Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Hijack & Redirect


  • Please log in to reply
7 replies to this topic

#1 barnlofter

barnlofter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 09 September 2012 - 07:35 AM

Please help. About 1\2 the time when I run a google search and then click on a result it will take me to a random website. I have run several malware removal tools with no luck.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:10 PM

Posted 09 September 2012 - 07:36 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 barnlofter

barnlofter
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 09 September 2012 - 10:12 AM

Thank you for helping.

TDSSKILLER log:

08:29:32.0390 2456 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
08:29:32.0734 2456 ============================================================
08:29:32.0734 2456 Current date / time: 2012/09/09 08:29:32.0734
08:29:32.0734 2456 SystemInfo:
08:29:32.0734 2456
08:29:32.0734 2456 OS Version: 5.1.2600 ServicePack: 3.0
08:29:32.0734 2456 Product type: Workstation
08:29:32.0734 2456 ComputerName: CUSTOMER-84DDF7
08:29:32.0734 2456 UserName: Owner
08:29:32.0734 2456 Windows directory: C:\WINDOWS
08:29:32.0734 2456 System windows directory: C:\WINDOWS
08:29:32.0734 2456 Processor architecture: Intel x86
08:29:32.0734 2456 Number of processors: 2
08:29:32.0734 2456 Page size: 0x1000
08:29:32.0734 2456 Boot type: Normal boot
08:29:32.0734 2456 ============================================================
08:29:37.0515 2456 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:29:37.0531 2456 ============================================================
08:29:37.0531 2456 \Device\Harddisk0\DR0:
08:29:37.0531 2456 MBR partitions:
08:29:37.0531 2456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11D2A636
08:29:37.0562 2456 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x11D2A6B4, BlocksNum 0xCEE40D
08:29:37.0562 2456 ============================================================
08:29:37.0609 2456 D: <-> \Device\Harddisk0\DR0\Partition2
08:29:37.0687 2456 C: <-> \Device\Harddisk0\DR0\Partition1
08:29:37.0703 2456 ============================================================
08:29:37.0703 2456 Initialize success
08:29:37.0703 2456 ============================================================
08:30:13.0703 2704 ============================================================
08:30:13.0703 2704 Scan started
08:30:13.0703 2704 Mode: Manual; TDLFS;
08:30:13.0703 2704 ============================================================
08:30:23.0484 2704 ================ Scan system memory ========================
08:30:23.0484 2704 System memory - ok
08:30:23.0500 2704 ================ Scan services =============================
08:30:24.0453 2704 Abiosdsk - ok
08:30:24.0468 2704 abp480n5 - ok
08:30:24.0640 2704 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
08:30:24.0640 2704 ACDaemon - ok
08:30:24.0703 2704 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:30:24.0718 2704 ACPI - ok
08:30:24.0765 2704 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
08:30:24.0843 2704 ACPIEC - ok
08:30:25.0015 2704 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:30:25.0046 2704 AdobeFlashPlayerUpdateSvc - ok
08:30:25.0062 2704 adpu160m - ok
08:30:25.0109 2704 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
08:30:25.0140 2704 aec - ok
08:30:25.0203 2704 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:30:25.0203 2704 AFD - ok
08:30:25.0218 2704 Aha154x - ok
08:30:25.0265 2704 aic78u2 - ok
08:30:25.0296 2704 aic78xx - ok
08:30:25.0750 2704 [ F3E15607BA53249C765E36388B332C2F ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
08:30:26.0140 2704 ALCXWDM - ok
08:30:26.0187 2704 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
08:30:26.0203 2704 Alerter - ok
08:30:26.0265 2704 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
08:30:26.0265 2704 ALG - ok
08:30:26.0281 2704 AliIde - ok
08:30:26.0296 2704 amsint - ok
08:30:26.0406 2704 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
08:30:26.0421 2704 AntiVirSchedulerService - ok
08:30:26.0484 2704 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
08:30:26.0500 2704 AntiVirService - ok
08:30:26.0515 2704 AppMgmt - ok
08:30:26.0546 2704 asc - ok
08:30:26.0578 2704 asc3350p - ok
08:30:26.0593 2704 asc3550 - ok
08:30:26.0734 2704 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:30:26.0843 2704 aspnet_state - ok
08:30:26.0875 2704 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:30:26.0890 2704 AsyncMac - ok
08:30:26.0953 2704 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
08:30:26.0953 2704 atapi - ok
08:30:26.0984 2704 Atdisk - ok
08:30:27.0046 2704 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:30:27.0046 2704 Atmarpc - ok
08:30:27.0078 2704 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:30:27.0093 2704 AudioSrv - ok
08:30:27.0140 2704 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:30:27.0156 2704 audstub - ok
08:30:27.0187 2704 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
08:30:27.0203 2704 avgntflt - ok
08:30:27.0250 2704 [ 6F76908F065C3C151C4BFCA7DFD86979 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
08:30:27.0265 2704 avgtp - ok
08:30:27.0359 2704 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
08:30:27.0390 2704 avipbb - ok
08:30:27.0437 2704 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
08:30:27.0453 2704 avkmgr - ok
08:30:27.0531 2704 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:30:27.0531 2704 Beep - ok
08:30:27.0953 2704 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
08:30:28.0234 2704 BITS - ok
08:30:28.0343 2704 [ 4BA311473E0D8557827E6F2FE33A8095 ] brfilt C:\WINDOWS\system32\Drivers\Brfilt.sys
08:30:28.0359 2704 brfilt - ok
08:30:28.0406 2704 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
08:30:28.0421 2704 Browser - ok
08:30:28.0468 2704 [ 8E06CD96E00472C03770A697D04031C0 ] BrSerWDM C:\WINDOWS\system32\Drivers\BrSerWdm.sys
08:30:28.0468 2704 BrSerWDM - ok
08:30:28.0531 2704 [ 37E2D0B12DDF536CD64AF6EB3B580EF8 ] BrUsbMdm C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
08:30:28.0546 2704 BrUsbMdm - ok
08:30:28.0578 2704 [ 1C5F014048E5B2748C1A8AD297C50B6F ] BrUsbScn C:\WINDOWS\system32\Drivers\BrUsbScn.sys
08:30:28.0578 2704 BrUsbScn - ok
08:30:28.0640 2704 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:30:28.0656 2704 cbidf2k - ok
08:30:28.0687 2704 cd20xrnt - ok
08:30:28.0953 2704 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:30:28.0984 2704 Cdaudio - ok
08:30:29.0015 2704 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:30:29.0031 2704 Cdfs - ok
08:30:29.0078 2704 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:30:29.0078 2704 Cdrom - ok
08:30:29.0093 2704 Changer - ok
08:30:29.0156 2704 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
08:30:29.0156 2704 CiSvc - ok
08:30:29.0187 2704 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:30:29.0187 2704 ClipSrv - ok
08:30:29.0250 2704 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:30:29.0578 2704 clr_optimization_v2.0.50727_32 - ok
08:30:29.0593 2704 CmdIde - ok
08:30:29.0625 2704 cmuda - ok
08:30:29.0656 2704 COMSysApp - ok
08:30:29.0703 2704 Cpqarray - ok
08:30:29.0750 2704 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
08:30:29.0765 2704 CryptSvc - ok
08:30:29.0781 2704 dac2w2k - ok
08:30:29.0796 2704 dac960nt - ok
08:30:29.0875 2704 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
08:30:29.0890 2704 DcomLaunch - ok
08:30:29.0953 2704 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
08:30:29.0968 2704 Dhcp - ok
08:30:30.0015 2704 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
08:30:30.0015 2704 Disk - ok
08:30:30.0046 2704 dmadmin - ok
08:30:30.0218 2704 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
08:30:30.0343 2704 dmboot - ok
08:30:30.0437 2704 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
08:30:30.0468 2704 dmio - ok
08:30:30.0500 2704 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
08:30:30.0500 2704 dmload - ok
08:30:30.0531 2704 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
08:30:30.0546 2704 dmserver - ok
08:30:30.0640 2704 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
08:30:30.0671 2704 DMusic - ok
08:30:30.0703 2704 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
08:30:30.0718 2704 Dnscache - ok
08:30:30.0781 2704 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
08:30:30.0781 2704 Dot3svc - ok
08:30:30.0828 2704 dpti2o - ok
08:30:30.0890 2704 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
08:30:30.0921 2704 drmkaud - ok
08:30:30.0953 2704 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
08:30:30.0968 2704 EapHost - ok
08:30:31.0000 2704 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
08:30:31.0000 2704 ERSvc - ok
08:30:31.0046 2704 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
08:30:31.0062 2704 Eventlog - ok
08:30:31.0171 2704 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
08:30:31.0203 2704 EventSystem - ok
08:30:31.0296 2704 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
08:30:31.0312 2704 Fastfat - ok
08:30:31.0375 2704 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:30:31.0390 2704 FastUserSwitchingCompatibility - ok
08:30:31.0484 2704 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
08:30:31.0500 2704 Fdc - ok
08:30:31.0546 2704 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys
08:30:31.0578 2704 FETNDIS - ok
08:30:31.0625 2704 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
08:30:31.0656 2704 Fips - ok
08:30:31.0718 2704 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
08:30:31.0781 2704 Flpydisk - ok
08:30:31.0859 2704 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:30:31.0875 2704 FltMgr - ok
08:30:32.0078 2704 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:30:32.0250 2704 FontCache3.0.0.0 - ok
08:30:32.0296 2704 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:30:32.0359 2704 Fs_Rec - ok
08:30:32.0390 2704 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:30:32.0421 2704 Ftdisk - ok
08:30:32.0484 2704 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:30:32.0515 2704 Gpc - ok
08:30:32.0609 2704 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
08:30:32.0625 2704 gupdate - ok
08:30:32.0640 2704 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
