Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stubborn Trojan


  • This topic is locked This topic is locked
8 replies to this topic

#1 frankvh

frankvh

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 17 July 2013 - 07:40 AM

G'day!
 
I have a small peer-to-peer network and have up-to-date AVG anti-virus on each machine. On one XP (SP3) machine AVG is reporting the presence of "Trojan horse Dropper.Generic8.VNH" which it reports itself as "Unable to Remove". AVG further specifies the following as problematic:
 
c:\Documents and Settings\Administrator\Local Settings\Temp\sbcjxyn\snprdmb\wow.dll
 
I cannot access (or locate) the specified .dll file nor the specified temp directory. Meanwhile the machine is operating excruciatingly slowly. The anti-malware packages I've tried have not provided any beneficial effect.
 
Can anyone offer any suggestions? Thanks in advance,
 
Frank

*Moderator Edit: Moved topic from XP to the appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 17 July 2013 - 08:12 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:25 PM

Posted 17 July 2013 - 09:52 AM

Hello frank

First Empty your temp folders using TFC (Temporary File Cleaner)

  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
  • [/LIST



    Now we'll see how it is after these...
    Please download MiniToolBox, save it to your desktop and run it.
    Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Please Download TDSSkiller
    Launch it.
    Click on change parameters-Select TDLFS file system
    Click on "Scan".
    Please post the LOG report(log file should be in your C drive)

    Do not change the default options on scan results.



    Please download AdwCleaner by Xplode onto your desktop.
    Close all open programs and internet browsers.
    Double click on adwcleaner.exe to run the tool.
    Click on Delete.
    Confirm each time with Ok.
    You will be prompted to restart your computer. A text file will open after the restart.
    Please post the contents of that logfile with your next reply.
    You can find the logfile at C:\AdwCleaner[S1].txt as well.



    Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 frankvh

frankvh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 18 July 2013 - 07:29 AM

Thank you for the advice...wilco to all, this evening and will report back tomorrow (Friday). I truly appreciate the help.

 

Frank



#4 frankvh

frankvh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 19 July 2013 - 09:16 AM

Greetings, Boopme!

 

I have (as they say) good news and bad news. The bad news first. I d'loaded tfc.exe to the subject machine's desktop and it would not run! I started it, it got as far as blanking the desktop and stating "Stopping running processes", then froze. I waited about 15 minutes, while nothing continued to happen. Then I clicked on EXIT. Got an hourglass, but the program would not close. After another 5 min I went to the Big Red Switch.

 

It's almost like the temp files are trying to protect themselves from attack! ;-(

 

I went ahead and ran MiniToolBox, TDSSkiller and AdwCleaner...but I did not try to run ESET, pending your reaction to the above. The logs/results for the three programs I did run are spliced in below. I am on the road for the next few days and will be able to get back at the sick machine on Tuesday evening; but I'm very much looking forward to learning what you think about the events I've described. And again, thank you so much for your help in this.

 

Here go the logs...

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Administrator (administrator) on 18-07-2013 at 18:10:32
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
NVIDIA nForce Networking Controller = Local Area Connection (Connected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : Donna
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Mixed
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
 
        Physical Address. . . . . . . . . : 00-1E-0B-3D-B4-46
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.0.4
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.0.1
 
        DHCP Server . . . . . . . . . . . : 192.168.0.1
 
        DNS Servers . . . . . . . . . . . : 167.206.251.129
 
                                            167.206.251.130
 
        Lease Obtained. . . . . . . . . . : Thursday, July 18, 2013 6:00:57 PM
 
        Lease Expires . . . . . . . . . . : Monday, January 18, 2038 11:14:07 PM
 
Server:  vdns1.srv.whplny.cv.net
Address:  167.206.251.129
 
Name:    google.com
Addresses:  167.206.145.93, 167.206.145.114, 167.206.145.108, 167.206.145.119
 167.206.145.89, 167.206.145.103, 167.206.145.123, 167.206.145.94, 167.206.145.98
 167.206.145.113, 167.206.145.88, 167.206.145.104, 167.206.145.84, 167.206.145.109
 167.206.145.118, 167.206.145.99
 
 
 
Pinging google.com [167.206.145.99] with 32 bytes of data:
 
 
 
Reply from 167.206.145.99: bytes=32 time=10ms TTL=59
 
Reply from 167.206.145.99: bytes=32 time=12ms TTL=59
 
 
 
Ping statistics for 167.206.145.99:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 10ms, Maximum = 12ms, Average = 11ms
 
Server:  vdns1.srv.whplny.cv.net
Address:  167.206.251.129
 
Name:    yahoo.com
Addresses:  206.190.36.45, 98.138.253.109, 98.139.183.24
 
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
 
 
 
Reply from 98.138.253.109: bytes=32 time=78ms TTL=49
 
Reply from 98.138.253.109: bytes=32 time=69ms TTL=50
 
 
 
Ping statistics for 98.138.253.109:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 69ms, Maximum = 78ms, Average = 73ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1e 0b 3d b4 46 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.4  20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      192.168.0.0    255.255.255.0      192.168.0.4     192.168.0.4  20
      192.168.0.4  255.255.255.255        127.0.0.1       127.0.0.1  20
    192.168.0.255  255.255.255.255      192.168.0.4     192.168.0.4  20
        224.0.0.0        240.0.0.0      192.168.0.4     192.168.0.4  20
  255.255.255.255  255.255.255.255      192.168.0.4     192.168.0.4  1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/18/2013 06:09:01 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (07/18/2013 06:09:01 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (07/18/2013 09:02:16 AM) (Source: Application Hang) (User: )
Description: Hanging application Peachw.exe, version 2013.0.1.1104, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (07/17/2013 05:31:27 PM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560
 
Error: (07/17/2013 05:31:25 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.
 
Error: (07/17/2013 05:31:23 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.
 
Error: (07/17/2013 05:30:27 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies - Update 'Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\MSI66818.LOG.
 
Error: (07/17/2013 05:30:26 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.
 
