8:24:28 AM - Installed Windows Internet Explorer 8.
RP218: 3/13/2013 8:25:52 AM - Software Distribution Service 3.0
RP219: 3/13/2013 11:04:08 AM - Software Distribution Service 3.0
RP220: 3/14/2013 8:48:35 AM - Software Distribution Service 3.0
RP221: 3/15/2013 9:38:59 AM - System Checkpoint
RP222: 3/16/2013 7:57:38 AM - Restore Operation
RP223: 3/16/2013 8:11:23 AM - Software Distribution Service 3.0
RP224: 3/17/2013 9:12:40 AM - Software Distribution Service 3.0
RP225: 3/18/2013 5:35:02 PM - System Checkpoint
RP226: 3/20/2013 3:37:09 PM - System Checkpoint
RP227: 3/21/2013 4:47:30 PM - System Checkpoint
RP228: 3/22/2013 5:06:11 PM - System Checkpoint
RP229: 3/23/2013 7:30:54 PM - System Checkpoint
RP230: 3/25/2013 12:11:10 PM - System Checkpoint
RP231: 3/25/2013 8:57:27 PM - PC Performer Mon, Mar 25, 13 20:56
RP232: 3/25/2013 9:13:25 PM - Software Distribution Service 3.0
RP233: 3/26/2013 9:00:24 AM - Software Distribution Service 3.0
RP234: 3/28/2013 7:32:33 AM - System Checkpoint
RP235: 3/29/2013 12:07:06 PM - System Checkpoint
RP236: 3/30/2013 3:14:01 PM - System Checkpoint
RP237: 4/1/2013 3:24:27 PM - System Checkpoint
RP238: 4/2/2013 3:47:20 PM - System Checkpoint
RP239: 4/3/2013 9:40:58 AM - Quitado FlashPlayer
RP240: 4/3/2013 4:16:54 PM - Software Distribution Service 3.0
RP241: 4/4/2013 10:39:09 AM - Tweaking.com - Windows Repair
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.02)
AirPort
ALOT Appbar
Apple Software Update
AVG 2013
AVG PC TuneUp
AVG PC TuneUp Language Pack (en-US)
Bonjour
Click to DVD 2.0.02 Menu Data
Click to DVD 2.2.10
CONNECT
Coupon Printer for Windows
DVgate Plus
Fast Free Converter
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Deskjet 3050 J610 series Product Improvement Study
HP Photo Creations
HP Update
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD 5 for VAIO
InterVideo WinDVDX
J2SE Runtime Environment 5.0
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Data Access Components KB870669
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
mMHouse
MoodLogic
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
NetAssistant
Norton PC Checkup
NVIDIA Drivers
OpenMG Limited Patch 4.0-04-08-02-01
OpenMG Secure Module 4.0.00
ParetoLogic PC Health Advisor
PC TuneUp Maestro
PictureGear Studio 2.0
Quicken 2005
Realtek High Definition Audio Driver
SearchDonkey
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Setting Utility Series
Smead Viewables
Sonic RecordNow!
SonicStage 2.1.02
SonicStage Mastering Studio Audio Filter Custom Preset
Sony Certificate PCH
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
SpeedMaxPc
SpeedyPC Pro
Supreme Savings
Tweaking.com - Windows Repair (All in One)
Uninstall Helper
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO Control Center
VAIO Entertainment Platform
VAIO Event Service
VAIO Help and Support
VAIO Launcher
VAIO Light Flo Wallpaper
VAIO Media 3.1
VAIO Media Integrated Server 3.1
VAIO Media Redistribution 3.1
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Scene SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Survey Standalone
VAIO Update 2
VAIO Wireless Utility
VAIO Zone
W3i NetAssistant
WeatherBlink Toolbar
WebFldrs XP
Welcome to VAIO life
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
Wireless Switch Setting Utility
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/3/2013 8:18:03 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver AVGIDSHX AVGIDSShim Avgldx86 Avglogx Avgmfx86 Avgrkx86 Avgtdix
4/3/2013 8:17:59 AM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.
4/3/2013 8:17:59 AM, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
4/3/2013 8:17:59 AM, error: Service Control Manager [7000] - The WeatherBlinkService service failed to start due to the following error: The system cannot find the path specified.
4/3/2013 8:17:59 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the path specified.
4/3/2013 8:17:59 AM, error: Service Control Manager [7000] - The Common Client Job Manager Service service failed to start due to the following error: The system cannot find the path specified.
4/3/2013 8:17:59 AM, error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The system cannot find the path specified.
4/3/2013 8:17:59 AM, error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The system cannot find the file specified.
4/3/2013 8:17:59 AM, error: Service Control Manager [7000] - The AVG PC TuneUp Service service failed to start due to the following error: The system cannot find the path specified.
4/3/2013 8:17:59 AM, error: Service Control Manager [7000] - The ALOT Update Service service failed to start due to the following error: The system cannot find the file specified.
4/3/2013 8:17:59 AM, error: Service Control Manager [7000] - The 5613 service failed to start due to the following error: The system cannot find the file specified.
4/3/2013 5:08:01 PM, error: Service Control Manager [7034] - The DefaultTabUpdate service terminated unexpectedly. It has done this 1 time(s).
4/3/2013 2:38:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/3/2013 2:38:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver AVGIDSHX AVGIDSShim Avgldx86 Avglogx Avgmfx86 Avgrkx86 Avgtdix DMICall Fips intelppm IPSec NetBT RasAcd Tcpip
4/3/2013 2:38:21 PM, error: Service Control Manager [7001] - The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service or group failed to start.
4/3/2013 2:38:21 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/3/2013 2:38:21 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/3/2013 2:38:21 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/3/2013 2:38:21 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/3/2013 2:38:21 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2013 8:57:00 PM, error: Schedule [7901] - The At7.job command failed to start due to the following error: General access denied error
4/2/2013 8:40:01 PM, error: Schedule [7901] - The At6.job command failed to start due to the following error: General access denied error
4/2/2013 8:40:01 PM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error
4/2/2013 2:00:00 PM, error: Schedule [7901] - The At8.job command failed to start due to the following error: General access denied error
4/2/2013 2:00:00 PM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error
4/2/2013 10:10:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: General access denied error
4/2/2013 10:10:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error
4/2/2013 1:48:00 PM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error
4/1/2013 12:46:58 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 000E35D7626C. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/1/2013 1:00:55 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 000E35D7626C. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
.
==== End Of File ===========================