08:30:32.0656 2704 gupdatem - ok
08:30:32.0734 2704 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:30:32.0750 2704 helpsvc - ok
08:30:32.0796 2704 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
08:30:32.0796 2704 HidServ - ok
08:30:32.0875 2704 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:30:32.0890 2704 hidusb - ok
08:30:32.0953 2704 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
08:30:32.0968 2704 hkmsvc - ok
08:30:32.0984 2704 hpn - ok
08:30:33.0078 2704 [ 3D3F3AE5BDE2BE80DFB8A03F121B3849 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
08:30:33.0093 2704 HSFHWBS2 - ok
08:30:33.0312 2704 [ 9B731969BA86D9A3CA55638264603E12 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
08:30:33.0828 2704 HSF_DP - ok
08:30:33.0906 2704 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
08:30:34.0046 2704 HTTP - ok
08:30:34.0109 2704 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
08:30:34.0125 2704 HTTPFilter - ok
08:30:34.0140 2704 i2omgmt - ok
08:30:34.0156 2704 i2omp - ok
08:30:34.0203 2704 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:30:34.0218 2704 i8042prt - ok
08:30:34.0656 2704 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:30:35.0218 2704 idsvc - ok
08:30:35.0296 2704 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
08:30:35.0312 2704 Imapi - ok
08:30:35.0375 2704 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
08:30:35.0468 2704 ImapiService - ok
08:30:35.0500 2704 ini910u - ok
08:30:35.0546 2704 IntelIde - ok
08:30:35.0609 2704 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:30:35.0625 2704 intelppm - ok
08:30:35.0687 2704 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:30:35.0703 2704 Ip6Fw - ok
08:30:35.0750 2704 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:30:35.0765 2704 IpFilterDriver - ok
08:30:35.0796 2704 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:30:35.0812 2704 IpInIp - ok
08:30:35.0890 2704 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:30:35.0906 2704 IpNat - ok
08:30:35.0984 2704 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:30:36.0000 2704 IPSec - ok
08:30:36.0031 2704 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
08:30:36.0031 2704 IRENUM - ok
08:30:36.0093 2704 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:30:36.0093 2704 isapnp - ok
08:30:36.0171 2704 [ 8C5C59E1921ECA3607390A1F641556DF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
08:30:36.0171 2704 JavaQuickStarterService - ok
08:30:36.0250 2704 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:30:36.0265 2704 Kbdclass - ok
08:30:36.0328 2704 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:30:36.0328 2704 kbdhid - ok
08:30:36.0406 2704 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
08:30:36.0484 2704 kmixer - ok
08:30:36.0656 2704 [ 9646A100ACF21516DB1052BC419332BA ] KodakDigitalDisplayService C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe
08:30:36.0703 2704 KodakDigitalDisplayService - ok
08:30:36.0765 2704 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
08:30:36.0781 2704 KSecDD - ok
08:30:37.0203 2704 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
08:30:37.0218 2704 LanmanServer - ok
08:30:37.0296 2704 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:30:37.0375 2704 lanmanworkstation - ok
08:30:37.0390 2704 lbrtfdc - ok
08:30:37.0484 2704 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
08:30:37.0500 2704 LmHosts - ok
08:30:37.0593 2704 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
08:30:37.0625 2704 MBAMSwissArmy - ok
08:30:37.0828 2704 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
08:30:37.0890 2704 MDM - ok
08:30:37.0953 2704 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:30:37.0953 2704 mdmxsdk - ok
08:30:38.0000 2704 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
08:30:38.0015 2704 Messenger - ok
08:30:38.0078 2704 [ A7DA20AB18A1BDAE28B0F349E57DA0D1 ] mf C:\WINDOWS\system32\DRIVERS\mf.sys
08:30:38.0093 2704 mf - ok
08:30:38.0140 2704 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
08:30:38.0171 2704 mnmdd - ok
08:30:38.0250 2704 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
08:30:38.0265 2704 mnmsrvc - ok
08:30:38.0375 2704 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
08:30:38.0406 2704 Modem - ok
08:30:38.0453 2704 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
08:30:38.0484 2704 MODEMCSA - ok
08:30:38.0500 2704 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:30:38.0515 2704 Mouclass - ok
08:30:38.0546 2704 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:30:38.0562 2704 mouhid - ok
08:30:38.0625 2704 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
08:30:38.0625 2704 MountMgr - ok
08:30:38.0765 2704 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:30:38.0890 2704 MozillaMaintenance - ok
08:30:39.0234 2704 mraid35x - ok
08:30:39.0343 2704 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:30:39.0406 2704 MRxDAV - ok
08:30:39.0515 2704 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:30:39.0546 2704 MRxSmb - ok
08:30:39.0609 2704 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
08:30:39.0609 2704 MSDTC - ok
08:30:39.0656 2704 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:30:39.0671 2704 Msfs - ok
08:30:39.0687 2704 MSIServer - ok
08:30:39.0703 2704 MSI_MSIBIOS_010507 - ok
08:30:39.0765 2704 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:30:39.0796 2704 MSKSSRV - ok
08:30:39.0828 2704 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:30:39.0828 2704 MSPCLOCK - ok
08:30:39.0875 2704 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
08:30:39.0875 2704 MSPQM - ok
08:30:39.0906 2704 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:30:39.0921 2704 mssmbios - ok
08:30:39.0984 2704 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
08:30:39.0984 2704 Mup - ok
08:30:40.0093 2704 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
08:30:40.0234 2704 napagent - ok
08:30:40.0281 2704 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
08:30:40.0359 2704 NDIS - ok
08:30:40.0390 2704 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:30:40.0421 2704 NdisTapi - ok
08:30:40.0468 2704 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:30:40.0484 2704 Ndisuio - ok
08:30:40.0562 2704 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:30:40.0578 2704 NdisWan - ok
08:30:40.0625 2704 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
08:30:40.0750 2704 NDProxy - ok
08:30:40.0796 2704 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
08:30:40.0812 2704 NetBIOS - ok
08:30:40.0843 2704 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
08:30:40.0859 2704 NetBT - ok
08:30:40.0890 2704 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
08:30:40.0906 2704 NetDDE - ok
08:30:40.0921 2704 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
08:30:40.0937 2704 NetDDEdsdm - ok
08:30:40.0968 2704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
08:30:41.0000 2704 Netlogon - ok
08:30:41.0078 2704 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
08:30:41.0187 2704 Netman - ok
08:30:41.0312 2704 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:30:41.0406 2704 NetTcpPortSharing - ok
08:30:41.0437 2704 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
08:30:41.0515 2704 Nla - ok
08:30:41.0562 2704 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
08:30:41.0562 2704 Npfs - ok
08:30:41.0609 2704 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
08:30:41.0656 2704 Ntfs - ok
08:30:41.0687 2704 NTIOLib_1_0_4 - ok
08:30:41.0734 2704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
08:30:41.0750 2704 NtLmSsp - ok
08:30:41.0875 2704 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
08:30:41.0968 2704 NtmsSvc - ok
08:30:42.0000 2704 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
08:30:42.0031 2704 Null - ok
08:30:42.0062 2704 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:30:42.0093 2704 NwlnkFlt - ok
08:30:42.0109 2704 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:30:42.0109 2704 NwlnkFwd - ok
08:30:42.0250 2704 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:30:42.0281 2704 odserv - ok
08:30:42.0328 2704 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:30:42.0343 2704 ose - ok
08:30:42.0421 2704 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
08:30:42.0421 2704 Parport - ok
08:30:42.0453 2704 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
08:30:42.0453 2704 PartMgr - ok
08:30:42.0515 2704 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
08:30:42.0531 2704 ParVdm - ok
08:30:42.0546 2704 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
08:30:42.0562 2704 PCI - ok
08:30:42.0593 2704 PCIDump - ok
08:30:42.0609 2704 PCIIde - ok
08:30:42.0656 2704 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
08:30:42.0671 2704 Pcmcia - ok
08:30:42.0687 2704 PDCOMP - ok
08:30:42.0703 2704 PDFRAME - ok
08:30:42.0734 2704 PDRELI - ok
08:30:42.0750 2704 PDRFRAME - ok
08:30:42.0765 2704 perc2 - ok
08:30:42.0796 2704 perc2hib - ok
08:30:42.0875 2704 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
08:30:42.0875 2704 PlugPlay - ok
08:30:42.0890 2704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
08:30:42.0906 2704 PolicyAgent - ok
08:30:42.0937 2704 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:30:42.0937 2704 PptpMiniport - ok
08:30:42.0968 2704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:30:42.0968 2704 ProtectedStorage - ok
08:30:43.0000 2704 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
08:30:43.0031 2704 PSched - ok
08:30:43.0093 2704 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:30:43.0109 2704 Ptilink - ok
08:30:43.0125 2704 ql1080 - ok
08:30:43.0140 2704 Ql10wnt - ok
08:30:43.0156 2704 ql12160 - ok
08:30:43.0171 2704 ql1240 - ok
08:30:43.0187 2704 ql1280 - ok
08:30:43.0234 2704 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:30:43.0250 2704 RasAcd - ok
08:30:43.0312 2704 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
08:30:43.0343 2704 RasAuto - ok
08:30:43.0375 2704 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:30:43.0390 2704 Rasl2tp - ok
08:30:43.0453 2704 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
08:30:43.0500 2704 RasMan - ok
08:30:43.0515 2704 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:30:43.0515 2704 RasPppoe - ok