Error: (07/17/2013 04:42:52 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (07/16/2013 05:44:51 PM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560
 
 
System errors:
=============
Error: (07/18/2013 06:03:33 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (07/18/2013 05:46:48 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (07/18/2013 08:09:19 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
 
Error: (07/18/2013 08:08:51 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (07/17/2013 05:31:28 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
 
Error: (07/17/2013 05:30:28 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).
 
Error: (07/17/2013 08:11:10 AM) (Source: PlugPlayManager) (User: )
Description: The device Root\LEGACY_RAPPORTIASO\0000 disappeared from the system without first being prepared for removal.
 
Error: (07/17/2013 08:09:42 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (07/16/2013 05:44:54 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
 
Error: (07/16/2013 05:43:39 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).
 
 
Microsoft Office Sessions:
=========================
 
=========================== Installed Programs ============================
 
32 Bit HP CIO Components Installer (Version: 7.1.4)
Acrobat.com (Version: 1.7.258)
Adobe AIR (Version: 1.5.1.8210)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Reader 9.5.0 (Version: 9.5.0)
AMD Processor Driver (Version: 1.3.2.0053)
AVG 2013 (Version: 13.0.3204)
AVG 2013 (Version: 13.0.3349)
AVG 2013 (Version: 2013.0.3349)
AVG SafeGuard toolbar (Version: 15.3.0.11)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
CCleaner (remove only)
Crystal Reports 2008 Runtime SP1 (Version: 12.1.0.882)
Dual-Core Optimizer (Version: 1.1.3.0161)
Google Chrome (Version: 28.0.1500.72)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.153)
HP Backup and Recovery Manager (Version: 2.4a)
HP Help and Support (Version: 4.2.0010)
HP LaserJet Professional M1530 MFP Series
HP LJ M1530 MFP Series HP Scan (Version: 1.0.302.0)
HPLaserJetHelp_LearnCenter (Version: 1.02.0000)
HPLJUT (Version: 1.00.0012)
hppFaxDrvM1530 (Version: 003.000.00001)
hppFaxUtilityM1530 (Version: 000.002.00001)
hppLaserJetService (Version: 002.015.00599)
hppM1530LaserJetService (Version: 001.008.00477)
hppSendFaxM1530 (Version: 003.000.00001)
hppTLBXFXM1530 (Version: 001.012.00948)
HpSdpAppCoreApp (Version: 3.00.0000)
hpzTLBXFX (Version: 006.015.01163)
I.R.I.S. OCR (Version: 12.3.4.0)
InterVideo Register Manager (Version: 1.0.4.0)
InterVideo WinDVD (Version: 5.0-B11.1166)
Java™ 6 Update 2 (Version: 1.6.0.20)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office 2000 SR-1 Small Business (Version: 9.00.3821)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSN
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
NVIDIA Drivers
OzLINK for UPS
PDF Complete Corporate Edition (Version: 3.5.302)
Peachtree Signature Ready Forms (Version: 12.1.10)
Pervasive PSQL v10 SP2 Workgroup (32-bit) (Version: 10.20.034)
Pervasive Software PSQL v9.1 Client
Pervasive System Analyzer v9.1
Rapport (Version: 3.5.1208.34)
Realtek High Definition Audio Driver (Version: 5.10.0.5508)
Sage 50 Accounting 2013 (Version: 20.00.00)
Sage Message Center (Version: 2.00.0000)
Sage Software Integration Services (Version: 2.2.2240)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
StuffIt Expander 2010 (Version: 14.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB980302) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows XP Service Pack 3 (Version: 20080414.031525)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 55%
Total physical RAM: 446.42 MB
Available physical RAM: 198.46 MB
Total Pagefile: 1082.84 MB
Available Pagefile: 409.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.29 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:64.51 GB) (Free:39.73 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:10 GB) (Free:6.87 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DONNA
 
Administrator            ASPNET                   Guest                    
HelpAssistant            SUPPORT_388945a0         
 
 
**** End of log ****
 
--------------------------------------------------------------------------------------
 
