Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer browsers have been taken over by en.v9.com


  • Please log in to reply
5 replies to this topic

#1 rc7j

rc7j

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 12 June 2013 - 05:33 PM

Chrome, Firefox, and Int Explorer all start out w/ the website  from en.v9.com.  Nothing I do can fix it.  I put them back to the normal home page and V9 still comes up after restarting. 

 

Mod Edit: Moved topic from XP to a more appropriate forum. ~bloopie


Edited by bloopie, 12 June 2013 - 05:41 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:25 PM

Posted 12 June 2013 - 06:45 PM

Hello lets get a look.

Did you look in Control Panel ....Add/ Remove and see if you see it there to remove.
If so, remove it.
When it is finished, reboot your computer to take effect.


Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 rc7j

rc7j
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 14 June 2013 - 01:22 AM

Thanks, Global Monitor.  The problem seems to be gone.  I followed all your procedures and have posted the results below.  

 

 
1.)  There was nothing unusual in the "Add/Remove" section of "Control Panel".
 
2.)  Here is the Result.txt file:
 
MiniToolBox by Farbar  Version:21-04-2013
Ran by Clark Kent (administrator) on 12-07-2013 at 23:16:20
Running from "C:\Documents and Settings\Clark Kent\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
74.125.31.120   ssl.gstatic.com
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : dualcore
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Unknown
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
        DNS Suffix Search List. . . . . . : sd.cox.net
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Connection-specific DNS Suffix  . : sd.cox.net
 
        Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
 
        Physical Address. . . . . . . . . : 00-1B-B9-98-24-5F
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.181.104
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.181.1
 
        DHCP Server . . . . . . . . . . . : 192.168.181.1
 
        DNS Servers . . . . . . . . . . . : 192.168.181.1
 
        Lease Obtained. . . . . . . . . . : Monday, June 10, 2013 11:06:21 AM
 
        Lease Expires . . . . . . . . . . : Monday, July 15, 2013 4:26:21 AM
 
Server:  dlinkrouter.sd.cox.net
Address:  192.168.181.1
 
Name:    google.com.sd.cox.net
Address:  67.215.65.145
 
 
 
Pinging google.com [74.125.224.233] with 32 bytes of data:
 
 
 
Reply from 74.125.224.233: bytes=32 time=29ms TTL=55
 
Reply from 74.125.224.233: bytes=32 time=31ms TTL=55
 
 
 
Ping statistics for 74.125.224.233:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 29ms, Maximum = 31ms, Average = 30ms
 
Server:  dlinkrouter.sd.cox.net
Address:  192.168.181.1
 
Name:    yahoo.com.sd.cox.net
Address:  67.215.65.145
 
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
 
 
 
Reply from 98.139.183.24: bytes=32 time=116ms TTL=52
 
Reply from 98.139.183.24: bytes=32 time=300ms TTL=52
 
 
 
Ping statistics for 98.139.183.24:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 116ms, Maximum = 300ms, Average = 208ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1b b9 98 24 5f ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.181.1  192.168.181.104  20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
    192.168.181.0    255.255.255.0  192.168.181.104  192.168.181.104  20
  192.168.181.104  255.255.255.255        127.0.0.1       127.0.0.1  20
  192.168.181.255  255.255.255.255  192.168.181.104  192.168.181.104  20
        224.0.0.0        240.0.0.0  192.168.181.104  192.168.181.104  20
  255.255.255.255  255.255.255.255  192.168.181.104  192.168.181.104  1
Default Gateway:     192.168.181.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/10/2013 01:27:24 PM) (Source: Application Error) (User: )
Description: Faulting application hpzinw12.exe, version 10.1.1.5, faulting module hpzinw12.exe, version 10.1.1.5, fault address 0x00004996.
Processing media-specific event for [hpzinw12.exe!ws!]
 
Error: (06/10/2013 11:46:57 AM) (Source: Application Error) (User: )
Description: Faulting application hpzinw12.exe, version 10.1.1.5, faulting module hpzinw12.exe, version 10.1.1.5, fault address 0x00004996.
Processing media-specific event for [hpzinw12.exe!ws!]
 
Error: (06/10/2013 11:07:43 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (05/16/2013 07:23:23 PM) (Source: Webroot BHO) (User: )
Description: 
 
Error: (05/16/2013 07:35:12 AM) (Source: Application Error) (User: )
Description: Faulting application hpzinw12.exe, version 10.1.1.5, faulting module hpzinw12.exe, version 10.1.1.5, fault address 0x00004996.
Processing media-specific event for [hpzinw12.exe!ws!]
 
Error: (05/16/2013 07:35:09 AM) (Source: MsiInstaller) (User: DUALCORE)
Description: Product: Adobe Reader XI (11.0.03) -- Error 1704.An installation for Microsoft .NET Framework 2.0 Service Pack 2 is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?
 
Error: (05/16/2013 07:33:44 AM) (Source: Application Error) (User: )
Description: Faulting application hpzinw12.exe, version 10.1.1.5, faulting module hpzinw12.exe, version 10.1.1.5, fault address 0x00004996.
Processing media-specific event for [hpzinw12.exe!ws!]
 
Error: (05/12/2013 01:14:41 AM) (Source: Driver Detective) (User: )
Description: 
 
Error: (05/12/2013 01:14:20 AM) (Source: Driver Detective) (User: )
Description: 
 
Error: (05/12/2013 01:13:59 AM) (Source: Driver Detective) (User: )
Description: 
 
 
System errors:
=============
Error: (07/11/2013 09:17:07 AM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater15.2.0 service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (06/10/2013 01:27:24 PM) (Source: Application Error)(User: )
Description: hpzinw12.exe10.1.1.5hpzinw12.exe10.1.1.500004996
 
Error: (06/10/2013 11:46:57 AM) (Source: Application Error)(User: )
Description: hpzinw12.exe10.1.1.5hpzinw12.exe10.1.1.500004996
 
Error: (06/10/2013 11:07:43 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (05/16/2013 07:23:23 PM) (Source: Webroot BHO)(User: )
Description: 
 
Error: (05/16/2013 07:35:12 AM) (Source: Application Error)(User: )
Description: hpzinw12.exe10.1.1.5hpzinw12.exe10.1.1.500004996
 
Error: (05/16/2013 07:35:09 AM) (Source: MsiInstaller)(User: DUALCORE)
Description: Product: Adobe Reader XI (11.0.03) -- Error 1704.An installation for Microsoft .NET Framework 2.0 Service Pack 2 is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)
 
Error: (05/16/2013 07:33:44 AM) (Source: Application Error)(User: )
Description: hpzinw12.exe10.1.1.5hpzinw12.exe10.1.1.500004996
 
Error: (05/12/2013 01:14:41 AM) (Source: Driver Detective)(User: )
Description: 
 
Error: (05/12/2013 01:14:20 AM) (Source: Driver Detective)(User: )
Description: 
 
Error: (05/12/2013 01:13:59 AM) (Source: Driver Detective)(User: )
Description: 
 
