Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Iminent/teeveewatch, etc malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Iminent/teeveewatch, etc malware

Unread postby codesurfer » June 25th, 2013, 4:08 pm

Hello,

I Tred to remove viruses (TeeVeeWatch, Iminent, etc.) but was not completely successful. Here are my logs as requested.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.5730.13
Run by Noel at 12:56:35 on 2013-06-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.220 [GMT -7:00]
.
.
============== Running Processes ================
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Umbrella\umbrella.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - c:\program files\internethelper3.1\prxtbInterror.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - c:\program files\internethelper3.1\prxtbInterror.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -
TB: InternetHelper3.1 Toolbar: {07CBF788-1359-421B-A4E3-5A8D041B90A3} - c:\program files\internethelper3.1\prxtbInterror.dll
TB: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - c:\program files\internethelper3.1\prxtbInterror.dll
uRun: [cdloader] "c:\documents and settings\csgadm#\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Iminent] c:\program files\iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun: [IminentMessenger] c:\program files\iminent\Iminent.Messengers.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: microsoft.com
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/Shar ... vSniff.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 8890885803
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/Shar ... /cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 8911218891
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/ ... leId=19588
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{30BD40D5-B97C-4DB0-9BF9-BE7F16AFBA6B} : DHCPNameServer = 192.168.1.254
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\csgadm#\application data\mozilla\firefox\profiles\vgaxm8by.default\
FF - plugin: c:\windows\npMSDM.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
.
============= SERVICES / DRIVERS ===============
.
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2013-6-21 106280]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-21 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-21 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-21 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe --> c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [?]
S4 vsdatant;vsdatant;a --> a [?]
.
=============== Created Last 30 ================
.
2013-06-25 19:44:17 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2013-06-25 19:44:16 275696 ----a-w- c:\windows\system32\mucltui.dll
2013-06-25 18:48:09 -------- d-----w- c:\windows\LastGood.Tmp
2013-06-25 18:42:57 32866 ------w- c:\windows\slrundll.exe
2013-06-25 18:42:56 884712 ------w- c:\program files\msn\msncorefiles\install\msn9components\digcore.exe
2013-06-25 18:42:56 1327320 ------w- c:\program files\msn\msncorefiles\install\msnsusii.exe
2013-06-25 18:42:56 -------- d-----w- c:\windows\system32\scripting
2013-06-25 18:42:54 11053008 ------w- c:\program files\msn\msncorefiles\install\msn9components\msncli.exe
2013-06-25 18:42:53 -------- d-----w- c:\windows\l2schemas
2013-06-25 18:42:52 966656 ------w- c:\program files\msn\msncorefiles\oobe\obemetal.dll
2013-06-25 18:42:52 86016 ------w- c:\program files\msn\msncorefiles\oobe\obepopc.dll
2013-06-25 18:42:52 77824 ------w- c:\program files\msn\msncorefiles\oobe\obemtllc.dll
2013-06-25 18:42:52 229376 ------w- c:\program files\msn\msncorefiles\oobe\obelog.dll
2013-06-25 18:42:52 -------- d-----w- c:\windows\system32\en
2013-06-25 18:38:52 -------- d-----w- c:\windows\ServicePackFiles
2013-06-25 18:33:24 19569 ----a-w- c:\windows\003376_.tmp
2013-06-25 18:33:11 -------- d-----w- c:\windows\system32\ReinstallBackups
2013-06-22 11:00:42 -------- d-----w- c:\program files\Microsoft Download Manager
2013-06-22 07:41:22 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-06-22 07:17:35 -------- d-----w- C:\MGtools
2013-06-22 06:42:29 -------- d-----w- c:\documents and settings\csgadm#\application data\Malwarebytes
2013-06-22 06:41:42 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-22 06:23:22 -------- d-----w- c:\program files\HitmanPro
2013-06-22 06:19:51 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2013-06-22 06:10:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-22 06:10:47 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-06-22 04:02:04 -------- d-----w- c:\documents and settings\csgadm#\local settings\application data\Mozilla
2013-06-22 01:57:16 -------- d-----w- c:\program files\Motive
2013-06-21 20:03:57 -------- d-----w- c:\documents and settings\all users\application data\Sophos
2013-06-21 20:01:26 -------- d-----w- c:\program files\Sophos
2013-06-21 19:32:27 297808 ----a-w- c:\windows\system32\TBD83.tmp
2013-06-21 19:23:22 771424 ----a-w- c:\windows\system32\TBD78.tmp
2013-06-04 05:18:31 -------- d-----w- c:\program files\CCleaner
2013-06-04 04:23:17 -------- d-----w- c:\documents and settings\csgadm#\application data\Iminent
2013-06-04 04:05:30 -------- d-----w- c:\documents and settings\all users\application data\Iminent
2013-06-04 03:38:19 -------- d-----w- c:\documents and settings\csgadm#\local settings\application data\ApplicationHistory
2013-06-04 03:38:07 -------- d-----w- C:\94205964dd8481724cd3477968
2013-06-04 03:02:28 -------- d-----w- C:\864a8b031925f36d3312c436d06a63
2013-06-04 03:01:29 -------- d-----w- c:\program files\common files\Umbrella
2013-06-04 02:48:48 -------- d-----w- c:\program files\MyPC Backup
2013-06-04 02:40:01 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-04 02:36:33 -------- d-----w- c:\program files\Conduit
2013-06-04 02:35:58 -------- d-----w- c:\documents and settings\csgadm#\local settings\application data\InternetHelper3.1
2013-06-04 02:35:54 -------- d-----w- c:\documents and settings\csgadm#\local settings\application data\Temp
2013-06-04 02:35:48 -------- d-----w- c:\documents and settings\csgadm#\local settings\application data\Conduit
2013-06-04 02:35:47 -------- d-----w- c:\program files\InternetHelper3.1
2013-06-04 02:17:35 -------- d-----w- c:\documents and settings\csgadm#\local settings\application data\TeeveeWatchSA
.
==================== Find3M ====================
.
2013-06-04 02:40:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 12:57:41.59 ===============

Thank you very much in advance.
codesurfer
Active Member
 
Posts: 13
Joined: June 24th, 2013, 2:41 pm
Advertisement
Register to Remove

Re: Iminent/teeveewatch, etc malware

Unread postby Cypher » June 26th, 2013, 12:34 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


When you ran DDS it should of produced two logs, DDS.txt and Attach.txt.
Please post the Attach.txt contents in your next reply. If the Attach.txt log is not on your desktop, run DDS again.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Iminent/teeveewatch, etc malware

Unread postby codesurfer » June 26th, 2013, 1:38 pm

Hello Cypher and thank you for responding. Below is the Attach.txt log you requested. Thanks.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/5/2008 10:52:07 AM
System Uptime: 6/26/2013 10:20:16 AM (0 hours ago)
.
Motherboard: Dell Computer Corporation | | 0W0941
Processor: Mobile Intel(R) Pentium(R) 4 CPU 3.06GHz | Microprocessor | 1594/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 61.656 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== Installed Programs ======================
.
7-Zip 4.57
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom 440x 10/100 Integrated Controller
CCleaner
Compatibility Pack for the 2007 Office system
Conexant D480 MDC V.92 Modem
Configuration Manager Client
CutePDF Writer 2.7
Dell Wireless WLAN Card
High Definition Audio Driver Package - KB888111
HitmanPro 3.7
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Iminent
InternetHelper3.1 Toolbar
iTunes
Java(TM) 6 Update 5
magicJack
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Download Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 6.0 Parser (KB933579)
NVIDIA Drivers
QuickTime
RDC
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Tweak UI
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
WebFldrs XP
WIMGAPI
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
.
==== End Of File ===========================
codesurfer
Active Member
 
Posts: 13
Joined: June 24th, 2013, 2:41 pm

Re: Iminent/teeveewatch, etc malware

Unread postby Cypher » June 26th, 2013, 1:50 pm

Hi,
thank you for responding

You're welcome.

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Please download a free anti-virus software from one these excellent vendors.


Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Next.

Click Start > Control Panel, and then double-click Add or Remove Programs.
Uninstall the following if present.
Adobe Reader 8.1.2
InternetHelper3.1 Toolbar
Iminent
Java(TM) 6 Update 5


Next.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run it.
  • Click on Delete.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Logs/Information to Post in your Next Reply

  • AdwCleaner log.
  • OTL.txt and Extra.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Iminent/teeveewatch, etc malware

Unread postby codesurfer » June 26th, 2013, 10:04 pm

Hi Cypher,
I did a backup of the PC via Memeo Instant Backup that came with the Seagate USB external drive I use to backup my other device. It took a long while to finish. Beforehand, I didn't want to connect my external USB drive to the PC due to the malware infection but since backing up the data was on the to do list, I went ahead and did so.

I currently have these anti-virus/anti-malware programs and some of them DID show up in the last two logs I sent earlier. Perhaps you just did not see them.
RogueKiller
Malwarebytes
TDSSKiller
HitmanPro
MGTools


Nonetheless, I went ahead and downloaded and installed both Avast!8 Home Edition and Micorosof Security Essentials as you instructed.


You mentioned that I should run only ONE avtivirus program at a time. Would you like me to un-install the 5 programs I listed above and just let Avast
protect the PC?
Upon installing Avast, I did notice a severe performance degradation after the PC booted after the AdwCleaner pgm ran.


Next.


Add or Remove Programs:
I removed:
Adobe Reader 8.1.2
InternetHelper3.1 Toolbar
Java(TM) 6 Update 5

I could not find Iminent on the list of programs that can be removed. It's most likely because I used Windows to search for files containing "Iminent" and
manually deleted them all from the PC before I stumbled onto your website to get assistance. I hope the delete does not cause issues in getting rid of the
Iminent malware.



Next.



Here is the log from AdwCleaner:

# AdwCleaner v2.303 - Logfile created 06/26/2013 at 14:11:02
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Noel - NOELINSPIRON
# Boot Mode : Normal
# Running from : C:\Documents and Settings\csgadm#\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : SProtection

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Iminent
Folder Deleted : C:\Documents and Settings\csgadm#\Application Data\Iminent
Folder Deleted : C:\Documents and Settings\csgadm#\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Common Files\Umbrella
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289663
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B4750D705E2564409328D661F3A08E1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26E983F1377593143A37E3BA1C65CB74
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C036A97566BFD147A3318BA9E8EA65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CC84F27D09408149894EC0F9A7C017F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4BDFB2601A205D344828E68FC902CAE9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D010CDB0C7815A48A7F780C5F8AACA7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AFEEBDA8013CAA74C8052DC06F9F22D8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC063FFF6402E614191D191F0DE5C5B4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F18FD125C322BC84286AD21D8B685F2F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1C8F66181D6DDD488BB6F772F71324A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\Software\Umbrella
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Iminent\Iminent.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Iminent\Iminent.Messengers.exe]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\csgadm#\Application Data\Mozilla\Firefox\Profiles\vgaxm8by.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\csgadm#\Application Data\Mozilla\Firefox\Profiles\vgaxm8by.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\csgadm#\Application Data\Mozilla\Firefox\Profiles\vgaxm8by.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\csgadm#\Application Data\Mozilla\Firefox\Profiles\vgaxm8by.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\csgadm#\Application Data\Mozilla\Firefox\Profiles\vgaxm8by.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [29999 octets] - [26/06/2013 14:11:02]

########## EOF - C:\AdwCleaner[S1].txt - [30060 octets] ##########



Next.