17:26:09.0453 2412  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:26:09.0953 2412  ============================================================
17:26:09.0953 2412  Current date / time: 2013/01/17 17:26:09.0953
17:26:09.0953 2412  SystemInfo:
17:26:09.0953 2412  
17:26:09.0953 2412  OS Version: 5.1.2600 ServicePack: 2.0
17:26:09.0953 2412  Product type: Workstation
17:26:09.0968 2412  ComputerName: DONNA
17:26:09.0968 2412  UserName: Administrator
17:26:09.0968 2412  Windows directory: C:\WINDOWS
17:26:09.0968 2412  System windows directory: C:\WINDOWS
17:26:09.0968 2412  Processor architecture: Intel x86
17:26:09.0968 2412  Number of processors: 1
17:26:09.0968 2412  Page size: 0x1000
17:26:09.0968 2412  Boot type: Normal boot
17:26:09.0968 2412  ============================================================
17:26:16.0031 2412  BG loaded
17:26:16.0703 2412  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:26:16.0765 2412  ============================================================
17:26:16.0765 2412  \Device\Harddisk0\DR0:
17:26:16.0796 2412  MBR partitions:
17:26:16.0796 2412  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8104266
17:26:16.0796 2412  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x8108166, BlocksNum 0x140249A
17:26:16.0796 2412  ============================================================
17:26:17.0234 2412  C: <-> \Device\Harddisk0\DR0\Partition1
17:26:17.0484 2412  D: <-> \Device\Harddisk0\DR0\Partition2
17:26:17.0500 2412  ============================================================
17:26:17.0500 2412  Initialize success
17:26:17.0500 2412  ============================================================
17:26:25.0171 3036  ============================================================
17:26:25.0171 3036  Scan started
17:26:25.0171 3036  Mode: Manual; 
17:26:25.0171 3036  ============================================================
17:26:28.0953 3036  ================ Scan system memory ========================
17:26:28.0953 3036  System memory - ok
17:26:28.0953 3036  ================ Scan services =============================
17:26:30.0343 3036  Abiosdsk - ok
17:26:30.0390 3036  abp480n5 - ok
17:26:30.0500 3036  [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc        C:\WINDOWS\system32\drivers\ac97intc.sys
17:26:30.0859 3036  ac97intc - ok
17:26:31.0031 3036  [ A10C7534F7223F4A73A948967D00E69B ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:26:31.0406 3036  ACPI - ok
17:26:31.0437 3036  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
17:26:31.0453 3036  ACPIEC - ok
17:26:31.0781 3036  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:26:32.0046 3036  AdobeFlashPlayerUpdateSvc - ok
17:26:32.0156 3036  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:26:32.0187 3036  adpu160m - ok
17:26:32.0203 3036  [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320         C:\WINDOWS\system32\DRIVERS\adpu320.sys
17:26:32.0359 3036  adpu320 - ok
17:26:32.0625 3036  [ 1EE7B434BA961EF845DE136224C30FEC ] aec             C:\WINDOWS\system32\drivers\aec.sys
17:26:33.0109 3036  aec - ok
17:26:33.0796 3036  [ 6A0397376853E604DE8E1E7A87FC08AC ] AFD             C:\WINDOWS\System32\drivers\afd.sys
17:26:34.0437 3036  AFD - ok
17:26:34.0453 3036  Aha154x - ok
17:26:34.0718 3036  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:26:35.0234 3036  aic78u2 - ok
17:26:35.0765 3036  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:26:35.0937 3036  aic78xx - ok
17:26:36.0718 3036  [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
17:26:36.0984 3036  Alerter - ok
17:26:37.0265 3036  [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG             C:\WINDOWS\System32\alg.exe
17:26:37.0359 3036  ALG - ok
17:26:37.0421 3036  AliIde - ok
17:26:37.0750 3036  [ EFBB0956BAED786E137351B5CA272AEF ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:26:37.0906 3036  AmdK8 - ok
17:26:38.0093 3036  [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD          C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
17:26:38.0343 3036  AmdLLD - ok
17:26:38.0343 3036  amsint - ok
17:26:39.0375 3036  [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
17:26:40.0484 3036  AppMgmt - ok
17:26:40.0531 3036  asc - ok
17:26:40.0562 3036  asc3350p - ok
17:26:40.0812 3036  asc3550 - ok
17:26:44.0171 3036  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:26:44.0531 3036  aspnet_state - ok
17:26:45.0031 3036  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:26:45.0281 3036  AsyncMac - ok
17:26:45.0500 3036  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
17:26:45.0906 3036  atapi - ok
17:26:45.0921 3036  Atdisk - ok
17:26:46.0125 3036  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:26:46.0234 3036  Atmarpc - ok
17:26:46.0531 3036  [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
17:26:46.0625 3036  AudioSrv - ok
17:26:46.0828 3036  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
17:26:46.0921 3036  audstub - ok
17:26:51.0031 3036  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
17:26:55.0984 3036  AVGIDSAgent - ok
17:26:56.0406 3036  [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
17:26:56.0640 3036  AVGIDSDriver - ok
17:26:56.0828 3036  [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
17:26:57.0015 3036  AVGIDSHX - ok
17:26:57.0187 3036  [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
17:26:57.0328 3036  AVGIDSShim - ok
17:26:57.0531 3036  [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
17:26:57.0734 3036  Avgldx86 - ok
17:26:57.0890 3036  [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
17:26:58.0062 3036  Avglogx - ok
17:26:58.0562 3036  [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
17:26:58.0843 3036  Avgmfx86 - ok
17:26:59.0031 3036  [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
17:26:59.0062 3036  Avgrkx86 - ok
17:26:59.0296 3036  [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
17:26:59.0406 3036  Avgtdix - ok
17:26:59.0531 3036  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
17:26:59.0656 3036  avgwd - ok
17:27:00.0062 3036  [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
17:27:00.0203 3036  BcmSqlStartupSvc - ok
17:27:00.0296 3036  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
17:27:00.0343 3036  Beep - ok
17:27:00.0750 3036  [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS            C:\WINDOWS\system32\qmgr.dll
17:27:01.0015 3036  BITS - ok
17:27:01.0109 3036  [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser         C:\WINDOWS\System32\browser.dll
17:27:01.0421 3036  Browser - ok
17:27:01.0484 3036  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
17:27:01.0500 3036  cbidf2k - ok
17:27:01.0531 3036  cd20xrnt - ok
17:27:01.0562 3036  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
17:27:01.0609 3036  Cdaudio - ok
17:27:01.0765 3036  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
17:27:01.0765 3036  Cdfs - ok
17:27:01.0828 3036  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:27:01.0875 3036  Cdrom - ok
17:27:01.0890 3036  Changer - ok
17:27:02.0093 3036  [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc           C:\WINDOWS\system32\cisvc.exe
17:27:02.0140 3036  CiSvc - ok
17:27:02.0187 3036  [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