 
=========================== Installed Programs ============================
 
4.5.1
6300 (Version: 70.0.231.000)
6300_Help (Version: 70.0.231.000)
6300Trb (Version: 70.0.231.000)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
AiO_Scan_CDA (Version: 70.0.231.000)
AiOSoftwareNPI (Version: 70.0.231.000)
Anki
Anvi Smart Defender 1.9 (Version: 1.9)
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
Asterisk Key 10.0
Audio Converter
Beacon GPS Tracking Unit (Version: 1.00.0000)
BufferChm (Version: 70.0.170.000)
Bulk Rename Utility 2.7.1.2
CCleaner (Version: 3.25)
CP_CalendarTemplates1 (Version: 70.0.170.000)
cp_OnlineProjectsConfig (Version: 70.0.170.000)
CP_Package_Basic1 (Version: 70.0.170.000)
CP_Panorama1Config (Version: 70.0.170.000)
cp_PosterPrintConfig (Version: 70.0.170.000)
CueCard (remove only)
CueTour (Version: 70.0.170.000)
CustomerResearchQFolder (Version: 1.00.0000)
CutePDF Writer 2.8
Destinations (Version: 70.0.170.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 7.0.0.0)
DocProcQFolder (Version: 1.00.0000)
DocumentViewer (Version: 70.0.170.000)
DocumentViewerQFolder (Version: 1.00.0000)
DownloadTerms (Version: 1.0)
Dropbox (Version: 2.0.22)
DWG TrueView 2012 (Version: 18.2.51.0)
eSupportQFolder (Version: 1.00.0000)
e-Sword (Version: 10.01.0000)
e-Sword Module Installer version .4 (Version: .4)
Express Burn Disc Burning Software
Fax_CDA (Version: 70.0.231.000)
FullDPAppQFolder (Version: 1.00.0000)
GARMIN 400 Series Trainer
GIMP 2.8.4 (Version: 2.8.4)
Google Chrome (Version: 27.0.1453.110)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
HP Customer Participation Program 7.0 (Version: 7.0)
HP Document Viewer 7.0 (Version: 7.0)
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Photosmart Premier Software 6.5 (Version: 6.5)
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update (Version: 3.0.7.014)
HP Solution Center 7.0 (Version: 7.0)
HPPhotoSmartExpress (Version: 70.0.170.000)
HPProductAssistant (Version: 70.0.170.000)
InstantShareAlert (Version: 1.00.0000)
InstantShareDevices (Version: 70.0.170.000)
InstantShareDevicesMFC (Version: 70.0.170.000)
Intel® Graphics Media Accelerator Driver
Internet Explorer Toolbar 4.7 by SweetPacks (Version: 4.7.0008)
Java 7 Update 10 (Version: 7.0.100)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 30 (Version: 6.0.300)
LibreOffice 4.0.2.2 (Version: 4.0.2.2)
LucasArts' Star Wars Rebellion
MarketResearch (Version: 70.0.170.000)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
Mplayer 0.6.9 (Version: 0.6.9)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NewCopy_CDA (Version: 70.0.231.000)
OCR Software by I.R.I.S 7.0 (Version: 7.0)
PanoStandAlone (Version: 70.0.170.000)
PhotoGallery (Version: 70.0.170.000)
ProductContextNPI (Version: 70.0.231.000)
QuickTime (Version: 7.71.80.42)
RandMap (Version: 70.0.170.000)
Readme (Version: 70.0.231.000)
Realtek High Definition Audio Driver (Version: 5.10.0.5859)
Samsung New PC Studio (Version: 1.00.0000)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0)
Scan (Version: 7.0.0.0)
ScannerCopy (Version: 7.0.0.0)
SkinsHP1 (Version: 70.0.170.000)
SlideShow (Version: 70.0.170.000)
SolutionCenter (Version: 70.0.170.000)
Sonic_PrimoSDK (Version: 70.0.170.000)
Status (Version: 70.0.170.000)
The ClueFinders 5th Grade Adventures
The SWORD Project (Version: 1.5.9)
Toolbox (Version: 70.0.170.000)
TrayApp (Version: 70.0.170.000)
Unload (Version: 7.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VideoBuzz (Version: 1.0.0)
Vim 7.3 (self-installing)
Virtual Magnifying Glass v3.5
Warcraft III
WebFldrs XP (Version: 9.50.5318)
WebReg (Version: 70.0.170.000)
Windows Driver Package - Hewlett-Packard hp scanjet 3600 series (01/17/2007 8.1.0.77) (Version: 01/17/2007 8.1.0.77)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
World of Warcraft (Version: 5.2.0.16826)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 49%
Total physical RAM: 2038.17 MB
Available physical RAM: 1029.34 MB
Total Pagefile: 3934.77 MB
Available Pagefile: 2684.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.04 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:114.48 GB) (Free:66.15 GB) NTFS
4 Drive e: (500G_STORAGE) (Fixed) (Total:465.76 GB) (Free:222.86 GB) NTFS
5 Drive f: (1TByteHitac) (Fixed) (Total:931.51 GB) (Free:633.9 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DUALCORE
 
Administrator            ASPNET                   Clark Kent               
Guest                    HelpAssistant            Safe                     
SUPPORT_388945a0         
 
 
**** End of log ****
 
 
/*********************END OF JOB #2 FROM BLEEPING COMPUTER**************/
 
3.) Run TDSSkiller. Log is next.
 