# AdwCleaner v2.200 - Logfile created 04/04/2013 at 12:44:11
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Andrew - E457FDF720CE414
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Andrew\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****
Stopped & Deleted : CltMngSvc
Stopped & Deleted : DefaultTabSearch
Stopped & Deleted : DefaultTabUpdate
Stopped & Deleted : IBUpdaterService
Stopped & Deleted : MyWebSearchService
***** [Files / Folders] *****
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\END
File Deleted : C:\user.js
File Deleted : C:\WINDOWS\system32\dmwu.exe
File Deleted : C:\WINDOWS\system32\f3PSSavr.scr
File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
File Deleted : C:\WINDOWS\Tasks\AmiUpdXp.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\BasicSeek
Folder Deleted : C:\Documents and Settings\All Users\Application Data\IBUpdaterService
Folder Deleted : C:\Documents and Settings\Andrew\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Andrew\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\Andrew\Application Data\file scout
Folder Deleted : C:\Documents and Settings\Andrew\Application Data\incredibar.com
Folder Deleted : C:\Documents and Settings\Andrew\Application Data\PerformerSoft
Folder Deleted : C:\Documents and Settings\Andrew\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Andrew\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Andrew\Application Data\SwvUpdater
Folder Deleted : C:\Documents and Settings\Andrew\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Andrew\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Andrew\Local Settings\Application Data\InternetHelper3
Folder Deleted : C:\Documents and Settings\Andrew\Local Settings\Application Data\Updater19962
Folder Deleted : C:\Documents and Settings\Andrew\Local Settings\Application Data\WhiteSmoke_New
Folder Deleted : C:\Documents and Settings\LAND & STREAM CO\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\LAND & STREAM CO\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\BasicSeek
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DefaultTab
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\Program Files\Freeze.com
Folder Deleted : C:\Program Files\FunWebProducts
Folder Deleted : C:\Program Files\IB Updater
Folder Deleted : C:\Program Files\InternetHelper3
Folder Deleted : C:\Program Files\MyWebSearch
Folder Deleted : C:\Program Files\Perion
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\Supreme Savings
Folder Deleted : C:\Program Files\WhiteSmoke_New
Folder Deleted : C:\WINDOWS\system32\WNLT
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Fun Web Products
Key Deleted : HKCU\Software\FunWebProducts
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\InternetHelper3
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B920380D-FBE7-45C7-96AB-37E9870A566C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F89054E-27B3-45BB-A3D6-E26D00838F00}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B920380D-FBE7-45C7-96AB-37E9870A566C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\MyWebSearch
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\WhiteSmoke_New
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6F89054E-27B3-45BB-A3D6-E26D00838F00}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9571378-68A1-443D-B082-284F960C6D17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B920380D-FBE7-45C7-96AB-37E9870A566C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller
Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3277370
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\FocusInteractive
Key Deleted : HKLM\Software\Fun Web Products
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\Software\InternetHelper3
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2221D6C8-678E-4106-9931-75879D21A99C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35B4F049-7DB6-447D-AC9C-E881A9FE7E0A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54555BBF-CE57-491C-9BF0-FF7630C4D845}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A07DD4DC-E86D-424A-84D4-2DA0B4A969E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InternetHelper3 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke_New Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B920380D-FBE7-45C7-96AB-37E9870A566C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F89054E-27B3-45BB-A3D6-E26D00838F00}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper3 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin
Key Deleted : HKLM\Software\MyWebSearch
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\WhiteSmoke_New
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07B18EA9-A523-4961-B6BB-170DE4475CCA}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B920380D-FBE7-45C7-96AB-37E9870A566C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00A6FAF6-072E-44CF-8957-5838F569A31D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B920380D-FBE7-45C7-96AB-37E9870A566C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [MyWebSearch Email Plugin]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{07B18EA9-A523-4961-B6BB-170DE4475CCA}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B920380D-FBE7-45C7-96AB-37E9870A566C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [My Web Search Bar Search Scope Monitor]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MyWebSearch Email Plugin]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v25.0.1364.97
File : C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Documents and Settings\LAND & STREAM CO\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [32972 octets] - [04/04/2013 12:44:11]
########## EOF - C:\AdwCleaner[S1].txt - [33033 octets] ##########

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Andrew [Admin rights]
Mode : Scan -- Date : 04/04/2013 13:25:39
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Updater19962.exe (C:\Documents and Settings\Andrew\Local Settings\Application Data\Updater19962\Updater19962.exe /extensionid=19962 /extensionname='Supreme Savings' /chromeid=ihkeoookbpemkdccdccdmacnidhooohk /stayidle /delay=300) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2509911267-1632943361-3296815733-1006[...]\Run : Updater19962.exe (C:\Documents and Settings\Andrew\Local Settings\Application Data\Updater19962\Updater19962.exe /extensionid=19962 /extensionname='Supreme Savings' /chromeid=ihkeoookbpemkdccdccdmacnidhooohk /stayidle /delay=300) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\5613 (C:\Documents and Settings\Andrew\Local Settings\Temp\5613.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\5613 (C:\Documents and Settings\Andrew\Local Settings\Temp\5613.sys) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([INLINE] atapi.sys @ 0xB9F19852)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: HITACHI_DK23FA-80 +++++
--- User ---
[MBR] 94d7904b75c9805cbcd1a66eefc20719
[BSP] 2dab0b461558b0944ad0bf02ffa10e50 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 5130 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10506510 | Size: 71186 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_04042013_02d1325.txt >>
RKreport[1]_S_04042013_02d1325.txt
 
AdwCleaner took care of a lot of adware (MyWebSearch, WhiteSmoke, PriceGong, Conduit...).

These nuisances are mostly installed as part of free software bundles. Most of the time, they ask for your permission to install. Never agree to it. Stay away from "free" screensavers. They often install crapware without your knowledge. Nothing is 100% free...
Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller
Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1
Did you find Softango in C:\Program Files?
 
Glad you eventually got those scans to run, there is no sign of anything particularly nasty, but we have a list of things to fix:

ADWCleaner found a large amount of Adware which we need to be sure has all gone.
DDS log shows many remnants of AVG Anti Virus that need to be removed.
There are also a few Optimizer programs you would be well advised to remove as they can harm your system.
RogueKiller found several items that need to be dealt with.
Further back in the thread we found several Windows Services that are missing.
DDS log shows a bunch of file associations that need fixing.

So, there is a lot to do to completely clean up your system. We will deal with each problem one at a time.

I will now have this moved to the Malware forum, many thanks to the other guys who helped get us to this point.

First we need to do another scan with RogueKiller:

  • Quit all running programs.
  • Start RogueKiller.exe by double clicking on the icon.
  • Wait until Prescan has finished.
  • Ensure all boxes are ticked under "Report" tab.
  • Click on Scan.
  • Click on Delete when complete.
  • Click on Report when the Deletion completes. Copy/paste the contents of the report into your next reply.
 
Yes indeed, quite a few of the items ADWCleaner found don't always leave quietly.
 
Discussion starter · #86 ·
Here is round two of Roguekiller

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Andrew [Admin rights]
Mode : Remove -- Date : 04/04/2013 15:32:10
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][PREVRUN] HKCU\[...]\Run : Updater19962.exe (C:\Documents and Settings\Andrew\Local Settings\Application Data\Updater19962\Updater19962.exe /extensionid=19962 /extensionname='Supreme Savings' /chromeid=ihkeoookbpemkdccdccdmacnidhooohk /stayidle /delay=300) [x] -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\5613 (C:\Documents and Settings\Andrew\Local Settings\Temp\5613.sys) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\5613 (C:\Documents and Settings\Andrew\Local Settings\Temp\5613.sys) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([INLINE] atapi.sys @ 0xB9F19852)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: HITACHI_DK23FA-80 +++++
--- User ---
[MBR] 94d7904b75c9805cbcd1a66eefc20719
[BSP] 2dab0b461558b0944ad0bf02ffa10e50 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 5130 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10506510 | Size: 71186 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[3]_D_04042013_02d1532.txt >>
RKreport[1]_S_04042013_02d1325.txt ; RKreport[2]_S_04042013_02d1530.txt ; RKreport[3]_D_04042013_02d1532.txt
 
Next we need to remove the remnants of AVG. Please go to Add/Remove Programs and uninstall these three items if they are visible:

AVG 2013
AVG PC TuneUp
AVG PC TuneUp Language Pack (en-US)

Do not worry if any of the items are not listed and if you see anything else starting with the name AVG please uninstall it.

Then go here AVG Removal tool Click on the first item in the list of removal tools:
AVG Remover(32bit) 2013
(avg_remover_stf_x86_2013_2706.exe)


Save the tool to your desktop, double click on the icon and let the tool run to clean out the remnants.

I would then like you to run ADWCleaner again, using the Delete button just as before and post the new log. We can then see if there are any persistent items that need further action to clean them out.
 
Please read the above post and complete all the instructions given, I would then like you to continue with running this scan below, make sure you read and understand all the instructions before you proceed.

Please follow the instructions exactly as written, deviating from the instructions and trying to fix anything before I have seen the logs may make your PC unbootable. If TDSSKiller does not offer the Cure option DO NOT select delete as you may remove files needed for the system to operate.

Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
-- The tool is frequently updated...if you used TDSSKiller before, delete that version and download the most current one before using again.

Be sure to print out and follow all of these instructions.