17:27:02.0234 3036  ClipSrv - ok
17:27:02.0328 3036  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:27:02.0609 3036  clr_optimization_v2.0.50727_32 - ok
17:27:02.0625 3036  CmdIde - ok
17:27:02.0640 3036  COMSysApp - ok
17:27:02.0656 3036  Cpqarray - ok
17:27:02.0765 3036  [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
17:27:02.0812 3036  CryptSvc - ok
17:27:02.0812 3036  dac2w2k - ok
17:27:02.0828 3036  dac960nt - ok
17:27:02.0968 3036  [ 24B5D53B9ACCC1E2EDCF0A878D6659D4 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
17:27:03.0187 3036  DcomLaunch - ok
17:27:03.0265 3036  [ 3F15A1DBD86F7BDAF404648282D11ECE ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
17:27:03.0343 3036  Dhcp - ok
17:27:03.0546 3036  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
17:27:03.0671 3036  Disk - ok
17:27:03.0765 3036  dmadmin - ok
17:27:04.0437 3036  [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
17:27:05.0000 3036  dmboot - ok
17:27:05.0109 3036  [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
17:27:05.0203 3036  dmio - ok
17:27:05.0390 3036  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
17:27:05.0421 3036  dmload - ok
17:27:05.0734 3036  [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver        C:\WINDOWS\System32\dmserver.dll
17:27:05.0765 3036  dmserver - ok
17:27:05.0984 3036  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
17:27:06.0015 3036  DMusic - ok
17:27:06.0296 3036  [ AAC8FFBFD61E784FA3BAC851D4A0BD5F ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
17:27:06.0312 3036  Dnscache - ok
17:27:06.0609 3036  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:27:06.0656 3036  dpti2o - ok
17:27:06.0718 3036  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
17:27:06.0750 3036  drmkaud - ok
17:27:07.0062 3036  [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:27:07.0125 3036  E100B - ok
17:27:07.0328 3036  [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc           C:\WINDOWS\System32\ersvc.dll
17:27:07.0578 3036  ERSvc - ok
17:27:08.0671 3036  [ 4712531AB7A01B7EE059853CA17D39BD ] Eventlog        C:\WINDOWS\system32\services.exe
17:27:08.0687 3036  Eventlog - ok
17:27:10.0515 3036  [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem     C:\WINDOWS\system32\es.dll
17:27:10.0687 3036  EventSystem - ok
17:27:11.0078 3036  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
17:27:11.0156 3036  Fastfat - ok
17:27:11.0812 3036  [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:27:11.0921 3036  FastUserSwitchingCompatibility - ok
17:27:12.0109 3036  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
17:27:12.0140 3036  Fdc - ok
17:27:12.0171 3036  [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
17:27:12.0187 3036  Fips - ok
17:27:12.0218 3036  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:27:12.0250 3036  Flpydisk - ok
17:27:12.0312 3036  [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:27:12.0328 3036  FltMgr - ok
17:27:13.0250 3036  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:27:13.0515 3036  FontCache3.0.0.0 - ok
17:27:13.0859 3036  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:27:13.0859 3036  Fs_Rec - ok
17:27:13.0921 3036  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:27:13.0953 3036  Ftdisk - ok
17:27:14.0218 3036  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:27:14.0234 3036  Gpc - ok
17:27:14.0562 3036  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
17:27:14.0609 3036  gupdate - ok
17:27:14.0625 3036  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:27:14.0625 3036  gupdatem - ok
17:27:14.0687 3036  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:27:14.0718 3036  gusvc - ok
17:27:14.0859 3036  [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:27:14.0875 3036  HDAudBus - ok
17:27:15.0078 3036  [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:27:15.0093 3036  helpsvc - ok
17:27:15.0125 3036  [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ         C:\WINDOWS\System32\hidserv.dll
17:27:15.0140 3036  HidServ - ok
17:27:15.0421 3036  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:27:15.0421 3036  HidUsb - ok
17:27:15.0609 3036  [ D1E9CB573A9EDF7BE12E9C57F32E97F7 ] HP LaserJet Service C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
17:27:15.0625 3036  HP LaserJet Service - ok
17:27:15.0625 3036  hpn - ok
17:27:15.0750 3036  [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
17:27:15.0750 3036  HTTP - ok
17:27:15.0859 3036  [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
17:27:15.0875 3036  HTTPFilter - ok
17:27:15.0890 3036  i2omgmt - ok
17:27:15.0890 3036  i2omp - ok
17:27:15.0937 3036  [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:27:15.0937 3036  i8042prt - ok
17:27:16.0015 3036  [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x            C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
17:27:16.0031 3036  i81x - ok
17:27:16.0203 3036  [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0         C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
17:27:16.0203 3036  iAimFP0 - ok
17:27:16.0218 3036  [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1         C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
17:27:16.0218 3036  iAimFP1 - ok
17:27:16.0250 3036  [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2         C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
17:27:16.0250 3036  iAimFP2 - ok
17:27:16.0296 3036  [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3         C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
17:27:16.0312 3036  iAimFP3 - ok
17:27:16.0312 3036  [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4         C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
17:27:16.0312 3036  iAimFP4 - ok
17:27:16.0328 3036  [ 0308AEF61941E4AF478FA1A0F83812F5 ] iAimFP5         C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
17:27:16.0343 3036  iAimFP5 - ok
17:27:16.0343 3036  [ 714038A8AA5DE08E12062202CD7EAEB5 ] iAimFP6         C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
17:27:16.0359 3036  iAimFP6 - ok
17:27:16.0406 3036  [ 7BB3AA595E4507A788DE1CDC63F4C8C4 ] iAimFP7         C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
17:27:16.0406 3036  iAimFP7 - ok
17:27:16.0703 3036  [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0         C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
17:27:16.0796 3036  iAimTV0 - ok
17:27:16.0812 3036  [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1         C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
17:27:16.0828 3036  iAimTV1 - ok
17:27:16.0828 3036  [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3         C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
17:27:16.0828 3036  iAimTV3 - ok
17:27:16.0843 3036  [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4         C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
17:27:16.0843 3036  iAimTV4 - ok
17:27:16.0843 3036  [ 791CC45DE6E50445BE72E8AD6401FF45 ] iAimTV5         C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
17:27:16.0843 3036  iAimTV5 - ok
17:27:16.0875 3036  [ 352FA0E98BC461CE1CE5D41F64DB558D ] iAimTV6         C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