08:30:43.0562 2704 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
08:30:43.0578 2704 Raspti - ok
08:30:43.0640 2704 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:30:43.0656 2704 Rdbss - ok
08:30:43.0703 2704 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:30:43.0718 2704 RDPCDD - ok
08:30:43.0812 2704 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
08:30:43.0859 2704 RDPWD - ok
08:30:43.0984 2704 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
08:30:44.0046 2704 RDSessMgr - ok
08:30:44.0109 2704 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
08:30:44.0125 2704 redbook - ok
08:30:44.0250 2704 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
08:30:44.0265 2704 RemoteAccess - ok
08:30:44.0328 2704 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
08:30:44.0343 2704 RpcLocator - ok
08:30:44.0421 2704 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
08:30:44.0421 2704 RpcSs - ok
08:30:44.0484 2704 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
08:30:44.0500 2704 RSVP - ok
08:30:44.0531 2704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
08:30:44.0531 2704 SamSs - ok
08:30:44.0578 2704 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
08:30:44.0593 2704 SCardSvr - ok
08:30:44.0687 2704 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
08:30:44.0734 2704 Schedule - ok
08:30:45.0062 2704 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:30:45.0062 2704 Secdrv - ok
08:30:45.0171 2704 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
08:30:45.0187 2704 seclogon - ok
08:30:45.0218 2704 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
08:30:45.0234 2704 SENS - ok
08:30:45.0265 2704 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
08:30:45.0281 2704 serenum - ok
08:30:45.0312 2704 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
08:30:45.0328 2704 Serial - ok
08:30:45.0421 2704 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
08:30:45.0562 2704 Sfloppy - ok
08:30:45.0750 2704 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
08:30:45.0812 2704 SharedAccess - ok
08:30:45.0843 2704 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:30:45.0843 2704 ShellHWDetection - ok
08:30:45.0875 2704 Simbad - ok
08:30:45.0968 2704 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
08:30:45.0984 2704 SkypeUpdate - ok
08:30:46.0015 2704 Sparrow - ok
08:30:46.0093 2704 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
08:30:46.0125 2704 splitter - ok
08:30:46.0171 2704 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
08:30:46.0187 2704 Spooler - ok
08:30:46.0250 2704 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
08:30:46.0281 2704 sr - ok
08:30:46.0390 2704 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
08:30:46.0390 2704 srservice - ok
08:30:46.0562 2704 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
08:30:46.0640 2704 Srv - ok
08:30:46.0671 2704 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
08:30:46.0718 2704 SSDPSRV - ok
08:30:46.0765 2704 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
08:30:46.0765 2704 ssmdrv - ok
08:30:46.0921 2704 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
08:30:47.0031 2704 stisvc - ok
08:30:47.0093 2704 [ D69904A55AAACE06B244E33824DA89B7 ] StreamDispatcher C:\WINDOWS\system32\DRIVERS\strmdisp.sys
08:30:47.0109 2704 StreamDispatcher - ok
08:30:47.0140 2704 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
08:30:47.0187 2704 swenum - ok
08:30:47.0218 2704 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
08:30:47.0234 2704 swmidi - ok
08:30:47.0250 2704 SwPrv - ok
08:30:47.0265 2704 symc810 - ok
08:30:47.0328 2704 symc8xx - ok
08:30:47.0343 2704 sym_hi - ok
08:30:47.0375 2704 sym_u3 - ok
08:30:47.0421 2704 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
08:30:47.0437 2704 sysaudio - ok
08:30:47.0468 2704 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
08:30:47.0531 2704 SysmonLog - ok
08:30:47.0625 2704 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
08:30:47.0687 2704 TapiSrv - ok
08:30:47.0750 2704 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:30:47.0812 2704 Tcpip - ok
08:30:47.0875 2704 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
08:30:47.0937 2704 TDPIPE - ok
08:30:47.0984 2704 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
08:30:48.0000 2704 TDTCP - ok
08:30:48.0093 2704 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
08:30:48.0109 2704 TermDD - ok
08:30:48.0187 2704 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
08:30:48.0203 2704 TermService - ok
08:30:48.0234 2704 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
08:30:48.0234 2704 Themes - ok
08:30:48.0281 2704 TosIde - ok
08:30:48.0328 2704 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
08:30:48.0343 2704 TrkWks - ok
08:30:48.0390 2704 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys
08:30:48.0390 2704 uagp35 - ok
08:30:48.0500 2704 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
08:30:48.0531 2704 Udfs - ok
08:30:48.0546 2704 ultra - ok
08:30:48.0718 2704 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
08:30:48.0921 2704 Update - ok
08:30:49.0046 2704 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
08:30:49.0171 2704 upnphost - ok
08:30:49.0265 2704 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
08:30:49.0328 2704 UPS - ok
08:30:49.0437 2704 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:30:49.0453 2704 usbccgp - ok
08:30:49.0484 2704 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:30:49.0500 2704 usbehci - ok
08:30:49.0546 2704 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:30:49.0546 2704 usbhub - ok
08:30:49.0640 2704 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:30:49.0656 2704 usbprint - ok
08:30:49.0718 2704 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:30:49.0750 2704 usbscan - ok
08:30:49.0843 2704 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:30:49.0843 2704 USBSTOR - ok
08:30:49.0937 2704 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:30:49.0984 2704 usbuhci - ok
08:30:50.0015 2704 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
08:30:50.0015 2704 VgaSave - ok
08:30:50.0093 2704 [ E1CF8E07E0965B6478D8801743502971 ] viagfx C:\WINDOWS\system32\DRIVERS\vtmini.sys
08:30:50.0296 2704 viagfx - ok
08:30:50.0328 2704 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
08:30:50.0359 2704 ViaIde - ok
08:30:50.0453 2704 [ 7DC3E1DC6E4F8BE381C31BFEA578412A ] viamraid C:\WINDOWS\system32\DRIVERS\viamraid.sys
08:30:50.0468 2704 viamraid - ok
08:30:50.0546 2704 [ FECE79A9AEF62AD5F11A3F4A14F1DEAD ] VIAudio C:\WINDOWS\system32\drivers\vinyl97.sys
08:30:50.0625 2704 VIAudio - ok
08:30:50.0687 2704 [ F95C0FCFBCBDA6D8F202D2DF4052F88D ] videX32 C:\WINDOWS\system32\DRIVERS\videX32.sys
08:30:50.0703 2704 videX32 - ok
08:30:50.0718 2704 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
08:30:50.0734 2704 VolSnap - ok
08:30:50.0781 2704 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
08:30:50.0812 2704 VSS - ok
08:30:51.0046 2704 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
08:30:51.0187 2704 vToolbarUpdater12.2.6 - ok
08:30:51.0281 2704 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
08:30:51.0296 2704 W32Time - ok
08:30:51.0328 2704 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:30:51.0359 2704 Wanarp - ok
08:30:51.0375 2704 WDICA - ok
08:30:51.0406 2704 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
08:30:51.0421 2704 wdmaud - ok
08:30:51.0437 2704 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
08:30:51.0453 2704 WebClient - ok
08:30:51.0578 2704 [ 3A2C273922037971F9E7A0AB549B8B0E ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
08:30:51.0718 2704 winachsf - ok
08:30:51.0843 2704 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
08:30:51.0921 2704 winmgmt - ok
08:30:52.0015 2704 [ AF5FB6C38931410D92410CC142AED5BA ] wlags48d C:\WINDOWS\system32\DRIVERS\wlags48d.sys
08:30:52.0140 2704 wlags48d - ok
08:30:52.0187 2704 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
08:30:52.0203 2704 WmdmPmSN - ok
08:30:52.0281 2704 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:30:52.0296 2704 WmiApSrv - ok
08:30:52.0390 2704 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
08:30:52.0437 2704 WMPNetworkSvc - ok
08:30:52.0531 2704 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
08:30:52.0546 2704 wscsvc - ok
08:30:52.0593 2704 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
08:30:52.0609 2704 wuauserv - ok
08:30:52.0671 2704 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:30:52.0718 2704 WudfPf - ok
08:30:52.0781 2704 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:30:52.0796 2704 WudfRd - ok
08:30:52.0890 2704 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
08:30:52.0906 2704 WudfSvc - ok
08:30:53.0062 2704 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
08:30:53.0203 2704 WZCSVC - ok
08:30:53.0265 2704 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
08:30:53.0281 2704 xmlprov - ok
08:30:53.0328 2704 ================ Scan global ===============================
08:30:53.0375 2704 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:30:53.0453 2704 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:30:53.0593 2704 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:30:53.0625 2704 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:30:53.0625 2704 [Global] - ok
08:30:53.0625 2704 ================ Scan MBR ==================================
08:30:53.0656 2704 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
08:30:54.0140 2704 \Device\Harddisk0\DR0 - ok
08:30:54.0140 2704 ================ Scan VBR ==================================
08:30:54.0156 2704 [ C1D064A70FE34069CED975DF19712E7C ] \Device\Harddisk0\DR0\Partition1
08:30:54.0156 2704 \Device\Harddisk0\DR0\Partition1 - ok
08:30:54.0187 2704 [ DD7DB0087DDE127C86204BB0D38D42DC ] \Device\Harddisk0\DR0\Partition2
08:30:54.0187 2704 \Device\Harddisk0\DR0\Partition2 - ok
08:30:54.0187 2704 ============================================================
08:30:54.0187 2704 Scan finished
08:30:54.0187 2704 ============================================================
08:30:54.0265 0244 Detected object count: 0
08:30:54.0265 0244 Actual detected object count: 0
08:31:02.0156 3500 Deinitialize success


aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-09 08:59:55
-----------------------------
08:59:55.390 OS Version: Windows 5.1.2600 Service Pack 3
08:59:55.390 Number of processors: 2 586 0x209
08:59:55.390 ComputerName: CUSTOMER-84DDF7 UserName: Owner
08:59:59.843 Initialize success
09:03:40.296 AVAST engine defs: 12090900
09:04:00.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:04:00.125 Disk 0 Vendor: ST3160021A 3.04 Size: 152627MB BusType: 3
09:04:00.140 Disk 0 MBR read successfully
09:04:00.156 Disk 0 MBR scan
09:04:00.375 Disk 0 Windows XP default MBR code
09:04:00.390 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 146004 MB offset 63
09:04:00.421 Disk 0 Partition - 00 0F Extended LBA 6620 MB offset 299017845
09:04:00.468 Disk 0 Partition 2 00 0B FAT32 MSWIN4.1 6620 MB offset 299017908
09:04:00.562 Disk 0 scanning sectors +312576705
09:04:00.687 Disk 0 scanning C:\WINDOWS\system32\drivers
09:04:29.203 Service scanning
09:04:59.875 Modules scanning
09:05:13.937 Disk 0 trace - called modules:
09:05:13.968 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS
09:05:13.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85715ab8]
09:05:13.968 3 CLASSPNP.SYS[f75e3fd7] -> nt!IofCallDriver -> \Device\0000005b[0x8573c510]
09:05:13.968 5 ACPI.sys[f755a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85762940]
09:05:14.734 AVAST engine scan C:\WINDOWS
09:05:22.703 AVAST engine scan C:\WINDOWS\system32
09:10:49.046 AVAST engine scan C:\WINDOWS\system32\drivers
09:11:15.390 AVAST engine scan C:\Documents and Settings\Owner
09:16:37.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
09:16:37.109 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