Here is the log from OTL via the QuickScan option:

OTL logfile created on: 6/26/2013 6:13:58 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\csgadm#\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 169.76 Mb Available Physical Memory | 33.20% Memory free
1.22 Gb Paging File | 0.41 Gb Available in Paging File | 33.37% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 60.43 Gb Free Space | 81.08% Space Free | Partition Type: NTFS

Computer Name: NOELINSPIRON | User Name: Noel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/26 17:59:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\csgadm#\Desktop\OTL.exe
PRC - [2013/06/21 23:23:23 | 000,106,280 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2013/05/09 01:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/01 09:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 09:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 09:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2011/05/04 14:04:38 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2011/05/04 14:04:32 | 000,325,344 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/16 04:00:00 | 000,758,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/26 11:06:20 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2013/06/26 11:06:19 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/06/26 11:06:18 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2013/06/26 11:06:16 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/06/26 11:06:15 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/06/26 11:06:12 | 004,546,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2013/06/26 11:06:06 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2013/06/26 11:06:01 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/06/26 11:05:46 | 003,149,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2013/06/26 11:05:42 | 000,659,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2013/06/26 11:05:33 | 000,010,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2013/06/26 11:05:28 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2013/06/26 11:05:18 | 005,238,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2013/06/26 01:01:56 | 002,089,984 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13062600\algo.dll
MOD - [2011/06/01 09:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 09:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 09:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 09:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2011/05/04 14:04:54 | 002,896,608 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2011/05/04 14:04:50 | 000,027,360 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
MOD - [2011/05/04 14:04:32 | 000,325,344 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/22 15:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\sqlite3.dll
MOD - [2006/12/10 20:31:12 | 000,087,800 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe -- (SophosVirusRemovalTool)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/21 23:23:23 | 000,106,280 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2013/05/11 15:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/06/01 09:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/05/04 14:04:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2007/08/16 04:00:00 | 000,758,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2007/08/16 04:00:00 | 000,247,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- a -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/06/26 14:26:47 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31715499-53BA-4B8C-A9CC-11CF7111F8AC}\MpKsl64ae878e.sys -- (MpKsl64ae878e)
DRV - [2013/06/26 12:04:04 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/26 12:04:04 | 000,369,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/05/09 01:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 01:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 01:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 01:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 01:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 01:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2007/08/16 04:00:00 | 000,023,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2006/12/18 10:00:14 | 000,424,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/07/14 09:45:20 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/15 15:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97)
DRV - [2003/05/15 18:09:32 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2013/06/26 15:26:08 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/26 12:00:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/06/21 21:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\csgadm#\Application Data\Mozilla\Extensions
[2013/06/26 11:28:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/06/21 21:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/21 21:01:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe File not found
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/Shar ... vSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 8890885803 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 8911218891 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30BD40D5-B97C-4DB0-9BF9-BE7F16AFBA6B}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/21 14:36:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{178c0c2f-7e14-11dd-a0ea-000d563780af}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{178c0c2f-7e14-11dd-a0ea-000d563780af}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{178c0c2f-7e14-11dd-a0ea-000d563780af}\Shell\phone\command - "" = E:\autorun.exe
O33 - MountPoints2\{fbafd4b0-dafd-11e2-a13e-00904b16940e}\Shell - "" = AutoRun
O33 - MountPoints2\{fbafd4b0-dafd-11e2-a13e-00904b16940e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fbafd4b0-dafd-11e2-a13e-00904b16940e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/26 13:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/06/26 12:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/06/26 12:03:31 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/06/26 12:03:30 | 000,369,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/06/26 12:03:25 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/06/26 12:03:22 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/06/26 12:03:16 | 000,770,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/06/26 12:03:05 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/06/26 12:03:03 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/06/26 12:00:12 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/06/26 11:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/06/26 11:53:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/06/26 11:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\csgadm#\Local Settings\Application Data\Adobe
[2013/06/26 11:20:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/06/26 11:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2013/06/26 11:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\csgadm#\Application Data\Memeo
[2013/06/26 11:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\csgadm#\Application Data\Seagate
[2013/06/26 11:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Seagate
[2013/06/26 11:09:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Seagate Dashboard
[2013/06/26 11:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2013/06/26 11:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Memeo
[2013/06/26 11:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Memeo
[2013/06/26 11:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\Memeo
[2013/06/26 10:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2013/06/26 10:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\csgadm#\Application Data\Leadertech
[2013/06/25 12:38:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/06/25 11:42:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2013/06/25 11:42:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2013/06/25 11:42:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2013/06/25 11:38:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2013/06/25 11:35:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2013/06/25 11:33:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2013/06/25 11:28:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2013/06/24 11:44:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\csgadm#\Start Menu\Programs\Administrative Tools
[2013/06/24 11:44:36 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\csgadm#\Desktop\dds.scr
[2013/06/22 04:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2013/06/22 04:22:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2013/06/22 04:20:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2013/06/22 04:19:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2013/06/22 04:18:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2013/06/22 04:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager
[2013/06/22 04:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager
[2013/06/22 01:42:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\csgadm#\Desktop\OTL.exe
[2013/06/22 00:41:22 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/06/22 00:17:35 | 000,000,000 | ---D | C] -- C:\MGtools
[2013/06/21 23:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\csgadm#\Application Data\Malwarebytes
[2013/06/21 23:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/21 23:41:42 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/06/21 23:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2013/06/21 23:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/06/21 23:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/06/21 23:19:49 | 009,171,472 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\csgadm#\Desktop\HitmanPro.exe
[2013/06/21 23:17:12 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\csgadm#\Desktop\tdsskiller.exe
[2013/06/21 23:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/21 23:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/06/21 23:09:46 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\csgadm#\Desktop\mb.exe
[2013/06/21 23:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\csgadm#\Desktop\RK_Quarantine
[2013/06/21 22:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\csgadm#\Application Data\U3
[2013/06/21 22:20:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\csgadm#\Recent
[2013/06/21 21:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\csgadm#\Local Settings\Application Data\Mozilla
[2013/06/21 21:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\csgadm#\Application Data\Mozilla
[2013/06/21 21:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/06/21 21:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013/06/21 21:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/06/21 18:57:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive
[2013/06/21 18:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Motive
[2013/06/21 13:03:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2013/06/21 13:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2013/06/21 12:52:02 | 071,332,112 | ---- | C] (Sophos Limited) -- C:\Documents and Settings\csgadm#\Desktop\Sophos Virus Removal Tool.exe
[2013/06/03 22:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2013/06/03 22:18:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/06/03 20:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\csgadm#\Local Settings\Application Data\ApplicationHistory
[2013/06/03 20:38:07 | 000,000,000 | ---D | C] -- C:\94205964dd8481724cd3477968
[2013/06/03 20:02:28 | 000,000,000 | ---D | C] -- C:\864a8b031925f36d3312c436d06a63
[2013/06/03 19:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2013/06/03 19:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\csgadm#\Local Settings\Application Data\Temp
[2013/06/03 19:17:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\csgadm#\Local Settings\Application Data\TeeveeWatchSA
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/26 17:59:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\csgadm#\Desktop\OTL.exe
[2013/06/26 15:58:24 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/06/26 15:42:35 | 000,000,321 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2013/06/26 15:39:32 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/06/26 15:35:10 | 000,011,242 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2013/06/26 15:34:17 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/06/26 15:33:01 | 000,478,614 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/06/26 15:33:00 | 000,079,176 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/06/26 15:32:30 | 000,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/06/26 15:23:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/26 13:50:32 | 000,648,201 | ---- | M] () -- C:\Documents and Settings\csgadm#\Desktop\adwcleaner.exe
[2013/06/26 13:15:28 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/06/26 13:12:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/26 12:41:42 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/06/26 12:04:04 | 000,770,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/06/26 12:04:04 | 000,369,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/06/26 12:04:04 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/06/26 12:04:04 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/06/26 12:03:34 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/06/26 11:50:58 | 117,478,104 | ---- | M] () -- C:\Documents and Settings\csgadm#\Desktop\avast_free_antivirus_setup.exe
[2013/06/26 11:09:25 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seagate Dashboard.lnk
[2013/06/25 12:38:18 | 000,261,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/06/25 11:35:25 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013/06/24 23:21:13 | 000,011,242 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2013/06/24 11:44:46 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\csgadm#\Desktop\dds.scr
[2013/06/22 04:51:19 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\csgadm#\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/06/22 04:11:44 | 005,154,304 | ---- | M] () -- C:\Documents and Settings\csgadm#\Desktop\WindowsDefender.msi
[2013/06/22 04:00:46 | 000,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2013/06/22 01:45:44 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\csgadm#\Desktop\SystemLook.exe
[2013/06/22 00:41:22 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/06/22 00:23:46 | 000,184,233 | ---- | M] () -- C:\MGlogs.zip
[2013/06/22 00:23:46 | 000,184,233 | ---- | M] () -- C:\Documents and Settings\csgadm#\Desktop\MGlogs.zip
[2013/06/21 23:41:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/21 23:28:10 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\csgadm#\Desktop\mb.exe
[2013/06/21 23:23:23 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2013/06/21 22:36:08 | 001,898,001 | ---- | M] () -- C:\Documents and Settings\csgadm#\Desktop\MGtools.exe
[2013/06/21 22:35:28 | 009,171,472 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\csgadm#\Desktop\HitmanPro.exe
[2013/06/21 22:34:08 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\csgadm#\Desktop\tdsskiller.exe
[2013/06/21 22:25:26 | 000,910,848 | ---- | M] () -- C:\Documents and Settings\csgadm#\Desktop\RogueKiller.exe
[2013/06/21 21:01:55 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\csgadm#\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/06/21 21:01:55 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/06/21 12:54:01 | 071,332,112 | ---- | M] (Sophos Limited) -- C:\Documents and Settings\csgadm#\Desktop\Sophos Virus Removal Tool.exe
[2013/06/03 22:18:42 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/06/03 21:22:10 | 000,001,189 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/26 13:47:32 | 000,648,201 | ---- | C] () -- C:\Documents and Settings\csgadm#\Desktop\adwcleaner.exe
[2013/06/26 13:34:56 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/06/26 13:24:19 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/06/26 13:15:28 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2013/06/26 13:14:25 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/06/26 12:04:04 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/06/26 12:04:04 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/06/26 12:03:34 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/06/26 12:03:15 | 000,174,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/06/26 12:03:13 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/06/26 12:03:11 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/06/26 11:27:34 | 117,478,104 | ---- | C] () -- C:\Documents and Settings\csgadm#\Desktop\avast_free_antivirus_setup.exe
[2013/06/26 11:09:25 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate Dashboard.lnk
[2013/06/25 11:35:52 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2013/06/25 11:35:51 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2013/06/25 11:35:50 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2013/06/22 04:25:18 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2013/06/22 04:11:44 | 005,154,304 | ---- | C] () -- C:\Documents and Settings\csgadm#\Desktop\WindowsDefender.msi
[2013/06/22 04:00:46 | 000,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2013/06/22 01:45:39 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\csgadm#\Desktop\SystemLook.exe
[2013/06/22 00:23:46 | 000,184,233 | ---- | C] () -- C:\Documents and Settings\csgadm#\Desktop\MGlogs.zip
[2013/06/22 00:17:40 | 000,184,233 | ---- | C] () -- C:\MGlogs.zip
[2013/06/22 00:17:32 | 001,898,001 | ---- | C] () -- C:\Documents and Settings\csgadm#\Desktop\MGtools.exe
[2013/06/21 23:41:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/21 23:23:23 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2013/06/21 22:39:50 | 000,910,848 | ---- | C] () -- C:\Documents and Settings\csgadm#\Desktop\RogueKiller.exe
[2013/06/21 21:01:55 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\csgadm#\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/06/21 21:01:55 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/06/21 21:01:55 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/06/03 22:18:40 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/06/03 21:05:17 | 000,001,189 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2008/04/23 15:41:13 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2008/04/22 14:24:00 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