17:27:16.0875 3036  iAimTV6 - ok
17:27:16.0906 3036  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:27:16.0906 3036  IDriverT - ok
17:27:16.0984 3036  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:27:17.0000 3036  idsvc - ok
17:27:17.0015 3036  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
17:27:17.0015 3036  Imapi - ok
17:27:17.0046 3036  [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService    C:\WINDOWS\system32\imapi.exe
17:27:17.0046 3036  ImapiService - ok
17:27:17.0062 3036  ini910u - ok
17:27:17.0218 3036  [ E5C925B50154D102734AB446ADE781F4 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:27:17.0328 3036  IntcAzAudAddService - ok
17:27:17.0343 3036  [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
17:27:17.0343 3036  IntelIde - ok
17:27:17.0375 3036  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:27:17.0375 3036  Ip6Fw - ok
17:27:17.0390 3036  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:27:17.0390 3036  IpFilterDriver - ok
17:27:17.0421 3036  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:27:17.0421 3036  IpInIp - ok
17:27:17.0453 3036  [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:27:17.0468 3036  IpNat - ok
17:27:17.0484 3036  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:27:17.0484 3036  IPSec - ok
17:27:17.0515 3036  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
17:27:17.0515 3036  IRENUM - ok
17:27:17.0531 3036  [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:27:17.0531 3036  isapnp - ok
17:27:17.0609 3036  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr       C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
17:27:17.0609 3036  IviRegMgr - ok
17:27:17.0625 3036  [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:27:17.0625 3036  Kbdclass - ok
17:27:17.0640 3036  [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:27:17.0640 3036  kbdhid - ok
17:27:17.0656 3036  [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
17:27:17.0671 3036  kmixer - ok
17:27:17.0671 3036  [ 1BE7CC2535D760AE4D481576EB789F24 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
17:27:17.0687 3036  KSecDD - ok
17:27:17.0703 3036  [ 0CB3AF149A0BAC0836022CA307C7A0F8 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
17:27:17.0703 3036  lanmanserver - ok
17:27:17.0734 3036  [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:27:17.0750 3036  lanmanworkstation - ok
17:27:17.0750 3036  lbrtfdc - ok
17:27:17.0796 3036  [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
17:27:17.0796 3036  LmHosts - ok
17:27:17.0828 3036  [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
17:27:17.0828 3036  Messenger - ok
17:27:17.0859 3036  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
17:27:17.0859 3036  mnmdd - ok
17:27:17.0890 3036  [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
17:27:17.0890 3036  mnmsrvc - ok
17:27:17.0906 3036  [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
17:27:17.0906 3036  Modem - ok
17:27:17.0937 3036  [ 34E1F0031153E491910E12551400192C ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:27:17.0937 3036  Mouclass - ok
17:27:17.0984 3036  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:27:17.0984 3036  mouhid - ok
17:27:18.0015 3036  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
17:27:18.0015 3036  MountMgr - ok
17:27:18.0015 3036  mraid35x - ok
17:27:18.0046 3036  [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:27:18.0046 3036  MRxDAV - ok
17:27:18.0062 3036  [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:27:18.0078 3036  MRxSmb - ok
17:27:18.0109 3036  [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
17:27:18.0109 3036  MSDTC - ok
17:27:18.0109 3036  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
17:27:18.0109 3036  Msfs - ok
17:27:18.0125 3036  MSIServer - ok
17:27:18.0156 3036  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:27:18.0156 3036  MSKSSRV - ok
17:27:18.0171 3036  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:27:18.0171 3036  MSPCLOCK - ok
17:27:18.0187 3036  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
17:27:18.0187 3036  MSPQM - ok
17:27:18.0203 3036  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:27:18.0203 3036  mssmbios - ok
17:27:18.0296 3036  MSSQL$MSSMLBIZ - ok
17:27:18.0359 3036  [ C06EA83F6FC2959E897C117255B6B1D5 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:27:18.0359 3036  MSSQLServerADHelper - ok
17:27:18.0375 3036  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
17:27:18.0375 3036  Mup - ok
17:27:18.0421 3036  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
17:27:18.0421 3036  NDIS - ok
17:27:18.0453 3036  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:27:18.0453 3036  NdisTapi - ok
17:27:18.0468 3036  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:27:18.0468 3036  Ndisuio - ok
17:27:18.0484 3036  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:27:18.0484 3036  NdisWan - ok
17:27:18.0500 3036  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
17:27:18.0500 3036  NDProxy - ok
17:27:18.0546 3036  [ 80B7A96F908DA13617E7E6832C5C6A64 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
17:27:18.0546 3036  Net Driver HPZ12 - ok
17:27:18.0562 3036  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
17:27:18.0562 3036  NetBIOS - ok
17:27:18.0578 3036  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
17:27:18.0593 3036  NetBT - ok
17:27:18.0625 3036  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE          C:\WINDOWS\system32\netdde.exe
17:27:18.0625 3036  NetDDE - ok
17:27:18.0625 3036  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
17:27:18.0640 3036  NetDDEdsdm - ok
17:27:18.0671 3036  [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon        C:\WINDOWS\system32\lsass.exe
17:27:18.0671 3036  Netlogon - ok
17:27:18.0703 3036  [ 36739B39267914BA69AD0610A0299732 ] Netman          C:\WINDOWS\System32\netman.dll
17:27:18.0718 3036  Netman - ok
17:27:18.0765 3036  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:27:18.0765 3036  NetTcpPortSharing - ok
17:27:18.0812 3036  [ 1DFCA7713EA5A70D5D93B436AEA0317A ] Nla             C:\WINDOWS\System32\mswsock.dll
17:27:18.0812 3036  Nla - ok
17:27:18.0843 3036  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
17:27:18.0843 3036  Npfs - ok
17:27:18.0875 3036  [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
17:27:18.0890 3036  Ntfs - ok
17:27:18.0906 3036  [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
17:27:18.0906 3036  NtLmSsp - ok
17:27:18.0953 3036  [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
17:27:18.0968 3036  NtmsSvc - ok
17:27:18.0984 3036  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
17:27:18.0984 3036  Null - ok
17:27:19.0171 3036  [ CCE4877E45F5300FFFBB4A6BC5E7FDA7 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:27:19.0312 3036  nv - ok
17:27:19.0359 3036  [ 1492C7738F68625805F5F53C8BAD24C6 ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
17:27:19.0359 3036  NVENETFD - ok
17:27:19.0375 3036  [ AE73E61F07DDC84255BECE6B02F18390 ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
17:27:19.0375 3036  nvnetbus - ok
17:27:19.0406 3036  [ 4E281506A2ECD3B341D06598DBA97005 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
17:27:19.0421 3036  NVSvc - ok