  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
  • Alternatively, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.

  • When the program opens, click the Change parameters.

  • Under "Additional options", check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.

  • Click the Start Scan button.

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
  • If Malicious objects are detected, they will show in the Scan results - Select action for found objects: and offer three options.

  • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.

  • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed. If you choose Delete you may remove critical system files and make your PC unstable or possibly unbootable.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C: ).
  • Copy and paste the contents of that file in your next reply.

-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".
 
Discussion starter · #90 ·
# AdwCleaner v2.200 - Logfile created 04/05/2013 at 08:34:08
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Andrew - E457FDF720CE414
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Andrew\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
***** [Registry] *****

***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v25.0.1364.97
File : C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Documents and Settings\LAND & STREAM CO\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [33103 octets] - [04/04/2013 12:44:11]
AdwCleaner[S2].txt - [998 octets] - [05/04/2013 08:34:08]
########## EOF - C:\AdwCleaner[S2].txt - [1057 octets] ##########
 
Discussion starter · #91 ·
My computer froze up during the process so I had to do it more than once so I have four or five copies of this in Local Disk C:

09:37:59.0687 2800 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:38:01.0687 2800 ============================================================
09:38:01.0687 2800 Current date / time: 2013/04/05 09:38:01.0687
09:38:01.0687 2800 SystemInfo:
09:38:01.0687 2800
09:38:01.0687 2800 OS Version: 5.1.2600 ServicePack: 3.0
09:38:01.0687 2800 Product type: Workstation
09:38:01.0687 2800 ComputerName: E457FDF720CE414
09:38:01.0687 2800 UserName: Andrew
09:38:01.0687 2800 Windows directory: C:\WINDOWS
09:38:01.0687 2800 System windows directory: C:\WINDOWS
09:38:01.0687 2800 Processor architecture: Intel x86
09:38:01.0687 2800 Number of processors: 1
09:38:01.0687 2800 Page size: 0x1000
09:38:01.0687 2800 Boot type: Normal boot
09:38:01.0687 2800 ============================================================
09:38:09.0531 2800 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:38:09.0531 2800 ============================================================
09:38:09.0531 2800 \Device\Harddisk0\DR0:
09:38:09.0531 2800 MBR partitions:
09:38:09.0531 2800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA0510E, BlocksNum 0x8B093B3
09:38:09.0531 2800 ============================================================
09:38:09.0562 2800 C: <-> \Device\Harddisk0\DR0\Partition1
09:38:09.0562 2800 ============================================================
09:38:09.0562 2800 Initialize success
09:38:09.0562 2800 ============================================================
09:47:00.0109 1264 ============================================================
09:47:00.0109 1264 Scan started
09:47:00.0109 1264 Mode: Manual; SigCheck; TDLFS;
09:47:00.0109 1264 ============================================================
09:47:00.0531 1264 ================ Scan system memory ========================
09:47:00.0546 1264 System memory - ok
09:47:00.0546 1264 ================ Scan services =============================
09:47:00.0718 1264 Abiosdsk - ok
09:47:00.0718 1264 abp480n5 - ok
09:47:00.0781 1264 [ EA38C961260F29295C6D03070FA9D0B5 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:47:00.0796 1264 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: EA38C961260F29295C6D03070FA9D0B5, Fake md5: 8FD99680A539792A30E97944FDAECF17
09:47:00.0796 1264 ACPI ( Virus.Win32.Rloader.a ) - infected
09:47:00.0796 1264 ACPI - detected Virus.Win32.Rloader.a (0)
09:47:00.0875 1264 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:48:43.0640 1264 ACPIEC - ok
09:48:43.0750 1264 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:48:43.0781 1264 AdobeFlashPlayerUpdateSvc - ok
09:48:43.0781 1264 adpu160m - ok
09:48:43.0828 1264 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:48:44.0031 1264 aec - ok
09:48:44.0078 1264 [ F498FD605C08404B20A48954C722FF74 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:48:44.0140 1264 AegisP ( UnsignedFile.Multi.Generic ) - warning
09:48:44.0140 1264 AegisP - detected UnsignedFile.Multi.Generic (1)
09:48:44.0187 1264 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
09:48:44.0359 1264 AFD - ok
09:48:44.0359 1264 Aha154x - ok
09:48:44.0375 1264 aic78u2 - ok
09:48:44.0390 1264 aic78xx - ok
09:48:44.0437 1264 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
09:48:44.0578 1264 ALG - ok
09:48:44.0578 1264 AliIde - ok
09:48:44.0703 1264 AlotService - ok
09:48:44.0718 1264 amsint - ok
09:48:44.0781 1264 [ D3DA11B88AB29076B78FF79F35F0586B ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
09:48:44.0953 1264 ApfiltrService - ok
09:48:44.0968 1264 AppMgmt - ok
09:48:45.0046 1264 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:48:45.0390 1264 Arp1394 - ok
09:48:45.0406 1264 asc - ok
09:48:45.0406 1264 asc3350p - ok
09:48:45.0421 1264 asc3550 - ok
09:48:45.0562 1264 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:48:45.0609 1264 aspnet_state - ok
09:48:45.0625 1264 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:48:45.0812 1264 AsyncMac - ok
09:48:45.0843 1264 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
09:48:46.0000 1264 atapi - ok
09:48:46.0015 1264 Atdisk - ok
09:48:46.0078 1264 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:48:46.0281 1264 Atmarpc - ok
09:48:46.0328 1264 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:48:46.0546 1264 AudioSrv - ok
09:48:46.0593 1264 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:48:46.0781 1264 audstub - ok
09:48:46.0796 1264 Avglogx - ok
09:48:46.0843 1264 [ CAE7B6E4D7EB17829C526153D19B9C95 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
09:48:47.0250 1264 avgtp - ok
09:48:47.0281 1264 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:48:47.0609 1264 Beep - ok
09:48:47.0671 1264 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
09:48:47.0968 1264 BITS - ok
09:48:48.0093 1264 Bonjour Service - ok
09:48:48.0140 1264 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:48:48.0453 1264 cbidf2k - ok
09:48:48.0453 1264 cd20xrnt - ok
09:48:48.0500 1264 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:48:48.0671 1264 Cdaudio - ok
09:48:48.0718 1264 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:48:48.0906 1264 Cdfs - ok
09:48:48.0953 1264 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:48:49.0250 1264 Cdrom - ok
09:48:49.0265 1264 Changer - ok
09:48:49.0312 1264 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
09:48:49.0531 1264 CiSvc - ok
09:48:49.0546 1264 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:48:49.0796 1264 ClipSrv - ok
09:48:49.0843 1264 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:48:50.0078 1264 clr_optimization_v4.0.30319_32 - ok
09:48:50.0109 1264 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:48:50.0343 1264 CmBatt - ok
09:48:50.0343 1264 CmdIde - ok
09:48:50.0375 1264 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:48:50.0656 1264 Compbatt - ok
09:48:50.0656 1264 COMSysApp - ok
09:48:50.0671 1264 Cpqarray - ok
09:48:50.0718 1264 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:48:50.0890 1264 CryptSvc - ok
09:48:50.0890 1264 dac2w2k - ok
09:48:50.0906 1264 dac960nt - ok
09:48:50.0968 1264 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:48:51.0109 1264 DcomLaunch - ok
09:48:51.0156 1264 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:48:51.0312 1264 Dhcp - ok
09:48:51.0328 1264 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:48:51.0515 1264 Disk - ok
09:48:51.0515 1264 dmadmin - ok
09:48:51.0593 1264 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:48:51.0859 1264 dmboot - ok
09:48:51.0921 1264 [ 526192BF7696F72E29777BF4A180513A ] DMICall C:\WINDOWS\system32\DRIVERS\DMICall.sys
09:48:52.0125 1264 DMICall - ok
09:48:52.0171 1264 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:48:52.0390 1264 dmio - ok
09:48:52.0421 1264 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:48:52.0609 1264 dmload - ok
09:48:52.0656 1264 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
09:48:52.0812 1264 dmserver - ok
09:48:52.0843 1264 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:48:53.0031 1264 DMusic - ok
09:48:53.0125 1264 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:48:53.0312 1264 Dnscache - ok
09:48:53.0343 1264 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
09:48:53.0656 1264 Dot3svc - ok
09:48:53.0671 1264 dpti2o - ok
09:48:53.0703 1264 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:48:53.0921 1264 drmkaud - ok
09:48:54.0046 1264 [ 5182244C0BB338A7545306CB6CA1DABA ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:48:54.0109 1264 E100B - ok
09:48:54.0140 1264 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
09:48:54.0390 1264 EapHost - ok