23:33:14.0031 4456  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:33:14.0734 4456  ============================================================
23:33:14.0734 4456  Current date / time: 2013/07/12 23:33:14.0734
23:33:14.0734 4456  SystemInfo:
23:33:14.0734 4456  
23:33:14.0734 4456  OS Version: 5.1.2600 ServicePack: 3.0
23:33:14.0734 4456  Product type: Workstation
23:33:14.0734 4456  ComputerName: DUALCORE
23:33:14.0734 4456  UserName: Clark Kent
23:33:14.0734 4456  Windows directory: C:\WINDOWS
23:33:14.0734 4456  System windows directory: C:\WINDOWS
23:33:14.0734 4456  Processor architecture: Intel x86
23:33:14.0734 4456  Number of processors: 2
23:33:14.0734 4456  Page size: 0x1000
23:33:14.0734 4456  Boot type: Normal boot
23:33:14.0734 4456  ============================================================
23:33:39.0390 4456  Drive \Device\Harddisk0\DR0 - Size: 0x1C9FEF0000 (114.50 Gb), SectorSize: 0x200, Cylinders: 0x3A62, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:33:39.0390 4456  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:33:39.0406 4456  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:33:39.0406 4456  ============================================================
23:33:39.0406 4456  \Device\Harddisk0\DR0:
23:33:39.0406 4456  MBR partitions:
23:33:39.0406 4456  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE4F80E2
23:33:39.0406 4456  \Device\Harddisk1\DR1:
23:33:39.0406 4456  MBR partitions:
23:33:39.0406 4456  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
23:33:39.0406 4456  \Device\Harddisk2\DR2:
23:33:39.0406 4456  MBR partitions:
23:33:39.0406 4456  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
23:33:39.0406 4456  ============================================================
23:33:39.0437 4456  C: <-> \Device\Harddisk0\DR0\Partition1
23:33:39.0468 4456  E: <-> \Device\Harddisk1\DR1\Partition1
23:33:39.0515 4456  F: <-> \Device\Harddisk2\DR2\Partition1
23:33:39.0515 4456  ============================================================
23:33:39.0515 4456  Initialize success
23:33:39.0515 4456  ============================================================
23:34:16.0640 1760  ============================================================
23:34:16.0640 1760  Scan started
23:34:16.0640 1760  Mode: Manual; TDLFS; 
23:34:16.0640 1760  ============================================================
23:34:17.0171 1760  ================ Scan system memory ========================
23:34:17.0171 1760  System memory - ok
23:34:17.0187 1760  ================ Scan services =============================
23:34:17.0281 1760  05702243 - ok
23:34:17.0281 1760  Abiosdsk - ok
23:34:17.0281 1760  abp480n5 - ok
23:34:17.0312 1760  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:34:17.0328 1760  ACPI - ok
23:34:17.0343 1760  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
23:34:17.0343 1760  ACPIEC - ok
23:34:17.0421 1760  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:34:17.0421 1760  AdobeFlashPlayerUpdateSvc - ok
23:34:17.0421 1760  adpu160m - ok
23:34:17.0468 1760  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
23:34:17.0468 1760  aec - ok
23:34:17.0515 1760  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
23:34:17.0531 1760  AFD - ok
23:34:17.0531 1760  Aha154x - ok
23:34:17.0531 1760  aic78u2 - ok
23:34:17.0531 1760  aic78xx - ok
23:34:17.0562 1760  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
23:34:17.0562 1760  Alerter - ok
23:34:17.0578 1760  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
23:34:17.0578 1760  ALG - ok
23:34:17.0578 1760  AliIde - ok
23:34:17.0671 1760  [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
23:34:17.0734 1760  Ambfilt - ok
23:34:17.0734 1760  amsint - ok
23:34:17.0765 1760  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
23:34:17.0765 1760  AppMgmt - ok
23:34:17.0765 1760  asc - ok
23:34:17.0765 1760  asc3350p - ok
23:34:17.0765 1760  asc3550 - ok
23:34:17.0796 1760  [ 8C3A4F8342F1336C960B5EED3128CE31 ] asdrm           C:\WINDOWS\system32\DRIVERS\asdrm.sys
23:34:17.0796 1760  asdrm - ok
23:34:17.0828 1760  [ 67B1C96DF3C34D66190126639A2C0260 ] asdrs           C:\WINDOWS\system32\DRIVERS\asdrs.sys
23:34:17.0828 1760  asdrs - ok
23:34:18.0000 1760  [ ACF9720EFB9B2D5128446F2291F07A7A ] asdsrv          C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
23:34:18.0000 1760  asdsrv - ok
23:34:18.0031 1760  [ 4F3BC96F7C45ED12955892C310F1E3DB ] asdws           C:\WINDOWS\system32\DRIVERS\asdws.sys
23:34:18.0031 1760  asdws - ok
23:34:18.0140 1760  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:34:18.0203 1760  aspnet_state - ok
23:34:18.0234 1760  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:34:18.0234 1760  AsyncMac - ok
23:34:18.0265 1760  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
23:34:18.0281 1760  atapi - ok
23:34:18.0281 1760  Atdisk - ok
23:34:18.0296 1760  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:34:18.0296 1760  Atmarpc - ok
23:34:18.0328 1760  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
23:34:18.0328 1760  AudioSrv - ok
23:34:18.0343 1760  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
23:34:18.0343 1760  audstub - ok
23:34:18.0375 1760  [ 543E3EA927AD7FCBCFAB9617CED8ED67 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
23:34:18.0375 1760  avgtp - ok
23:34:18.0406 1760  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
23:34:18.0406 1760  Beep - ok
23:34:18.0437 1760  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
23:34:18.0484 1760  BITS - ok
23:34:18.0500 1760  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
23:34:18.0515 1760  Browser - ok
23:34:18.0531 1760  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
23:34:18.0531 1760  cbidf2k - ok
23:34:18.0531 1760  cd20xrnt - ok
23:34:18.0578 1760  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
23:34:18.0578 1760  Cdaudio - ok
23:34:18.0593 1760  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
23:34:18.0593 1760  Cdfs - ok
23:34:18.0625 1760  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:34:18.0625 1760  Cdrom - ok
23:34:18.0625 1760  Changer - ok
23:34:18.0656 1760  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc           C:\WINDOWS\System32\cisvc.exe
23:34:18.0656 1760  cisvc - ok
23:34:18.0687 1760  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
23:34:18.0687 1760  ClipSrv - ok
23:34:18.0750 1760  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:34:18.0953 1760  clr_optimization_v2.0.50727_32 - ok
23:34:19.0000 1760  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:34:19.0281 1760  clr_optimization_v4.0.30319_32 - ok
23:34:19.0281 1760  CmdIde - ok
23:34:19.0281 1760  COMSysApp - ok
23:34:19.0296 1760  Cpqarray - ok
23:34:19.0328 1760  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
23:34:19.0328 1760  CryptSvc - ok
23:34:19.0328 1760  dac2w2k - ok
23:34:19.0328 1760  dac960nt - ok
23:34:19.0375 1760  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
23:34:19.0390 1760  DcomLaunch - ok
23:34:19.0406 1760  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
23:34:19.0421 1760  Dhcp - ok
23:34:19.0437 1760  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
23:34:19.0437 1760  Disk - ok
23:34:19.0453 1760  dmadmin - ok
23:34:19.0500 1760  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
23:34:19.0531 1760  dmboot - ok
23:34:19.0546 1760  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
23:34:19.0546 1760  dmio - ok
23:34:19.0578 1760  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
23:34:19.0578 1760  dmload - ok
23:34:19.0625 1760  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
23:34:19.0625 1760  dmserver - ok
23:34:19.0640 1760  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
23:34:19.0656 1760  DMusic - ok
23:34:19.0687 1760  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
23:34:19.0687 1760  Dnscache - ok
23:34:19.0718 1760  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