17:27:19.0437 3036  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:27:19.0437 3036  NwlnkFlt - ok
17:27:19.0453 3036  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:27:19.0453 3036  NwlnkFwd - ok
17:27:19.0500 3036  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:27:19.0500 3036  ose - ok
17:27:19.0531 3036  [ 7A1984671B6C3BBF8FD060F8917208C0 ] oxmf            C:\WINDOWS\system32\DRIVERS\oxmf.sys
17:27:19.0531 3036  oxmf - ok
17:27:19.0531 3036  [ 0BF21F9A594C1995A46184BEB838ACA1 ] Oxmfuf          C:\WINDOWS\system32\DRIVERS\oxmfuf.sys
17:27:19.0531 3036  Oxmfuf - ok
17:27:19.0578 3036  [ 0B2F22E758A459B87A06689A8FEDF63E ] oxpar           C:\WINDOWS\system32\DRIVERS\oxpar.sys
17:27:19.0578 3036  oxpar - ok
17:27:19.0593 3036  [ 002830544100A47E821B906C619267A9 ] oxser           C:\WINDOWS\system32\DRIVERS\oxser.sys
17:27:19.0593 3036  oxser - ok
17:27:19.0625 3036  [ 3E16EFF2A6FED2D8D7F5A66DFE65D183 ] P3              C:\WINDOWS\system32\DRIVERS\p3.sys
17:27:19.0625 3036  P3 - ok
17:27:19.0656 3036  [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
17:27:19.0656 3036  Parport - ok
17:27:19.0671 3036  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
17:27:19.0671 3036  PartMgr - ok
17:27:19.0687 3036  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
17:27:19.0687 3036  ParVdm - ok
17:27:19.0750 3036  [ 2A42DDAEAAE7743C55A3FA68A7AD9538 ] PCA             C:\WINDOWS\SMINST\PCAngel.exe
17:27:19.0750 3036  PCA - ok
17:27:19.0765 3036  [ 8086D9979234B603AD5BC2F5D890B234 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
17:27:19.0765 3036  PCI - ok
17:27:19.0765 3036  PCIDump - ok
17:27:19.0796 3036  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
17:27:19.0796 3036  PCIIde - ok
17:27:19.0812 3036  [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
17:27:19.0828 3036  Pcmcia - ok
17:27:19.0828 3036  PDCOMP - ok
17:27:19.0859 3036  pdfcDispatcher - ok
17:27:19.0859 3036  PDFRAME - ok
17:27:19.0875 3036  PDRELI - ok
17:27:19.0875 3036  PDRFRAME - ok
17:27:19.0890 3036  perc2 - ok
17:27:19.0906 3036  perc2hib - ok
17:27:19.0937 3036  [ 4712531AB7A01B7EE059853CA17D39BD ] PlugPlay        C:\WINDOWS\system32\services.exe
17:27:19.0937 3036  PlugPlay - ok
17:27:19.0984 3036  [ 0C155C5D8942B3CBCF9506A9D376B9AD ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
17:27:19.0984 3036  Pml Driver HPZ12 - ok
17:27:20.0000 3036  [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
17:27:20.0000 3036  PolicyAgent - ok
17:27:20.0031 3036  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:27:20.0031 3036  PptpMiniport - ok
17:27:20.0046 3036  [ 0D97D88720A4087EC93AF7DBB303B30A ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
17:27:20.0046 3036  Processor - ok
17:27:20.0062 3036  [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:27:20.0062 3036  ProtectedStorage - ok
17:27:20.0078 3036  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
17:27:20.0078 3036  PSched - ok
17:27:20.0125 3036  [ 3596B420E5A2819F18756CC6D0E7C1B1 ] psqlWGE         C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
17:27:20.0140 3036  psqlWGE - ok
17:27:20.0140 3036  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:27:20.0140 3036  Ptilink - ok
17:27:20.0156 3036  ql1080 - ok
17:27:20.0171 3036  Ql10wnt - ok
17:27:20.0171 3036  ql12160 - ok
17:27:20.0187 3036  ql1240 - ok
17:27:20.0203 3036  ql1280 - ok
17:27:20.0218 3036  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:27:20.0218 3036  RasAcd - ok
17:27:20.0250 3036  [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto         C:\WINDOWS\System32\rasauto.dll
17:27:20.0250 3036  RasAuto - ok
17:27:20.0281 3036  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:27:20.0281 3036  Rasl2tp - ok
17:27:20.0312 3036  [ 49B5EED5FB89D39456A2F616CCD8BA5D ] RasMan          C:\WINDOWS\System32\rasmans.dll
17:27:20.0312 3036  RasMan - ok
17:27:20.0328 3036  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:27:20.0328 3036  RasPppoe - ok
17:27:20.0359 3036  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
17:27:20.0359 3036  Raspti - ok
17:27:20.0390 3036  [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:27:20.0390 3036  Rdbss - ok
17:27:20.0421 3036  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:27:20.0421 3036  RDPCDD - ok
17:27:20.0437 3036  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:27:20.0437 3036  rdpdr - ok
17:27:20.0484 3036  [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
17:27:20.0484 3036  RDPWD - ok
17:27:20.0546 3036  [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
17:27:20.0546 3036  RDSessMgr - ok
17:27:20.0609 3036  [ B31B4588E4086D8D84ADBF9845C2402B ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
17:27:20.0609 3036  redbook - ok
17:27:20.0625 3036  [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
17:27:20.0625 3036  RemoteAccess - ok
17:27:20.0671 3036  [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
17:27:20.0671 3036  RemoteRegistry - ok
17:27:20.0703 3036  [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator      C:\WINDOWS\system32\locator.exe
17:27:20.0703 3036  RpcLocator - ok
17:27:20.0734 3036  [ 24B5D53B9ACCC1E2EDCF0A878D6659D4 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
17:27:20.0734 3036  RpcSs - ok
17:27:20.0781 3036  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
17:27:20.0781 3036  RSVP - ok
17:27:20.0812 3036  [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs           C:\WINDOWS\system32\lsass.exe
17:27:20.0828 3036  SamSs - ok
17:27:20.0859 3036  [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
17:27:20.0859 3036  SCardSvr - ok
17:27:20.0906 3036  [ 92360854316611F6CC471612213C3D92 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
17:27:20.0906 3036  Schedule - ok
17:27:20.0921 3036  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:27:20.0937 3036  Secdrv - ok
17:27:20.0968 3036  [ B1E0CE09895376871746F36DC5773B4F ] seclogon        C:\WINDOWS\System32\seclogon.dll
17:27:20.0968 3036  seclogon - ok
17:27:21.0015 3036  [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS            C:\WINDOWS\system32\sens.dll
17:27:21.0015 3036  SENS - ok
17:27:21.0062 3036  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
17:27:21.0062 3036  serenum - ok
17:27:21.0078 3036  [ CD9404D115A00D249F70A371B46D5A26 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
17:27:21.0078 3036  Serial - ok
17:27:21.0140 3036  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
17:27:21.0140 3036  Sfloppy - ok
17:27:21.0187 3036  [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
17:27:21.0203 3036  SharedAccess - ok
17:27:21.0250 3036  [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:27:21.0250 3036  ShellHWDetection - ok
17:27:21.0265 3036  Simbad - ok
17:27:21.0296 3036  Sparrow - ok
17:27:21.0328 3036  [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
17:27:21.0328 3036  splitter - ok
17:27:21.0375 3036  [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
17:27:21.0375 3036  Spooler - ok
17:27:21.0421 3036  [ B2EC3E1DEAC5F0A764BD3486D213A0AF ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:27:21.0453 3036  SQLBrowser - ok
17:27:21.0484 3036  [ D2F4F32B59440011174B4F8137AF4E0C ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:27:21.0484 3036  SQLWriter - ok
