Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Searches on Google Fail Redirect


  • Please log in to reply
7 replies to this topic

#1 jwbink1500

jwbink1500

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 06 November 2012 - 03:54 PM

Hi,

Hope someone can help. I am getting redirects with chrome, firefox, and IE8. I ran Malwarebytes and removed 12 items. Rebooted in safe mode and rescanned and came up clean. I cannot use google search bar or google site and other search engines also try to redirect. Please help!

Thanks
Joel

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 PM

Posted 06 November 2012 - 04:15 PM

Update and do a quick scan with Malwarebytes remove all that it finds and reboot.
http://www.filehippo.com/download_malwarebytes_anti_malware/download/ecf14848530d11a2f09a94b92a69fcfa/

Post the log here,


Update do a quick scan with Superantispyware remove all this finds reboot.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
post the log here.


Run a scan with Eset.
http://www.eset.com/us/online-scanner/
Make sure remove found threats and scan archives is checked.
When the scan finish list found threats save to clipboard copy to notepad Post the log here.




Please download MINITOOLBOX and run it.
http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

Checkmark following boxes:


Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.



Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Download Norman Malware Cleaner Run it Go to options then put a tick next to Enable rootkit cleaning. Hit the Full Scan>>>>>>>>Let it finish>>>>>>>>Go to the quarantine Tab>>>>>>> Tick the Select All>>>>>Then the Delete>>>>>>Quit
http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe
A log will appear on your desktop post that here in your next reply.


REBoot after Norman.

#3 jwbink1500

jwbink1500
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 07 November 2012 - 03:43 PM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.07.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sophia :: EMACHINE-7AF6B9 [administrator]

11/7/2012 9:19:07 AM
mbam-log-2012-11-07 (09-19-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271145
Time elapsed: 13 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/07/2012 at 09:47 AM

Application Version : 5.6.1014

Core Rules Database Version : 9544
Trace Rules Database Version: 7356

Scan type : Quick Scan
Total Scan Time : 00:03:10

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 209
Memory threats detected : 0
Registry items scanned : 33727
Registry threats detected : 16
File items scanned : 3834
File threats detected : 153

Adware.Zango/ShoppingReport
HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\ProxyStubClsid
HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\ProxyStubClsid32
HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\TypeLib
HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\TypeLib#Version
HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\ProxyStubClsid
HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\ProxyStubClsid32
HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\TypeLib
HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\TypeLib#Version
HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\ProxyStubClsid
HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\ProxyStubClsid32
HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\TypeLib
HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\TypeLib#Version

Malware.Trace
HKU\S-1-5-21-2021444666-2160809809-2054387210-1007\Software\qni8hj710fdl

Adware.Tracking Cookie
C:\Documents and Settings\Sophia\Cookies\sophia@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
C:\Documents and Settings\Sophia\Cookies\sophia@admarketplace[1].txt [ /admarketplace ]
C:\Documents and Settings\Sophia\Cookies\sophia@ads.bleepingcomputer[1].txt [ /ads.bleepingcomputer ]
C:\Documents and Settings\Sophia\Cookies\sophia@apmebf[1].txt [ /apmebf ]
C:\Documents and Settings\Sophia\Cookies\sophia@atdmt[2].txt [ /atdmt ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Documents and Settings\Sophia\Cookies\sophia@bridge.sf.admarketplace[1].txt [ /bridge.sf.admarketplace ]
C:\Documents and Settings\Sophia\Cookies\sophia@doubleclick[1].txt [ /doubleclick ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Documents and Settings\Sophia\Cookies\sophia@imrworldwide[2].txt [ /imrworldwide ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Documents and Settings\Sophia\Cookies\sophia@interclick[1].txt [ /interclick ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Documents and Settings\Sophia\Cookies\sophia@kontera[1].txt [ /kontera ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.t.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Documents and Settings\Sophia\Cookies\sophia@mediaplex[1].txt [ /mediaplex ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Documents and Settings\Sophia\Cookies\sophia@statse.webtrendslive[1].txt [ /statse.webtrendslive ]
click.searchwebresults.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click.searchwebresults.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click.searchwebresults.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Documents and Settings\Sophia\Cookies\sophia@www.googleadservices[1].txt [ /www.googleadservices ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1.atdmt.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\SOPHIA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@fastclick[2].txt [ Cookie:crystal@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@ru4[1].txt [ Cookie:crystal@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@revsci[2].txt [ Cookie:crystal@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@trackit.sitescout[1].txt [ Cookie:crystal@trackit.sitescout.com/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@specificclick[2].txt [ Cookie:crystal@specificclick.net/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@a1.interclick[1].txt [ Cookie:crystal@a1.interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@serving-sys[1].txt [ Cookie:crystal@serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@invitemedia[2].txt [ Cookie:crystal@invitemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@burstnet[1].txt [ Cookie:crystal@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@www.burstnet[1].txt [ Cookie:crystal@www.burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@adbrite[1].txt [ Cookie:crystal@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@webstat[1].txt [ Cookie:crystal@webstat.com/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@cts.metricsdirect[2].txt [ Cookie:crystal@cts.metricsdirect.com/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@shinystat[1].txt [ Cookie:crystal@shinystat.com/cgi-bin/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@www.torrentreactor[1].txt [ Cookie:crystal@www.torrentreactor.net/find/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@yieldmanager[1].txt [ Cookie:crystal@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@web-stat[1].txt [ Cookie:crystal@web-stat.com/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@andomedia[2].txt [ Cookie:crystal@andomedia.com/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@intermundomedia[2].txt [ Cookie:crystal@intermundomedia.com/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@lfstmedia[2].txt [ Cookie:crystal@lfstmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@stat.onestat[2].txt [ Cookie:crystal@stat.onestat.com/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@liveperson[3].txt [ Cookie:crystal@liveperson.net/hc/87269410 ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@adsonar[2].txt [ Cookie:crystal@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@cj[2].txt [ Cookie:crystal@cj.com/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@legolas-media[1].txt [ Cookie:crystal@legolas-media.com/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@www.intelius[1].txt [ Cookie:crystal@www.intelius.com/Find-Phone-Address/Hermann-MO/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@countynewslive[1].txt [ Cookie:crystal@countynewslive.com/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@liveperson[1].txt [ Cookie:crystal@liveperson.net/ ]
C:\DOCUMENTS AND SETTINGS\CRYSTAL\Cookies\crystal@tracking.hearthstoneonline[1].txt [ Cookie:crystal@tracking.hearthstoneonline.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@overture[2].txt [ Cookie:dustin@overture.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@www.hotbar[1].txt [ Cookie:dustin@www.hotbar.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@in.getclicky[1].txt [ Cookie:dustin@in.getclicky.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@adultfriendfinder[1].txt [ Cookie:dustin@adultfriendfinder.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@mas.midkotamedia[1].txt [ Cookie:dustin@mas.midkotamedia.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@casalemedia[2].txt [ Cookie:dustin@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@a1.interclick[1].txt [ Cookie:dustin@a1.interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@zedo[2].txt [ Cookie:dustin@zedo.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@lucidmedia[1].txt [ Cookie:dustin@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@bs.serving-sys[1].txt [ Cookie:dustin@bs.serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@pointroll[2].txt [ Cookie:dustin@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@atdmt[1].txt [ Cookie:dustin@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@nextag[2].txt [ Cookie:dustin@nextag.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@adserver.adtechus[1].txt [ Cookie:dustin@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@liveperson[5].txt [ Cookie:dustin@liveperson.net/hc/66305761 ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@asianporn69[2].txt [ Cookie:dustin@asianporn69.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@ice.112.2o7[1].txt [ Cookie:dustin@ice.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@tribalfusion[2].txt [ Cookie:dustin@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@advertising[1].txt [ Cookie:dustin@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@collective-media[2].txt [ Cookie:dustin@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@www.tracklead[1].txt [ Cookie:dustin@www.tracklead.net/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@revsci[2].txt [ Cookie:dustin@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@dominionenterprises.112.2o7[1].txt [ Cookie:dustin@dominionenterprises.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@liveperson[4].txt [ Cookie:dustin@liveperson.net/hc/71605247 ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@track.com--net[1].txt [ Cookie:dustin@track.com--net.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@mediabrandsww[1].txt [ Cookie:dustin@mediabrandsww.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@stat.onestat[2].txt [ Cookie:dustin@stat.onestat.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@triseptsolutions.122.2o7[1].txt [ Cookie:dustin@triseptsolutions.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@oddcast[1].txt [ Cookie:dustin@oddcast.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@statcounter[1].txt [ Cookie:dustin@statcounter.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@www.machinefinder[2].txt [ Cookie:dustin@www.machinefinder.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@www.gunco[3].txt [ Cookie:dustin@www.gunco.net/ads/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@www.googleadservices[4].txt [ Cookie:dustin@www.googleadservices.com/pagead/conversion/1071196207/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@www.google[1].txt [ Cookie:dustin@www.google.com/accounts ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@ad.slutload[2].txt [ Cookie:dustin@ad.slutload.com/ads/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@liveperson[3].txt [ Cookie:dustin@liveperson.net/hc/57386690 ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@cms.trafficmp[1].txt [ Cookie:dustin@cms.trafficmp.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@web-stat[1].txt [ Cookie:dustin@web-stat.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@countynewslive[1].txt [ Cookie:dustin@countynewslive.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@tacoda[2].txt [ Cookie:dustin@tacoda.net/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@burstnet[2].txt [ Cookie:dustin@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@generalads.emeryporn[1].txt [ Cookie:dustin@generalads.emeryporn.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@countrynewslive[1].txt [ Cookie:dustin@countrynewslive.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@www.googleadservices[2].txt [ Cookie:dustin@www.googleadservices.com/pagead/conversion/1072309118/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@wm.wiredminds[1].txt [ Cookie:dustin@wm.wiredminds.de/track/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@tacoda.at.atwola[2].txt [ Cookie:dustin@tacoda.at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@liveperson[6].txt [ Cookie:dustin@liveperson.net/hc/69606660 ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@viacom.adbureau[2].txt [ Cookie:dustin@viacom.adbureau.net/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@asianpornmovies[2].txt [ Cookie:dustin@asianpornmovies.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@www.justanswer[1].txt [ Cookie:dustin@www.justanswer.com/questions/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@eas.apm.emediate[2].txt [ Cookie:dustin@eas.apm.emediate.eu/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@e-2dj6wjny-1oc5ah.stats.esomniture[2].txt [ Cookie:dustin@e-2dj6wjny-1oc5ah.stats.esomniture.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@www.pixeltrack66[1].txt [ Cookie:dustin@www.pixeltrack66.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@hotbar[1].txt [ Cookie:dustin@hotbar.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@2o7[2].txt [ Cookie:dustin@2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@www.justclicklocal[2].txt [ Cookie:dustin@www.justclicklocal.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@cts.metricsdirect[2].txt [ Cookie:dustin@cts.metricsdirect.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@asianporntubevideos[1].txt [ Cookie:dustin@asianporntubevideos.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@e-2dj6aekiuodpwkq.stats.esomniture[2].txt [ Cookie:dustin@e-2dj6aekiuodpwkq.stats.esomniture.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@www.asianporn69[1].txt [ Cookie:dustin@www.asianporn69.com/gallery/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@sextronix[1].txt [ Cookie:dustin@sextronix.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@bidrivals.directtrack[2].txt [ Cookie:dustin@bidrivals.directtrack.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@www.googleadservices[5].txt [ Cookie:dustin@www.googleadservices.com/pagead/conversion/1029852713/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@porno[2].txt [ Cookie:dustin@porno.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@adtech[1].txt [ Cookie:dustin@adtech.de/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@www.googleadservices[7].txt [ Cookie:dustin@www.googleadservices.com/pagead/conversion/1071873945/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@directtrack[1].txt [ Cookie:dustin@directtrack.com/ ]
C:\DOCUMENTS AND SETTINGS\DUSTIN\Cookies\dustin@bizrate[1].txt [ Cookie:dustin@bizrate.com/ ]
C:\DOCUMENTS AND SETTINGS\SOPHIA\Cookies\sophia@www.google[2].txt [ Cookie:sophia@www.google.com/accounts ]