09:48:54.0437 1264 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:48:54.0656 1264 ERSvc - ok
09:48:54.0718 1264 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
09:48:54.0828 1264 Eventlog - ok
09:48:54.0921 1264 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
09:48:55.0031 1264 EventSystem - ok
09:48:55.0140 1264 [ B0C6B8DF9F20F84BDC9183DD520A8275 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
09:48:55.0265 1264 EvtEng ( UnsignedFile.Multi.Generic ) - warning
09:48:55.0265 1264 EvtEng - detected UnsignedFile.Multi.Generic (1)
09:48:55.0312 1264 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:48:55.0640 1264 Fastfat - ok
09:48:55.0718 1264 [ 83158CA47591AF55A9759B5C648B0462 ] FastFreeConverterUpdt C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe
09:48:55.0781 1264 FastFreeConverterUpdt ( UnsignedFile.Multi.Generic ) - warning
09:48:55.0781 1264 FastFreeConverterUpdt - detected UnsignedFile.Multi.Generic (1)
09:48:55.0843 1264 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:48:56.0015 1264 FastUserSwitchingCompatibility - ok
09:48:56.0062 1264 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
09:48:56.0281 1264 Fdc - ok
09:48:56.0312 1264 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:48:56.0593 1264 Fips - ok
09:48:56.0625 1264 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
09:48:56.0796 1264 Flpydisk - ok
09:48:56.0812 1264 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
09:48:57.0000 1264 FltMgr - ok
09:48:57.0062 1264 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:48:57.0234 1264 Fs_Rec - ok
09:48:57.0250 1264 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:48:57.0421 1264 Ftdisk - ok
09:48:57.0453 1264 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:48:57.0656 1264 Gpc - ok
09:48:57.0687 1264 gupdate - ok
09:48:57.0703 1264 gupdatem - ok
09:48:57.0718 1264 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:48:57.0875 1264 HDAudBus - ok
09:48:57.0937 1264 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:48:58.0093 1264 helpsvc - ok
09:48:58.0093 1264 HidServ - ok
09:48:58.0156 1264 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
09:48:58.0359 1264 hkmsvc - ok
09:48:58.0359 1264 hpn - ok
09:48:58.0421 1264 [ 3D812D0DE9344BC9BD1A1B8575B883DB ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
09:48:58.0531 1264 HSFHWAZL - ok
09:48:58.0609 1264 [ 0E130BEC5A13CF68ADAA216AB55A8DFF ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:48:58.0796 1264 HSF_DP - ok
09:48:58.0843 1264 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:48:58.0921 1264 HTTP - ok
09:48:59.0046 1264 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:48:59.0390 1264 HTTPFilter - ok
09:48:59.0390 1264 i2omgmt - ok
09:48:59.0406 1264 i2omp - ok
09:48:59.0437 1264 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:48:59.0656 1264 i8042prt - ok
09:48:59.0734 1264 [ 510A5E1CB84E82D4E89DFF3D96752048 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:48:59.0890 1264 ialm - ok
09:48:59.0906 1264 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:49:00.0171 1264 Imapi - ok
09:49:00.0281 1264 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
09:49:00.0468 1264 ImapiService - ok
09:49:00.0484 1264 ini910u - ok
09:49:00.0640 1264 [ 51EB28D8602A9DF0926CBBBD9997CBB9 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:49:00.0906 1264 IntcAzAudAddService - ok
09:49:00.0937 1264 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
09:49:01.0171 1264 IntelIde - ok
09:49:01.0218 1264 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:49:01.0437 1264 intelppm - ok
09:49:01.0468 1264 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
09:49:01.0812 1264 Ip6Fw - ok
09:49:01.0859 1264 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:49:02.0140 1264 IpFilterDriver - ok
09:49:02.0156 1264 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:49:02.0421 1264 IpInIp - ok
09:49:02.0453 1264 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:49:02.0671 1264 IpNat - ok
09:49:02.0703 1264 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:49:02.0984 1264 IPSec - ok
09:49:03.0093 1264 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:49:03.0187 1264 IRENUM - ok
09:49:03.0218 1264 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:49:03.0421 1264 isapnp - ok
09:49:03.0453 1264 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:49:03.0640 1264 Kbdclass - ok
09:49:03.0687 1264 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:49:03.0875 1264 kmixer - ok
09:49:03.0906 1264 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:49:04.0203 1264 KSecDD - ok
09:49:04.0281 1264 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
09:49:04.0343 1264 lanmanserver - ok
09:49:04.0343 1264 lbrtfdc - ok
09:49:04.0390 1264 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:49:04.0609 1264 LmHosts - ok
09:49:04.0640 1264 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:49:04.0687 1264 mdmxsdk - ok
09:49:04.0734 1264 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:49:05.0046 1264 mnmdd - ok
09:49:05.0140 1264 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
09:49:05.0375 1264 mnmsrvc - ok
09:49:05.0390 1264 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:49:05.0578 1264 Modem - ok
09:49:05.0593 1264 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:49:05.0812 1264 Mouclass - ok
09:49:05.0828 1264 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:49:06.0062 1264 MountMgr - ok
09:49:06.0109 1264 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
09:49:06.0156 1264 MpFilter - ok
09:49:06.0359 1264 [ A69630D039C38018689190234F866D77 ] MpKslc6402f33 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C15E9548-5A82-4A77-B245-177547F80461}\MpKslc6402f33.sys
09:49:06.0390 1264 MpKslc6402f33 - ok
09:49:06.0390 1264 mraid35x - ok
09:49:06.0421 1264 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:49:06.0609 1264 MRxDAV - ok
09:49:06.0656 1264 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
09:49:06.0843 1264 MSDTC - ok
09:49:06.0859 1264 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:49:07.0234 1264 Msfs - ok
09:49:07.0265 1264 MSIServer - ok
09:49:07.0281 1264 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:49:07.0453 1264 MSKSSRV - ok
09:49:07.0500 1264 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:49:07.0515 1264 MsMpSvc - ok
09:49:07.0546 1264 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:49:07.0734 1264 MSPCLOCK - ok
09:49:07.0765 1264 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:49:07.0937 1264 MSPQM - ok
09:49:07.0968 1264 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:49:08.0125 1264 mssmbios - ok
09:49:08.0140 1264 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:49:08.0234 1264 Mup - ok
09:49:08.0296 1264 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
09:49:08.0562 1264 napagent - ok
09:49:08.0578 1264 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:49:08.0796 1264 NDIS - ok
09:49:08.0843 1264 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:49:08.0906 1264 NdisTapi - ok
09:49:08.0937 1264 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:49:09.0203 1264 Ndisuio - ok
09:49:09.0218 1264 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:49:09.0468 1264 NdisWan - ok
09:49:09.0515 1264 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:49:09.0656 1264 NDProxy - ok
09:49:09.0687 1264 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:49:09.0953 1264 NetBT - ok
09:49:10.0046 1264 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
09:49:10.0437 1264 NetDDE - ok
09:49:10.0437 1264 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:49:10.0593 1264 NetDDEdsdm - ok
09:49:10.0640 1264 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
09:49:10.0796 1264 Netman - ok
09:49:10.0828 1264 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:49:10.0984 1264 NIC1394 - ok
09:49:11.0093 1264 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
09:49:11.0140 1264 Nla - ok
09:49:11.0156 1264 Norton PC Checkup Application Launcher - ok
09:49:11.0203 1264 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:49:11.0406 1264 Npfs - ok
09:49:11.0437 1264 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:49:11.0687 1264 Ntfs - ok
09:49:11.0765 1264 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:49:12.0000 1264 NtmsSvc - ok
09:49:12.0046 1264 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
09:49:12.0203 1264 Null - ok
09:49:12.0406 1264 [ 916D172B4A58A64174FF96CD5E9AAB37 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:49:12.0781 1264 nv - ok
09:49:12.0828 1264 [ C6C1BA4D6AF26201CBAEAE75863C0DE5 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
09:49:12.0875 1264 NVSvc - ok
09:49:12.0921 1264 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:49:13.0250 1264 NwlnkFlt - ok
09:49:13.0265 1264 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:49:13.0468 1264 NwlnkFwd - ok
09:49:13.0500 1264 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:49:13.0656 1264 ohci1394 - ok
09:49:13.0750 1264 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:49:13.0765 1264 ose - ok
09:49:13.0812 1264 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
09:49:14.0031 1264 Parport - ok
09:49:14.0031 1264 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:49:14.0250 1264 PartMgr - ok
09:49:14.0296 1264 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:49:14.0468 1264 ParVdm - ok