C:\torrent.exe Win32/BundleInstaller.A application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Local Settings\Application Data\{31CA5CF7-D5DF-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\barnlofter\downloads\cnet_lotpro32_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\barnlofter\downloads\cnet_RealHideIP-4_1_5_8_Setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\barnlofter\downloads\PageRage.exe a variant of Win32/KBM.A application cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:10 PM

Posted 09 September 2012 - 10:14 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#5 barnlofter

barnlofter
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 09 September 2012 - 11:20 AM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Owner (administrator) on 09-09-2012 at 12:01:15
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

VIA Compatable Fast Ethernet Adapter = Local Area Connection (Connected)
Creatix CTX404 WLAN 802.11b = Wireless Network Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : customer-84ddf7

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain.invalid



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : domain.invalid

Description . . . . . . . . . . . : VIA Compatable Fast Ethernet Adapter

Physical Address. . . . . . . . . : 00-16-17-4D-05-8E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.254.254

Lease Obtained. . . . . . . . . . : Sunday, September 09, 2012 6:30:47 AM

Lease Expires . . . . . . . . . . : Monday, September 10, 2012 6:30:47 AM



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Creatix CTX404 WLAN 802.11b

Physical Address. . . . . . . . . : 00-07-CA-02-20-83

Server: speedstream.domain.invalid
Address: 192.168.254.254

Name: google.com
Addresses: 74.125.139.113, 74.125.139.138, 74.125.139.139, 74.125.139.100
74.125.139.101, 74.125.139.102



Pinging google.com [74.125.130.138] with 32 bytes of data:



Reply from 74.125.130.138: bytes=32 time=47ms TTL=48

Reply from 74.125.130.138: bytes=32 time=50ms TTL=48



Ping statistics for 74.125.130.138:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 47ms, Maximum = 50ms, Average = 48ms

Server: speedstream.domain.invalid
Address: 192.168.254.254

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=215ms TTL=45

Reply from 72.30.38.140: bytes=32 time=345ms TTL=45



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 215ms, Maximum = 345ms, Average = 280ms

Server: speedstream.domain.invalid
Address: 192.168.254.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 17 4d 05 8e ...... VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport
0x3 ...00 07 ca 02 20 83 ...... Creatix CTX404 WLAN 802.11b - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 20
192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 20
224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 20
255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1
255.255.255.255 255.255.255.255 192.168.1.102 3 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/09/2012 09:00:49 AM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.62.0.87, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/11/2012 02:51:28 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 14.0.1.4577, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/11/2012 02:51:20 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 14.0.1.4577, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/11/2012 02:51:08 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 14.0.1.4577, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/02/2012 06:46:21 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.268, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]

Error: (08/02/2012 09:46:26 AM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.268, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]

Error: (08/02/2012 08:46:30 AM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.268, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]

Error: (08/02/2012 04:46:29 AM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.268, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]

Error: (08/01/2012 05:32:12 PM) (Source: Application Error) (User: )
Description: Fault bucket -1210479320.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (08/01/2012 04:46:21 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.268, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]


System errors:
=============
Error: (09/01/2012 10:05:02 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1

Error: (08/26/2012 09:02:24 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/26/2012 09:02:24 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/26/2012 09:02:24 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/26/2012 09:02:24 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/26/2012 09:02:24 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/26/2012 09:02:23 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/26/2012 09:02:23 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/26/2012 09:02:23 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/26/2012 09:02:23 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

µTorrent (Version: 3.2.0)
1ClickDownloader (Version: 2.7 Build 26473)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Ahead Nero OEM
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft Print Creations (Version: 2.8.255.384)
AVG Security Toolbar (Version: 12.2.5.32)
Avira Free Antivirus (Version: 12.0.0.1167)
Brother MFL Pro Suite
CCleaner (Version: 3.22)
CCScore (Version: 8.02.0000.0001)
DVD Shrink 3.2
ESET Online Scanner v3
ESSBrwr (Version: 8.02.0000.0001)
ESSCDBK (Version: 8.03.0000.0001)
ESScore (Version: 8.03.0000.0001)
ESSgui (Version: 8.03.0000.0001)
ESSini (Version: 8.02.0000.0001)
ESSPCD (Version: 8.02.0000.0001)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 8.00.0000.0001)
Free_Key_logger
GIMP 2.8.0 (Version: 2.8.0)
Google Earth Plug-in (Version: 6.2.2.6613)
Google Update Helper (Version: 1.3.21.115)
IsoBuster 3.0 (Version: 3.0)
ITEDO IsoView ActiveX Control 3.0
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 4 (Version: 7.0.40)
KEDDS (Version: 1.04.0000.0005)
kgcbaby (Version: 5.03.0000.0002)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 6.03.0001.0001)
kgcmove (Version: 6.03.0001.0001)
kgcvday (Version: 5.03.0000.0002)
Kodak EasyShare software
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
netbrdg (Version: 7.01.0000.0001)
OfotoXMI (Version: 8.03.0000.0001)
PaperPort 8.0 SE (Version: 1.0.0.0000)
PeaZip 4.7.1
Platform (Version: 1.22)
QuickTime (Version: 7.72.80.56)
Realtek AC'97 Audio (Version: 5.34)
SFR (Version: 8.01.0000.0001)
SHASTA (Version: 7.01.0000.0001)
Shockwave
skin0001 (Version: 8.02.0000.0001)
SKINXSDK (Version: 8.02.0000.0001)
Skype™ 5.10 (Version: 5.10.114)
Smart File Advisor 1.1.1 (Version: 1.1.1)
staticcr (Version: 8.02.0000.0001)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
uTorrentControl_v2 Toolbar (Version: 6.9.0.16)
VIA Platform Device Manager (Version: 1.22)
VIA/S3G UniChrome Family Win2K/XP/Server2003 Display 6.14.10.0380
VPRINTOL (Version: 8.02.0000.0001)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WIRELESS (Version: 8.02.0000.0001)

========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 958.48 MB
Available physical RAM: 650.78 MB
Total Pagefile: 2317.09 MB
Available Pagefile: 1943.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.93 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:142.58 GB) (Free:90.9 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:6.45 GB) (Free:0.08 GB) FAT32

========================= Users: ========================================

User accounts for \\CUSTOMER-84DDF7

Administrator Guest HelpAssistant
kodak Owner SUPPORT_388945a0


**** End of log ****

Farbar Service Scanner Version: 06-08-2012
Ran by Owner (administrator) on 09-09-2012 at 12:04:54
Running from "C:\Documents and Settings\Owner\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

# AdwCleaner v2.001 - Logfile created 09/09/2012 at 12:05:58
# Updated 09/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - CUSTOMER-84DDF7
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Owner\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uj9knaja.default\CT2836015
Folder Found : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uj9knaja.default\CT3220468
Folder Found : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uj9knaja.default\extensions\{192a6019-26d2-4611-aead-07cd7733b146}
Folder Found : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uj9knaja.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Folder Found : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uj9knaja.default\Smartbar
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\uTorrentControl_v2
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\uTorrentControl_v2

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF97FB73-9BDA-4EF5-B3F3-02C6CD43B963}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D15C2D-C893-4DF4-8979-0AFEDBB7F4B2}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\SweetIm
Key Found : HKCU\Software\uTorrentControl_v2
Key Found : HKCU\Toolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0255734A-67B8-4A27-AF11-5E2C3E54E054}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93E9750D-D06A-4874-9DEE-C0DE79A51475}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl_v2 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\SweetIm
Key Found : HKLM\Software\uTorrentControl_v2
Key Found : HKU\S-1-5-21-515967899-1364589140-842925246-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-515967899-1364589140-842925246-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={A0AAD3F9-4572-4CBB-B741-65DC1A08C818}&mid=a8f5982eca0547d0866ed15f51a9ec7d-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=gl011&pr=sa&d=2012-07-22 09:10:30&v=12.1.0.20&sap=hp
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={A0AAD3F9-4572-4CBB-B741-65DC1A08C818}&mid=a8f5982eca0547d0866ed15f51a9ec7d-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=gl011&pr=sa&d=2012-07-22 09:10:30&v=12.2.5.32&sap=nt