========== ZeroAccess Check ==========

[2008/04/22 12:46:31 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 05:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/26 11:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/06/22 00:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2010/08/23 19:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2013/06/26 11:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2013/06/21 13:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2011/02/23 11:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/06/26 10:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\csgadm#\Application Data\Leadertech
[2013/06/26 15:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\csgadm#\Application Data\Memeo
[2013/03/12 17:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\csgadm#\Application Data\mjusbsp
[2013/06/26 11:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\csgadm#\Application Data\Seagate

========== Purity Check ==========



< End of report >




NOTE: I could not get the Extras.txt file to generate. I even uninstalled and re-installed OTL 4 or 5 times to figure out what's wrong but no dice.
Here are the OTL default settings when I open the application:

Scan All Users - Not selected
Output - Standard Output selected

Processes - Use SafeList
Modules - No Company Name
Services - Use SafeList
Drivers - Use SafeList
Standard Registry - Use SafeList
Extra Registry - None

File Scans:
File Age - 30 days
Use Company-Name WhiteList - Not selected
Skip Microsoft Files - Not selected
Use No-Company-Name WhiteList - Is Selected

File created within - File Age

File modified within - File Age

LOP Check - Not selected
Purity Check - Not selected



When I clicked on Quick Scan to run the application, some options got changed as shown below and then the pgm executed.


File Scans:
File Age - 30 days
Use Company-Name WhiteList - Is Selected
Skip Microsoft Files - is Selected
Use No-Company-Name WhiteList - Is Selected

LOP Check - Is selected
Purity Check - is selected


I wanted to get this response to you asap and will run avast and MSE thereafter. I will give you an update the results from both programs included in my
next post. Thank you very much.
codesurfer
Active Member
 
Posts: 13
Joined: June 24th, 2013, 2:41 pm

Re: Iminent/teeveewatch, etc malware

Unread postby Cypher » June 27th, 2013, 6:01 am

Hi,
I went ahead and downloaded and installed both Avast!8 Home Edition and Micorosof Security Essentials as you instructed.
You mentioned that I should run only ONE avtivirus program at a time. Would you like me to un-install the 5 programs I listed above and just let Avast
protect the PC?
Yes, you should only have one AV installed and running, uninstall either Avast or MSE please.
Uninstall the following to.
RogueKiller
HitmanPro
MGTools

You have TDSSKiller installed, if you ran it there will be logs on your C Drive that will look similar to this.
C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt

Post any TDSSKiller logs that are stored on your C Drive, Do not run the scan again, post these logs.

Next.

Image Please download Junkware Removal Tool and save it to your desktop.
  • Shut down your protection software as shown in This topic now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.

Logs/Information to Post in your Next Reply

  • TDSSKiller logs.
  • JRT.txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Iminent/teeveewatch, etc malware

Unread postby codesurfer » June 27th, 2013, 8:14 am

Hi Cypher,

What a surprise hearing from you so early in the morning.

Before I uninstall Avast or MSE, I first want to share the FULL System scan results from both programs to you. They each took about 7 hrs to complete. I have both Avast and MSE still open from the scans so Please give instructions on how to proceed for both.


Here's the result from a full system scan from Avast which found 3 files posing a threat:


File name Severity Status Action

C:\Program Files\AVAST Software\Avast\defs\13062600_stream\pkg1306260000000005.bin Error: The system cannot find the path specified (3)
C:\Program Files\AVAST Software\Avast\defs\13062600_stream\pkg13062600000000a5.bin Error: The system cannot find the path specified (3)
C:\Program Files\AVAST Software\Avast\defs\13062600_stream\pkg13062600000000a9.bin Error: The system cannot find the path specified (3)
C:\Program Files\AVAST Software\Avast\defs\13062600_stream\pkg13062600000000af.bin Error: The system cannot find the path specified (3)
C:\Program Files\AVAST Software\Avast\defs\13062600_stream\pkg13062600000000bb.bin Error: The system cannot find the path specified (3)
C:\Program Files\AVAST Software\Avast\defs\13062600_stream\pkg13062600000000c7.bin Error: The system cannot find the path specified (3)
C:\Program Files\AVAST Software\Avast\defs\13062600_stream\pkg13062600000000e1.bin Error: The system cannot find the path specified (3)
C:\..\MpKs164ae878e.sys Error: The system cannot find the path specified (3)
C:\Program Files\AVAST Software\Avast\defs\13062600_stream\pkg1306260000000057.bin Error: The system cannot find the path specified (3)
C:\Program Files\AVAST Software\Avast\defs\13062600_stream\pkg130626000000000b.bin Error: The system cannot find the path specified (3)
C:\Program Files\AVAST Software\Avast\defs\13062600_stream\pkg130626000000003f.bin Error: The system cannot find the path specified (3)
C:\Program Files\AVAST Software\Avast\defs\13062600_stream\pkg13062600000000ca.bin Error: The system cannot find the path specified (3)
C:\Program Files\AVAST Software\Avast\defs\13062600_stream\pkg1306260000000052.bin Error: The system cannot find the path specified (3)
C:\System Volume Informatin\_restor{E88AA5A0-4623-46F0-AC0D-42800A89CB57}\RP1630\A0080893.exe|>nsis.hdr High Threat: NSIS:hotBar-A[Adw] Move to Chest
C:\System Volume Informatin\_restor{E88AA5A0-4623-46F0-AC0D-42800A89CB57}\RP1630\A0080893.exe|>$PLUGINSDIR\Install.dll High Threat: Win32 HotBar-BV[Adw] Move to Chest
C:\Program Files\AVAST Software\Avast\defs\13062600_stream\pkg1306260000000064.bin Error: The system cannot find the path specified (3)
C:\..\_REGISTRY_USER_NTUSER_ Error: The system cannot find the path specified (3)
C:\..\pkg130626000000001f.bin Error: The system cannot find the path specified (3)
C:\..\A0073578.CAT Error: The system cannot find the path specified (3)
C:\..\A0073577.DLL Error: The system cannot find the path specified (3)
C:\..\pkg1306260000000070.bin Error: The system cannot find the path specified (3)
C:\..\A0073569.SYS Error: The system cannot find the path specified (3)
C:\..\_REGISTRY_USER_NTUSER_ Error: The system cannot find the path specified (3)
C:\..\pkg1306260000000026.bin Error: The system cannot find the path specified (3)
C:\..\pkg1306260000000004.bin Error: The system cannot find the path specified (3)
C:\..\pkg1306260000000076.bin Error: The system cannot find the path specified (3)
C:\..\_REGISTRY_USER_NTUSER_ Error: The system cannot find the path specified (3)
C:\..\pkg1306260000000079.bin Error: The system cannot find the path specified (3)
C:\..\A0073594.VXD Error: The system cannot find the path specified (3)
C:\..\mpengine.dll Error: The system cannot find the path specified (3)
C:\..\pkg1306260000000059.bin Error: The system cannot find the path specified (3)
C:\..\mpavdlta.vdm Error: The system cannot find the path specified (3)
C:\..\pkg1306260000000020.bin Error: The system cannot find the path specified (3)
C:\..\A0073592.SYS Error: The system cannot find the path specified (3)
C:\..\OBJECTS.DATA Error: The system cannot find the path specified (3)
C:\..\_REGISTRY_USER_NTUSER_ Error: The system cannot find the path specified (3)
C:\..\A0073574.DLL Error: The system cannot find the path specified (3)
C:\..\A0073583.DLL Error: The system cannot find the path specified (3)
C:\System Volume Information_restore{E88AA5A0-4623-46F0-AC0D-42800A89CB57}\RP1630\A0080891.exe High Threat: Win32:HotBar-CB[Adw] Move to Chest
C:\..\_REGISTRY_USER_NTUSER_ Error: The system cannot find the path specified (3)
C:\..\_REGISTRY_MACHINE_SECURITY Error: The system cannot find the path specified (3)

There are many more files found containing the Status: "Error: The system cannot find the path specified (3)", but the 3 threats identified are shown above with severity = HIGH






Microsoft Security Essentials full system scan results:
Here's the result from a full system scan from Avast which found 1 file posing a threat:

Detected Items Alert Level Status

Adware:Win32/Hotbar Medium Active


Category: Adware

Description: This program delivers potentially unwanted advertisements to your computer.

Recommended action: Permit this detected item only if you trust the program or the software publisher.

Items:
containerfile:C:\System Volume Information\_restore{E88AA5A0-4623-46F0-AC0D-42800A89CB57}\RP1630\A0080850.exe
file:c:\documents and settings\csgadm#\Local Settings\Application Data\TeeveeWatchSA\bin\1.0.21.0\copyright.txt
file:c:\documents and settings\csgadm#\Local Settings\Application Data\TeeveeWatchSA\data\teeveewatchSA.dat
file:c:\documents and settings\csgadm#\Local Settings\Application Data\TeeveeWatchSA\data\TeeveeWatchSAau.dat
file:c:\documents and settings\csgadm#\Local Settings\Application Data\TeeveeWatchSA\data\TeeveeWatchSA_hpk.dat
file:c:\documents and settings\csgadm#\Local Settings\Application Data\TeeveeWatchSA\data\TeeveeWatchSA_kyf.dat
file:C:\System Volume Information\_restore{E88AA5A0-4623-46F0-AC0D-42800A89CB57}\RP1630\A0080850.exe->[lowcase_mzpe]
folder:c:\documents and settings\csgadm#\Local Settings\Application Data\TeeveeWatchSA\
folder:c:\documents and settings\csgadm#\Local Settings\Application Data\TeeveeWatchSA\bin\
folder:c:\documents and settings\csgadm#\Local Settings\Application Data\TeeveeWatchSA\bin\1.0.21.0\
folder:c:\documents and settings\csgadm#\Local Settings\Application Data\TeeveeWatchSA\data\






Next.