09:49:14.0484 1264 PCCUJobMgr - ok
09:49:14.0484 1264 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
09:49:14.0687 1264 PCI - ok
09:49:14.0703 1264 PCIDump - ok
09:49:14.0718 1264 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
09:49:14.0906 1264 PCIIde - ok
09:49:14.0921 1264 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:49:15.0234 1264 Pcmcia - ok
09:49:15.0234 1264 PDCOMP - ok
09:49:15.0250 1264 PDFRAME - ok
09:49:15.0250 1264 PDRELI - ok
09:49:15.0265 1264 PDRFRAME - ok
09:49:15.0265 1264 perc2 - ok
09:49:15.0281 1264 perc2hib - ok
09:49:15.0328 1264 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
09:49:15.0375 1264 PlugPlay - ok
09:49:15.0390 1264 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
09:49:15.0578 1264 PolicyAgent - ok
09:49:15.0640 1264 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:49:15.0906 1264 PptpMiniport - ok
09:49:15.0906 1264 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:49:16.0125 1264 ProtectedStorage - ok
09:49:16.0156 1264 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:49:16.0406 1264 PSched - ok
09:49:16.0421 1264 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:49:16.0625 1264 Ptilink - ok
09:49:16.0687 1264 [ F3A3B00666A40C6914B7B2864F7DC1C0 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:49:16.0734 1264 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
09:49:16.0734 1264 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
09:49:16.0734 1264 ql1080 - ok
09:49:16.0750 1264 Ql10wnt - ok
09:49:16.0750 1264 ql12160 - ok
09:49:16.0765 1264 ql1240 - ok
09:49:16.0781 1264 ql1280 - ok
09:49:16.0796 1264 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:49:16.0984 1264 RasAcd - ok
09:49:17.0109 1264 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:49:17.0328 1264 RasAuto - ok
09:49:17.0359 1264 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:49:17.0578 1264 Rasl2tp - ok
09:49:17.0625 1264 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:49:17.0796 1264 RasMan - ok
09:49:17.0812 1264 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:49:18.0046 1264 RasPppoe - ok
09:49:18.0093 1264 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:49:18.0281 1264 Raspti - ok
09:49:18.0328 1264 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:49:18.0484 1264 RDPCDD - ok
09:49:18.0562 1264 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:49:18.0734 1264 RDPWD - ok
09:49:18.0796 1264 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:49:19.0093 1264 RDSessMgr - ok
09:49:19.0250 1264 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:49:19.0546 1264 redbook - ok
09:49:19.0578 1264 [ B44B1BF0107C55707494F5E83A17D35B ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
09:49:19.0609 1264 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
09:49:19.0609 1264 RegSrvc - detected UnsignedFile.Multi.Generic (1)
09:49:19.0656 1264 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:49:20.0015 1264 RemoteAccess - ok
09:49:20.0125 1264 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
09:49:20.0187 1264 RpcSs - ok
09:49:20.0250 1264 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
09:49:20.0468 1264 RSVP - ok
09:49:20.0531 1264 [ 2F7A8BE42103918BBD4A30F62EDA6931 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
09:49:20.0828 1264 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
09:49:20.0828 1264 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
09:49:20.0859 1264 [ 85A26A3BB748DFD3170CDBF45B0DD7FD ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
09:49:20.0890 1264 s24trans ( UnsignedFile.Multi.Generic ) - warning
09:49:20.0890 1264 s24trans - detected UnsignedFile.Multi.Generic (1)
09:49:20.0906 1264 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
09:49:21.0125 1264 SamSs - ok
09:49:21.0156 1264 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:49:21.0421 1264 SCardSvr - ok
09:49:21.0468 1264 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:49:21.0656 1264 Schedule - ok
09:49:21.0687 1264 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:49:21.0812 1264 Secdrv - ok
09:49:21.0843 1264 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
09:49:22.0000 1264 seclogon - ok
09:49:22.0015 1264 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
09:49:22.0203 1264 SENS - ok
09:49:22.0234 1264 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
09:49:22.0468 1264 Serial - ok
09:49:22.0500 1264 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
09:49:23.0156 1264 Sfloppy - ok
09:49:23.0234 1264 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
09:49:23.0546 1264 SharedAccess - ok
09:49:23.0593 1264 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:49:23.0609 1264 ShellHWDetection - ok
09:49:23.0609 1264 Simbad - ok
09:49:23.0671 1264 [ BE6038E0A7D2E2FE69107E41A0265831 ] SNC C:\WINDOWS\system32\Drivers\SonyNC.sys
09:49:23.0750 1264 SNC - ok
09:49:23.0812 1264 [ 60C377BE6B3CC83F6A8584934B181D2E ] SNMP C:\WINDOWS\System32\snmp.exe
09:49:23.0984 1264 SNMP - ok
09:49:24.0078 1264 [ 80A050795A107A76C2B1CD4CFBE010E6 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
09:49:24.0500 1264 SNMPTRAP - ok
09:49:24.0500 1264 Sparrow - ok
09:49:24.0562 1264 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:49:24.0718 1264 splitter - ok
09:49:24.0765 1264 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:49:25.0500 1264 Spooler - ok
09:49:25.0531 1264 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:49:25.0687 1264 sr - ok
09:49:25.0734 1264 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
09:49:25.0812 1264 srservice - ok
09:49:25.0843 1264 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:49:25.0953 1264 Srv - ok
09:49:26.0031 1264 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:49:26.0125 1264 SSDPSRV - ok
09:49:26.0140 1264 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:49:26.0359 1264 stisvc - ok
09:49:26.0406 1264 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:49:26.0656 1264 swenum - ok
09:49:26.0687 1264 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:49:26.0921 1264 swmidi - ok
09:49:26.0921 1264 SwPrv - ok
09:49:26.0937 1264 symc810 - ok
09:49:26.0953 1264 symc8xx - ok
09:49:26.0968 1264 sym_hi - ok
09:49:26.0968 1264 sym_u3 - ok
09:49:27.0046 1264 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:49:27.0218 1264 sysaudio - ok
09:49:27.0265 1264 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:49:27.0515 1264 SysmonLog - ok
09:49:27.0562 1264 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:49:27.0765 1264 TapiSrv - ok
09:49:27.0812 1264 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:49:27.0921 1264 Tcpip - ok
09:49:28.0062 1264 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:49:28.0250 1264 TDPIPE - ok
09:49:28.0265 1264 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:49:28.0484 1264 TDTCP - ok
09:49:28.0515 1264 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:49:28.0671 1264 TermDD - ok
09:49:28.0734 1264 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
09:49:29.0312 1264 TermService - ok
09:49:29.0359 1264 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
09:49:29.0406 1264 Themes - ok
09:49:29.0453 1264 [ 1A406B0A846FE7250E16E05813AEF849 ] tifmsony C:\WINDOWS\system32\drivers\tifmsony.sys
09:49:29.0609 1264 tifmsony - ok
09:49:29.0609 1264 TosIde - ok
09:49:29.0671 1264 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:49:29.0906 1264 TrkWks - ok
09:49:29.0921 1264 TuneUp.UtilitiesSvc - ok
09:49:29.0921 1264 TuneUpUtilitiesDrv - ok
09:49:29.0953 1264 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:49:30.0203 1264 Udfs - ok
09:49:30.0203 1264 ultra - ok
09:49:30.0265 1264 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
09:49:30.0312 1264 UMWdf - ok
09:49:30.0375 1264 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:49:30.0593 1264 Update - ok
09:49:30.0656 1264 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
09:49:30.0812 1264 upnphost - ok
09:49:30.0843 1264 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
09:49:31.0171 1264 UPS - ok
09:49:31.0218 1264 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:49:31.0453 1264 usbccgp - ok
09:49:31.0468 1264 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:49:31.0656 1264 usbehci - ok
09:49:31.0687 1264 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:49:31.0890 1264 usbhub - ok
09:49:31.0906 1264 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:49:32.0140 1264 usbprint - ok
09:49:32.0156 1264 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:49:32.0328 1264 usbscan - ok
09:49:32.0359 1264 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:49:32.0546 1264 usbstor - ok
09:49:32.0578 1264 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:49:32.0765 1264 usbuhci - ok
09:49:32.0843 1264 [ 5255C0E41FA138C153A1AA9B1339F700 ] VAIO Entertainment Aggregation and Control Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
09:49:32.0953 1264 VAIO Entertainment Aggregation and Control Service ( UnsignedFile.Multi.Generic ) - warning
09:49:32.0953 1264 VAIO Entertainment Aggregation and Control Service - detected UnsignedFile.Multi.Generic (1)
09:49:33.0093 1264 [ 34337E97B6608C3FE852889B228025C5 ] VAIO Entertainment Task Scheduler C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
09:49:33.0281 1264 VAIO Entertainment Task Scheduler ( UnsignedFile.Multi.Generic ) - warning