17:27:21.0578 3036  [ E41B6D037D6CD08461470AF04500DC24 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
17:27:21.0578 3036  sr - ok
17:27:21.0609 3036  [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice       C:\WINDOWS\system32\srsvc.dll
17:27:21.0640 3036  srservice - ok
17:27:21.0671 3036  [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
17:27:21.0890 3036  Srv - ok
17:27:21.0906 3036  [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
17:27:21.0921 3036  SSDPSRV - ok
17:27:21.0968 3036  [ B6763F8534AC547CF1AF98AFDFF2EDC8 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
17:27:22.0078 3036  stisvc - ok
17:27:22.0156 3036  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
17:27:22.0171 3036  swenum - ok
17:27:22.0187 3036  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
17:27:22.0203 3036  swmidi - ok
17:27:22.0203 3036  SwPrv - ok
17:27:22.0234 3036  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
17:27:22.0234 3036  symc810 - ok
17:27:22.0265 3036  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:27:22.0265 3036  symc8xx - ok
17:27:22.0296 3036  [ F2B7E8416F508368AC6730E2AE1C614F ] Symmpi          C:\WINDOWS\system32\DRIVERS\symmpi.sys
17:27:22.0296 3036  Symmpi - ok
17:27:22.0343 3036  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:27:22.0359 3036  sym_hi - ok
17:27:22.0437 3036  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:27:22.0437 3036  sym_u3 - ok
17:27:22.0468 3036  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
17:27:22.0468 3036  sysaudio - ok
17:27:22.0531 3036  [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
17:27:22.0562 3036  SysmonLog - ok
17:27:22.0609 3036  [ FB78839B36025AA286A51289ED28B73E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
17:27:22.0609 3036  TapiSrv - ok
17:27:22.0656 3036  [ 744E57C99232201AE98C49168B918F48 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:27:22.0687 3036  Tcpip - ok
17:27:22.0718 3036  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
17:27:22.0718 3036  TDPIPE - ok
17:27:22.0781 3036  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
17:27:22.0781 3036  TDTCP - ok
17:27:22.0796 3036  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
17:27:22.0828 3036  TermDD - ok
17:27:22.0906 3036  [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService     C:\WINDOWS\System32\termsrv.dll
17:27:22.0953 3036  TermService - ok
17:27:22.0968 3036  [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] Themes          C:\WINDOWS\System32\shsvcs.dll
17:27:22.0968 3036  Themes - ok
17:27:22.0984 3036  [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
17:27:23.0015 3036  TlntSvr - ok
17:27:23.0031 3036  TosIde - ok
17:27:23.0046 3036  [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
17:27:23.0046 3036  TrkWks - ok
17:27:23.0078 3036  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
17:27:23.0078 3036  Udfs - ok
17:27:23.0078 3036  ultra - ok
17:27:23.0125 3036  [ ACA5D98663D879C6BAAFCEA7E2F1B710 ] upnphost        C:\WINDOWS\System32\upnphost.dll
17:27:23.0125 3036  upnphost - ok
17:27:23.0140 3036  [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS             C:\WINDOWS\System32\ups.exe
17:27:23.0140 3036  UPS - ok
17:27:23.0171 3036  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:27:23.0171 3036  usbccgp - ok
17:27:23.0187 3036  [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:27:23.0187 3036  usbehci - ok
17:27:23.0234 3036  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:27:23.0234 3036  usbhub - ok
17:27:23.0250 3036  [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:27:23.0250 3036  usbohci - ok
17:27:23.0296 3036  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:27:23.0296 3036  usbscan - ok
17:27:23.0312 3036  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:27:23.0312 3036  usbuhci - ok
17:27:23.0328 3036  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
17:27:23.0328 3036  VgaSave - ok
17:27:23.0359 3036  [ 59CB1338AD3654417BEA49636457F65D ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
17:27:23.0359 3036  ViaIde - ok
17:27:23.0406 3036  [ EE4660083DEBA849FF6C485D944B379B ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
17:27:23.0406 3036  VolSnap - ok
17:27:23.0437 3036  [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS             C:\WINDOWS\System32\vssvc.exe
17:27:23.0453 3036  VSS - ok
17:27:23.0500 3036  [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time         C:\WINDOWS\system32\w32time.dll
17:27:23.0500 3036  W32Time - ok
17:27:23.0546 3036  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:27:23.0546 3036  Wanarp - ok
17:27:23.0546 3036  WDICA - ok
17:27:23.0593 3036  [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
17:27:23.0593 3036  wdmaud - ok
17:27:23.0609 3036  [ 265F534EF76832435AFBF771EC97176D ] WebClient       C:\WINDOWS\System32\webclnt.dll
17:27:23.0625 3036  WebClient - ok
17:27:23.0703 3036  [ F399242A80C4066FD155EFA4CF96658E ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
17:27:23.0718 3036  winmgmt - ok
17:27:23.0781 3036  [ C086483E3DBA8C1C0A687EC8D5B3D4C1 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
17:27:23.0781 3036  WmdmPmSN - ok
17:27:23.0843 3036  [ E8E57B0F9EB03D1AABEC28D550C75116 ] Wmi             C:\WINDOWS\System32\advapi32.dll
17:27:23.0859 3036  Wmi - ok
17:27:23.0937 3036  [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:27:23.0937 3036  WmiApSrv - ok
17:27:23.0984 3036  [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
17:27:23.0984 3036  wscsvc - ok
17:27:24.0015 3036  [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
17:27:24.0046 3036  wuauserv - ok
17:27:24.0078 3036  [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
17:27:24.0093 3036  WZCSVC - ok
17:27:24.0125 3036  [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
17:27:24.0125 3036  xmlprov - ok
17:27:24.0140 3036  ================ Scan global ===============================
17:27:24.0187 3036  [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
17:27:24.0218 3036  [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
17:27:24.0343 3036  [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
17:27:24.0406 3036  [ 4712531AB7A01B7EE059853CA17D39BD ] C:\WINDOWS\system32\services.exe
17:27:24.0406 3036  [Global] - ok
17:27:24.0421 3036  ================ Scan MBR ==================================
17:27:24.0437 3036  [ 4F02A8D4048A138C450ED7F867EB0144 ] \Device\Harddisk0\DR0
17:27:25.0046 3036  \Device\Harddisk0\DR0 - ok
17:27:25.0046 3036  ================ Scan VBR ==================================
17:27:25.0093 3036  [ B63314AAF170B96C28D9C8F7C8205C07 ] \Device\Harddisk0\DR0\Partition1
17:27:25.0125 3036  \Device\Harddisk0\DR0\Partition1 - ok
17:27:25.0156 3036  [ DD742AD5BE1C4A05CBD7921ECCC4C364 ] \Device\Harddisk0\DR0\Partition2
17:27:25.0187 3036  \Device\Harddisk0\DR0\Partition2 - ok
17:27:25.0187 3036  ============================================================
17:27:25.0187 3036  Scan finished
17:27:25.0187 3036  ============================================================
17:27:25.0203 3028  Detected object count: 0
17:27:25.0203 3028  Actual detected object count: 0
17:27:30.0265 2336  Deinitialize success
 