23:34:19.0718 1760  Dot3svc - ok
23:34:19.0718 1760  dpti2o - ok
23:34:19.0750 1760  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
23:34:19.0750 1760  drmkaud - ok
23:34:19.0781 1760  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
23:34:19.0781 1760  EapHost - ok
23:34:19.0796 1760  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
23:34:19.0796 1760  ERSvc - ok
23:34:19.0828 1760  esgiguard - ok
23:34:19.0843 1760  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
23:34:19.0859 1760  Eventlog - ok
23:34:19.0906 1760  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\System32\es.dll
23:34:19.0921 1760  EventSystem - ok
23:34:19.0953 1760  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
23:34:19.0953 1760  Fastfat - ok
23:34:19.0984 1760  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:34:19.0984 1760  FastUserSwitchingCompatibility - ok
23:34:20.0015 1760  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
23:34:20.0015 1760  Fdc - ok
23:34:20.0015 1760  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
23:34:20.0031 1760  Fips - ok
23:34:20.0031 1760  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:34:20.0031 1760  Flpydisk - ok
23:34:20.0078 1760  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
23:34:20.0078 1760  FltMgr - ok
23:34:20.0203 1760  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:34:20.0203 1760  FontCache3.0.0.0 - ok
23:34:20.0250 1760  [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk     C:\WINDOWS\system32\FsUsbExDisk.SYS
23:34:20.0250 1760  FsUsbExDisk - ok
23:34:20.0281 1760  [ 96633419F4A1E37ACB89B45EBCCFE001 ] FsUsbExService  C:\WINDOWS\system32\FsUsbExService.Exe
23:34:20.0281 1760  FsUsbExService - ok
23:34:20.0328 1760  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:34:20.0343 1760  Fs_Rec - ok
23:34:20.0359 1760  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:34:20.0359 1760  Ftdisk - ok
23:34:20.0406 1760  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:34:20.0406 1760  Gpc - ok
23:34:20.0515 1760  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
23:34:20.0515 1760  gupdate - ok
23:34:20.0515 1760  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
23:34:20.0515 1760  gupdatem - ok
23:34:20.0578 1760  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:34:20.0578 1760  gusvc - ok
23:34:20.0640 1760  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:34:20.0640 1760  HDAudBus - ok
23:34:20.0734 1760  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:34:20.0734 1760  helpsvc - ok
23:34:20.0765 1760  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
23:34:20.0765 1760  HidServ - ok
23:34:20.0796 1760  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:34:20.0796 1760  hidusb - ok
23:34:20.0828 1760  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
23:34:20.0828 1760  hkmsvc - ok
23:34:20.0828 1760  hpn - ok
23:34:20.0828 1760  hpt3xx - ok
23:34:20.0859 1760  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
23:34:20.0859 1760  HTTP - ok
23:34:20.0953 1760  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
23:34:20.0968 1760  HTTPFilter - ok
23:34:20.0968 1760  i2omgmt - ok
23:34:20.0968 1760  i2omp - ok
23:34:21.0000 1760  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
23:34:21.0000 1760  i8042prt - ok
23:34:21.0171 1760  [ 28423512370705AEDA6A652FEDB25468 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
23:34:21.0343 1760  ialm - ok
23:34:21.0421 1760  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:34:21.0453 1760  idsvc - ok
23:34:21.0468 1760  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
23:34:21.0484 1760  Imapi - ok
23:34:21.0515 1760  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\System32\imapi.exe
23:34:21.0515 1760  ImapiService - ok
23:34:21.0515 1760  ini910u - ok
23:34:21.0765 1760  [ 0CACDCBBC8E6F11E2865C47BFC509848 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:34:22.0062 1760  IntcAzAudAddService - ok
23:34:22.0078 1760  IntelIde - ok
23:34:22.0093 1760  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:34:22.0093 1760  intelppm - ok
23:34:22.0140 1760  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
23:34:22.0156 1760  ip6fw - ok
23:34:22.0171 1760  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:34:22.0171 1760  IpFilterDriver - ok
23:34:22.0171 1760  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:34:22.0171 1760  IpInIp - ok
23:34:22.0187 1760  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:34:22.0203 1760  IpNat - ok
23:34:22.0203 1760  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:34:22.0203 1760  IPSec - ok
23:34:22.0218 1760  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
23:34:22.0218 1760  IRENUM - ok
23:34:22.0250 1760  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:34:22.0250 1760  isapnp - ok
23:34:22.0468 1760  [ 6F9AE59017FAE7E111265394967E846E ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
23:34:22.0468 1760  JavaQuickStarterService - ok
23:34:22.0515 1760  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:34:22.0531 1760  Kbdclass - ok
23:34:22.0531 1760  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:34:22.0531 1760  kbdhid - ok
23:34:22.0562 1760  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
23:34:22.0562 1760  kmixer - ok
23:34:22.0609 1760  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
23:34:22.0609 1760  KSecDD - ok
23:34:22.0656 1760  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
23:34:22.0656 1760  lanmanserver - ok
23:34:22.0687 1760  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:34:22.0687 1760  lanmanworkstation - ok
23:34:22.0687 1760  lbrtfdc - ok
23:34:22.0718 1760  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
23:34:22.0718 1760  LmHosts - ok
23:34:22.0796 1760  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
23:34:22.0796 1760  McComponentHostService - ok
23:34:22.0843 1760  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
23:34:22.0843 1760  Messenger - ok
23:34:22.0875 1760  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
23:34:22.0875 1760  mnmdd - ok
23:34:22.0906 1760  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
23:34:22.0906 1760  mnmsrvc - ok
23:34:22.0937 1760  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
23:34:22.0937 1760  Modem - ok
23:34:23.0015 1760  [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
23:34:23.0062 1760  Monfilt - ok
23:34:23.0078 1760  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:34:23.0078 1760  Mouclass - ok
23:34:23.0125 1760  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:34:23.0125 1760  mouhid - ok
23:34:23.0156 1760  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
23:34:23.0156 1760  MountMgr - ok
23:34:23.0187 1760  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:34:23.0203 1760  MozillaMaintenance - ok
23:34:23.0203 1760  mraid35x - ok
23:34:23.0234 1760  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:34:23.0234 1760  MRxDAV - ok
23:34:23.0281 1760  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:34:23.0296 1760  MRxSmb - ok
23:34:23.0328 1760  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
23:34:23.0328 1760  MSDTC - ok
23:34:23.0359 1760  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
23:34:23.0359 1760  Msfs - ok
23:34:23.0359 1760  MSIServer - ok
23:34:23.0437 1760  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:34:23.0437 1760  MSKSSRV - ok
23:34:23.0453 1760  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:34:23.0453 1760  MSPCLOCK - ok
23:34:23.0453 1760  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
23:34:23.0453 1760  MSPQM - ok
23:34:23.0468 1760  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:34:23.0468 1760  mssmbios - ok
23:34:23.0500 1760  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
23:34:23.0500 1760  Mup - ok
23:34:23.0531 1760  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