I have removed HitmanPro. When I removed MGTools by runninng MGClean.bat file found in the MGTools folder, it removed TDSSKiller, RogueKiller and MGTools at the same time and
removed the TDSSKiller logs - but I had one of the logs open at the time so I was able to salvage it. I also remove Malwarebytes Anti-Malware. I plan on using MSE going forward.


Here is the TDSSKiller log:



00:14:31.0566 3604 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:14:33.0569 3604 ============================================================
00:14:33.0569 3604 Current date / time: 2013/06/22 00:14:33.0569
00:14:33.0569 3604 SystemInfo:
00:14:33.0569 3604
00:14:33.0569 3604 OS Version: 5.1.2600 ServicePack: 2.0
00:14:33.0569 3604 Product type: Workstation
00:14:33.0569 3604 ComputerName: NOELINSPIRON
00:14:33.0569 3604 UserName: Noel
00:14:33.0569 3604 Windows directory: C:\WINDOWS
00:14:33.0569 3604 System windows directory: C:\WINDOWS
00:14:33.0569 3604 Processor architecture: Intel x86
00:14:33.0569 3604 Number of processors: 1
00:14:33.0569 3604 Page size: 0x1000
00:14:33.0569 3604 Boot type: Normal boot
00:14:33.0569 3604 ============================================================
00:14:35.0712 3604 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:14:35.0712 3604 Drive \Device\Harddisk1\DR2 - Size: 0x7740FE00 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:14:35.0722 3604 ============================================================
00:14:35.0722 3604 \Device\Harddisk0\DR0:
00:14:35.0722 3604 MBR partitions:
00:14:35.0722 3604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
00:14:35.0722 3604 \Device\Harddisk1\DR2:
00:14:35.0722 3604 MBR partitions:
00:14:35.0722 3604 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0x81, BlocksNum 0x3B9D3F
00:14:35.0722 3604 ============================================================
00:14:35.0752 3604 C: <-> \Device\Harddisk0\DR0\Partition1
00:14:35.0752 3604 ============================================================
00:14:35.0752 3604 Initialize success
00:14:35.0752 3604 ============================================================
00:14:39.0688 3940 ============================================================
00:14:39.0708 3940 Scan started
00:14:39.0708 3940 Mode: Manual;
00:14:39.0708 3940 ============================================================
00:14:41.0050 3940 ================ Scan system memory ========================
00:14:44.0024 3940 System memory - ok
00:14:44.0034 3940 ================ Scan services =============================
00:14:44.0134 3940 Abiosdsk - ok
00:14:44.0185 3940 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
00:14:44.0185 3940 abp480n5 - ok
00:14:44.0215 3940 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:14:44.0225 3940 ACPI - ok
00:14:44.0255 3940 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
00:14:44.0255 3940 ACPIEC - ok
00:14:44.0285 3940 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
00:14:44.0285 3940 adpu160m - ok
00:14:44.0325 3940 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
00:14:44.0335 3940 aec - ok
00:14:44.0395 3940 [ 944CA435BFCFC82CC1ED9E3A7D731AA9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
00:14:44.0395 3940 AFD - ok
00:14:44.0455 3940 [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
00:14:44.0455 3940 agp440 - ok
00:14:44.0485 3940 [ 67288B07D6ABA6C1267B626E67BC56FD ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
00:14:44.0485 3940 agpCPQ - ok
00:14:44.0505 3940 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
00:14:44.0505 3940 Aha154x - ok
00:14:44.0515 3940 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
00:14:44.0525 3940 aic78u2 - ok
00:14:44.0535 3940 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
00:14:44.0535 3940 aic78xx - ok
00:14:44.0565 3940 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
00:14:44.0565 3940 Alerter - ok
00:14:44.0605 3940 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
00:14:44.0605 3940 ALG - ok
00:14:44.0635 3940 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
00:14:44.0635 3940 AliIde - ok
00:14:44.0655 3940 [ F312B7CEF21EFF52FA23056B9D815FAD ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
00:14:44.0655 3940 alim1541 - ok
00:14:44.0675 3940 [ 675C16A3C1F8482F85EE4A97FC0DDE3D ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
00:14:44.0685 3940 amdagp - ok
00:14:44.0695 3940 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
00:14:44.0695 3940 amsint - ok
00:14:44.0795 3940 [ 5AA788D5A2C6737BB9C45933985BC1B8 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:14:44.0795 3940 Apple Mobile Device - ok
00:14:44.0835 3940 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
00:14:44.0845 3940 AppMgmt - ok
00:14:44.0866 3940 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:14:44.0866 3940 Arp1394 - ok
00:14:44.0886 3940 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
00:14:44.0886 3940 asc - ok
00:14:44.0906 3940 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
00:14:44.0916 3940 asc3350p - ok
00:14:44.0916 3940 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
00:14:44.0926 3940 asc3550 - ok
00:14:45.0116 3940 [ 4EABF511B1AF176A971C3271E48FA3A8 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:14:45.0116 3940 aspnet_state - ok
00:14:45.0146 3940 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:14:45.0146 3940 AsyncMac - ok
00:14:45.0176 3940 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
00:14:45.0176 3940 atapi - ok
00:14:45.0186 3940 Atdisk - ok
00:14:45.0206 3940 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:14:45.0206 3940 Atmarpc - ok
00:14:45.0236 3940 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
00:14:45.0236 3940 AudioSrv - ok
00:14:45.0296 3940 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
00:14:45.0296 3940 audstub - ok
00:14:45.0346 3940 [ 3A3A82FFD268BCFB7AE6A48CECF00AD9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
00:14:45.0356 3940 b57w2k - ok
00:14:45.0446 3940 [ BF84C5CAB6392BB4EF01248287F69388 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
00:14:45.0456 3940 BCM43XX - ok
00:14:45.0506 3940 [ 068523D2CD260069B19AD68ADEA0D739 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
00:14:45.0506 3940 bcm4sbxp - ok
00:14:45.0557 3940 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
00:14:45.0557 3940 Beep - ok
00:14:45.0647 3940 [ 4855420F2BE8236DF0581E8512920E82 ] BITS C:\WINDOWS\System32\qmgr.dll
00:14:45.0697 3940 BITS - ok
00:14:45.0777 3940 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:14:45.0787 3940 Bonjour Service - ok
00:14:45.0817 3940 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
00:14:45.0817 3940 Browser - ok
00:14:46.0127 3940 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
00:14:46.0127 3940 cbidf - ok
00:14:46.0147 3940 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
00:14:46.0147 3940 cbidf2k - ok
00:14:46.0237 3940 [ 15434423B77F80036C71205A240C1507 ] CcmExec C:\WINDOWS\system32\CCM\CcmExec.exe
00:14:46.0248 3940 CcmExec - ok
00:14:46.0268 3940 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
00:14:46.0268 3940 cd20xrnt - ok
00:14:46.0288 3940 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
00:14:46.0288 3940 Cdaudio - ok
00:14:46.0298 3940 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
00:14:46.0298 3940 Cdfs - ok
00:14:46.0318 3940 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:14:46.0318 3940 Cdrom - ok
00:14:46.0328 3940 Changer - ok
00:14:46.0368 3940 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
00:14:46.0368 3940 CiSvc - ok
00:14:46.0378 3940 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
00:14:46.0388 3940 ClipSrv - ok
00:14:46.0438 3940 [ 234B1BC2796483E1F5C3F26649FB3388 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:14:46.0518 3940 clr_optimization_v2.0.50727_32 - ok
00:14:46.0728 3940 clr_optimization_v4.0.30319_32 - ok
00:14:46.0778 3940 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:14:46.0778 3940 CmBatt - ok
00:14:46.0808 3940 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
00:14:46.0808 3940 CmdIde - ok
00:14:46.0828 3940 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:14:46.0828 3940 Compbatt - ok
00:14:46.0848 3940 COMSysApp - ok
00:14:46.0878 3940 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
00:14:46.0878 3940 Cpqarray - ok
00:14:46.0928 3940 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
00:14:46.0928 3940 CryptSvc - ok
00:14:46.0949 3940 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
00:14:46.0949 3940 dac2w2k - ok
00:14:46.0969 3940 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
00:14:46.0969 3940 dac960nt - ok
00:14:47.0029 3940 [ CE94A2BD25E3E9F4D46A7373FF455C6D ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
00:14:47.0049 3940 DcomLaunch - ok
00:14:47.0109 3940 [ EF545E1A4B043DA4C84E230DD471C55F ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
00:14:47.0109 3940 Dhcp - ok
00:14:47.0119 3940 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
00:14:47.0129 3940 Disk - ok
00:14:47.0139 3940 dmadmin - ok
00:14:47.0199 3940 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
00:14:47.0229 3940 dmboot - ok
00:14:47.0259 3940 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
00:14:47.0269 3940 dmio - ok
00:14:47.0299 3940 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
00:14:47.0299 3940 dmload - ok
00:14:47.0329 3940 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
00:14:47.0329 3940 dmserver - ok
00:14:47.0389 3940 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
00:14:47.0389 3940 DMusic - ok
00:14:47.0439 3940 [ AAC8FFBFD61E784FA3BAC851D4A0BD5F ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
00:14:47.0439 3940 Dnscache - ok
00:14:47.0469 3940 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
00:14:47.0469 3940 dpti2o - ok
00:14:47.0499 3940 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
00:14:47.0499 3940 drmkaud - ok
00:14:47.0559 3940 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
00:14:47.0559 3940 ERSvc - ok
00:14:47.0589 3940 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe
00:14:47.0599 3940 Eventlog - ok
00:14:47.0650 3940 [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem C:\WINDOWS\system32\es.dll
00:14:47.0650 3940 EventSystem - ok
00:14:47.0680 3940 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
00:14:47.0680 3940 Fastfat - ok
00:14:47.0740 3940 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
00:14:47.0740 3940 FastUserSwitchingCompatibility - ok
00:14:47.0760 3940 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
00:14:47.0760 3940 Fdc - ok
00:14:47.0810 3940 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
00:14:47.0810 3940 Fips - ok
00:14:47.0830 3940 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
00:14:47.0830 3940 Flpydisk - ok
00:14:47.0860 3940 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:14:47.0870 3940 FltMgr - ok
00:14:48.0020 3940 [ 993883524AA9CF1C90E1545411A9AC9C ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:14:48.0030 3940 FontCache3.0.0.0 - ok
00:14:48.0070 3940 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:14:48.0070 3940 Fs_Rec - ok
00:14:48.0130 3940 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:14:48.0130 3940 Ftdisk - ok
00:14:48.0180 3940 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:14:48.0180 3940 GEARAspiWDM - ok
00:14:48.0210 3940 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:14:48.0210 3940 Gpc - ok