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uj9knaja.default\prefs.js

Found : user_pref("CT2836015.1000082.isPlayDisplay", "true");
Found : user_pref("CT2836015.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT2836015.1000234.TWC_TMP_city", "JEFFERSON");
Found : user_pref("CT2836015.1000234.TWC_TMP_country", "US");
Found : user_pref("CT2836015.1000234.TWC_locId", "USAL0298");
Found : user_pref("CT2836015.1000234.TWC_location", "Jefferson, AL");
Found : user_pref("CT2836015.1000234.TWC_region", "US");
Found : user_pref("CT2836015.1000234.TWC_temp_dis", "f");
Found : user_pref("CT2836015.1000234.TWC_wind_dis", "mph");
Found : user_pref("CT2836015.1000234.weatherData", "{\"icon\":\"33.png\",\"temperature\":\"77°F\",\"temperat[...]
Found : user_pref("CT2836015.129336860019893849.isToggled_item0_11", "true");
Found : user_pref("CT2836015.129351721820319552.APP_WIN_FEATURES", "resizable=no,hscroll=no,vscroll=no,title[...]
Found : user_pref("CT2836015.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2836015.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT2836015.FirstTime", "true");
Found : user_pref("CT2836015.FirstTimeFF3", "true");
Found : user_pref("CT2836015.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB1[...]
Found : user_pref("CT2836015.UserID", "UN12887332363552306");
Found : user_pref("CT2836015.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT2836015.browser.search.defaultthis.engineName", true);
Found : user_pref("CT2836015.embeddedsData", "[{\"appId\":\"129336860020050107\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT2836015.enableAlerts", "always");
Found : user_pref("CT2836015.firstTimeDialogOpened", "true");
Found : user_pref("CT2836015.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT2836015.fixUrls", true);
Found : user_pref("CT2836015.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT2836015.isNewTabEnabled", false);
Found : user_pref("CT2836015.isPerformedSmartBarTransition", "true");
Found : user_pref("CT2836015.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2836015.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT2836015.keyword", true);
Found : user_pref("CT2836015.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Found : user_pref("CT2836015.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"EMAIL_NOTIFIER\\\",\\\[...]
Found : user_pref("CT2836015.search.searchAppId", "129336860020050107");
Found : user_pref("CT2836015.search.searchCount", "0");
Found : user_pref("CT2836015.searchInNewTabEnabled", "false");
Found : user_pref("CT2836015.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT2836015.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}")[...]
Found : user_pref("CT2836015.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2836015.sendUsageEnabled", "false");
Found : user_pref("CT2836015.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT2836015.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT2836015.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT2836015.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT2836015.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT2836015.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT2836015.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT2836015.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1344658698458");
Found : user_pref("CT2836015.serviceLayer_services_appTracking_lastUpdate", "1344658700177");
Found : user_pref("CT2836015.serviceLayer_services_appsMetadata_lastUpdate", "1344659518769");
Found : user_pref("CT2836015.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1344658699171");
Found : user_pref("CT2836015.serviceLayer_services_login_10.10.24.2_lastUpdate", "1345510155157");
Found : user_pref("CT2836015.serviceLayer_services_login_10.10.27.6_lastUpdate", "1347134262011");
Found : user_pref("CT2836015.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1344658699794");
Found : user_pref("CT2836015.serviceLayer_services_searchAPI_lastUpdate", "1344658697052");
Found : user_pref("CT2836015.serviceLayer_services_serviceMap_lastUpdate", "1347069318914");
Found : user_pref("CT2836015.serviceLayer_services_toolbarContextMenu_lastUpdate", "1344658698985");
Found : user_pref("CT2836015.serviceLayer_services_toolbarSettings_lastUpdate", "1347141462459");
Found : user_pref("CT2836015.serviceLayer_services_translation_lastUpdate", "1347069319257");
Found : user_pref("CT2836015.settingsINI", true);
Found : user_pref("CT2836015.smartbar.CTID", "CT2836015");
Found : user_pref("CT2836015.smartbar.Uninstall", "0");
Found : user_pref("CT2836015.smartbar.isHidden", true);
Found : user_pref("CT2836015.smartbar.toolbarName", "Stardoll ");
Found : user_pref("CT2836015.toolbarBornServerTime", "11-8-2012");
Found : user_pref("CT2836015.toolbarCurrentServerTime", "8-9-2012");
Found : user_pref("CT3220468.BT_Stats", "{\"last_log\":1345693262,\"uuid\":744371553941887,\"seq_id\":1,\"ss[...]
Found : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3220468.FirstTime", "true");
Found : user_pref("CT3220468.FirstTimeFF3", "true");
Found : user_pref("CT3220468.UserID", "UN13210725262511495");
Found : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3220468.autoDisableScopes", -1);
Found : user_pref("CT3220468.cbcountry_001", "US");
Found : user_pref("CT3220468.cbfirsttime", "Wed Aug 22 2012 23:40:59 GMT-0400 (Eastern Daylight Time)");
Found : user_pref("CT3220468.defaultSearch", "FALSE");
Found : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3220468.enableAlerts", "always");
Found : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
Found : user_pref("CT3220468.firstTimeDialogOpened", "true");
Found : user_pref("CT3220468.fixPageNotFoundError", "true");
Found : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3220468.fixUrls", true);
Found : user_pref("CT3220468.installId", "fft405.tmp.exe");
Found : user_pref("CT3220468.installType", "XPE");
Found : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3220468.isNewTabEnabled", true);
Found : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Found : user_pref("CT3220468.openThankYouPage", "true");
Found : user_pref("CT3220468.openUninstallPage", "FALSE");
Found : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Found : user_pref("CT3220468.search.searchCount", "0");
Found : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1345693251313");
Found : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1345693251324");
Found : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1345693252640");
Found : user_pref("CT3220468.serviceLayer_services_login_10.10.20.14_lastUpdate", "1346513841792");
Found : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1347134262423");
Found : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1345693253522");
Found : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1345693249209");
Found : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1347069320247");
Found : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1345693252477");
Found : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1347141462719");
Found : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1347069320417");
Found : user_pref("CT3220468.settingsINI", true);
Found : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Found : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Found : user_pref("CT3220468.smartbar.Uninstall", "0");
Found : user_pref("CT3220468.smartbar.isHidden", true);
Found : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Found : user_pref("CT3220468.toolbarBornServerTime", "23-8-2012");
Found : user_pref("CT3220468.toolbarCurrentServerTime", "8-9-2012");
Found : user_pref("CT3220468.url_history0001", "hxxps://www.google.com:::clickhandler:::1345693824899,,,hxxp[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain[...]
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("extensions.toolbar.mindspark._52Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Found : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=E9A4D099[...]
Found : user_pref("tfp.abs.CT2836015", true);

*************************

AdwCleaner[R1].txt - [19649 octets] - [09/09/2012 12:05:58]

########## EOF - C:\AdwCleaner[R1].txt - [19710 octets] ##########



# AdwCleaner v2.001 - Logfile created 09/09/2012 at 12:08:55
# Updated 09/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - CUSTOMER-84DDF7
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Owner\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uj9knaja.default\CT2836015
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uj9knaja.default\CT3220468
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uj9knaja.default\extensions\{192a6019-26d2-4611-aead-07cd7733b146}
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uj9knaja.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uj9knaja.default\Smartbar
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\uTorrentControl_v2
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\uTorrentControl_v2

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF97FB73-9BDA-4EF5-B3F3-02C6CD43B963}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D15C2D-C893-4DF4-8979-0AFEDBB7F4B2}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKCU\Software\uTorrentControl_v2
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0255734A-67B8-4A27-AF11-5E2C3E54E054}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93E9750D-D06A-4874-9DEE-C0DE79A51475}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl_v2 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\SweetIm
Key Deleted : HKLM\Software\uTorrentControl_v2
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-515967899-1364589140-842925246-1005\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={A0AAD3F9-4572-4CBB-B741-65DC1A08C818}&mid=a8f5982eca0547d0866ed15f51a9ec7d-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=gl011&pr=sa&d=2012-07-22 09:10:30&v=12.1.0.20&sap=hp --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={A0AAD3F9-4572-4CBB-B741-65DC1A08C818}&mid=a8f5982eca0547d0866ed15f51a9ec7d-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=gl011&pr=sa&d=2012-07-22 09:10:30&v=12.2.5.32&sap=nt --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uj9knaja.default\prefs.js

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uj9knaja.default\user.js ... Deleted !