ESET
C:\Documents and Settings\Dustin\Application Data\Sun\Java\Deployment\cache\6.0\14\598a308e-7272058f Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined
C:\Documents and Settings\Dustin\Application Data\Sun\Java\Deployment\cache\6.0\36\5be8fda4-1453b238 multiple threats deleted - quarantined
C:\Documents and Settings\Dustin\Application Data\Sun\Java\Deployment\cache\6.0\53\3331ac75-74452ecd Win32/Adware.SafetyAntiSpyware.A application cleaned by deleting - quarantined
C:\Documents and Settings\Dustin\Application Data\Sun\Java\Deployment\cache\6.0\58\27f4027a-4b3546db multiple threats deleted - quarantined
C:\Documents and Settings\Sophia\Application Data\Sun\Java\Deployment\cache\6.0\17\23b53e91-7d7c86a8 multiple threats deleted - quarantined
C:\Documents and Settings\Sophia\Application Data\Sun\Java\Deployment\cache\6.0\26\2e89031a-5943c58f multiple threats deleted - quarantined
C:\Documents and Settings\Sophia\Application Data\Sun\Java\Deployment\cache\6.0\41\2a845ae9-449864a8 multiple threats deleted - quarantined
C:\Documents and Settings\Sophia\Application Data\Sun\Java\Deployment\cache\6.0\53\4e4fa575-1fd167d3 multiple threats deleted - quarantined
C:\Documents and Settings\Sophia\Local Settings\Application Data\Lake\lgshtmfw.dll Win32/Kryptik.ANOZ.Gen trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\Sophia\Local Settings\Temp\AUCHECK_MAP_41.xml Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Sophia\Local Settings\Temp\NODE6D8.tmp Win32/Kryptik.ANOZ.Gen trojan cleaned by deleting (after the next restart) - quarantined
C:\System Volume Information\_restore{04B20ACC-AE7D-4F34-B547-573C2828457F}\RP869\A0051070.dll Win32/Kryptik.ANOZ.Gen trojan cleaned by deleting - quarantined
MiniToolBox by Farbar Version: 07-11-2012
Ran by Sophia (administrator) on 07-11-2012 at 12:06:41
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/07/2012 09:50:03 AM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (11/07/2012 09:47:52 AM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (11/06/2012 01:16:45 PM) (Source: MsiInstaller) (User: EMACHINE-7AF6B9)
Description: Product: Adobe Reader 8.2.0 -- Error 1402.Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS. System error 5. Verify that you have sufficient access to that key, or contact your support personnel.

Error: (11/06/2012 01:16:06 PM) (Source: MsiInstaller) (User: EMACHINE-7AF6B9)
Description: Product: Adobe Reader 8.1.2 -- Error 1402.Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS. System error 5. Verify that you have sufficient access to that key, or contact your support personnel.

Error: (11/03/2012 09:20:59 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (11/03/2012 09:20:58 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/03/2012 09:19:25 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (11/03/2012 09:19:24 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/03/2012 09:19:24 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/31/2012 05:53:24 PM) (Source: Application Error) (User: )
Description: Faulting application jaucheck.exe, version 2.0.2.4, faulting module jaucheck.exe, version 2.0.2.4, fault address 0x0000c940.
Processing media-specific event for [jaucheck.exe!ws!]


System errors:
=============
Error: (11/07/2012 09:51:29 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (11/07/2012 09:51:29 AM) (Source: Service Control Manager) (User: )
Description: The 5016 service failed to start due to the following error:
%%2

Error: (11/07/2012 09:49:59 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (11/06/2012 03:43:56 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 3 time(s).

Error: (11/06/2012 03:42:50 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/06/2012 03:41:56 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/06/2012 03:41:43 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/06/2012 03:41:13 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Error: (11/06/2012 03:41:10 PM) (Source: Service Control Manager) (User: )
Description: The NTI Backup Now 5 Backup Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/06/2012 03:41:05 PM) (Source: Service Control Manager) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.3.181.34)
Adobe Flash Player 10 Plugin (Version: 10.0.32.18)
Adobe Reader 8.1.2 (Version: 8.1.2)
Adobe Shockwave Player 11.5 (Version: 11.5.1.601)
Agere Systems PCI-SV92EX Soft Modem
Apple Application Support (Version: 1.0)
Apple Software Update (Version: 2.1.1.116)
CCleaner (Version: 3.24)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Critical Update for Windows Media Player 11 (KB959772)
CyberLink DVD Suite (Version: 6.0.2110)
CyberLink Power2Go (Version: 6.0.2115)
CyberLink PowerDVD (Version: 7.0.3409.a)
eMachines Games (Version: 1.0.0.52)
ESET Online Scanner v3
Fisher-Price Computer Cool School (Version: 1.00.0000)
Full Tilt Poker (Version: 4.18.2.WIN.FullTilt.COM)
GearDrvs (Version: 1.00.0000)
Google Chrome (Version: 22.0.1229.94)
Google Desktop (Version: 5.9.1005.12335)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 21 (Version: 6.0.210)
Java™ 6 Update 5 (Version: 1.6.0.50)
LightScribe 1.4.142.1 (Version: 1.4.142.1)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
MediaBar 2.0 (Version: 2.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60129.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6425.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Works (Version: 9.7.0621)
Musicmatch® Jukebox (Version: 9.00.5067)
Norton Security Scan (Version: 3.0.1.8)
NTI Backup Now 5 (Version: 5.1.2.503)
NTI Backup Now Standard (Version: 5.1.2.503)
NTI Media Maker 8 (Version: 8.0.12.6325)
NVIDIA Drivers
QuickTime (Version: 7.64.17.73)
Realtek High Definition Audio Driver (Version: 5.10.0.5628)
SUPERAntiSpyware (Version: 5.6.1014)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Yahoo! Software Update
Yahoo! Toolbar