00:14:48.0300 3940 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:14:48.0300 3940 helpsvc - ok
00:14:48.0320 3940 HidServ - ok
00:14:48.0341 3940 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:14:48.0341 3940 hidusb - ok
00:14:48.0381 3940 [ 52150B4AEC54956124B028D8830778C6 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
00:14:48.0381 3940 HitmanProScheduler - ok
00:14:48.0421 3940 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
00:14:48.0421 3940 hpn - ok
00:14:48.0471 3940 [ A84BBBDD125D370593004F6429F8445C ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
00:14:48.0471 3940 HSFHWICH - ok
00:14:48.0541 3940 [ B678FA91CF4A1C19B462D8DB04CD02AB ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
00:14:48.0591 3940 HSF_DPV - ok
00:14:48.0671 3940 [ CB77BB47E67E84DEB17BA29632501730 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
00:14:48.0681 3940 HTTP - ok
00:14:48.0731 3940 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
00:14:48.0741 3940 HTTPFilter - ok
00:14:48.0761 3940 [ 8F09F91B5C91363B77BCD15599570F2C ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
00:14:48.0761 3940 i2omgmt - ok
00:14:48.0781 3940 [ ED6BF9E441FDEA13292A6D30A64A24C3 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
00:14:48.0781 3940 i2omp - ok
00:14:48.0811 3940 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:14:48.0811 3940 i8042prt - ok
00:14:48.0901 3940 [ E7CC3AEAED9893A88876744CD439F76C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:14:48.0941 3940 idsvc - ok
00:14:48.0981 3940 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
00:14:48.0981 3940 Imapi - ok
00:14:49.0042 3940 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
00:14:49.0052 3940 ImapiService - ok
00:14:49.0072 3940 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
00:14:49.0082 3940 ini910u - ok
00:14:49.0092 3940 [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
00:14:49.0092 3940 IntelIde - ok
00:14:49.0142 3940 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:14:49.0142 3940 intelppm - ok
00:14:49.0182 3940 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:14:49.0182 3940 Ip6Fw - ok
00:14:49.0232 3940 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:14:49.0232 3940 IpFilterDriver - ok
00:14:49.0252 3940 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:14:49.0252 3940 IpInIp - ok
00:14:49.0302 3940 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:14:49.0302 3940 IpNat - ok
00:14:49.0382 3940 [ 8E5E5A8CC84DA3F683E3BBC045138D52 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:14:49.0402 3940 iPod Service - ok
00:14:49.0462 3940 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:14:49.0462 3940 IPSec - ok
00:14:49.0522 3940 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
00:14:49.0522 3940 IRENUM - ok
00:14:49.0542 3940 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:14:49.0552 3940 isapnp - ok
00:14:49.0592 3940 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:14:49.0592 3940 Kbdclass - ok
00:14:49.0652 3940 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
00:14:49.0652 3940 kmixer - ok
00:14:49.0682 3940 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
00:14:49.0682 3940 KSecDD - ok
00:14:49.0712 3940 [ 0CB3AF149A0BAC0836022CA307C7A0F8 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
00:14:49.0723 3940 lanmanserver - ok
00:14:49.0773 3940 [ 3CD291A2C4909088B3D1E98DED73D4B2 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
00:14:49.0783 3940 lanmanworkstation - ok
00:14:49.0803 3940 lbrtfdc - ok
00:14:49.0873 3940 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
00:14:49.0873 3940 LmHosts - ok
00:14:49.0933 3940 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
00:14:49.0933 3940 MBAMProtector - ok
00:14:50.0023 3940 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
00:14:50.0033 3940 MBAMScheduler - ok
00:14:50.0093 3940 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
00:14:50.0113 3940 MBAMService - ok
00:14:50.0173 3940 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:14:50.0173 3940 mdmxsdk - ok
00:14:50.0213 3940 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
00:14:50.0213 3940 Messenger - ok
00:14:50.0273 3940 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
00:14:50.0273 3940 mnmdd - ok
00:14:50.0343 3940 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
00:14:50.0353 3940 mnmsrvc - ok
00:14:50.0393 3940 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
00:14:50.0393 3940 Modem - ok
00:14:50.0444 3940 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:14:50.0444 3940 Mouclass - ok
00:14:50.0514 3940 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:14:50.0514 3940 mouhid - ok
00:14:50.0544 3940 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
00:14:50.0544 3940 MountMgr - ok
00:14:50.0624 3940 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:14:50.0634 3940 MozillaMaintenance - ok
00:14:50.0664 3940 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
00:14:50.0664 3940 mraid35x - ok
00:14:50.0704 3940 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:14:50.0704 3940 MRxDAV - ok
00:14:50.0774 3940 [ 025AF03CE51645C62F3B6907A7E2BE5E ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:14:50.0794 3940 MRxSmb - ok
00:14:50.0834 3940 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
00:14:50.0834 3940 MSDTC - ok
00:14:50.0904 3940 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
00:14:50.0904 3940 Msfs - ok
00:14:50.0924 3940 MSIServer - ok
00:14:50.0964 3940 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:14:50.0964 3940 MSKSSRV - ok
00:14:51.0024 3940 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:14:51.0024 3940 MSPCLOCK - ok
00:14:51.0074 3940 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
00:14:51.0074 3940 MSPQM - ok
00:14:51.0125 3940 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:14:51.0125 3940 mssmbios - ok
00:14:51.0155 3940 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
00:14:51.0155 3940 Mup - ok
00:14:51.0175 3940 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
00:14:51.0185 3940 NDIS - ok
00:14:51.0245 3940 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:14:51.0245 3940 NdisTapi - ok
00:14:51.0295 3940 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:14:51.0295 3940 Ndisuio - ok
00:14:51.0345 3940 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:14:51.0345 3940 NdisWan - ok
00:14:51.0375 3940 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
00:14:51.0375 3940 NDProxy - ok
00:14:51.0405 3940 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
00:14:51.0405 3940 NetBIOS - ok
00:14:51.0435 3940 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
00:14:51.0445 3940 NetBT - ok
00:14:51.0505 3940 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
00:14:51.0515 3940 NetDDE - ok
00:14:51.0535 3940 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
00:14:51.0535 3940 NetDDEdsdm - ok
00:14:51.0595 3940 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
00:14:51.0605 3940 Netlogon - ok
00:14:51.0655 3940 [ 36739B39267914BA69AD0610A0299732 ] Netman C:\WINDOWS\System32\netman.dll
00:14:51.0665 3940 Netman - ok
00:14:51.0735 3940 [ F9102685F97F9BA85F4A70AFCF722CFE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:14:51.0745 3940 NetTcpPortSharing - ok
00:14:51.0775 3940 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:14:51.0775 3940 NIC1394 - ok
00:14:51.0816 3940 [ 097722F235A1FB698BF9234E01B52637 ] Nla C:\WINDOWS\System32\mswsock.dll
00:14:51.0826 3940 Nla - ok
00:14:51.0866 3940 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
00:14:51.0876 3940 Npfs - ok
00:14:51.0946 3940 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
00:14:51.0986 3940 Ntfs - ok
00:14:52.0006 3940 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
00:14:52.0006 3940 NtLmSsp - ok
00:14:52.0066 3940 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
00:14:52.0086 3940 NtmsSvc - ok
00:14:52.0126 3940 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
00:14:52.0126 3940 Null - ok
00:14:52.0306 3940 [ 9E4B052C76949DE445AD6439CD473548 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:14:52.0436 3940 nv - ok
00:14:52.0466 3940 [ 9233D25A68F320EB2361E5C383C1F31F ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
00:14:52.0476 3940 NVSvc - ok
00:14:52.0517 3940 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:14:52.0517 3940 NwlnkFlt - ok
00:14:52.0537 3940 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:14:52.0547 3940 NwlnkFwd - ok
00:14:52.0567 3940 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:14:52.0567 3940 ohci1394 - ok
00:14:52.0637 3940 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:14:52.0647 3940 ose - ok
00:14:52.0677 3940 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
00:14:52.0687 3940 Parport - ok
00:14:52.0697 3940 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
00:14:52.0697 3940 PartMgr - ok
00:14:52.0737 3940 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
00:14:52.0737 3940 ParVdm - ok
00:14:52.0757 3940 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
00:14:52.0767 3940 PCI - ok
00:14:52.0777 3940 PCIDump - ok
00:14:52.0797 3940 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
00:14:52.0797 3940 PCIIde - ok
00:14:52.0817 3940 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
00:14:52.0827 3940 Pcmcia - ok
00:14:52.0837 3940 PDCOMP - ok
00:14:52.0847 3940 PDFRAME - ok
00:14:52.0857 3940 PDRELI - ok
00:14:52.0877 3940 PDRFRAME - ok
00:14:52.0917 3940 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
00:14:52.0917 3940 perc2 - ok
00:14:52.0937 3940 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
00:14:52.0937 3940 perc2hib - ok
00:14:52.0997 3940 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe
00:14:53.0007 3940 PlugPlay - ok
00:14:53.0027 3940 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
00:14:53.0027 3940 PolicyAgent - ok
00:14:53.0057 3940 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:14:53.0057 3940 PptpMiniport - ok
00:14:53.0107 3940 [ 2A3E82AEAF8A4A1ED7BD22F6A2424A35 ] prepdrvr C:\WINDOWS\system32\CCM\prepdrv.sys
00:14:53.0137 3940 prepdrvr - ok
00:14:53.0167 3940 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:14:53.0167 3940 ProtectedStorage - ok
00:14:53.0187 3940 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
00:14:53.0187 3940 PSched - ok
00:14:53.0218 3940 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:14:53.0218 3940 Ptilink - ok
00:14:53.0238 3940 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
00:14:53.0238 3940 ql1080 - ok
00:14:53.0258 3940 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
00:14:53.0258 3940 Ql10wnt - ok
00:14:53.0278 3940 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
00:14:53.0278 3940 ql12160 - ok
00:14:53.0298 3940 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
00:14:53.0298 3940 ql1240 - ok
00:14:53.0308 3940 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
00:14:53.0318 3940 ql1280 - ok
00:14:53.0328 3940 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:14:53.0328 3940 RasAcd - ok
00:14:53.0368 3940 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
00:14:53.0378 3940 RasAuto - ok
00:14:53.0418 3940 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:14:53.0418 3940 Rasl2tp - ok
00:14:53.0478 3940 [ 49B5EED5FB89D39456A2F616CCD8BA5D ] RasMan C:\WINDOWS\System32\rasmans.dll
00:14:53.0488 3940 RasMan - ok