Deleted : user_pref("CT2836015.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT2836015.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT2836015.1000234.TWC_TMP_city", "JEFFERSON");
Deleted : user_pref("CT2836015.1000234.TWC_TMP_country", "US");
Deleted : user_pref("CT2836015.1000234.TWC_locId", "USAL0298");
Deleted : user_pref("CT2836015.1000234.TWC_location", "Jefferson, AL");
Deleted : user_pref("CT2836015.1000234.TWC_region", "US");
Deleted : user_pref("CT2836015.1000234.TWC_temp_dis", "f");
Deleted : user_pref("CT2836015.1000234.TWC_wind_dis", "mph");
Deleted : user_pref("CT2836015.1000234.weatherData", "{\"icon\":\"33.png\",\"temperature\":\"77°F\",\"temperat[...]
Deleted : user_pref("CT2836015.129336860019893849.isToggled_item0_11", "true");
Deleted : user_pref("CT2836015.129351721820319552.APP_WIN_FEATURES", "resizable=no,hscroll=no,vscroll=no,title[...]
Deleted : user_pref("CT2836015.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2836015.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT2836015.FirstTime", "true");
Deleted : user_pref("CT2836015.FirstTimeFF3", "true");
Deleted : user_pref("CT2836015.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB1[...]
Deleted : user_pref("CT2836015.UserID", "UN12887332363552306");
Deleted : user_pref("CT2836015.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT2836015.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT2836015.embeddedsData", "[{\"appId\":\"129336860020050107\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT2836015.enableAlerts", "always");
Deleted : user_pref("CT2836015.firstTimeDialogOpened", "true");
Deleted : user_pref("CT2836015.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT2836015.fixUrls", true);
Deleted : user_pref("CT2836015.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2836015.isNewTabEnabled", false);
Deleted : user_pref("CT2836015.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT2836015.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2836015.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT2836015.keyword", true);
Deleted : user_pref("CT2836015.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT2836015.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"EMAIL_NOTIFIER\\\",\\\[...]
Deleted : user_pref("CT2836015.search.searchAppId", "129336860020050107");
Deleted : user_pref("CT2836015.search.searchCount", "0");
Deleted : user_pref("CT2836015.searchInNewTabEnabled", "false");
Deleted : user_pref("CT2836015.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT2836015.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}")[...]
Deleted : user_pref("CT2836015.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2836015.sendUsageEnabled", "false");
Deleted : user_pref("CT2836015.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT2836015.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT2836015.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT2836015.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2836015.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2836015.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT2836015.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT2836015.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1344658698458");
Deleted : user_pref("CT2836015.serviceLayer_services_appTracking_lastUpdate", "1344658700177");
Deleted : user_pref("CT2836015.serviceLayer_services_appsMetadata_lastUpdate", "1344659518769");
Deleted : user_pref("CT2836015.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1344658699171");
Deleted : user_pref("CT2836015.serviceLayer_services_login_10.10.24.2_lastUpdate", "1345510155157");
Deleted : user_pref("CT2836015.serviceLayer_services_login_10.10.27.6_lastUpdate", "1347134262011");
Deleted : user_pref("CT2836015.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1344658699794");
Deleted : user_pref("CT2836015.serviceLayer_services_searchAPI_lastUpdate", "1344658697052");
Deleted : user_pref("CT2836015.serviceLayer_services_serviceMap_lastUpdate", "1347069318914");
Deleted : user_pref("CT2836015.serviceLayer_services_toolbarContextMenu_lastUpdate", "1344658698985");
Deleted : user_pref("CT2836015.serviceLayer_services_toolbarSettings_lastUpdate", "1347141462459");
Deleted : user_pref("CT2836015.serviceLayer_services_translation_lastUpdate", "1347069319257");
Deleted : user_pref("CT2836015.settingsINI", true);
Deleted : user_pref("CT2836015.smartbar.CTID", "CT2836015");
Deleted : user_pref("CT2836015.smartbar.Uninstall", "0");
Deleted : user_pref("CT2836015.smartbar.isHidden", true);
Deleted : user_pref("CT2836015.smartbar.toolbarName", "Stardoll ");
Deleted : user_pref("CT2836015.toolbarBornServerTime", "11-8-2012");
Deleted : user_pref("CT2836015.toolbarCurrentServerTime", "8-9-2012");
Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1345693262,\"uuid\":744371553941887,\"seq_id\":1,\"ss[...]
Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3220468.FirstTime", "true");
Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
Deleted : user_pref("CT3220468.UserID", "UN13210725262511495");
Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3220468.autoDisableScopes", -1);
Deleted : user_pref("CT3220468.cbcountry_001", "US");
Deleted : user_pref("CT3220468.cbfirsttime", "Wed Aug 22 2012 23:40:59 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT3220468.defaultSearch", "FALSE");
Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3220468.enableAlerts", "always");
Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3220468.fixUrls", true);
Deleted : user_pref("CT3220468.installId", "fft405.tmp.exe");
Deleted : user_pref("CT3220468.installType", "XPE");
Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.isNewTabEnabled", true);
Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT3220468.openThankYouPage", "true");
Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Deleted : user_pref("CT3220468.search.searchCount", "0");
Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1345693251313");
Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1345693251324");
Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1345693252640");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.20.14_lastUpdate", "1346513841792");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1347134262423");
Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1345693253522");
Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1345693249209");
Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1347069320247");
Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1345693252477");
Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1347141462719");
Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1347069320417");
Deleted : user_pref("CT3220468.settingsINI", true);
Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");
Deleted : user_pref("CT3220468.smartbar.isHidden", true);
Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Deleted : user_pref("CT3220468.toolbarBornServerTime", "23-8-2012");
Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "8-9-2012");
Deleted : user_pref("CT3220468.url_history0001", "hxxps://www.google.com:::clickhandler:::1345693824899,,,hxxp[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain[...]
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("extensions.toolbar.mindspark._52Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=E9A4D099[...]
Deleted : user_pref("tfp.abs.CT2836015", true);

*************************

AdwCleaner[R1].txt - [19780 octets] - [09/09/2012 12:05:58]
AdwCleaner[S1].txt - [20523 octets] - [09/09/2012 12:08:55]

########## EOF - C:\AdwCleaner[S1].txt - [20584 octets] ##########


Rkill 2.3.10 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/09/2012 12:15:30 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/09/2012 12:15:41 PM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "ArcSoft Connection Service" "ArcSoft Connect Daemon" "ArcSoft Inc." "c:\program files\common files\arcsoft\connection service\bin\acdaemon.exe"
+ "AudioDeck" "Audio Deck" "VIA Technologies, Inc." "c:\program files\via\viaudioi\sbadeck\adeck.exe"
+ "avgnt" "Avira System Tray Tool" "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\avgnt.exe"
+ "CARPService" "carpserv" "Conexant Systems, Inc." "c:\windows\system32\carpserv.exe"
+ "IndexSearch" "" "" "c:\program files\scansoft\paperport\indexsearch.exe"
+ "mgfiz" "" "" ""
+ "mscrk" "" "" ""
+ "NeroCheck" "NeroCheck" "Ahead Software Gmbh" "c:\windows\system32\nerocheck.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "ROC_ROC_JULY_P1" "" "" "File not found: C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe"
+ "Smart File Advisor" "Smart File Advisor" "Filefacts.net" "c:\program files\smart file advisor\sfa.exe"
+ "SoundMan" "Realtek Sound Manager" "Realtek Semiconductor Corp." "c:\windows\soundman.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "vProt" "" "" "File not found: C:\Program Files\AVG Secure Search\vprot.exe"
+ "VTTimer" "" "S3 Graphics, Inc." "c:\windows\system32\vttimer.exe"
+ "VTTrayp" "" "" "File not found: VTtrayp.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "Kodak EasyShare software.lnk" "Kodak EasyShare Software" "Eastman Kodak Company" "c:\program files\kodak\kodak easyshare software\bin\easyshare.exe"
+ "SmartUI.lnk" "SmartUI MFC Application" "Scansoft, Inc." "c:\program files\scansoft\paperport\smartui\smartui.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "freeklogger.exe" "" "" "c:\program files\fk_monitor\freeklogger.exe"
+ "Local AppWizard-Generated Applications" "" "" ""
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Shell Extension for Malware scanning" "Avira Shell Extension Library" "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\shlext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "Shell Extension for Malware scanning" "Avira Shell Extension Library" "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\shlext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "WebCGMHlprObj Class" "CGM Open BHO" "CGM Open Consortium, Inc." "c:\windows\system32\cgmopenbho.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.3 r300" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ACDaemon" "ArcSoft Connect Service" "ArcSoft Inc." "c:\program files\common files\arcsoft\connection service\bin\acservice.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AntiVirSchedulerService" "Service to schedule Avira Free Antivirus jobs and updates." "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\sched.exe"
+ "AntiVirService" "Offers permanent protection against viruses and malware with the Avira search engine." "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\avguard.exe"
+ "AppMgmt" "Provides software installation services such as Assign, Publish, and Remove." "" "File not found: C:\WINDOWS\System32\appmgmts.dll"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "c:\program files\java\jre7\bin\jqs.exe"
+ "KodakDigitalDisplayService" "KodakDigitalDisplayService" "Orb Networks, Inc." "c:\program files\kodak\digital display\orbkodaklauncher\dllstartupservice.exe"
+ "MDM" "Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly." "Microsoft Corporation" "c:\program files\common files\microsoft shared\vs7debug\mdm.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files\skype\updater\updater.exe"
+ "vToolbarUpdater12.2.6" "" "" "File not found: C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ALCXWDM" "Realtek AC'97 Audio Driver (WDM)" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\alcxwdm.sys"
+ "avgntflt" "Avira mini-filter driver" "Avira GmbH" "c:\windows\system32\drivers\avgntflt.sys"
+ "avgtp" "" "AVG Technologies" "c:\windows\system32\drivers\avgtpx86.sys"
+ "avipbb" "Avira Security Enhancement Driver" "Avira GmbH" "c:\windows\system32\drivers\avipbb.sys"
+ "avkmgr" "Avira Manager Driver" "Avira GmbH" "c:\windows\system32\drivers\avkmgr.sys"
+ "brfilt" "Brother Multi Function Filter driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brfilt.sys"
+ "BrSerWDM" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbScn" "Brother USB SCN Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbscn.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "cmuda" "" "" "File not found: system32\drivers\cmuda.sys"
+ "FETNDIS" "NDIS 5.0 miniport driver" "VIA Technologies, Inc. " "c:\windows\system32\drivers\fetnd5.sys"
+ "HSF_DP" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_dp.sys"
+ "HSFHWBS2" "HSF_HWB2 WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsfhwbs2.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "mdmxsdk" "Diagnostic Interface DRIVER" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "MSI_MSIBIOS_010507" "" "" "File not found: C:\Program Files\MSI\Live Update 5\msibios32_100507.sys"
+ "NTIOLib_1_0_4" "" "" "File not found: C:\Program Files\MSI\Live Update 5\NTIOLib.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "ssmdrv" "Avira Snapshot Driver" "Avira GmbH" "c:\windows\system32\drivers\ssmdrv.sys"
+ "StreamDispatcher" "Conexant Stream Dispatcher" "Conexant Systems, Inc." "c:\windows\system32\drivers\strmdisp.sys"
+ "viagfx" "VIA/S3G Miniport Driver" "Copyright © VIA/S3 Graphics Co, Ltd." "c:\windows\system32\drivers\vtmini.sys"
+ "viamraid" "VIA AHCI RAID DRIVER FOR WIN XP/SRV2003" "VIA Technologies inc,.ltd" "c:\windows\system32\drivers\viamraid.sys"
+ "VIAudio" "Vinyl AC'97 Codec Combo WDM Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\vinyl97.sys"
+ "videX32" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\videx32.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_cnxt.sys"
+ "wlags48d" "NDIS 5.1 Miniport Driver." "Agere Systems" "c:\windows\system32\drivers\wlags48d.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Nero Audio Source" "Nero Library" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Digital Audio Decoder" "Nero Digital Audio Decoding Filter" "Ahead Software AG and its licensors" "c:\program files\common files\ahead\dsfilter\neaudio.ax"
+ "Nero DVD Decoder" "MPEG-1/2/4 video decoder w/ DxVA" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero File Source" "Nero Library" "Ahead Software AG
" "c:\program files\common files\ahead\dsfilter\nefilesrc.ax"
+ "Nero MP4 Reader" "NeroDigital file parser" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero Video Decoder" "MPEG-1/2/4 video decoder w/ DxVA" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero Video Source" "Nero Library" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Snapshot" "Arcsoft Snapshot Filter 1.0" "Arcsoft Corporation" "c:\program files\common files\arcsoft\mpeg engine\arcsnap.ax"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\Software\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" ""
+ "{584FDB1D-51C4-4A1D-B674-D548D915EE01}" "WIC Metadata Handler Plug-in" "Eastman Kodak Company" "c:\program files\common files\kodak\wic_support\metadatawicmetadatahandler-platopt.dll"
+ "{6DDC8FCE-C470-444A-9425-8EAC662A99F7}" "WIC Metadata Handler Plug-in" "Eastman Kodak Company" "c:\program files\common files\kodak\wic_support\metadatawicmetadatahandler-platopt.dll"
+ "{821C65A9-C22B-4387-9503-265472E25544}" "WIC Metadata Handler Plug-in" "Eastman Kodak Company" "c:\program files\common files\kodak\wic_support\metadatawicmetadatahandler-platopt.dll"
+ "{90F5AF52-6D6C-4C83-8A7D-1C12923A1022}" "WIC Metadata Handler Plug-in" "Eastman Kodak Company" "c:\program files\common files\kodak\wic_support\metadatawicmetadatahandler-platopt.dll"
+ "{C73B6814-9FF3-4D10-A5C0-678904F869E9}" "WIC Metadata Handler Plug-in" "Eastman Kodak Company" "c:\program files\common files\kodak\wic_support\metadatawicmetadatahandler-platopt.dll"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:10 PM

Posted 09 September 2012 - 12:11 PM

Any current issues?

You have not posted malwarebytes log?

#7 barnlofter

barnlofter
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 09 September 2012 - 04:28 PM

Not since doing all these actions. Thank you so much!!


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.09.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: CUSTOMER-84DDF7 [administrator]

9/9/2012 7:58:59 AM
mbam-log-2012-09-09 (07-58-59).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 64092
Time elapsed: 1 hour(s), 1 minute(s), 3 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:10 PM

Posted 09 September 2012 - 07:37 PM

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users