09:49:33.0281 1264 VAIO Entertainment Task Scheduler - detected UnsignedFile.Multi.Generic (1)
09:49:33.0406 1264 [ 047EB1A2F1E591E8892DCE24E9392A90 ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
09:49:33.0546 1264 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
09:49:33.0546 1264 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
09:49:33.0609 1264 [ 4CC603645F50E806F9E46B8316EA54AB ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
09:49:33.0640 1264 VAIO Event Service ( UnsignedFile.Multi.Generic ) - warning
09:49:33.0640 1264 VAIO Event Service - detected UnsignedFile.Multi.Generic (1)
09:49:33.0796 1264 [ 9BA7FAEDC9D45E0D6641B87406E8BA1B ] VAIOMediaPlatform-IntegratedServer-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
09:49:33.0968 1264 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - warning
09:49:33.0968 1264 VAIOMediaPlatform-IntegratedServer-AppServer - detected UnsignedFile.Multi.Generic (1)
09:49:34.0093 1264 [ F557ABEC44DF2969FDF9D651C4B484B4 ] VAIOMediaPlatform-IntegratedServer-HTTP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
09:49:34.0125 1264 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - warning
09:49:34.0125 1264 VAIOMediaPlatform-IntegratedServer-HTTP - detected UnsignedFile.Multi.Generic (1)
09:49:34.0187 1264 [ 15B2DA6E153CC25D1555723894AF7C45 ] VAIOMediaPlatform-IntegratedServer-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
09:49:34.0265 1264 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - warning
09:49:34.0265 1264 VAIOMediaPlatform-IntegratedServer-UPnP - detected UnsignedFile.Multi.Generic (1)
09:49:34.0390 1264 [ E676A2C17581D84CF739E2785E5E760B ] VAIOMediaPlatform-VideoServer-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
09:49:34.0984 1264 VAIOMediaPlatform-VideoServer-AppServer ( UnsignedFile.Multi.Generic ) - warning
09:49:34.0984 1264 VAIOMediaPlatform-VideoServer-AppServer - detected UnsignedFile.Multi.Generic (1)
09:49:35.0125 1264 [ 15B2DA6E153CC25D1555723894AF7C45 ] VAIOMediaPlatform-VideoServer-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
09:49:35.0203 1264 VAIOMediaPlatform-VideoServer-UPnP ( UnsignedFile.Multi.Generic ) - warning
09:49:35.0203 1264 VAIOMediaPlatform-VideoServer-UPnP - detected UnsignedFile.Multi.Generic (1)
09:49:35.0234 1264 Vcsw - ok
09:49:35.0265 1264 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:49:35.0453 1264 VgaSave - ok
09:49:35.0468 1264 ViaIde - ok
09:49:35.0515 1264 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:49:35.0875 1264 VolSnap - ok
09:49:35.0937 1264 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
09:49:36.0187 1264 VSS - ok
09:49:36.0328 1264 [ 40DBA03782BCC10685A8C200C5EBDCD0 ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
09:49:36.0390 1264 vToolbarUpdater12.2.6 - ok
09:49:36.0500 1264 [ 3AD1E72748978D8B0B3B674741E4C3E2 ] vToolbarUpdater14.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
09:49:36.0609 1264 vToolbarUpdater14.2.0 - ok
09:49:36.0703 1264 [ 15DDA77E434484E6B5B4D0B60EFE76ED ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
09:49:36.0734 1264 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
09:49:36.0734 1264 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
09:49:36.0765 1264 [ 0E362E517AFEB0669BD473315BE3CDE5 ] VzFw C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
09:49:36.0796 1264 VzFw ( UnsignedFile.Multi.Generic ) - warning
09:49:36.0796 1264 VzFw - detected UnsignedFile.Multi.Generic (1)
09:49:37.0265 1264 [ C89DA341FCC883A3D79DC11727484FC2 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
09:49:37.0671 1264 w29n51 - ok
09:49:37.0734 1264 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
09:49:38.0078 1264 W32Time - ok
09:49:38.0312 1264 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:49:38.0515 1264 Wanarp - ok
09:49:38.0531 1264 WDICA - ok
09:49:38.0562 1264 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:49:38.0718 1264 wdmaud - ok
09:49:38.0734 1264 WeatherBlinkService - ok
09:49:38.0765 1264 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
09:49:39.0015 1264 WebClient - ok
09:49:39.0281 1264 [ C08FAD1207BB219BDF9EEC30AFC1809E ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:49:39.0421 1264 winachsf - ok
09:49:39.0515 1264 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:49:39.0671 1264 winmgmt - ok
09:49:39.0859 1264 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:49:40.0000 1264 wlidsvc - ok
09:49:40.0171 1264 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
09:49:40.0296 1264 WmdmPmSN - ok
09:49:40.0359 1264 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:49:40.0796 1264 WmiApSrv - ok
09:49:40.0937 1264 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:49:41.0031 1264 WPFFontCache_v0400 - ok
09:49:41.0140 1264 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:49:41.0328 1264 wscsvc - ok
09:49:41.0359 1264 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:49:41.0578 1264 wuauserv - ok
09:49:41.0640 1264 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:49:41.0906 1264 WZCSVC - ok
09:49:42.0062 1264 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:49:42.0359 1264 xmlprov - ok
09:49:42.0453 1264 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:49:42.0531 1264 YahooAUService - ok
09:49:42.0562 1264 ================ Scan global ===============================
09:49:42.0609 1264 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
09:49:42.0671 1264 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:49:42.0796 1264 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:49:42.0828 1264 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
09:49:42.0828 1264 [Global] - ok
09:49:42.0843 1264 ================ Scan MBR ==================================
09:49:42.0875 1264 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:49:43.0343 1264 \Device\Harddisk0\DR0 - ok
09:49:43.0359 1264 ================ Scan VBR ==================================
09:49:43.0359 1264 [ 9F3153A0FB79A96ED2C85B9BED779ECB ] \Device\Harddisk0\DR0\Partition1
09:49:43.0359 1264 \Device\Harddisk0\DR0\Partition1 - ok
09:49:43.0359 1264 ============================================================
09:49:43.0359 1264 Scan finished
09:49:43.0359 1264 ============================================================
09:49:43.0515 2212 Detected object count: 19
09:49:43.0515 2212 Actual detected object count: 19
09:59:11.0171 2212 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
09:59:14.0968 2212 Backup copy found, using it..
09:59:15.0484 2212 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
09:59:15.0484 2212 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
09:59:15.0484 2212 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0484 2212 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:59:15.0484 2212 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0484 2212 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:59:15.0484 2212 FastFreeConverterUpdt ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0484 2212 FastFreeConverterUpdt ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:59:15.0484 2212 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0484 2212 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:59:15.0515 2212 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0515 2212 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:59:15.0515 2212 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0515 2212 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:59:15.0515 2212 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0515 2212 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:59:15.0515 2212 VAIO Entertainment Aggregation and Control Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0515 2212 VAIO Entertainment Aggregation and Control Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:59:15.0515 2212 VAIO Entertainment Task Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0515 2212 VAIO Entertainment Task Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:59:15.0515 2212 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0515 2212 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:59:15.0562 2212 VAIO Event Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0562 2212 VAIO Event Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:59:15.0562 2212 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0562 2212 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:59:15.0562 2212 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0562 2212 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:59:15.0562 2212 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0562 2212 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:59:15.0562 2212 VAIOMediaPlatform-VideoServer-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0562 2212 VAIOMediaPlatform-VideoServer-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:59:15.0562 2212 VAIOMediaPlatform-VideoServer-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0562 2212 VAIOMediaPlatform-VideoServer-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:59:15.0609 2212 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0609 2212 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:59:15.0609 2212 VzFw ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0609 2212 VzFw ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:59:43.0531 2224 Deinitialize success
 