00:14:53.0528 3940 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:14:53.0528 3940 RasPppoe - ok
00:14:53.0548 3940 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
00:14:53.0548 3940 Raspti - ok
00:14:53.0608 3940 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:14:53.0618 3940 Rdbss - ok
00:14:53.0638 3940 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:14:53.0638 3940 RDPCDD - ok
00:14:53.0708 3940 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:14:53.0718 3940 rdpdr - ok
00:14:53.0768 3940 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
00:14:53.0768 3940 RDPWD - ok
00:14:53.0838 3940 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
00:14:53.0848 3940 RDSessMgr - ok
00:14:53.0888 3940 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
00:14:53.0888 3940 redbook - ok
00:14:53.0959 3940 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
00:14:53.0959 3940 RemoteAccess - ok
00:14:54.0019 3940 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
00:14:54.0029 3940 RemoteRegistry - ok
00:14:54.0089 3940 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
00:14:54.0089 3940 RpcLocator - ok
00:14:54.0139 3940 [ CE94A2BD25E3E9F4D46A7373FF455C6D ] RpcSs C:\WINDOWS\system32\rpcss.dll
00:14:54.0149 3940 RpcSs - ok
00:14:54.0219 3940 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
00:14:54.0219 3940 RSVP - ok
00:14:54.0249 3940 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
00:14:54.0249 3940 SamSs - ok
00:14:54.0309 3940 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
00:14:54.0319 3940 SCardSvr - ok
00:14:54.0399 3940 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
00:14:54.0409 3940 Schedule - ok
00:14:54.0459 3940 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:14:54.0459 3940 Secdrv - ok
00:14:54.0499 3940 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
00:14:54.0509 3940 seclogon - ok
00:14:54.0529 3940 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
00:14:54.0529 3940 SENS - ok
00:14:54.0559 3940 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
00:14:54.0559 3940 serenum - ok
00:14:54.0590 3940 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
00:14:54.0590 3940 Serial - ok
00:14:54.0670 3940 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
00:14:54.0670 3940 Sfloppy - ok
00:14:54.0730 3940 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
00:14:54.0740 3940 SharedAccess - ok
00:14:54.0780 3940 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:14:54.0790 3940 ShellHWDetection - ok
00:14:54.0800 3940 Simbad - ok
00:14:54.0860 3940 [ 732D859B286DA692119F286B21A2A114 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
00:14:54.0860 3940 sisagp - ok
00:14:54.0880 3940 smstsmgr - ok
00:14:54.0960 3940 SophosVirusRemovalTool - ok
00:14:55.0020 3940 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
00:14:55.0020 3940 Sparrow - ok
00:14:55.0060 3940 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
00:14:55.0060 3940 splitter - ok
00:14:55.0110 3940 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
00:14:55.0120 3940 Spooler - ok
00:14:55.0381 3940 [ CEEA05E64C2230BB2B6924132F766272 ] SProtection C:\Program Files\Common Files\Umbrella\umbrella.exe
00:14:55.0441 3940 SProtection - ok
00:14:55.0491 3940 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
00:14:55.0491 3940 sr - ok
00:14:55.0531 3940 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
00:14:55.0541 3940 srservice - ok
00:14:55.0611 3940 [ EA554A3FFC3F536FE8320EB38F5E4843 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
00:14:55.0621 3940 Srv - ok
00:14:55.0681 3940 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
00:14:55.0691 3940 SSDPSRV - ok
00:14:55.0741 3940 [ 5813D453EF8CE49D607C255CF128ACEB ] STAC97 C:\WINDOWS\system32\drivers\stac97.sys
00:14:55.0751 3940 STAC97 - ok
00:14:55.0821 3940 [ B6763F8534AC547CF1AF98AFDFF2EDC8 ] stisvc C:\WINDOWS\system32\wiaservc.dll
00:14:55.0841 3940 stisvc - ok
00:14:55.0881 3940 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
00:14:55.0881 3940 swenum - ok
00:14:55.0931 3940 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
00:14:55.0941 3940 swmidi - ok
00:14:55.0961 3940 SwPrv - ok
00:14:55.0982 3940 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
00:14:55.0982 3940 symc810 - ok
00:14:56.0022 3940 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
00:14:56.0022 3940 symc8xx - ok
00:14:56.0042 3940 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
00:14:56.0042 3940 sym_hi - ok
00:14:56.0062 3940 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
00:14:56.0062 3940 sym_u3 - ok
00:14:56.0082 3940 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
00:14:56.0092 3940 sysaudio - ok
00:14:56.0142 3940 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
00:14:56.0152 3940 SysmonLog - ok
00:14:56.0212 3940 [ FB78839B36025AA286A51289ED28B73E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
00:14:56.0222 3940 TapiSrv - ok
00:14:56.0272 3940 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:14:56.0282 3940 Tcpip - ok
00:14:56.0332 3940 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
00:14:56.0332 3940 TDPIPE - ok
00:14:56.0372 3940 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
00:14:56.0372 3940 TDTCP - ok
00:14:56.0412 3940 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
00:14:56.0432 3940 TermDD - ok
00:14:56.0492 3940 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
00:14:56.0512 3940 TermService - ok
00:14:56.0542 3940 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] Themes C:\WINDOWS\System32\shsvcs.dll
00:14:56.0552 3940 Themes - ok
00:14:56.0622 3940 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
00:14:56.0632 3940 TlntSvr - ok
00:14:56.0673 3940 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
00:14:56.0673 3940 TosIde - ok
00:14:56.0733 3940 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
00:14:56.0743 3940 TrkWks - ok
00:14:56.0803 3940 [ 81532F3628F8ACC80FD1264095960C3A ] TrueSight C:\WINDOWS\system32\TrueSight.sys
00:14:56.0803 3940 TrueSight - ok
00:14:56.0853 3940 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
00:14:56.0863 3940 Udfs - ok
00:14:56.0913 3940 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
00:14:56.0913 3940 ultra - ok
00:14:57.0003 3940 [ CED744117E91BDC0BEB810F7D8608183 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
00:14:57.0013 3940 Update - ok
00:14:57.0073 3940 [ ACA5D98663D879C6BAAFCEA7E2F1B710 ] upnphost C:\WINDOWS\System32\upnphost.dll
00:14:57.0083 3940 upnphost - ok
00:14:57.0123 3940 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
00:14:57.0133 3940 UPS - ok
00:14:57.0203 3940 [ 5C2BDC152BBAB34F36473DEAF7713F22 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
00:14:57.0213 3940 USBAAPL - ok
00:14:57.0253 3940 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
00:14:57.0253 3940 usbaudio - ok
00:14:57.0313 3940 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:14:57.0313 3940 usbccgp - ok
00:14:57.0374 3940 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:14:57.0374 3940 usbehci - ok
00:14:57.0404 3940 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:14:57.0404 3940 usbhub - ok
00:14:57.0464 3940 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:14:57.0464 3940 usbscan - ok
00:14:57.0534 3940 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:14:57.0534 3940 USBSTOR - ok
00:14:57.0594 3940 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:14:57.0594 3940 usbuhci - ok
00:14:57.0624 3940 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
00:14:57.0624 3940 VgaSave - ok
00:14:57.0644 3940 [ D92E7C8A30CFD14D8E15B5F7F032151B ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
00:14:57.0644 3940 viaagp - ok
00:14:57.0654 3940 [ 59CB1338AD3654417BEA49636457F65D ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
00:14:57.0664 3940 ViaIde - ok
00:14:57.0674 3940 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
00:14:57.0684 3940 VolSnap - ok
00:14:57.0684 3940 vsdatant - ok
00:14:57.0754 3940 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
00:14:57.0764 3940 VSS - ok
00:14:57.0824 3940 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
00:14:57.0834 3940 W32Time - ok
00:14:57.0874 3940 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:14:57.0874 3940 Wanarp - ok
00:14:57.0894 3940 WDICA - ok
00:14:57.0954 3940 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
00:14:57.0964 3940 wdmaud - ok
00:14:58.0044 3940 [ 265F534EF76832435AFBF771EC97176D ] WebClient C:\WINDOWS\System32\webclnt.dll
00:14:58.0044 3940 WebClient - ok
00:14:58.0145 3940 [ 0C5B9CF1BDF998750D9C5EEB5F8C55AC ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
00:14:58.0175 3940 winachsf - ok
00:14:58.0295 3940 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
00:14:58.0295 3940 winmgmt - ok
00:14:58.0345 3940 wltrysvc - ok
00:14:58.0415 3940 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
00:14:58.0425 3940 WmdmPmSN - ok
00:14:58.0505 3940 [ 1AFF244CA134956C54474F4E2433E4CE ] Wmi C:\WINDOWS\System32\advapi32.dll
00:14:58.0535 3940 Wmi - ok
00:14:58.0585 3940 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:14:58.0595 3940 WmiApSrv - ok
00:14:58.0735 3940 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
00:14:58.0776 3940 WMPNetworkSvc - ok
00:14:58.0846 3940 WPFFontCache_v0400 - ok
00:14:58.0886 3940 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
00:14:58.0896 3940 wscsvc - ok
00:14:58.0966 3940 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
00:14:58.0976 3940 wuauserv - ok
00:14:59.0026 3940 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:14:59.0026 3940 WudfPf - ok
00:14:59.0046 3940 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:14:59.0056 3940 WudfRd - ok
00:14:59.0106 3940 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
00:14:59.0106 3940 WudfSvc - ok
00:14:59.0176 3940 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
00:14:59.0196 3940 WZCSVC - ok
00:14:59.0246 3940 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
00:14:59.0256 3940 xmlprov - ok
00:14:59.0286 3940 ================ Scan global ===============================
00:14:59.0356 3940 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
00:14:59.0416 3940 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
00:14:59.0457 3940 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
00:14:59.0487 3940 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
00:14:59.0497 3940 [Global] - ok
00:14:59.0497 3940 ================ Scan MBR ==================================
00:14:59.0527 3940 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
00:14:59.0847 3940 \Device\Harddisk0\DR0 - ok
00:14:59.0867 3940 [ 06449E7C4AF0550B77E260798769AA40 ] \Device\Harddisk1\DR2
00:14:59.0877 3940 \Device\Harddisk1\DR2 - ok
00:14:59.0887 3940 ================ Scan VBR ==================================
00:14:59.0897 3940 [ 321BAB1D6214A434D3574DC9D4EC543F ] \Device\Harddisk0\DR0\Partition1
00:14:59.0897 3940 \Device\Harddisk0\DR0\Partition1 - ok
00:14:59.0917 3940 [ E78E7B887B19F0838A04AA35FB5E90D0 ] \Device\Harddisk1\DR2\Partition1
00:14:59.0917 3940 \Device\Harddisk1\DR2\Partition1 - ok
00:14:59.0927 3940 ============================================================
00:14:59.0927 3940 Scan finished
00:14:59.0927 3940 ============================================================
00:14:59.0957 3936 Detected object count: 0
00:14:59.0957 3936 Actual detected object count: 0
00:43:50.0105 3044 Deinitialize success