---------------------------------------------------------------------------------------

 

# AdwCleaner v2.305 - Logfile created 07/18/2013 at 18:15:34
# Updated 11/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - DONNA
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\END
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2856453
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3003489
Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start
Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin
Key Deleted : HKLM\Software\TotalRecipeSearch_14EI
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Google Chrome v28.0.1500.72
 
File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [5974 octets] - [18/07/2013 18:15:34]
 
########## EOF - C:\AdwCleaner[S1].txt - [6034 octets] ##########
 

EOM.



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:25 PM

Posted 19 July 2013 - 11:40 AM

Hi, We'll clean them last, a different way.

Do ESET now.

Then in Control Panel,Add/Remove... Uninstall

Adobe Reader 9.5.0 (Version: 9.5.0)
Java™ 6 Update 2 (Version: 1.6.0.20)

Reboot
Install
Adobe Reader 11.0

Java Version 7 Update 25
by clicking .... Windows Offline (32-bit)


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 frankvh

frankvh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 23 July 2013 - 07:26 AM

G'day, Boopme! Hope you had a pleasing weekend.

 

I've taken the steps you directed in your last reply. I ran ESET and it reported the following on completion:

 

------------------------------------

 

C:\Documents and Settings\Administrator\Application Data\AVG\Rescue\PC Tuneup 2011\111205082957500.rsc multiple threats deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aagbdhdadcgcdjdfdedcddgfdedfggdf\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aagbdhdadcgcdjdfdedcddgfdedfggdf\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\14EIPlug.dll.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\14EZSETP.dll.vir a variant of Win32/Toolbar.MyWebSearch.Q application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISb.dll.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
 
--------------------------------------
 
When I closed ESET, I checked the "Delete quarantined files" option.
 
I then uninstalled Adobe Reader 9.5.0 and Java 6 Update 2, and installed Adobe Reader 11 and Java 7, using the links you provided.
 
I tried again to run TFC, and its behavior was unchanged. Still hangs after closing the desktop, still hangs on choosing EXIT.
 
AVG still reports the presence of the Trojan I mentioned in the original post.
 
(Note: We have an HP multi-function printer on the network and when we use the accompanying HP-furnished scanner utility on this machine, we get multiple reports of malware activity from the installed AVG package. I have no idea what that means, thought you might.)
 
Thanks again for your continuing help and support.
 
Frank


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:25 PM

Posted 23 July 2013 - 12:45 PM

Hi Frank, I think this is an orphaned malware file.
c:\Documents and Settings\Administrator\Local Settings\Temp\sbcjxyn\snprdmb\wow.dll

But since you still see the other Trojan and it's not in SET removed list I feel it safer if you repost and we use stronger tools.

Follow the guide .....

Include this link back to here.

http://www.bleepingcomputer.com/forums/t/501360/stubborn-trojan/#entry3111254

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 frankvh

frankvh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 23 July 2013 - 01:56 PM

Hi, Boopme!

 

Thanks for your latest. Wilco and standby.

 

Frank



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:25 PM

Posted 23 July 2013 - 08:35 PM

Copy that

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 2 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users