You're doing great. TDSSkiller found an infected file and has replaced it with a clean copy.

ADWCleaner found another remnant of AVG, did you run the AVG removal tool, if not please do so.

Irrespective of having run the AVG removal tool please do another scan with ADWCleaner so we can be certain the item has gone for good and post the new log. Please also run RogueKiller again and post that log also.

As you had an infection in a system file we should now run Combofix which will dig deep into the system and carry out more checks.

Please download ComboFix
from one of the locations below and save it to your Desktop. <-Important!!!


Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix

Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. XP users need to install the Recovery Console first.

  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
  • If ComboFix detects an older version of itself, you will be asked to update the program.
  • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
  • Follow the prompts and click on Yes to continue scanning for malware.
  • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
  • Be sure to re-enable your anti-virus and other security programs.

-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.


If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.

Do NOT use ComboFix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read ComboFix's Disclaimer.
 
Discussion starter · #93 ·
Sorry, AVG remover was the first thig I did. I checked in Add/Remove Programs and there is nothing listed there anymore. I ran AVG remover and it left an Icon on my desktop AVGremover.log, but it won't open. I am working on the other things now. Something doesn't seem right with how AVG remover ran. Should I do the whole procedure again?
 
Discussion starter · #94 ·
Here are the latest ADWcleaner and Roguekillers:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Andrew [Admin rights]
Mode : Scan -- Date : 04/05/2013 14:44:20
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 1 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\68960749 (C:\WINDOWS\system32\drivers\51236355.sys) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: HITACHI_DK23FA-80 +++++
--- User ---
[MBR] 94d7904b75c9805cbcd1a66eefc20719
[BSP] 2dab0b461558b0944ad0bf02ffa10e50 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 5130 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10506510 | Size: 71186 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[5]_S_04052013_02d1444.txt >>
RKreport[1]_S_04042013_02d1325.txt ; RKreport[2]_S_04042013_02d1530.txt ; RKreport[3]_D_04042013_02d1532.txt ; RKreport[4]_S_04052013_02d1436.txt ; RKreport[5]_S_04052013_02d1444.txt

# AdwCleaner v2.200 - Logfile created 04/05/2013 at 14:25:07
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Andrew - E457FDF720CE414
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Andrew\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
***** [Registry] *****

***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v25.0.1364.97
File : C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Documents and Settings\LAND & STREAM CO\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [33103 octets] - [04/04/2013 12:44:11]
AdwCleaner[S2].txt - [1126 octets] - [05/04/2013 08:34:08]
AdwCleaner[S3].txt - [1058 octets] - [05/04/2013 14:25:07]
########## EOF - C:\AdwCleaner[S3].txt - [1118 octets] ##########
 
It will do no harm running the AVG tool again, I just wanted to confirm you had used it, any remaining remnants can be dealt with later. Please continue with the other scans.
 
Our posts crossed over, ADWCleaner has found AVG Secure Search which will will deal with later as it is not malicious. RogueKiller found a bad service, Combofix may also find it and remove it, we will see what the log shows.
 
Discussion starter · #97 ·
It says to disable antivirus protection before scanning?? How do I do that? Recovery Console? I don't have a Windows xp disk. This combofix looks kind of scary...I going to wait for your reply before I do anything else. All of a sudden not feeling so sure of myself.
 
Discussion starter · #98 ·
This is where I stand right now: I downloaded mirror #1 and have Combofix.exe on my desktop. I have printed the "How to use Combofix" pages and feel a lot better about it, but I'm concerned about the virus protection part that it refers to - turning it off. When I look at the right side of the task bar, I have a green figure with a check in the middle of it, and when I put the pointer on it, it says "pc status protected"; Also on the taskbar is a red figure shaped like a shield with an X. When I put the pointer on it, it says "Windows security alert"; When I go to Windows Security Center, it says "Virus protections off." Without knowing more about this confusion I am afraid to go ahead with the combofix procedure. I hope this helps you see where I am at this point. Meantime, I am anxious to move forward with Combofix.
 
Don't worry about the security center alert. To disable MSE just do this:

You can easily disable MSE by clicking on the icon in the taskbar and click on Open.
Click on Settings > In the left pane select Real-time protection.
Uncheck the box and click on Save Changes and shut the window.

Make sure you re-enable it after MSE has completed.

Combofix will install the Recovery Console in the early stages of it running, you don't need the XP disc.
 
Discussion starter · #100 ·
Here's what I got.
***As I look through this log I see a lot of things that have been causing me grief for a long time - things I hope I never lay eyes on again!***

ComboFix 13-04-06.01 - Andrew 04/06/2013 8:15.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.202 [GMT -7:00]
Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Andrew\My Documents\~WRL0788.tmp
c:\documents and settings\Andrew\My Documents\~WRL3073.tmp
c:\documents and settings\Andrew\My Documents\~WRL3326.tmp
c:\documents and settings\Andrew\My Documents\~WRL3640.tmp
c:\documents and settings\Andrew\My Documents\~WRL3655.tmp
c:\windows\jestertb.dll
c:\windows\setup.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\0b263e3cffdde959.fb
c:\windows\system32\Cache\18c0408b353acbe9.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\2e0dda6f643c7753.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3e61564d33128d10.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\roboot.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ALOTSERVICE
-------\Legacy_WEATHERBLINKSERVICE
-------\Service_AlotService
-------\Service_WeatherBlinkService
.
.
((((((((((((((((((((((((( Files Created from 2013-03-06 to 2013-04-06 )))))))))))))))))))))))))))))))
.
.
2013-04-06 03:35 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{76787773-BA05-4BAD-B8A9-D639161B0BCC}\mpengine.dll
2013-04-05 16:59 . 2013-04-05 16:59 177496 ----a-w- c:\windows\system32\drivers\51236355.sys
2013-04-05 16:59 . 2013-04-05 16:59 -------- d-----w- C:\TDSSKiller_Quarantine
2013-04-05 01:31 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-04 17:25 . 2013-04-04 18:24 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-04-04 17:22 . 2013-04-04 17:22 -------- d-----w- c:\program files\Tweaking.com
2013-04-03 23:16 . 2013-04-02 10:33 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-04-03 23:06 . 2013-04-03 23:07 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-29 22:19 . 2013-03-29 22:19 -------- d-----w- c:\windows\Sun
2013-03-26 04:23 . 2013-03-26 04:33 -------- d-----w- C:\d608f2bb5b323a930a256af12f5c77
2013-03-25 20:05 . 2013-03-25 20:05 -------- d-----w- c:\program files\Tuguu SL
2013-03-25 17:18 . 2013-03-25 17:18 -------- d-----w- c:\program files\SearchDonkey
2013-03-25 17:17 . 2013-03-25 17:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData
2013-03-25 17:17 . 2013-03-25 17:17 -------- d-----w- c:\documents and settings\NetworkService\AppData
2013-03-25 17:17 . 2013-03-25 17:17 -------- d-----w- c:\documents and settings\LocalService\AppData
2013-03-25 17:17 . 2013-03-25 17:17 -------- d-----w- c:\documents and settings\LAND & STREAM CO\AppData
2013-03-25 17:17 . 2013-03-25 17:17 -------- d-----w- c:\documents and settings\Andrew\AppData
2013-03-12 17:56 . 2013-03-12 18:28 -------- d-----w- c:\program files\Free Download Manager
2013-03-09 23:29 . 2013-03-09 23:29 -------- d-----w- c:\documents and settings\Andrew\Local Settings\Application Data\Yahoo
2013-03-09 23:12 . 2013-03-13 15:30 -------- d-----w- c:\windows\msdownld.tmp
2013-03-07 16:19 . 2001-08-17 21:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2013-03-07 16:19 . 2001-08-17 21:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2013-03-07 16:09 . 2011-06-09 02:06 544616 ----a-w- c:\windows\system32\HPDiscoPMa011.dll
2013-03-07 16:09 . 2011-06-08 21:57 488296 ----a-w- c:\windows\system32\HPWia1_DJ3050A_J611.dll
2013-03-07 16:09 . 2011-06-08 21:57 1929576 ----a-w- c:\windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2013-03-07 16:09 . 2011-06-08 21:57 429928 ----a-w- c:\windows\system32\hpinkstsa011.dll
2013-03-07 16:09 . 2011-06-08 21:57 270696 ----a-w- c:\windows\system32\hpinkstsa011LM.dll
2013-03-07 16:09 . 2011-06-08 21:57 216424 ----a-w- c:\windows\system32\hpinkcoia011.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-05 17:00 . 2004-08-03 23:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2013-03-17 16:51 . 2012-06-05 15:00 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-17 16:51 . 2012-06-05 15:00 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-21 19:32 . 2012-10-06 04:42 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-12 00:32 . 2008-04-13 18:56 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-11-21 00:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 18:21 . 2013-02-08 18:22 5259504 ----a-w- c:\windows\uninst.exe
2013-02-05 20:05 . 2004-11-21 00:04 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2004-11-21 00:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2004-11-21 00:04 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2004-11-21 00:04 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-11-21 00:04 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-20 22:59 . 2013-01-20 22:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-07 01:16 . 2004-11-21 00:04 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2004-08-03 22:59 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{DDA5D4B3-468F-4D62-9092-75142C6169B1}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-06 5406720]
"VMConsole.exe"="c:\program files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe" [2004-06-24 557056]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
c:\documents and settings\Andrew\Start Menu\Programs\Startup\
FedEx Desktop.lnk - c:\program files\FedEx\FedEx Desktop\FedEx Desktop.exe [2013-3-12 142336]
Monitor Ink Alerts - HP Deskjet 3050 J610 series.lnk - c:\windows\system32\RunDll32.exe [2004-11-20 33280]
Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk - c:\windows\system32\RunDll32.exe [2004-11-20 33280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 23:40 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\AirPort\\APUtil.exe"=
"c:\\Program Files\\Online Services\\AOL Instant Messenger Setup\\aimsetup.exe"=
"c:\\Program Files\\Sony\\vaio media 3.1\\VmpClient.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [10/5/2012 9:42 PM 33112]
R2 FastFreeConverterUpdt;FastFreeConverterUpdt;c:\program files\Fast Free Converter\FastFreeConverterUpdt.exe [11/26/2012 6:30 AM 687104]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [10/5/2012 9:42 PM 722528]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2/21/2013 12:34 PM 968880]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys --> c:\windows\system32\DRIVERS\avglogx.sys [?]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe /s --> c:\program files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [?]
S2 PCCUJobMgr;Common Client Job Manager Service;"c:\program files\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe" /s "PCCUJobMgr" /m "c:\program files\Norton PC Checkup\Engine\2.0.15.91\diMaster.dll" /prefetch:1 --> c:\program files\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [?]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;"c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe" --> c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [?]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys --> c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 16:51]
.
2013-04-05 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-06 c:\windows\Tasks\At10.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-09 02:06]
.
2013-04-05 c:\windows\Tasks\At11.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-09 02:06]
.
2013-04-05 c:\windows\Tasks\At12.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-09 02:06]
.
2013-04-06 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-05 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-05 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-05 c:\windows\Tasks\At5.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-06 c:\windows\Tasks\At6.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-06 c:\windows\Tasks\At7.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-05 c:\windows\Tasks\At8.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-05 c:\windows\Tasks\At9.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-09 02:06]
.
2013-04-06 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 18:11]
.
2008-12-17 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-21 00:12]
.
2008-12-17 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-21 00:12]
.
2008-12-17 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-21 00:12]
.
2013-04-06 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-07-06 20:52]
.
2013-04-06 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]
.
2012-07-14 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]
.
2013-04-06 c:\windows\Tasks\User_Feed_Synchronization-{338A9EA3-733C-4378-9B99-3D24E7CBD95A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=79
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.1.1
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - (no file)
Toolbar-Locked - (no file)
Toolbar-{A531D99C-5A22-449b-83DA-872725C6D0ED} - (no file)
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-WeatherBlink Search Scope Monitor - c:\progra~1\WEATHE~2\bar\1.bin\gcsrchmn.exe
HKLM_ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
AddRemove-alotAppbar - c:\program files\alotappbar\alotUninst.exe
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_20030003
AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\setup.exe
AddRemove-MoodLogic - c:\windows\ml-uninstall-v10.exe
AddRemove-Norton PC Checkup_is1 - c:\documents and settings\All Users\Application Data\Norton\PC Checkup\unins000.exe
AddRemove-NortonPCCheckup - c:\program files\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.15.91\InstStub.exe
AddRemove-PC TuneUp Maestro - c:\program files\CompuClever\PC TuneUp Maestro\uninstall.exe
AddRemove-Supreme Savings - c:\program files\Supreme Savings\Uninstall.exe
AddRemove-{3CBF3EBB-235D-4c29-A68B-2BB1F428586E} - c:\program files\ParetoLogic\PCHA\uninstall.exe
AddRemove-{604CD5A1-4520-4844-B064-A3D884B77E91} - c:\program files\SpeedyPC Software\SpeedyPC\uninstall.exe
AddRemove-{EF4F8650-7710-4CA0-831D-4AA9C1CF6D87} - c:\program files\SpeedMaxPc\SpeedMaxPc\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-06 09:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.15.91\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(1968)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\snmp.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\igfxext.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-04-06 09:06:41 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-06 16:06
.
Pre-Run: 55,955,873,792 bytes free
Post-Run: 56,053,567,488 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /PAE
.
- - End Of File - - D750B38D0ECD6DE1ACDC76B38C7B1050
 
81 - 100 of 137 Posts
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top