Next.


Here are the logs from JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Noel on Thu 06/27/2013 at 5:04:26.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/27/2013 at 5:10:51.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





Thank you very much.
codesurfer
Active Member
 
Posts: 13
Joined: June 24th, 2013, 2:41 pm

Re: Iminent/teeveewatch, etc malware

Unread postby Cypher » June 27th, 2013, 10:23 am

Hi,
Good work so far.
I plan on using MSE going forward.

If you haven't done so already uninstall Avast now.

Next.

Please download SystemLook from the link below and save it to your Desktop.

For 32 bit Systems

  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following codebox into the main textfield:
  • (Click the select all button next to the codebox to select the entire script).
    Code: Select all
    :filefind
    *TeeVeeWatch*
    *Iminent*
    
    :folderfind
    *TeeVeeWatch*
    *Iminent*
    
    :regfind 
    TeeVeeWatch
    Iminent

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Iminent/teeveewatch, etc malware

Unread postby codesurfer » June 27th, 2013, 11:10 am

Hello Cypher,

I removed Avast. MSE is the only anti-malware software running on the PC.


Here is the log from SystemLook.exe


SystemLook 04.09.10 by jpshortstuff
Log created at 08:08 on 27/06/2013 by Noel
Administrator - Elevation successful

========== filefind ==========

Searching for "*TeeVeeWatch*"
C:\Documents and Settings\csgadm#\Favorites\Iminent-teeveewatch, etc malware • MalWare Removal Forum.url --a---- 973 bytes [20:21 25/06/2013] [12:12 27/06/2013] 7BA2C0BC09C42BCA91851366BF97A763
C:\Documents and Settings\csgadm#\Favorites\TeeVeeWatch - MajorGeeks Support Forums.url --a---- 848 bytes [08:24 22/06/2013] [08:24 22/06/2013] 067A6FFEA4353E52FFA8DCD429314BD4
C:\Documents and Settings\csgadm#\Favorites\TeeVeeWatch, etc virus removal • MalWare Removal Forum.url --a---- 971 bytes [06:23 25/06/2013] [19:58 25/06/2013] 7BE3EAE1CF08D211ECEDCC338046E81E
C:\Documents and Settings\csgadm#\Local Settings\Application Data\TeeveeWatchSA\data\teeveewatchSA.dat --a---- 2332 bytes [02:17 04/06/2013] [05:47 22/06/2013] A305C3ED8C3E2350ABBE3FB1A3343EED
C:\Documents and Settings\csgadm#\Local Settings\Application Data\TeeveeWatchSA\data\TeeveeWatchSAau.dat --a---- 80942 bytes [02:18 04/06/2013] [02:17 04/06/2013] 805AC06BA6116CEB7DFBE064F6EE3C69
C:\Documents and Settings\csgadm#\Local Settings\Application Data\TeeveeWatchSA\data\TeeveeWatchSA_hpk.dat --a---- 138 bytes [05:47 22/06/2013] [05:47 22/06/2013] D08D691F63C527E00516E3D200822F66
C:\Documents and Settings\csgadm#\Local Settings\Application Data\TeeveeWatchSA\data\TeeveeWatchSA_kyf.dat --a---- 28652173 bytes [19:59 21/06/2013] [03:24 22/06/2013] AF9CB32A8E0F04693FC5808A0781E591

Searching for "*Iminent*"
C:\Documents and Settings\csgadm#\Favorites\How do I get rid of browser virus called Iminent, which installs as add-on, when remove button is disabled Firefox Support F.url --a---- 237 bytes [09:50 22/06/2013] [20:00 25/06/2013] 3678EF1D7D4996A0B691789B9C6440E9
C:\Documents and Settings\csgadm#\Favorites\Iminent removal • MalWare Removal Forum.url --a---- 4225 bytes [06:23 25/06/2013] [06:23 25/06/2013] 1888806ACB4C792903CC5C4AD001EA82
C:\Documents and Settings\csgadm#\Favorites\Iminent-teeveewatch, etc malware • MalWare Removal Forum.url --a---- 973 bytes [20:21 25/06/2013] [12:12 27/06/2013] 7BA2C0BC09C42BCA91851366BF97A763
C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\0DBLYZRD\Iminent-toolbar-Chrome-extensions[1].jpg --a---- 44129 bytes [08:36 22/06/2013] [08:36 22/06/2013] 4F9AA934AEE3644AE94B7BD3FAF22C99
C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\0DBLYZRD\Iminent-uninstall[1].jpg --a---- 55485 bytes [08:36 22/06/2013] [08:36 22/06/2013] 86240D88DD6FB0D24618E2AD8E44F57A
C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\AT31EIPK\Iminent-Internet-Explorer-addons[1].jpg --a---- 55516 bytes [08:36 22/06/2013] [08:36 22/06/2013] 6C7E59CF7F6322ED6DB6DB5C24D81CD8
C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\AT31EIPK\Iminent-Toolbar-Firefox-extension[1].jpg --a---- 26818 bytes [08:36 22/06/2013] [08:36 22/06/2013] D94031755E056FC7B8966FDA40DD2DA4
C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\LMN0JQ9Y\Iminent-toolbar-search[1].jpg --a---- 58064 bytes [08:36 22/06/2013] [08:36 22/06/2013] 653F8388C72CB8DE429CCFD3FFB21387
C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\ZRAEXPZX\Iminent-installer[1].jpg --a---- 59467 bytes [08:36 22/06/2013] [08:36 22/06/2013] 2D189421C7855DF907447E0D480F8144
C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\ZRAEXPZX\remove-iminent-toolbar[1].htm --a---- 52962 bytes [08:36 22/06/2013] [08:36 22/06/2013] B12F9070A5388D68D89540BF7C81DE83

========== folderfind ==========

Searching for "*TeeVeeWatch*"
C:\Documents and Settings\csgadm#\Local Settings\Application Data\TeeveeWatchSA d------ [02:17 04/06/2013]

Searching for "*Iminent*"
No folders found.

========== regfind ==========

Searching for "TeeVeeWatch"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\teeveewatchSA]
[HKEY_USERS\S-1-5-21-3102553071-743372174-522712371-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\teeveewatchSA]

Searching for "Iminent"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"003"="iMINENT"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Iminent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\EB8E7C929DBF19D4CBF44B077C815D45]
"ProductName"="Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\EB8E7C929DBF19D4CBF44B077C815D45\SourceList]
"PackageName"="iminent.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\EB8E7C929DBF19D4CBF44B077C815D45\SourceList]
"LastUsedSource"="n;1;C:\DOCUME~1\csgadm#\LOCALS~1\Temp\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\EB8E7C929DBF19D4CBF44B077C815D45\SourceList\Net]
"1"="C:\DOCUME~1\csgadm#\LOCALS~1\Temp\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Loader]
"Iminent"="software\Iminent\Assemblies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Iminent\inst\Bootstrapper\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Iminent\inst\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Iminent\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Iminent\en\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Iminent\de\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Iminent\es\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Iminent\tr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Iminent\it\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Iminent\fr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Iminent\ro\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\All Users\Start Menu\Programs\Iminent\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684]
"EB8E7C929DBF19D4CBF44B077C815D45"="01:\Software\Iminent\WebBooster\Scripts\minibar\BagKey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
"EB8E7C929DBF19D4CBF44B077C815D45"="C:\Program Files\Iminent\StartWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
"00000000000000000000000000000000"="C:\Program Files\Iminent\StartWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F]
"EB8E7C929DBF19D4CBF44B077C815D45"="01:\Software\Iminent\WebBooster\Scripts\sslminibar\BagKey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
"EB8E7C929DBF19D4CBF44B077C815D45"="C:\Program Files\Iminent\UniverselyWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
"00000000000000000000000000000000"="C:\Program Files\Iminent\UniverselyWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB8E7C929DBF19D4CBF44B077C815D45\InstallProperties]
"InstallLocation"="C:\Program Files\Iminent\IMBooster\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB8E7C929DBF19D4CBF44B077C815D45\InstallProperties]
"InstallSource"="C:\DOCUME~1\csgadm#\LOCALS~1\Temp\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB8E7C929DBF19D4CBF44B077C815D45\InstallProperties]
"Publisher"="Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB8E7C929DBF19D4CBF44B077C815D45\InstallProperties]
"DisplayName"="Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}]
"InstallLocation"="C:\Program Files\Iminent\IMBooster\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}]
"InstallSource"="C:\DOCUME~1\csgadm#\LOCALS~1\Temp\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}]
"Publisher"="Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}]
"DisplayName"="Iminent"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application]
"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN wltrysvc WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WinDefendRtp WebClient VSSetup VSS VBRuntime Userinit Userenv Tlntsvr System.ServiceModel.Install 3.0.0.0 System.ServiceModel 4.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 4.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 4.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 4.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter SpoolerCtrs Software Restriction Policies Software Installation SmsClient SescLU ServiceModel Audit 4.0.0.0 ServiceModel Audit 3.0.0.0 SecurityCenter SeagateDashboardService SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine MPSampleSubmission mnmsrvc Microsoft.Transactions.Bridge
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Iminent]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application]
"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN wltrysvc WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WinDefendRtp WebClient VSSetup VSS VBRuntime Userinit Userenv Tlntsvr System.ServiceModel.Install 3.0.0.0 System.ServiceModel 4.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 4.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 4.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 4.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter SpoolerCtrs Software Restriction Policies Software Installation SmsClient SescLU ServiceModel Audit 4.0.0.0 ServiceModel Audit 3.0.0.0 SecurityCenter SeagateDashboardService SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine MPSampleSubmission mnmsrvc Microsoft.Transactions.Bridge
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Iminent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN wltrysvc WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WinDefendRtp WebClient VSSetup VSS VBRuntime Userinit Userenv Tlntsvr System.ServiceModel.Install 3.0.0.0 System.ServiceModel 4.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 4.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 4.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 4.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter SpoolerCtrs Software Restriction Policies Software Installation SmsClient SescLU ServiceModel Audit 4.0.0.0 ServiceModel Audit 3.0.0.0 SecurityCenter SeagateDashboardService SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine MPSampleSubmission mnmsrvc Microsoft.Transactions.Bri
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Iminent]
[HKEY_USERS\S-1-5-21-3102553071-743372174-522712371-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"003"="iMINENT"
[HKEY_USERS\S-1-5-21-3102553071-743372174-522712371-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Iminent]

-= EOF =-




Thank you.
codesurfer
Active Member
 
Posts: 13
Joined: June 24th, 2013, 2:41 pm

Re: Iminent/teeveewatch, etc malware

Unread postby Cypher » June 27th, 2013, 12:34 pm

Hi,
Do the following then let me know how your computer is performing.

  • Please download ERUNT and save it to your desktop.
  • Alternate Download
  • Double-click on erunt_setup.exe to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.