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 894.42 MB
Available physical RAM: 467.78 MB
Total Pagefile: 2168.08 MB
Available Pagefile: 1387.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.8 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:69.4 GB) (Free:48.52 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:69.89 GB) (Free:69.79 GB) NTFS
6 Drive h: (SANSA E260) (Removable) (Total:3.72 GB) (Free:1.71 GB) FAT32

========================= Users: ========================================

User accounts for \\EMACHINE-7AF6B9

Administrator ASPNET Crystal
Dustin Guest HelpAssistant
Sophia SUPPORT_388945a0


**** End of log ****
# AdwCleaner v2.007 - Logfile created 11/07/2012 at 12:09:20
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Sophia - EMACHINE-7AF6B9
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Sophia\My Documents\Downloads\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\All Users\Desktop\eBay.lnk

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\hblitesa

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Documents and Settings\Crystal\Application Data\Mozilla\Firefox\Profiles\jqee1i5g.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\wfcse08c.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\e4wm24yn.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Sophia\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2468 octets] - [06/11/2012 14:40:20]
AdwCleaner[R2].txt - [2280 octets] - [07/11/2012 12:08:29]
AdwCleaner[S1].txt - [2231 octets] - [07/11/2012 12:09:20]

########## EOF - C:\AdwCleaner[S1].txt - [2291 octets] ##########
Norman Malware Cleaner v2.06.01
Copyright © 1990 - 2012, Norman ASA.

Norman Scanner Engine Version: 7.00.12
nvcbin.def: Version: 7.00.1794, Date: 2012/11/07 07:23:42, Variants: 15286090
nvcmacro.def: Version: 0.00.00, Date: 1969/12/31 18:00:00, Variants: 0

Operating System: Windows XP Service Pack 3

Switches: /iagree /cleanrootkit /nomt /nosb

Scan started: 2012/11/07 14:24:42

Running pre-scan cleanup routine...
Potentially unwanted registry key: 'HKCR\.exe --> shell'
Remove registry key: HKCR\.exe (--> shell)
Cleaning successful

Number of malicious objects found: 1
Number of malicious objects cleaned: 1
Scanning time: 0s

Scanning system for active rootkit activity...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Scanning running processes and process memory...

Number of objects found: 1346
Number of objects scanned: 1346
Number of objects not scanned: 0
Number of malicious memory objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 38s

Scanning system for FakeAV...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Running quick scan...

Number of files found: 2554
Number of archives unpacked: 10
Number of objects found: 2819
Number of objects scanned: 2819
Number of objects not scanned: 0
Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 3m 40s

Running post-scan cleanup routine...
Potentially unwanted registry key: 'HKCR\.exe --> shell'
Remove registry key: HKCR\.exe (--> shell)
Cleaning successful

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Results:
Total number of files found: 2554
Total number of archives unpacked: 10
Total number of objects found: 4165
Total number of objects scanned: 4165
Total number of objects not scanned: 0
Total number of malicious objects found: 2
Total number of malicious objects cleaned: 2
Total number of malicious files found: 0
Total number of malicious files cleaned: 0
Total number of objects quarantined: 2
Total scanning time: 4m 18s

#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 PM

Posted 07 November 2012 - 07:21 PM

Download tdss killer

http://support.kaspersky.com/downloads/utils/tdsskiller.exe



Right Click it Run as Admin . Click on Change parameters Select TDLFS file system

Hit the Scan button Post the LOG In your next reply

Do not change the default options on scan results



Run the program below as admin hit the scan button allow it to finish then hit the delete button.

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Download Rkill run it post the log.
http://www.bleepingcomputer.com/download/rkill/

Download the junkware removal tool save it to your desktop run it in safe mode post the log.
http://thisisudax.org/downloads/JRT.exe


Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe After the scan is finished then click on File>>>>>>>>>>>Save The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option. in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.

http://download.sysinternals.com/files/Autoruns.zip

#5 jwbink1500

jwbink1500
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 08 November 2012 - 02:08 PM

10:07:17.0828 2684 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:07:18.0156 2684 ============================================================
10:07:18.0156 2684 Current date / time: 2012/11/08 10:07:18.0156
10:07:18.0156 2684 SystemInfo:
10:07:18.0156 2684
10:07:18.0156 2684 OS Version: 5.1.2600 ServicePack: 3.0
10:07:18.0156 2684 Product type: Workstation
10:07:18.0156 2684 ComputerName: EMACHINE-7AF6B9
10:07:18.0156 2684 UserName: Sophia
10:07:18.0156 2684 Windows directory: C:\WINDOWS
10:07:18.0156 2684 System windows directory: C:\WINDOWS
10:07:18.0156 2684 Processor architecture: Intel x86
10:07:18.0156 2684 Number of processors: 1
10:07:18.0156 2684 Page size: 0x1000
10:07:18.0156 2684 Boot type: Normal boot
10:07:18.0156 2684 ============================================================
10:07:19.0328 2684 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:07:19.0328 2684 ============================================================
10:07:19.0328 2684 \Device\Harddisk0\DR0:
10:07:19.0328 2684 MBR partitions:
10:07:19.0328 2684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1384C7A, BlocksNum 0x8ACE664
10:07:19.0328 2684 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9E532DE, BlocksNum 0x8BC57E3
10:07:19.0328 2684 ============================================================
10:07:19.0359 2684 C: <-> \Device\Harddisk0\DR0\Partition1
10:07:19.0390 2684 D: <-> \Device\Harddisk0\DR0\Partition2
10:07:19.0390 2684 ============================================================
10:07:19.0390 2684 Initialize success
10:07:19.0390 2684 ============================================================
10:07:35.0359 3768 ============================================================
10:07:35.0359 3768 Scan started
10:07:35.0359 3768 Mode: Manual; TDLFS;
10:07:35.0359 3768 ============================================================
10:07:35.0671 3768 ================ Scan system memory ========================
10:07:35.0671 3768 System memory - ok
10:07:35.0687 3768 ================ Scan services =============================
10:07:35.0750 3768 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
10:07:35.0765 3768 !SASCORE - ok
10:07:35.0843 3768 5016 - ok
10:07:35.0921 3768 Abiosdsk - ok
10:07:35.0937 3768 abp480n5 - ok
10:07:35.0968 3768 [ EA38C961260F29295C6D03070FA9D0B5 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:07:35.0984 3768 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: EA38C961260F29295C6D03070FA9D0B5, Fake md5: 8FD99680A539792A30E97944FDAECF17
10:07:35.0984 3768 ACPI ( Virus.Win32.Rloader.a ) - infected
10:07:35.0984 3768 ACPI - detected Virus.Win32.Rloader.a (0)
10:07:36.0000 3768 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:07:36.0000 3768 ACPIEC - ok
10:07:36.0015 3768 adpu160m - ok
10:07:36.0046 3768 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:07:36.0046 3768 aec - ok
10:07:36.0078 3768 [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:07:36.0078 3768 AFD - ok
10:07:36.0125 3768 [ 8ED60797908FD394EEE0D6949F493224 ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
10:07:36.0125 3768 AgereModemAudio - ok
10:07:36.0171 3768 [ BAF68DCBA949633DF0C16D37AF2A2351 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
10:07:36.0187 3768 AgereSoftModem - ok
10:07:36.0203 3768 Aha154x - ok
10:07:36.0218 3768 aic78u2 - ok
10:07:36.0234 3768 aic78xx - ok
10:07:36.0265 3768 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:07:36.0265 3768 Alerter - ok
10:07:36.0296 3768 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
10:07:36.0296 3768 ALG - ok
10:07:36.0312 3768 AliIde - ok
10:07:36.0328 3768 amsint - ok
10:07:36.0343 3768 AppMgmt - ok
10:07:36.0359 3768 asc - ok
10:07:36.0375 3768 asc3350p - ok
10:07:36.0390 3768 asc3550 - ok
10:07:36.0468 3768 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:07:36.0484 3768 aspnet_state - ok
10:07:36.0531 3768 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:07:36.0531 3768 AsyncMac - ok
10:07:36.0562 3768 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:07:36.0562 3768 atapi - ok
10:07:36.0578 3768 Atdisk - ok
10:07:36.0593 3768 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:07:36.0593 3768 Atmarpc - ok
10:07:36.0640 3768 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:07:36.0640 3768 AudioSrv - ok
10:07:36.0656 3768 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:07:36.0656 3768 audstub - ok
10:07:36.0687 3768 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:07:36.0687 3768 Beep - ok
10:07:36.0734 3768 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
10:07:36.0734 3768 BITS - ok
10:07:36.0765 3768 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
10:07:36.0765 3768 Browser - ok
10:07:36.0796 3768 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
10:07:36.0796 3768 BUNAgentSvc - ok
10:07:36.0828 3768 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:07:36.0828 3768 cbidf2k - ok
10:07:36.0843 3768 cd20xrnt - ok
10:07:36.0875 3768 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:07:36.0875 3768 Cdaudio - ok
10:07:36.0890 3768 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:07:36.0890 3768 Cdfs - ok
10:07:36.0906 3768 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:07:36.0906 3768 Cdrom - ok
10:07:36.0921 3768 Changer - ok
10:07:36.0968 3768 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:07:36.0968 3768 CiSvc - ok
10:07:36.0984 3768 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:07:37.0000 3768 ClipSrv - ok
10:07:37.0046 3768 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:07:37.0093 3768 clr_optimization_v2.0.50727_32 - ok
10:07:37.0109 3768 CmdIde - ok
10:07:37.0125 3768 COMSysApp - ok
10:07:37.0156 3768 Cpqarray - ok
10:07:37.0171 3768 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:07:37.0187 3768 CryptSvc - ok
10:07:37.0187 3768 dac2w2k - ok
10:07:37.0203 3768 dac960nt - ok
10:07:37.0250 3768 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:07:37.0265 3768 DcomLaunch - ok
10:07:37.0296 3768 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:07:37.0296 3768 Dhcp - ok
10:07:37.0328 3768 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:07:37.0328 3768 Disk - ok
10:07:37.0343 3768 dmadmin - ok
10:07:37.0421 3768 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:07:37.0421 3768 dmboot - ok
10:07:37.0453 3768 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:07:37.0453 3768 dmio - ok
10:07:37.0484 3768 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:07:37.0484 3768 dmload - ok
10:07:37.0515 3768 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:07:37.0515 3768 dmserver - ok
10:07:37.0531 3768 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:07:37.0531 3768 DMusic - ok
10:07:37.0562 3768 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:07:37.0562 3768 Dnscache - ok
10:07:37.0593 3768 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:07:37.0593 3768 Dot3svc - ok
10:07:37.0609 3768 dpti2o - ok
10:07:37.0640 3768 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:07:37.0640 3768 drmkaud - ok
10:07:37.0671 3768 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:07:37.0671 3768 EapHost - ok
10:07:37.0687 3768 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:07:37.0687 3768 ERSvc - ok
10:07:37.0734 3768 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
10:07:37.0734 3768 Eventlog - ok
10:07:37.0750 3768 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
10:07:37.0750 3768 EventSystem - ok
10:07:37.0765 3768 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:07:37.0781 3768 Fastfat - ok
10:07:37.0796 3768 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:07:37.0812 3768 FastUserSwitchingCompatibility - ok
10:07:37.0828 3768 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
10:07:37.0843 3768 Fax - ok
10:07:37.0859 3768 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
10:07:37.0859 3768 Fdc - ok
10:07:37.0875 3768 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:07:37.0890 3768 Fips - ok
10:07:37.0906 3768 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
10:07:37.0906 3768 Flpydisk - ok
10:07:37.0921 3768 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:07:37.0921 3768 FltMgr - ok
10:07:38.0000 3768 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:07:38.0000 3768 FontCache3.0.0.0 - ok
10:07:38.0015 3768 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:07:38.0015 3768 Fs_Rec - ok
10:07:38.0046 3768 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:07:38.0046 3768 Ftdisk - ok
10:07:38.0109 3768 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
10:07:38.0109 3768 GameConsoleService - ok
10:07:38.0140 3768 [ AB8A6A87D9D7255C3884D5B9541A6E80 ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
10:07:38.0140 3768 GEARAspiWDM - ok
10:07:38.0187 3768 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
10:07:38.0187 3768 GoogleDesktopManager-051210-111108 - ok
10:07:38.0203 3768 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:07:38.0203 3768 Gpc - ok
10:07:38.0250 3768 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:07:38.0250 3768 gupdate - ok
10:07:38.0265 3768 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:07:38.0265 3768 gupdatem - ok
10:07:38.0296 3768 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:07:38.0312 3768 gusvc - ok
10:07:38.0328 3768 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:07:38.0328 3768 HDAudBus - ok
10:07:38.0359 3768 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:07:38.0359 3768 helpsvc - ok
10:07:38.0375 3768 HidServ - ok
10:07:38.0406 3768 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:07:38.0421 3768 HidUsb - ok
10:07:38.0437 3768 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:07:38.0453 3768 hkmsvc - ok
10:07:38.0453 3768 hpn - ok
10:07:38.0500 3768 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:07:38.0500 3768 HTTP - ok
10:07:38.0531 3768 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:07:38.0531 3768 HTTPFilter - ok
10:07:38.0546 3768 i2omgmt - ok
10:07:38.0562 3768 i2omp - ok
10:07:38.0593 3768 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:07:38.0593 3768 i8042prt - ok
10:07:38.0656 3768 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:07:38.0671 3768 idsvc - ok
10:07:38.0687 3768 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:07:38.0687 3768 Imapi - ok
10:07:38.0734 3768 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:07:38.0734 3768 ImapiService - ok
10:07:38.0750 3768 ini910u - ok
10:07:38.0812 3768 [ 4D8D5B1C895EA0F2A721B98A7CE198F1 ] int15.sys C:\Acer\Empowering Technology\eRecovery\int15.sys
10:07:38.0812 3768 int15.sys - ok
10:07:38.0937 3768 [ 19AFBB8427CE65042599555E578170DF ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:07:39.0046 3768 IntcAzAudAddService - ok
10:07:39.0062 3768 IntelIde - ok
10:07:39.0093 3768 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:07:39.0093 3768 Ip6Fw - ok
10:07:39.0140 3768 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:07:39.0140 3768 IpFilterDriver - ok
10:07:39.0156 3768 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:07:39.0156 3768 IpInIp - ok
10:07:39.0187 3768 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:07:39.0187 3768 IpNat - ok
10:07:39.0218 3768 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:07:39.0218 3768 IPSec - ok
10:07:39.0234 3768 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:07:39.0234 3768 IRENUM - ok
10:07:39.0265 3768 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:07:39.0281 3768 isapnp - ok
10:07:39.0312 3768 [ 126A16F569122AE00AD3D12EF831D651 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
10:07:39.0312 3768 JavaQuickStarterService - ok
10:07:39.0328 3768 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:07:39.0328 3768 Kbdclass - ok
10:07:39.0359 3768 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:07:39.0359 3768 kmixer - ok
10:07:39.0375 3768 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:07:39.0390 3768 KSecDD - ok
10:07:39.0421 3768 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
10:07:39.0421 3768 LanmanServer - ok
10:07:39.0453 3768 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:07:39.0468 3768 lanmanworkstation - ok
10:07:39.0468 3768 lbrtfdc - ok
10:07:39.0515 3768 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
10:07:39.0515 3768 LightScribeService - ok
10:07:39.0546 3768 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:07:39.0546 3768 LmHosts - ok
10:07:39.0562 3768 MCSTRM - ok
10:07:39.0578 3768 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:07:39.0578 3768 Messenger - ok
10:07:39.0609 3768 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:07:39.0609 3768 mnmdd - ok
10:07:39.0640 3768 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:07:39.0640 3768 mnmsrvc - ok
10:07:39.0656 3768 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:07:39.0671 3768 Modem - ok
10:07:39.0687 3768 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:07:39.0687 3768 Mouclass - ok
10:07:39.0703 3768 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:07:39.0703 3768 MountMgr - ok
10:07:39.0718 3768 mraid35x - ok
10:07:39.0734 3768 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:07:39.0734 3768 MRxDAV - ok
10:07:39.0781 3768 [ F3AEFB11ABC521122B67095044169E98 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:07:39.0796 3768 MRxSmb - ok
10:07:39.0828 3768 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:07:39.0828 3768 MSDTC - ok
10:07:39.0843 3768 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:07:39.0843 3768 Msfs - ok
10:07:39.0859 3768 MSIServer - ok
10:07:39.0890 3768 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:07:39.0890 3768 MSKSSRV - ok
10:07:39.0906 3768 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:07:39.0906 3768 MSPCLOCK - ok
10:07:39.0921 3768 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:07:39.0921 3768 MSPQM - ok
10:07:39.0937 3768 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:07:39.0953 3768 mssmbios - ok
10:07:39.0953 3768 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:07:39.0968 3768 Mup - ok
10:07:40.0156 3768 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
10:07:40.0156 3768 napagent - ok
10:07:40.0187 3768 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:07:40.0187 3768 NDIS - ok
10:07:40.0203 3768 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:07:40.0203 3768 NdisTapi - ok
10:07:40.0218 3768 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:07:40.0218 3768 Ndisuio - ok
10:07:40.0234 3768 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:07:40.0234 3768 NdisWan - ok
10:07:40.0265 3768 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:07:40.0265 3768 NDProxy - ok
10:07:40.0296 3768 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:07:40.0296 3768 NetBIOS - ok
10:07:40.0312 3768 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:07:40.0312 3768 NetBT - ok
10:07:40.0359 3768 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
10:07:40.0359 3768 NetDDE - ok
10:07:40.0359 3768 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:07:40.0359 3768 NetDDEdsdm - ok
10:07:40.0390 3768 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:07:40.0390 3768 Netlogon - ok
10:07:40.0421 3768 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
10:07:40.0421 3768 Netman - ok
10:07:40.0484 3768 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:07:40.0500 3768 NetTcpPortSharing - ok
10:07:40.0531 3768 [ 832E4DD8964AB7ACC880B2837CB1ED20 ] Nla C:\WINDOWS\System32\mswsock.dll
10:07:40.0531 3768 Nla - ok
10:07:40.0562 3768 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:07:40.0562 3768 Npfs - ok
10:07:40.0578 3768 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:07:40.0593 3768 Ntfs - ok
10:07:40.0625 3768 [ CB76F68BA0D57C5D25B538981B1C611C ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
10:07:40.0625 3768 NTIBackupSvc - ok
10:07:40.0640 3768 [ 5535174933A08BB8F1CEE26DFFB930E4 ] NTIDrvr C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
10:07:40.0640 3768 NTIDrvr - ok
10:07:40.0656 3768 [ DF1C10A75DF7E50195FC417F88A33227 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
10:07:40.0656 3768 NTISchedulerSvc - ok
10:07:40.0687 3768 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:07:40.0687 3768 NtLmSsp - ok
10:07:40.0734 3768 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:07:40.0750 3768 NtmsSvc - ok
10:07:40.0781 3768 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:07:40.0781 3768 Null - ok
10:07:40.0953 3768 [ 8E6C08918DD6AF8403CC24969582761A ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:07:41.0109 3768 nv - ok
10:07:41.0140 3768 [ 45BA510DB13A0496DB1CD16826519E03 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
10:07:41.0140 3768 NVENETFD - ok
10:07:41.0156 3768 [ 57CBDB934FB1AFB7E03B413D151A6152 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
10:07:41.0156 3768 nvnetbus - ok
10:07:41.0187 3768 [ 7E5B3BE5DCD54BBB44B0C7DB7BD3EC8F ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
10:07:41.0187 3768 NVSvc - ok
10:07:41.0218 3768 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:07:41.0218 3768 NwlnkFlt - ok
10:07:41.0250 3768 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:07:41.0250 3768 NwlnkFwd - ok
10:07:41.0328 3768 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:07:41.0328 3768 odserv - ok
10:07:41.0359 3768 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:07:41.0359 3768 ose - ok
10:07:41.0406 3768 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
10:07:41.0406 3768 Parport - ok
10:07:41.0421 3768 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:07:41.0421 3768 PartMgr - ok
10:07:41.0453 3768 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:07:41.0453 3768 ParVdm - ok
10:07:41.0468 3768 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:07:41.0468 3768 PCI - ok
10:07:41.0484 3768 PCIDump - ok
10:07:41.0500 3768 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:07:41.0500 3768 PCIIde - ok
10:07:41.0515 3768 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:07:41.0515 3768 Pcmcia - ok
10:07:41.0531 3768 PDCOMP - ok
10:07:41.0546 3768 PDFRAME - ok
10:07:41.0562 3768 PDRELI - ok
10:07:41.0578 3768 PDRFRAME - ok
10:07:41.0578 3768 perc2 - ok
10:07:41.0593 3768 perc2hib - ok
10:07:41.0656 3768 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
10:07:41.0656 3768 PlugPlay - ok
10:07:41.0671 3768 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:07:41.0671 3768 PolicyAgent - ok
10:07:41.0687 3768 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:07:41.0687 3768 PptpMiniport - ok
10:07:41.0703 3768 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
10:07:41.0703 3768 Processor - ok
10:07:41.0718 3768 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:07:41.0718 3768 ProtectedStorage - ok
10:07:41.0734 3768 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:07:41.0734 3768 PSched - ok
10:07:41.0750 3768 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:07:41.0750 3768 Ptilink - ok
10:07:41.0781 3768 [ DB3B30C3A4CDCF07E164C14584D9D0F2 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:07:41.0781 3768 PxHelp20 - ok
10:07:41.0781 3768 ql1080 - ok
10:07:41.0796 3768 Ql10wnt - ok
10:07:41.0812 3768 ql12160 - ok
10:07:41.0828 3768 ql1240 - ok
10:07:41.0843 3768 ql1280 - ok
10:07:41.0875 3768 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:07:41.0875 3768 RasAcd - ok
10:07:41.0906 3768 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:07:41.0906 3768 RasAuto - ok
10:07:41.0937 3768 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:07:41.0937 3768 Rasl2tp - ok
10:07:41.0968 3768 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:07:41.0968 3768 RasMan - ok
10:07:41.0984 3768 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:07:41.0984 3768 RasPppoe - ok
10:07:42.0000 3768 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:07:42.0000 3768 Raspti - ok
10:07:42.0031 3768 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:07:42.0046 3768 Rdbss - ok
10:07:42.0062 3768 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:07:42.0062 3768 RDPCDD - ok
10:07:42.0093 3768 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:07:42.0093 3768 RDPWD - ok
10:07:42.0125 3768 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:07:42.0140 3768 RDSessMgr - ok
10:07:42.0156 3768 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:07:42.0156 3768 redbook - ok
10:07:42.0187 3768 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:07:42.0187 3768 RemoteAccess - ok
10:07:42.0250 3768 [ 06A49B7BDC36CFBF97DD90804F833369 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
10:07:42.0250 3768 RichVideo - ok
10:07:42.0281 3768 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
10:07:42.0296 3768 RpcLocator - ok
10:07:42.0328 3768 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
10:07:42.0328 3768 RpcSs - ok
10:07:42.0375 3768 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:07:42.0375 3768 RSVP - ok
10:07:42.0406 3768 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
10:07:42.0406 3768 SamSs - ok
10:07:42.0453 3768 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:07:42.0453 3768 SASDIFSV - ok
10:07:42.0453 3768 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:07:42.0468 3768 SASKUTIL - ok
10:07:42.0484 3768 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:07:42.0484 3768 SCardSvr - ok
10:07:42.0515 3768 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:07:42.0531 3768 Schedule - ok
10:07:42.0546 3768 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:07:42.0546 3768 Secdrv - ok
10:07:42.0578 3768 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
10:07:42.0578 3768 seclogon - ok
10:07:42.0593 3768 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
10:07:42.0593 3768 SENS - ok
10:07:42.0625 3768 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
10:07:42.0625 3768 Serial - ok
10:07:42.0671 3768 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:07:42.0671 3768 Sfloppy - ok
10:07:42.0703 3768 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:07:42.0703 3768 SharedAccess - ok
10:07:42.0734 3768 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:07:42.0734 3768 ShellHWDetection - ok
10:07:42.0750 3768 Simbad - ok
10:07:42.0765 3768 Sparrow - ok
10:07:42.0796 3768 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:07:42.0796 3768 splitter - ok
10:07:42.0828 3768 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:07:42.0828 3768 Spooler - ok
10:07:42.0843 3768 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:07:42.0843 3768 sr - ok
10:07:42.0890 3768 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
10:07:42.0890 3768 srservice - ok
10:07:42.0921 3768 [ 0F6AEFAD3641A657E18081F52D0C15AF ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:07:42.0921 3768 Srv - ok
10:07:42.0953 3768 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:07:42.0953 3768 SSDPSRV - ok
10:07:42.0984 3768 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:07:42.0984 3768 stisvc - ok
10:07:43.0015 3768 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:07:43.0015 3768 swenum - ok
10:07:43.0031 3768 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:07:43.0031 3768 swmidi - ok
10:07:43.0046 3768 SwPrv - ok
10:07:43.0046 3768 symc810 - ok
10:07:43.0062 3768 symc8xx - ok
10:07:43.0078 3768 SymIM - ok
10:07:43.0093 3768 SymIMMP - ok
10:07:43.0109 3768 sym_hi - ok
10:07:43.0125 3768 sym_u3 - ok
10:07:43.0140 3768 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:07:43.0140 3768 sysaudio - ok
10:07:43.0156 3768 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:07:43.0156 3768 SysmonLog - ok
10:07:43.0187 3768 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:07:43.0187 3768 TapiSrv - ok
10:07:43.0234 3768 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:07:43.0234 3768 Tcpip - ok
10:07:43.0265 3768 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:07:43.0265 3768 TDPIPE - ok
10:07:43.0281 3768 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:07:43.0281 3768 TDTCP - ok
10:07:43.0296 3768 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:07:43.0296 3768 TermDD - ok
10:07:43.0328 3768 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
10:07:43.0343 3768 TermService - ok
10:07:43.0359 3768 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
10:07:43.0359 3768 Themes - ok
10:07:43.0375 3768 TosIde - ok
10:07:43.0390 3768 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:07:43.0390 3768 TrkWks - ok
10:07:43.0421 3768 [ 5E3966A0D9B57531264FC0C835021FA1 ] UBHelper C:\WINDOWS\system32\drivers\UBHelper.sys
10:07:43.0421 3768 UBHelper - ok
10:07:43.0453 3768 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:07:43.0453 3768 Udfs - ok
10:07:43.0468 3768 ultra - ok
10:07:43.0500 3768 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:07:43.0500 3768 Update - ok
10:07:43.0546 3768 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:07:43.0546 3768 upnphost - ok
10:07:43.0578 3768 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
10:07:43.0578 3768 UPS - ok
10:07:43.0609 3768 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:07:43.0609 3768 usbehci - ok
10:07:43.0625 3768 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:07:43.0625 3768 usbhub - ok
10:07:43.0640 3768 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:07:43.0640 3768 usbohci - ok
10:07:43.0687 3768 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:07:43.0687 3768 usbprint - ok
10:07:43.0734 3768 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:07:43.0734 3768 usbscan - ok
10:07:43.0765 3768 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:07:43.0765 3768 USBSTOR - ok
10:07:43.0781 3768 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:07:43.0781 3768 VgaSave - ok
10:07:43.0796 3768 ViaIde - ok
10:07:43.0812 3768 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:07:43.0812 3768 VolSnap - ok
10:07:43.0843 3768 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
10:07:43.0859 3768 VSS - ok
10:07:43.0875 3768 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
10:07:43.0875 3768 W32Time - ok
10:07:43.0906 3768 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:07:43.0906 3768 Wanarp - ok
10:07:43.0921 3768 WDICA - ok
10:07:43.0953 3768 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:07:43.0953 3768 wdmaud - ok
10:07:43.0984 3768 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:07:43.0984 3768 WebClient - ok
10:07:44.0046 3768 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:07:44.0046 3768 winmgmt - ok
10:07:44.0093 3768 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
10:07:44.0093 3768 WmdmPmSN - ok
10:07:44.0125 3768 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:07:44.0140 3768 WmiAcpi - ok
10:07:44.0171 3768 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:07:44.0171 3768 WmiApSrv - ok
10:07:44.0250 3768 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
10:07:44.0265 3768 WMPNetworkSvc - ok
10:07:44.0296 3768 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:07:44.0312 3768 wscsvc - ok
10:07:44.0312 3768 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:07:44.0312 3768 wuauserv - ok
10:07:44.0343 3768 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:07:44.0359 3768 WudfPf - ok
10:07:44.0375 3768 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:07:44.0375 3768 WudfRd - ok
10:07:44.0406 3768 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
10:07:44.0406 3768 WudfSvc - ok
10:07:44.0437 3768 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:07:44.0437 3768 WZCSVC - ok
10:07:44.0453 3768 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:07:44.0468 3768 xmlprov - ok
10:07:44.0531 3768 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
10:07:44.0546 3768 YahooAUService - ok
10:07:44.0546 3768 ================ Scan global ===============================
10:07:44.0578 3768 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:07:44.0609 3768 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
10:07:44.0625 3768 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
10:07:44.0656 3768 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:07:44.0656 3768 [Global] - ok
10:07:44.0656 3768 ================ Scan MBR ==================================
10:07:44.0687 3768 [ 3B00354A3923E2550A9AF30ADA33077F ] \Device\Harddisk0\DR0
10:07:48.0953 3768 \Device\Harddisk0\DR0 - ok
10:07:48.0953 3768 ================ Scan VBR ==================================
10:07:48.0968 3768 [ 64724D3919AF774359D4E17B14681C93 ] \Device\Harddisk0\DR0\Partition1
10:07:48.0968 3768 \Device\Harddisk0\DR0\Partition1 - ok
10:07:48.0984 3768 [ 360B6D971382B82E1F5DADAB7F80D727 ] \Device\Harddisk0\DR0\Partition2
10:07:49.0000 3768 \Device\Harddisk0\DR0\Partition2 - ok
10:07:49.0000 3768 ============================================================
10:07:49.0000 3768 Scan finished
10:07:49.0000 3768 ============================================================
10:07:49.0015 3224 Detected object count: 1
10:07:49.0015 3224 Actual detected object count: 1
10:08:09.0703 3224 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
10:08:10.0687 3224 Backup copy found, using it..
10:08:10.0718 3224 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
10:08:10.0718 3224 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Sophia [Admin rights]
Mode : Scan -- Date : 11/08/2012 11:00:54

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] BF7C4B45-CF9F-4DD0-91F2-5F2A128A3061.exe -- C:\Documents and Settings\Sophia\Local Settings\Temp\BF7C4B45-CF9F-4DD0-91F2-5F2A128A3061.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Lake (rundll32.exe "C:\Documents and Settings\Sophia\Local Settings\Application Data\Lake\lgshtmfw.dll",LADF_CoInstaller) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2021444666-2160809809-2054387210-1008[...]\Run : Lake (rundll32.exe "C:\Documents and Settings\Sophia\Local Settings\Application Data\Lake\lgshtmfw.dll",LADF_CoInstaller) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\5016 (C:\DOCUME~1\Sophia\LOCALS~1\Temp\5016.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\5016 (C:\DOCUME~1\Sophia\LOCALS~1\Temp\5016.sys) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKLM\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS @ 0xF3A98640)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDP725016GLA380 +++++
--- User ---
[MBR] c3e1077689bbe72a756c86a3e60d5a5e
[BSP] 39d821bb6038d6672e5d3a385b41446a : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20466810 | Size: 71068 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 166015710 | Size: 71562 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11082012_02d1100.txt >>
RKreport[1]_S_11082012_02d1100.txt



RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Sophia [Admin rights]
Mode : Remove -- Date : 11/08/2012 11:01:22

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] BF7C4B45-CF9F-4DD0-91F2-5F2A128A3061.exe -- C:\Documents and Settings\Sophia\Local Settings\Temp\BF7C4B45-CF9F-4DD0-91F2-5F2A128A3061.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Lake (rundll32.exe "C:\Documents and Settings\Sophia\Local Settings\Application Data\Lake\lgshtmfw.dll",LADF_CoInstaller) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\5016 (C:\DOCUME~1\Sophia\LOCALS~1\Temp\5016.sys) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\5016 (C:\DOCUME~1\Sophia\LOCALS~1\Temp\5016.sys) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKLM\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS @ 0xF3A98640)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDP725016GLA380 +++++
--- User ---
[MBR] c3e1077689bbe72a756c86a3e60d5a5e
[BSP] 39d821bb6038d6672e5d3a385b41446a : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20466810 | Size: 71068 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 166015710 | Size: 71562 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11082012_02d1101.txt >>
RKreport[1]_S_11082012_02d1100.txt ; RKreport[2]_D_11082012_02d1101.txt



RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Sophia [Admin rights]
Mode : Scan -- Date : 11/08/2012 11:01:29

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] BF7C4B45-CF9F-4DD0-91F2-5F2A128A3061.exe -- C:\Documents and Settings\Sophia\Local Settings\Temp\BF7C4B45-CF9F-4DD0-91F2-5F2A128A3061.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS @ 0xF3A98640)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDP725016GLA380 +++++
--- User ---
[MBR] c3e1077689bbe72a756c86a3e60d5a5e
[BSP] 39d821bb6038d6672e5d3a385b41446a : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20466810 | Size: 71068 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 166015710 | Size: 71562 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_S_11082012_02d1101.txt >>
RKreport[1]_S_11082012_02d1100.txt ; RKreport[2]_D_11082012_02d1101.txt ; RKreport[3]_S_11082012_02d1101.txt



Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/08/2012 11:02:02 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
* HKCU\SOFTWARE\Classes\.exe has been deleted!
* HKCU\SOFTWARE\Classes\exefile has been deleted!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 11/08/2012 11:02:46 AM
Execution time: 0 hours(s), 0 minute(s), and 44 seconds(s)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 2.8.7 (11.08.2012)
OS: Microsoft Windows XP x86
Ran by Sophia on Thu 11/08/2012 at 12:27:33.07
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2a69}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\bigfix"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/08/2012 at 12:32:36.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 8.0\reader\reader_sl.exe"
+ "Alcmtr" "Realtek Azalia Audio - Event Monitor" "Realtek Semiconductor Corp." "c:\windows\alcmtr.exe"
+ "BkupTray" "NTI Backup Now 5 Tray Module" "" "c:\program files\newtech infosystems\nti backup now 5\bkuptray.exe"
+ "eRecoveryService" "eRecovery agent" "Acer Inc." "c:\acer\empowering technology\erecovery\eragent.exe"
+ "FPCCSMiddleware" "" "" "c:\program files\fisher-price\computer cool school\fpccsmiddleware.exe"
+ "Google Desktop Search" "Google Desktop" "Google" "c:\program files\google\google desktop search\googledesktop.exe"
+ "LanguageShortcut" "Language Application" "" "c:\program files\cyberlink\powerdvd\language\language.exe"
+ "mmtask" "<Musicmatch System Tray Application>" "Musicmatch Inc." "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
+ "MMTray" "mm_tray" "Musicmatch, Inc." "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
+ "MSPY2002" "" "" "c:\windows\system32\ime\pintlgnt\imscinst.exe"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "NvMediaCenter" "NVIDIA Media Center Library" "NVIDIA Corporation" "c:\windows\system32\nvmctray.dll"
+ "nwiz" "NVIDIA nView Wizard, Version 111.55 " "NVIDIA Corporation" "c:\windows\system32\nwiz.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "RemoteControl" "PowerDVD RC Service" "Cyberlink Corp." "c:\program files\cyberlink\powerdvd\pdvdserv.exe"
+ "RTHDCPL" "Realtek HD Audio Control Panel" "Realtek Semiconductor Corp." "c:\windows\rthdcpl.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "UpdateP2GoShortCut" "StartMen Application" "CyberLink Corp." "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe"
+ "UpdatePSTShortCut" "StartMen Application" "CyberLink Corp." "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe"
"C:\Documents and Settings\Sophia\Start Menu\Programs\Startup" "" "" ""
+ "OneNote 2007 Screen Clipper and Launcher.lnk" "Microsoft Office OneNote Quick Launcher" "Microsoft Corporation" "c:\program files\microsoft office\office12\onenotem.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "SUPERAntiSpyware.com" "c:\program files\superantispyware\superantispyware.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "00nView" "NVIDIA Desktop Explorer, Version 111.55 " "NVIDIA Corporation" "c:\windows\system32\nvshell.dll"
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "&Yahoo! Toolbar Helper" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn0\yt.dll"
+ "Adobe PDF Reader Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "SingleInstance Class" "Yahoo! Single Instance for Mail" "Yahoo! Inc" "c:\program files\yahoo!\companion\installs\cpn0\ytsingleinstance.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "BearShare MediaBar" "BearShareMediaBar Module" "BearShare" "c:\program files\bearshare applications\bearshare mediabar\bearsharemediabar.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "Norton Security Scan for Crystal.job" "" "" "File not found: C:\Program Files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe /scan-quick /scheduled"
+ "Norton Security Scan for Dustin.job" "Norton Security Scan" "Symantec Corporation" "c:\program files\norton security scan\engine\3.0.1.8\nss.exe"
+ "Norton Security Scan for Sophia.job" "Norton Security Scan" "Symantec Corporation" "c:\program files\norton security scan\engine\3.0.1.8\nss.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore.exe"
+ "AgereModemAudio" "Agere Soft Modem Call Progress Service" "Agere Systems" "c:\windows\system32\agrsmsvc.exe"
+ "AppMgmt" "Provides software installation services such as Assign, Publish, and Remove." "" "File not found: C:\WINDOWS\System32\appmgmts.dll"
+ "BUNAgentSvc" "NTI Backup Now 5 Agent Service" "NewTech Infosystems, Inc." "c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe"
+ "GameConsoleService" "GameConsole management services" "WildTangent, Inc." "c:\program files\emachines games\emachines game console\gameconsoleservice.exe"
+ "GoogleDesktopManager-051210-111108" "Updates Google Desktop with the latest security fixes, enhancements and features. This service only runs occasionally and thus does not affect your computer's performance. If this service is stopped or disabled, Google Desktop may not function correctly." "Google" "c:\program files\google\google desktop search\googledesktop.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files\common files\lightscribe\lssrvc.exe"
+ "NTIBackupSvc" "NTI Backup Now 5 Backup service for backup(restore). " "NewTech InfoSystems, Inc." "c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe"
+ "NTISchedulerSvc" "NTI Backup Now 5 Manage BackupNow backup jobs and etc..." "" "c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe"
+ "NVSvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "RichVideo" "RichVideo Module" "" "c:\program files\cyberlink\shared files\richvideo.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "YahooAUService" "Keeps your favorite Yahoo! software up-to-date with the latest features, tools, and enhancements." "Yahoo! Inc." "c:\program files\yahoo!\softwareupdate\yahooauservice.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AgereSoftModem" "SoftModem Device Driver" "Agere Systems" "c:\windows\system32\drivers\agrsm.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "int15.sys" "" "" "c:\acer\empowering technology\erecovery\int15.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkhdaud.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "MCSTRM" "" "" "File not found: C:\WINDOWS\System32\Drivers\MCSTRM.sys"
+ "NTIDrvr" "NTI CD-ROM Filter Driver" "NewTech Infosystems, Inc." "c:\windows\system32\drivers\ntidrvr.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 164.01 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "NVENETFD" "NVIDIA Networking Function Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvenetfd.sys"
+ "nvnetbus" "NVIDIA Networking Bus Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvnetbus.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SymIM" "" "" "File not found: system32\DRIVERS\SymIM.sys"
+ "SymIMMP" "" "" "File not found: system32\DRIVERS\SymIM.sys"
+ "UBHelper" "NTI CDROM Filter Driver" "NewTech Infosystems Corporation" "c:\windows\system32\drivers\ubhelper.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.l3codecp" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecp.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Decoder (PDVD7 UPnP)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\upnp\claud.ax"
+ "CyberLink Audio Decoder (PDVD7)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\audiofilter\claud.ax"
+ "CyberLink Audio Effect (PDVD7)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd\audiofilter\claudfx.ax"
+ "CyberLink Audio Noise Reduction" "CLAuNR" "CyberLink Corp." "c:\program files\cyberlink\power2go\p2gaunrwrapper.ax"
+ "CyberLink Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files\cyberlink\power2go\p2gaursmpl.ax"
+ "CyberLink Audio Spectrum Analyzer (PDVD7)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\audiofilter\claudspa.ax"
+ "CyberLink Audio VolumeBooster" "CyberLink Audio Volume Booster Filter" "CyberLink Corp." "c:\program files\cyberlink\power2go\p2gvb.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\power2go\p2gaudiocd.ax"
+ "CyberLink AudioCD Filter (PDVD7)" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\audiofilter\claudiocd.ax"
+ "CyberLink Demux (PDVD7 UPnP)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\upnp\cldemuxer.ax"
+ "CyberLink Demux (PDVD7)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\navfilter\cldemuxer.ax"
+ "Cyberlink Dump Dispatch Filter" "Cyberlink File Dump Dispatch Filter" "CyberLink Corp." "c:\program files\cyberlink\power2go\p2gdumpdispatch.ax"
+ "Cyberlink Dump Filter" "Cyberlink File Dump Filter" "CyberLink Corp." "c:\program files\cyberlink\power2go\p2gdump.ax"
+ "CyberLink DVD Navigator (PDVD7)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\navfilter\clnavx.ax"
+ "CyberLink Editing Service 3.0 (Source)" "CES Kernel" "CyberLink Corp." "c:\program files\cyberlink\power2go\p2gedtkrn.dll"
+ "Cyberlink File Reader (Async.)" "Cyberlink MPEG File Reader" "CyberLink Corp." "c:\program files\cyberlink\power2go\p2greader.ax"
+ "CyberLink Line21 Decoder (PDVD7)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\videofilter\clline21.ax"
+ "CyberLink Load Image Filter" "CLImage" "CyberLink" "c:\program files\cyberlink\shared files\climage.ax"
+ "CyberLink M2V Writer" "CLM2VWriter" "CyberLink" "c:\program files\cyberlink\power2go\p2gm2vwriter.ax"
+ "CyberLink MP3/WAV Wrapper" "CyberLink MP3 Wrapper" "CyberLink Corp." "c:\program files\cyberlink\power2go\p2gmp3wrap.ax"
+ "CyberLink MPEG Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\power2go\p2gmvd.ax"
+ "CyberLink MPEG Muxer" "MpgMux" "CyberLink" "c:\program files\cyberlink\power2go\p2gmpgmux.ax"
+ "CyberLink MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\upnp\clsplter.ax"
+ "CyberLink MPEG Video Encoder" "CyberLink MPEG Video Encoder " "CyberLink Corp. " "c:\program files\cyberlink\power2go\p2gvidenc.ax"
+ "CyberLink MPEG-1 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files\cyberlink\power2go\p2gm1spliter.ax"
+ "CyberLink MPEG-2 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files\cyberlink\power2go\p2gm2spliter.ax"
+ "CyberLink MPEG-4 Splitter (PDVD7)" "CyberLink MPEG-4 Splitter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\navfilter\clm4splt.ax"
+ "CyberLink PCM Wrapper" "CyberLink PCM Wrapper" "CyberLink Corp." "c:\program files\cyberlink\power2go\p2gpcmenc.ax"
+ "CyberLink Push-Mode CLStream (PDVD7)" "CLStream" "CyberLink" "c:\program files\cyberlink\powerdvd\upnp\clstream(pushmode).ax"
+ "CyberLink Streamming Filter (PDVD7)" "Cyberlink Streaming Source Filter(Scramble)" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\upnp\clstream.ax"
+ "Cyberlink SubTitle Importor (PDVD7)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\videofilter\clsubtitle.ax"
+ "CyberLink TimeStretch Filter (CES)" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\power2go\p2gauts.ax"
+ "CyberLink TimeStretch Filter (PDVD7)" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\audiofilter\clauts.ax"
+ "CyberLink TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files\cyberlink\power2go\p2gtlmsplter.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\cyberlink\power2go\p2gvidfx.ax"
+ "CyberLink Video Regulator" "CLRGL" "Cyberlink" "c:\program files\cyberlink\power2go\p2grgl.ax"
+ "CyberLink Video Stabilizer" "CLVideoDeShaking" "CyberLink" "c:\program files\cyberlink\power2go\p2gvideostabilizer.ax"
+ "CyberLink Video/SP Decoder (PDVD7)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\videofilter\clvsd.ax"
+ "CyberLink Video/SP Decoder(PDVD7 HomeNetwork)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\upnp\clvsd.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MainConcept MPEG Audio Encoder" "MPEG Audio Encoder" "MainConcept AG" "c:\program files\newtech infosystems\nti media maker 8\media maker\mceampeg.ax"
+ "MainConcept MPEG Encoder" "MPEG Encoder and Muxer" "MainConcept AG" "c:\program files\newtech infosystems\nti media maker 8\media maker\mcesmpeg.ax"
+ "MainConcept MPEG Multiplexer" "MPEG Multiplexer" "MainConcept AG" "c:\program files\newtech infosystems\nti media maker 8\media maker\mcmuxmpeg.ax"
+ "MainConcept MPEG Splitter" "Mpeg I/II Splitter" "MainConcept AG" "c:\program files\newtech infosystems\nti media maker 8\media maker\mcspmpeg.ax"
+ "MainConcept MPEG Video Encoder" "MPEG Video Encoder" "MainConcept AG" "c:\program files\newtech infosystems\nti media maker 8\media maker\mcevmpeg.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "muvee HXImage Filter" "HXImage Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\hximagefilter.ax"
+ "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvmanalyse.ax"
+ "muvee Video Analyser" "Video Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvvanalyse.ax"
+ "P2G Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\power2go\p2gaud.ax"
+ "P2G Audio Encoder" "CyberLink Audio Encoder Filter" "Cyberlink Corp." "c:\program files\cyberlink\power2go\p2gaudenc.ax"
+ "P2G Video Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\power2go\p2gvsd.ax"
+ "P2G Video Regulator" "CyberLink Video Regulator" "CyberLink" "c:\program files\cyberlink\power2go\p2gresample.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "SlideShow" "" "" "c:\program files\newtech infosystems\nti media maker 8\photo maker\slideshow.ax"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" "Google Desktop" "Google" "c:\program files\google\google desktop search\googledesktopnetwork3.dll"

#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 PM

Posted 08 November 2012 - 07:30 PM

Any more redirects?

#7 jwbink1500

jwbink1500
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 18 November 2012 - 05:01 PM

Seems to be good now. No redirects as of now. Thank you so much for your help!! You're a genius!

Joel

#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 PM

Posted 18 November 2012 - 05:49 PM

You have a bit more work to do if you wish These are the steps that i would do if it were my machine.


Uninstall the items below.
Java™ 6 Update 21 (Version: 6.0.210)
Java™ 6 Update 5 (Version: 1.6.0.50
Norton Security Scan (Version: 3.0.1.8)
SUPERAntiSpyware (Version: 5.6.1014)

Update your java here.
http://java.com/en/



Open Autoruns and Untick the items below location of items in Bold.


"HKLM\Software\Microsoft\Internet Explorer\Toolbar"



+ "BearShare MediaBar" "BearShareMediaBar Module" "BearShare" "c:\program files\bearshare applications\bearshare mediabar\bearsharemediabar.dll"

"Task Scheduler"

+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "Norton Security Scan for Crystal.job" "" "" "File not found: C:\Program Files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe /scan-quick /scheduled"
+ "Norton Security Scan for Dustin.job" "Norton Security Scan" "Symantec Corporation" "c:\program files\norton security scan\engine\3.0.1.8\nss.exe"
+ "Norton Security Scan for Sophia.job" "Norton Security Scan" "Symantec Corporation" "c:\program files\norton security scan\engine\3.0.1.8\nss.exe"

"HKLM\System\CurrentControlSet\Services"


+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore.exe"


+ "AppMgmt" "Provides software installation services such as Assign, Publish, and Remove." "" "File not found: C:\WINDOWS\System32\appmgmts.dll"

+ "GameConsoleService" "GameConsole management services" "WildTangent, Inc." "c:\program files\emachines games\emachines game console\gameconsoleservice.exe"

+ "GoogleDesktopManager-051210-111108" "Updates Google Desktop with the latest security fixes, enhancements and features. This service only runs occasionally and thus does not affect your computer's performance. If this service is stopped or disabled, Google Desktop may not function correctly." "Google" "c:\program files\google\google desktop search\googledesktop.exe"

+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"

+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"

+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"

+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"

+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files\common files\lightscribe\lssrvc.exe"

+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"

+ "YahooAUService" "Keeps your favorite Yahoo! software up-to-date with the latest features, tools, and enhancements." "Yahoo! Inc." "c:\program files\yahoo!\softwareupdate\yahooauservice.exe"

Now close Autoruns and Reboot.

Delete the File below
c:\program files\bearshare applications\bearshare mediabar\bearsharemediabar.dll
If you have issues with it then use File Assasin just input the file path above into File Assasin window.
http://www.malwarebytes.org/products/fileassassin/

Open Msconfig And under ther start up tab disable all the items except your Wireless if you connect that way.
http://www.netsquirrel.com/msconfig/msconfig_xp.html

Install An antivirus you have none.
http://www.filehippo.com/download_avast_antivirus/download/3f0f6cf85120fa5ac62abb03aaeecda8/ Avast

http://www.bitdefender.com/solutions/free.html Bit Defender Free.


Hit the Start button then Right Click My computer>>>>>>>>>>>>>>Properties>>>>>>>>>>>
Harwdare Tab>>>>>>>>>>>>>Device Manager.
Scroll down to the IDE ATA/ATAPI Controlers Left click the + to the left of the drivers.
Right Click and uninstall all of your Primary IDE drivers there most likely will be more than one of the Primary IDE Drivers Make sure and un-install All of them prior to rebooting.



Download TFC from the download link below and save the file on your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
Double-click on the TFC icon.
When the program starts, click on the Start button. TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
When done, press OK to reboot your computer and finish the cleanup.

Remove all of your restore points and create a new one Turn off system restore reboot turn it back on reboot and you are set. :)
http://support.microsoft.com/kb/310405




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users