23:34:23.0546 1760  napagent - ok
23:34:23.0578 1760  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
23:34:23.0578 1760  NDIS - ok
23:34:23.0609 1760  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:34:23.0609 1760  NdisTapi - ok
23:34:23.0640 1760  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:34:23.0640 1760  Ndisuio - ok
23:34:23.0640 1760  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:34:23.0640 1760  NdisWan - ok
23:34:23.0671 1760  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
23:34:23.0671 1760  NDProxy - ok
23:34:23.0687 1760  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
23:34:23.0703 1760  NetBIOS - ok
23:34:23.0734 1760  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
23:34:23.0734 1760  NetBT - ok
23:34:23.0796 1760  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
23:34:23.0796 1760  NetDDE - ok
23:34:23.0796 1760  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
23:34:23.0796 1760  NetDDEdsdm - ok
23:34:23.0843 1760  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\System32\lsass.exe
23:34:23.0843 1760  Netlogon - ok
23:34:23.0875 1760  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
23:34:23.0890 1760  Netman - ok
23:34:23.0937 1760  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:34:24.0015 1760  NetTcpPortSharing - ok
23:34:24.0078 1760  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
23:34:24.0078 1760  Nla - ok
23:34:24.0109 1760  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
23:34:24.0109 1760  Npfs - ok
23:34:24.0171 1760  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
23:34:24.0218 1760  Ntfs - ok
23:34:24.0234 1760  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
23:34:24.0234 1760  NtLmSsp - ok
23:34:24.0281 1760  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
23:34:24.0312 1760  NtmsSvc - ok
23:34:24.0328 1760  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
23:34:24.0328 1760  Null - ok
23:34:24.0359 1760  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:34:24.0359 1760  NwlnkFlt - ok
23:34:24.0359 1760  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:34:24.0359 1760  NwlnkFwd - ok
23:34:24.0375 1760  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
23:34:24.0390 1760  Parport - ok
23:34:24.0421 1760  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
23:34:24.0421 1760  PartMgr - ok
23:34:24.0437 1760  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
23:34:24.0437 1760  ParVdm - ok
23:34:24.0453 1760  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
23:34:24.0453 1760  PCI - ok
23:34:24.0468 1760  PCIDump - ok
23:34:24.0468 1760  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
23:34:24.0468 1760  PCIIde - ok
23:34:24.0484 1760  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
23:34:24.0484 1760  Pcmcia - ok
23:34:24.0484 1760  PDCOMP - ok
23:34:24.0484 1760  PDFRAME - ok
23:34:24.0484 1760  PDRELI - ok
23:34:24.0484 1760  PDRFRAME - ok
23:34:24.0484 1760  perc2 - ok
23:34:24.0484 1760  perc2hib - ok
23:34:24.0515 1760  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
23:34:24.0515 1760  PlugPlay - ok
23:34:24.0546 1760  [ D31F88C5F19EEFA366A415D6BC5F2ABC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
23:34:24.0546 1760  Pml Driver HPZ12 - ok
23:34:24.0562 1760  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\System32\lsass.exe
23:34:24.0562 1760  PolicyAgent - ok
23:34:24.0593 1760  [ C5BD32A70808DB0F8BC01CE80EEA2C3A ] PORTIO          C:\WINDOWS\system32\drivers\portio.sys
23:34:24.0593 1760  PORTIO - ok
23:34:24.0921 1760  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:34:24.0937 1760  PptpMiniport - ok
23:34:24.0937 1760  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
23:34:24.0937 1760  Processor - ok
23:34:24.0953 1760  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:34:24.0953 1760  ProtectedStorage - ok
23:34:24.0953 1760  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
23:34:24.0953 1760  PSched - ok
23:34:24.0968 1760  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:34:24.0968 1760  Ptilink - ok
23:34:25.0031 1760  [ 0457E25BB122B854E267CF552DCDC370 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:34:25.0031 1760  PxHelp20 - ok
23:34:25.0031 1760  ql1080 - ok
23:34:25.0031 1760  Ql10wnt - ok
23:34:25.0046 1760  ql12160 - ok
23:34:25.0046 1760  ql1240 - ok
23:34:25.0046 1760  ql1280 - ok
23:34:25.0062 1760  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:34:25.0062 1760  RasAcd - ok
23:34:25.0093 1760  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
23:34:25.0093 1760  RasAuto - ok
23:34:25.0109 1760  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:34:25.0109 1760  Rasl2tp - ok
23:34:25.0140 1760  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
23:34:25.0156 1760  RasMan - ok
23:34:25.0156 1760  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:34:25.0156 1760  RasPppoe - ok
23:34:25.0171 1760  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
23:34:25.0171 1760  Raspti - ok
23:34:25.0203 1760  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:34:25.0203 1760  Rdbss - ok
23:34:25.0218 1760  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:34:25.0218 1760  RDPCDD - ok
23:34:25.0234 1760  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:34:25.0234 1760  rdpdr - ok
23:34:25.0281 1760  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
23:34:25.0281 1760  RDPWD - ok
23:34:25.0312 1760  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
23:34:25.0312 1760  RDSessMgr - ok
23:34:25.0343 1760  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
23:34:25.0343 1760  redbook - ok
23:34:25.0359 1760  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
23:34:25.0375 1760  RemoteAccess - ok
23:34:25.0390 1760  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
23:34:25.0390 1760  RemoteRegistry - ok
23:34:25.0421 1760  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\System32\locator.exe
23:34:25.0421 1760  RpcLocator - ok
23:34:25.0468 1760  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
23:34:25.0468 1760  RpcSs - ok
23:34:25.0484 1760  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\System32\rsvp.exe
23:34:25.0500 1760  RSVP - ok
23:34:25.0515 1760  [ BB0AE2171F08129F4F3FF9DF20FFBF89 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
23:34:25.0531 1760  RTLE8023xp - ok
23:34:25.0531 1760  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
23:34:25.0531 1760  SamSs - ok
23:34:25.0562 1760  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
23:34:25.0562 1760  SCardSvr - ok
23:34:25.0609 1760  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
23:34:25.0609 1760  Schedule - ok
23:34:25.0640 1760  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:34:25.0640 1760  Secdrv - ok
23:34:25.0671 1760  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
23:34:25.0671 1760  seclogon - ok
23:34:25.0687 1760  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
23:34:25.0687 1760  SENS - ok
23:34:25.0703 1760  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
23:34:25.0703 1760  serenum - ok
23:34:25.0718 1760  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
23:34:25.0718 1760  Serial - ok
23:34:25.0750 1760  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
23:34:25.0750 1760  Sfloppy - ok
23:34:25.0781 1760  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
23:34:25.0781 1760  SharedAccess - ok
23:34:25.0796 1760  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:34:25.0812 1760  ShellHWDetection - ok
23:34:25.0812 1760  Simbad - ok
23:34:25.0812 1760  Sparrow - ok
23:34:25.0828 1760  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
23:34:25.0828 1760  splitter - ok
23:34:25.0875 1760  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
23:34:25.0875 1760  Spooler - ok
23:34:25.0906 1760  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\System32\DRIVERS\sr.sys
23:34:25.0906 1760  sr - ok
23:34:25.0953 1760  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\System32\srsvc.dll
23:34:25.0953 1760  srservice - ok
23:34:26.0000 1760  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
23:34:26.0015 1760  Srv - ok
23:34:26.0046 1760  [ B2063CE662AF3AB20045121A5B716DF6 ] sscebus         C:\WINDOWS\system32\DRIVERS\sscebus.sys
23:34:26.0046 1760  sscebus - ok
23:34:26.0078 1760  [ 66799DC0AFE3DCAF8368CAE17394A762 ] sscemdfl        C:\WINDOWS\system32\DRIVERS\sscemdfl.sys
23:34:26.0078 1760  sscemdfl - ok
23:34:26.0093 1760  [ CBF03FFC08F8DB547BAB2F79AA663D16 ] sscemdm         C:\WINDOWS\system32\DRIVERS\sscemdm.sys
23:34:26.0093 1760  sscemdm - ok
23:34:26.0125 1760  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
23:34:26.0125 1760  SSDPSRV - ok
23:34:26.0140 1760  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
23:34:26.0140 1760  StillCam - ok
23:34:26.0171 1760  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
23:34:26.0187 1760  stisvc - ok
23:34:26.0218 1760  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
23:34:26.0218 1760  swenum - ok
23:34:26.0250 1760  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
23:34:26.0250 1760  swmidi - ok
23:34:26.0250 1760  SwPrv - ok
23:34:26.0250 1760  symc810 - ok
23:34:26.0250 1760  symc8xx - ok
23:34:26.0250 1760  sym_hi - ok
23:34:26.0250 1760  sym_u3 - ok
23:34:26.0296 1760  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
23:34:26.0296 1760  sysaudio - ok
23:34:26.0328 1760  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
23:34:26.0328 1760  SysmonLog - ok
23:34:26.0390 1760  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
23:34:26.0406 1760  TapiSrv - ok
23:34:26.0437 1760  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:34:26.0468 1760  Tcpip - ok
23:34:26.0484 1760  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
23:34:26.0484 1760  TDPIPE - ok
23:34:26.0500 1760  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
23:34:26.0500 1760  TDTCP - ok
23:34:26.0531 1760  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
23:34:26.0531 1760  TermDD - ok
23:34:26.0562 1760  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
23:34:26.0562 1760  TermService - ok
23:34:26.0593 1760  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
23:34:26.0593 1760  Themes - ok
23:34:26.0625 1760  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe
23:34:26.0640 1760  TlntSvr - ok
23:34:26.0640 1760  TosIde - ok
23:34:26.0671 1760  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
23:34:26.0687 1760  TrkWks - ok
23:34:26.0703 1760  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
23:34:26.0703 1760  Udfs - ok
23:34:26.0703 1760  ultra - ok
23:34:26.0750 1760  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
23:34:26.0765 1760  Update - ok
23:34:26.0812 1760  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
23:34:26.0812 1760  upnphost - ok
23:34:26.0843 1760  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
23:34:26.0843 1760  UPS - ok
23:34:26.0890 1760  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:34:26.0890 1760  usbccgp - ok
23:34:26.0906 1760  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:34:26.0921 1760  usbehci - ok
23:34:26.0921 1760  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:34:26.0921 1760  usbhub - ok
23:34:26.0953 1760  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:34:26.0953 1760  usbprint - ok
23:34:26.0968 1760  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:34:26.0968 1760  usbscan - ok
23:34:27.0000 1760  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:34:27.0000 1760  USBSTOR - ok
23:34:27.0031 1760  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:34:27.0031 1760  usbuhci - ok
23:34:27.0046 1760  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
23:34:27.0046 1760  VgaSave - ok
23:34:27.0062 1760  ViaIde - ok
23:34:27.0078 1760  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
23:34:27.0078 1760  VolSnap - ok
23:34:27.0140 1760  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
23:34:27.0140 1760  VSS - ok
23:34:27.0312 1760  [ F1E8C5167F849D1089D8108C50E6FF11 ] vToolbarUpdater15.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
23:34:27.0359 1760  vToolbarUpdater15.2.0 - ok
23:34:27.0375 1760  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\System32\w32time.dll
23:34:27.0375 1760  W32Time - ok
23:34:27.0406 1760  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:34:27.0421 1760  Wanarp - ok
23:34:27.0421 1760  WDICA - ok
23:34:27.0421 1760  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
23:34:27.0437 1760  wdmaud - ok
23:34:27.0453 1760  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
23:34:27.0453 1760  WebClient - ok
23:34:27.0578 1760  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
23:34:27.0578 1760  winmgmt - ok
23:34:27.0609 1760  [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
23:34:27.0625 1760  WmdmPmSN - ok
23:34:27.0656 1760  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
23:34:27.0718 1760  Wmi - ok
23:34:27.0750 1760  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
23:34:27.0750 1760  WmiApSrv - ok
23:34:27.0843 1760  [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
23:34:27.0875 1760  WMPNetworkSvc - ok
23:34:27.0906 1760  [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:34:27.0906 1760  WpdUsb - ok
23:34:27.0984 1760  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:34:28.0031 1760  WPFFontCache_v0400 - ok
23:34:28.0078 1760  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
23:34:28.0078 1760  wscsvc - ok
23:34:28.0109 1760  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
23:34:28.0109 1760  wuauserv - ok
23:34:28.0140 1760  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:34:28.0140 1760  WudfPf - ok
23:34:28.0171 1760  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:34:28.0171 1760  WudfRd - ok
23:34:28.0203 1760  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
23:34:28.0203 1760  WudfSvc - ok
23:34:28.0250 1760  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
23:34:28.0281 1760  WZCSVC - ok
23:34:28.0343 1760  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
23:34:28.0343 1760  xmlprov - ok
23:34:28.0343 1760  ================ Scan global ===============================
23:34:28.0375 1760  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:34:28.0406 1760  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
23:34:28.0421 1760  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
23:34:28.0437 1760  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:34:28.0437 1760  [Global] - ok
23:34:28.0437 1760  ================ Scan MBR ==================================
23:34:28.0453 1760  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:34:28.0796 1760  \Device\Harddisk0\DR0 - ok
23:34:28.0812 1760  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
23:34:29.0000 1760  \Device\Harddisk1\DR1 - ok
23:34:29.0000 1760  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
23:34:29.0718 1760  \Device\Harddisk2\DR2 - ok
23:34:29.0718 1760  ================ Scan VBR ==================================
23:34:29.0734 1760  [ 0002DD91CDA27C6333836EEEC3FE566C ] \Device\Harddisk0\DR0\Partition1
23:34:29.0734 1760  \Device\Harddisk0\DR0\Partition1 - ok
23:34:29.0734 1760  [ 0F7473131E127053B27D508B0C38B3F3 ] \Device\Harddisk1\DR1\Partition1
23:34:29.0734 1760  \Device\Harddisk1\DR1\Partition1 - ok
23:34:29.0734 1760  [ 4DCD8ACFE8EFD997078CD757F175305B ] \Device\Harddisk2\DR2\Partition1
23:34:29.0734 1760  \Device\Harddisk2\DR2\Partition1 - ok
23:34:29.0734 1760  ============================================================
23:34:29.0734 1760  Scan finished
23:34:29.0734 1760  ============================================================
23:34:29.0734 3912  Detected object count: 0
23:34:29.0734 3912  Actual detected object count: 0
 
 
/*********************END OF JOB #3 FROM BLEEPING COMPUTER**************/
 
4.)  Run AdwCleaner.  Results are next.
 
 
# AdwCleaner v2.303 - Logfile created 07/12/2013 at 23:45:23
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Clark Kent - DUALCORE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Clark Kent\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\Documents and Settings\Safe\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Documents and Settings\Safe\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\END
File Deleted : C:\user.js
File Disinfected : C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
File Disinfected : C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
File Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome\Google Chrome.lnk
File Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
File Disinfected : C:\Documents and Settings\Clark Kent\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
File Disinfected : C:\Documents and Settings\Clark Kent\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
File Disinfected : C:\Documents and Settings\Clark Kent\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
File Disinfected : C:\Documents and Settings\Clark Kent\Desktop\Unused Desktop Shortcuts\Mozilla Firefox.lnk
File Disinfected : C:\Documents and Settings\Clark Kent\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
File Disinfected : C:\Documents and Settings\Clark Kent\Start Menu\Programs\Internet Explorer.lnk
Folder Deleted : C:\DOCUME~1\CLARKK~1\LOCALS~1\Temp\Desk365
Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\Clark Kent\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Clark Kent\Application Data\Desk 365
Folder Deleted : C:\Documents and Settings\Clark Kent\Application Data\eIntaller
Folder Deleted : C:\Documents and Settings\Clark Kent\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Clark Kent\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Safe\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Safe\Application Data\BabylonToolbar
Folder Deleted : C:\Documents and Settings\Safe\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Safe\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Safe\Local Settings\Application Data\Wajam
Folder Deleted : C:\Documents and Settings\Safe\Start Menu\Programs\Wajam
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Desk 365
 
***** [Registry] *****
 
Data Deleted : HKLM\...\StartMenuInternet\FIREFOX.EXE [(Default)] = C:\Program Files\Mozilla Firefox\firefox.exe hxxp://en.v9.com/?utm_source=b&utm_medium=smt&from=smt&uid=MaxtorX6Y120L0_Y407C04E&ts=1373558316
Data Deleted : HKLM\...\StartMenuInternet\Google Chrome [(Default)] = "C:\Program Files\Google\Chrome\Application\chrome.exe" hxxp://en.v9.com/?utm_source=b&utm_medium=smt&from=smt&uid=MaxtorX6Y120L0_Y407C04E&ts=1373558316
Data Deleted : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://en.v9.com/?utm_source=b&utm_medium=smt&from=smt&uid=MaxtorX6Y120L0_Y407C04E&ts=1373558316
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25514C64-8321-494E-BD3E-3DBAB3F8CEBA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\RewardsArcade.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\RewardsArcade.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\RewardsArcade.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3295465
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://en.v9.com/?utm_source=b&utm_medium=smt&from=smt&uid=MaxtorX6Y120L0_Y407C04E&ts=1373558316 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.v9.com/web/?utm_source=b&utm_medium=smt&from=smt&uid=MaxtorX6Y120L0_Y407C04E&ts=0 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://search.v9.com/web/?utm_source=b&utm_medium=smt&from=smt&uid=MaxtorX6Y120L0_Y407C04E&ts=0 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://en.v9.com/?utm_source=b&utm_medium=smt&from=smt&uid=MaxtorX6Y120L0_Y407C04E&ts=1373558316 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://en.v9.com/?utm_source=b&utm_medium=smt&from=smt&uid=MaxtorX6Y120L0_Y407C04E&ts=1373558316 --> hxxp://www.google.com
 
-\\ Mozilla Firefox v21.0 (en-US)
 
File : C:\Documents and Settings\Clark Kent\Application Data\Mozilla\Firefox\Profiles\znuj8737.default-1356003247156\prefs.js
 
C:\Documents and Settings\Clark Kent\Application Data\Mozilla\Firefox\Profiles\znuj8737.default-1356003247156\user.js ... Deleted !
 
Deleted : user_pref("avg.install.userHPSettings", "hxxp://en.v9.com/?utm_source=b&utm_medium=smt&from=smt&uid=[...]
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Documents and Settings\Clark Kent\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Documents and Settings\Safe\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [15145 octets] - [12/07/2013 23:45:23]
 
########## EOF - C:\AdwCleaner[S1].txt - [15206 octets] ##########
 
/*********************END OF JOB #4 FROM BLEEPING COMPUTER**************/
5.) run ESET.
 
 
C:\Documents and Settings\Clark Kent\Application Data\Sun\Java\Deployment\cache\6.0\46\2fd1b4ee-6b818de2 a variant of Java/TrojanDownloader.Agent.NDJ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Clark Kent\Application Data\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-7f58f9c0 a variant of Java/TrojanDownloader.Agent.NDJ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Clark Kent\My Documents\Downloads\AudioConverterSetup.exe a variant of Win32/InstallCore.AF application cleaned by deleting - quarantined
C:\Documents and Settings\Clark Kent\My Documents\Downloads\Firefox_setup.exe a variant of Win32/Adware.iBryte.D application cleaned by deleting - quarantined
C:\Documents and Settings\Clark Kent\My Documents\Downloads\gimp setup.exe a variant of Win32/Soft32Downloader.D application cleaned by deleting - quarantined
C:\Documents and Settings\Clark Kent\My Documents\Downloads\gimp-setup.exe multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Clark Kent\My Documents\Downloads\GoogleChromeExtensionUpdate_m6.exe multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Clark Kent\My Documents\Downloads\GreekType_downloader_by_Fonts101.exe a variant of Win32/Somoto.A application cleaned by deleting - quarantined
C:\Documents and Settings\Clark Kent\My Documents\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Documents and Settings\Clark Kent\My Documents\Downloads\mediaplayer_d2468053.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Documents and Settings\Clark Kent\My Documents\Downloads\mediaplayer_d2468069.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Documents and Settings\Clark Kent\My Documents\Downloads\mplayer.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Documents and Settings\Clark Kent\My Documents\Downloads\mplayer_tuguu_d998157.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Documents and Settings\Clark Kent\My Documents\Downloads\routerpassview.zip a variant of Win32/PSWTool.RouterPassView.B application deleted - quarantined
C:\Documents and Settings\Clark Kent\My Documents\Downloads\routerpassview\RouterPassView.exe a variant of Win32/PSWTool.RouterPassView.B application cleaned by deleting - quarantined
C:\Documents and Settings\Safe\My Documents\Downloads\VideoConverterSetup (1).exe a variant of Win32/InstallCore.AZ application cleaned by deleting - quarantined
C:\Documents and Settings\Safe\My Documents\Downloads\VideoConverterSetup.exe a variant of Win32/InstallCore.AZ application cleaned by deleting - quarantined
C:\Documents and Settings\Safe\VideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\Documents and Settings\Safe\VideoConverter\Uninstall\Uninstall.exe a variant of Win32/InstallCore.AZ application cleaned by deleting - quarantined
C:\Program Files\AudioConverter\AudioConverter.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\Program Files\AudioConverter\Uninstall\Uninstall.exe a variant of Win32/InstallCore.AF application cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-1614895754-1659004503-839522115-1003\Dc86\uninstall.exe a variant of MSIL/Adware.iBryte.A application cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-1614895754-1659004503-839522115-1005\Dc66.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-1614895754-1659004503-839522115-1005\Dc72.exe a variant of Win32/Soft32Downloader.C application cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-1614895754-1659004503-839522115-1005\Dc75.exe Win32/Toggle application cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-1614895754-1659004503-839522115-1005\Dc76.exe Win32/Toggle application cleaned by deleting - quarantined
E:\BackupDDrive\MyDocuments\Downloads\7Zip.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined
E:\Downloads\FCTB5Setup.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
E:\Downloads\XvidSetup.exe a variant of Win32/Adware.HotBar.H application cleaned by deleting - quarantined
E:\JARED\patches\Battlefield_1942_v1.6.zip a variant of Win32/GameHack.AD application deleted - quarantined
E:\jesse\Warcraft III\installer_warcraft_iii_the_frozen_throne.exe Win32/Toggle application cleaned by deleting - quarantined
E:\RECYCLER\S-1-5-21-1614895754-1659004503-839522115-1005\De15.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
E:\RonsMain\downloads\installer_office-en-gb.exe Win32/Hoax.ArchSMS.KC application cleaned by deleting - quarantined
E:\RonsMain\downloads\pc-wizard_2010.1.961-setup.exe multiple threats cleaned by deleting - quarantined
E:\RonsMain\downloads\SmitfraudFix.exe multiple threats deleted - quarantined
E:\RonsMain\downloads\SmitfraudFix\Process.exe Win32/PrcView application cleaned by deleting - quarantined
E:\RonsMain\downloads\SmitfraudFix\restart.exe Win32/Shutdown.NAA application cleaned by deleting - quarantined
F:\Backup500gHardDrive\ronsmain\downloads\installer_office-en-gb.exe Win32/Hoax.ArchSMS.KC application cleaned by deleting - quarantined
F:\Backup500gHardDrive\ronsmain\downloads\pc-wizard_2010.1.961-setup.exe multiple threats cleaned by deleting - quarantined
F:\Backup500gHardDrive\ronsmain\downloads\SmitfraudFix.exe multiple threats deleted - quarantined
F:\Backup500gHardDrive\ronsmain\downloads\SmitfraudFix\Process.exe Win32/PrcView application cleaned by deleting - quarantined
F:\Backup500gHardDrive\ronsmain\downloads\SmitfraudFix\restart.exe Win32/Shutdown.NAA application cleaned by deleting - quarantined
F:\Carols80GBHDD-old\jesse\witicsd\installer_warcraft_iii__the_frozen_throne_beta_English.exe Win32/Toggle application cleaned by deleting - quarantined
F:\Carols80GBHDD-old\Julia\Music\03 Track 3.wma WMA/TrojanDownloader.Wimad.D trojan cleaned by deleting - quarantined
F:\Carols80GBHDD-old\Julia\Music\let god rise chris tomlin.mp3 WMA/TrojanDownloader.GetCodec.C trojan cleaned by deleting - quarantined
F:\Carols80GBHDD-old\Julia\Music\Top of Charts - 2003.wma WMA/TrojanDownloader.Wimad.D trojan cleaned by deleting - quarantined
F:\CarolsDocs on Carol's computer (Superman)\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
F:\CarolsDocs on Carol's computer (Superman)\Downloads\FoxitReader502.0718_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
F:\CarolsDocs on Carol's computer (Superman)\Downloads\OpenOfficeInstaller.exe Win32/FreeInstaller application cleaned by deleting - quarantined
F:\CarolsDocsOLD\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
F:\CarolsDocsOLD\Downloads\FoxitReader502.0718_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
F:\CarolsDocsOLD\Downloads\OpenOfficeInstaller.exe Win32/FreeInstaller application cleaned by deleting - quarantined
F:\CarolsMainOlder\WordDocs\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
F:\CarolsMainOlder\WordDocs\Downloads\FoxitReader502.0718_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
F:\CarolsMainOlder\WordDocs\Downloads\OpenOfficeInstaller.exe Win32/FreeInstaller application cleaned by deleting - quarantined
F:\RonsMain\downloads\installer_office-en-gb.exe Win32/Hoax.ArchSMS.KC application cleaned by deleting - quarantined
F:\RonsMain\downloads\pc-wizard_2010.1.961-setup.exe multiple threats cleaned by deleting - quarantined
F:\RonsMain\downloads\SmitfraudFix.exe multiple threats deleted - quarantined
F:\RonsMain\downloads\SmitfraudFix\Process.exe Win32/PrcView application cleaned by deleting - quarantined
F:\RonsMain\downloads\SmitfraudFix\restart.exe Win32/Shutdown.NAA application cleaned by deleting - quarantined
 
/*********************END OF JOB #5 FROM BLEEPING COMPUTER**************/
 

 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:25 PM

Posted 14 June 2013 - 12:07 PM

Yep that and a lot f other junk.

 

What is your Antivirus?

 

Do you know what this is

74.125.31.120   ssl.gstatic.com

 

 

If not : reset the Hosts file back to the default

 by clicking the Fix-It button.

 

 

Now go to Control Panel >>Add/Remove and uninstall these

 

Java 7 Update 10 (Version: 7.0.100)
Java™ 6 Update 30 (Version: 6.0.300)

Reboot

Install Java Windows Offline (32-bit)


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 rc7j

rc7j
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 14 June 2013 - 02:49 PM

I accomplished the tasks see below.  Is there a tutorial or list for how to identify and eliminate junk?  
Thanks for your help.
RC7J
 
/**********************/
 
Answer to questions and jobs to do from BleepingComputer.
 
For antivirus I have used Spybot Search and Destroy but I didn't reinstall it when I had to reinstall my OS a few months ago.  Oops.  I better do it.
 
I do not know what "74.125.31.120   ssl.gstatic.com" is.
 
I made a new "host" file
 
Removed both Java Programs
 
Installed new Java program - "jre-7u21-windows-i586.exe"


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:25 PM

Posted 14 June 2013 - 09:53 PM

OK, first Spybot is not an antivirus and not that good an antimalware anymore.
 
Use a Free AV like
MSE Microsoft Security Essentials
Or one from our freeware list
 
Better antimalware, {MBAM /  MalwareBytes} Run weekly after updating.
 
 
Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop. %5BLIST%5D
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • %5BLIST%5D
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
  • [/list] Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes. %5BLIST%5D
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
  • [/list] Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware. -- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).


    Hard to make a Junk list but you can run these.

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


  • TFC... Note make sure you have all your passwords written down as it may remove some and you will have to Log in again to some sites.

    We need to download Temp File Cleaner (TFC) by OldTimer:

  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process
    note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now

  • More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/


    The Secunia Personal Software Inspector (PSI) is a free computer security solution that identifies vulnerabilities in non-Microsoft (third-party) programs which can leave your PC open to attacks.

    Secunia PSI
  • [/list]

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users