Next.

  • Double-click OTL.exe to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
  • (Click the select all button next to the codebox to select the entire script).
    Code: Select all
    
    :otl
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q= {searchTerms}&src={referrer:source?}
    
    :reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\teeveewatchSA]
    [-HKEY_USERS\S-1-5-21-3102553071-743372174-522712371-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\teeveewatchSA]
    [HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
    "003"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\EB8E7C929DBF19D4CBF44B077C815D45]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\EB8E7C929DBF19D4CBF44B077C815D45\SourceList]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\EB8E7C929DBF19D4CBF44B077C815D45\SourceList]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\EB8E7C929DBF19D4CBF44B077C815D45\SourceList\Net]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Loader]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Iminent\inst\Bootstrapper\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Iminent\inst\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Iminent\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Iminent\en\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Iminent\de\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Iminent\es\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Iminent\tr\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Iminent\it\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Iminent\fr\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Iminent\ro\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Documents and Settings\All Users\Start Menu\Programs\Iminent\"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB8E7C929DBF19D4CBF44B077C815D45\InstallProperties]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB8E7C929DBF19D4CBF44B077C815D45\InstallProperties]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB8E7C929DBF19D4CBF44B077C815D45\InstallProperties]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB8E7C929DBF19D4CBF44B077C815D45\InstallProperties]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application]
    "Sources"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Iminent]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application]
    "Sources"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Iminent]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
    "Sources"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Iminent]
    [HKEY_USERS\S-1-5-21-3102553071-743372174-522712371-1003\Software\Microsoft\Search Assistant\ACMru\5603]
    "003"=-
    [-HKEY_USERS\S-1-5-21-3102553071-743372174-522712371-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Iminent]
    
    :files
    C:\Documents and Settings\csgadm#\Favorites\Iminent-teeveewatch
    C:\Documents and Settings\csgadm#\Local Settings\Application Data\TeeveeWatchSA
    C:\Documents and Settings\csgadm#\Favorites\How do I get rid of browser virus called Iminent, which installs as add-on, when remove button is disabled Firefox Support F.url
    C:\Documents and Settings\csgadm#\Favorites\Iminent removal • MalWare Removal Forum.url
    C:\Documents and Settings\csgadm#\Favorites\Iminent-teeveewatch, etc malware • MalWare Removal Forum.url
    C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\0DBLYZRD\Iminent-toolbar-Chrome-extensions[1].jpg
    C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\0DBLYZRD\Iminent-uninstall[1].jpg 
    C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\AT31EIPK\Iminent-Internet-Explorer-addons[1].jpg
    C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\AT31EIPK\Iminent-Toolbar-Firefox-extension[1].jpg
    C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\LMN0JQ9Y\Iminent-toolbar-search[1].jpg
    C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\ZRAEXPZX\Iminent-installer[1].jpg
    C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\ZRAEXPZX\remove-iminent-toolbar[1].htm
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Iminent/teeveewatch, etc malware

Unread postby codesurfer » June 27th, 2013, 1:31 pm

Hi Cypher,


Microsoft Security Essentials QUICK SCANs results:
Here's the result from a QUICK scan from MSE which found 1 file posing a threat:

Detected Items Alert Level Status

Adware:Win32/Hotbar Medium Active


Here are the details:

Category: Adware

Description: This program delivers potentially unwanted advertisements to your computer.

Recommended action: Permit this detected item only if you trust the program or the software publisher.

Items:
containerfile:C:\System Volume Information\_restore{E88AA5A0-4623-46F0-AC0D-42800A89CB57}\RP1630\A0080850.exe
file:C:\System Volume Information\_restore{E88AA5A0-4623-46F0-AC0D-42800A89CB57}\RP1630\A0080850.exe->[lowcase_mzpe]


Do you want me to use the REMOVE option within MSE to delete this file?



Here is the log from OTL

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\teeveewatchSA\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3102553071-743372174-522712371-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\teeveewatchSA\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603\\003 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\EB8E7C929DBF19D4CBF44B077C815D45\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\EB8E7C929DBF19D4CBF44B077C815D45\SourceList\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\EB8E7C929DBF19D4CBF44B077C815D45\SourceList\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\EB8E7C929DBF19D4CBF44B077C815D45\SourceList\Net\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Loader\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Iminent\inst\Bootstrapper\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Iminent\inst\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Iminent\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Iminent\en\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Iminent\de\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Iminent\es\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Iminent\tr\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Iminent\it\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Iminent\fr\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Iminent\ro\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Documents and Settings\All Users\Start Menu\Programs\Iminent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB8E7C929DBF19D4CBF44B077C815D45\InstallProperties\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB8E7C929DBF19D4CBF44B077C815D45\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB8E7C929DBF19D4CBF44B077C815D45\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB8E7C929DBF19D4CBF44B077C815D45\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\\Sources deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Iminent\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\\Sources deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Iminent\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\\Sources not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Iminent\ not found.
Registry value HKEY_USERS\S-1-5-21-3102553071-743372174-522712371-1003\Software\Microsoft\Search Assistant\ACMru\5603\\003 not found.
Registry key HKEY_USERS\S-1-5-21-3102553071-743372174-522712371-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Iminent\ deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\csgadm#\Favorites\Iminent-teeveewatch not found.
C:\Documents and Settings\csgadm#\Local Settings\Application Data\TeeveeWatchSA\data folder moved successfully.
C:\Documents and Settings\csgadm#\Local Settings\Application Data\TeeveeWatchSA\bin\1.0.21.0 folder moved successfully.
C:\Documents and Settings\csgadm#\Local Settings\Application Data\TeeveeWatchSA\bin folder moved successfully.
C:\Documents and Settings\csgadm#\Local Settings\Application Data\TeeveeWatchSA folder moved successfully.
File\Folder C:\Documents and Settings\csgadm#\Favorites\How do I get rid of browser virus called Iminent, which installs as add-on, when remove button is disabled Firefox Support F.url not found.
C:\Documents and Settings\csgadm#\Favorites\Iminent removal • MalWare Removal Forum.url moved successfully.
C:\Documents and Settings\csgadm#\Favorites\Iminent-teeveewatch, etc malware • MalWare Removal Forum.url moved successfully.
C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\0DBLYZRD\Iminent-toolbar-Chrome-extensions[1].jpg moved successfully.
C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\0DBLYZRD\Iminent-uninstall[1].jpg moved successfully.
C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\AT31EIPK\Iminent-Internet-Explorer-addons[1].jpg moved successfully.
C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\AT31EIPK\Iminent-Toolbar-Firefox-extension[1].jpg moved successfully.
C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\LMN0JQ9Y\Iminent-toolbar-search[1].jpg moved successfully.
C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\ZRAEXPZX\Iminent-installer[1].jpg moved successfully.
C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\ZRAEXPZX\remove-iminent-toolbar[1].htm moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\csgadm#\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\csgadm#\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 31839 bytes
->Temporary Internet Files folder emptied: 295046 bytes
->Java cache emptied: 11 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: csgadm#
->Temp folder emptied: 29969334 bytes
->Temporary Internet Files folder emptied: 222999741 bytes
->FireFox cache emptied: 20924485 bytes
->Flash cache emptied: 804 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294912 bytes
->Java cache emptied: 11 bytes
->Flash cache emptied: 405 bytes

User: Guest
->Temp folder emptied: 643 bytes
->Temporary Internet Files folder emptied: 295046 bytes
->Java cache emptied: 11 bytes
->Flash cache emptied: 405 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 28598 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: raglanj
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Sysprep

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 1071809 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 995079074 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 6860620 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 30494 bytes

Total Files Cleaned = 1,219.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06272013_094406

Files\Folders moved on Reboot...
C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\LMN0JQ9Y\message[1].htm moved successfully.
C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\LMN0JQ9Y\st[8] moved successfully.
C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\AT31EIPK\viewtopic[1].htm moved successfully.
C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\Content.IE5\0DBLYZRD\sh119[1].htm moved successfully.
C:\Documents and Settings\csgadm#\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
File move failed. C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\TMP000000040C3BB324A374877F not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Thanks again.
codesurfer
Active Member
 
Posts: 13
Joined: June 24th, 2013, 2:41 pm

Re: Iminent/teeveewatch, etc malware

Unread postby Cypher » June 27th, 2013, 1:43 pm

Hi,
Microsoft Security Essentials QUICK SCANs results:
Here's the result from a QUICK scan from MSE which found 1 file posing a threat:
I didn't ask you to run MSE.
What MSE found are infected system restore points, we will deal with those soon.

You didn't answer my question, how is your computer running now, any problems?
I Tred to remove viruses (TeeVeeWatch, Iminent, etc.)

Is this still an issue?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Iminent/teeveewatch, etc malware

Unread postby codesurfer » June 27th, 2013, 1:48 pm

I know you didn't ask me to run MSE. I was simply trying to answer your question regarding the overall condition of the PC which seems to be running okay. Thanks.
codesurfer
Active Member
 
Posts: 13
Joined: June 24th, 2013, 2:41 pm

Re: Iminent/teeveewatch, etc malware

Unread postby Cypher » June 27th, 2013, 1:53 pm

Hi,
I know you didn't ask me to run MSE. I was simply trying to answer your question regarding the overall condition of the PC which seems to be running okay.

No problem.
Good to hear your computer is running better, but i would like you to run one more scan for me.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Iminent/teeveewatch, etc malware

Unread postby codesurfer » June 27th, 2013, 8:44 pm

Hi Cypher,

Internet Explorer was able to download the definitions but stalled during the scan so I used Firefox. It took a while but I got it to work while dealing with Firefox issues which already existed before I contacted the forum for support. I believe this was caused by the malware on the machine and I sincerely apologize for failing to mention it sooner.

Firefox is behaving wierd where it would work fine after launching it at the begining but later on the entire window would turn completely black after accessing other sites making it impossible to see the webpage content. This happened when I went to http://www.eset.com/us/online-scanner/

I openned another tab but it came up all black immediately. Do you suggest I do a fresh download of Firefox and re-install?


Here is the log from ESET:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=0
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# iexplore.exe=7.00.5730.13 (longhorn(wmbla).070711-1130)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8e92082f93c26d4d9f4c908331ada239
# engine=0
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-06-27 07:34:48
# local_time=2013-06-27 12:34:48 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1023 16777215 0 0 0 0 0 0
# compatibility_mode=5889 16768382 100 100 0 212175234 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=4214
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8e92082f93c26d4d9f4c908331ada239
# engine=14179
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-06-27 09:17:45
# local_time=2013-06-27 02:17:45 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1023 16777215 0 0 0 0 0 0
# compatibility_mode=5889 16768382 100 100 0 212181411 0 0
# scanned=42864
# found=0
# cleaned=0
# scan_time=5373


Thanks.
codesurfer
Active Member
 
Posts: 13
Joined: June 24th, 2013, 2:41 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware