Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Antimalware keeps popping up.


  • This topic is locked This topic is locked
28 replies to this topic

#1 sonnyz

sonnyz

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 AM

Posted 15 April 2014 - 08:48 AM

#1 I have tried numerous times to get rid if this message yet it keeps on popping up in the lower right hand corner of my page. # 2 Computer is running slow, I keep getting message about low disc space. # 3 The start button does not work properly and I have to power down the computer manually, there is no shut down, hybernate icons available and then when I power back on I am at that screen where F1 to continue ( that never works ) or F2 which is where I must goto CapLocks, ScrollLock and NumLock all on, then I have to hit AltE, AltM, and then AltB and finally after about 2 to 3 minutes I finally get back on line. Rather cumbersome to say the least. I have another thread which I will close after I post this new thread: I have done the following: %temp%, ESET Online Scanner Found Nothing, C:\Windows\System32\Services.exe, Sgss.exe, ctfmon.exe and svchost.exe, MBAM

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 8:56:23 on 2014-04-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.251 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Websearchy\WebSearchy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uProxyOverride = <-loopback>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [LxrAutorun] c:\documents and settings\administrator\local settings\application data\lexar media\LxrAutorun.exe
uRun: [cdloader] "c:\documents and settings\administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [SpeedItupFree] "c:\program files\speeditup free\speeditupfree.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_12_0_0_77_Plugin.exe -update plugin
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [WebSearchy] "c:\program files\websearchy\WebSearchy.exe"
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "c:\windows\system32\config\systemprofile\application data\SearchProtect"
dRunOnce: [Del146162140] cmd.exe /Q /D /c del "c:\windows\temp\0.del"
dRunOnce: [Del52844265] cmd.exe /Q /D /c del "c:\windows\temp\0.del"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Trusted Zone: talk4free.com
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{125C7C30-D0DF-48B7-AC70-0C339C143D4D} : NameServer = 67.90.152.122,67.107.71.186
TCP: Interfaces\{125C7C30-D0DF-48B7-AC70-0C339C143D4D} : DHCPNameServer = 10.0.0.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 231960]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-6-15 42272]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2013-4-25 72672]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-4-8 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-4-8 857912]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-2-8 70136]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-4-8 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-8 107736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;c:\program files\common files\avg secure search\vtoolbarupdater\18.0.5\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\18.0.5\ToolbarUpdater.exe [?]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\drivers\lgandnetadb.sys --> c:\windows\system32\drivers\lgandnetadb.sys [?]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys --> c:\windows\system32\drivers\lgandnetdiag.sys [?]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys --> c:\windows\system32\drivers\lgandnetmodem.sys [?]
S3 gkmixern;gkmixern;\??\c:\docume~1\admina~1\locals~1\temp\gkmixern.sys --> c:\docume~1\admina~1\locals~1\temp\gkmixern.sys [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-8-24 13024]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
FileExt: .txt: Jarte.txt="c:\program files\jarte\Jarte.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-04-15 10:59:52 7969936 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{47db97ed-37c6-45e9-9211-a942af139d16}\mpengine.dll
2014-04-14 10:57:59 7969936 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-04-11 12:04:36 -------- d-----w- c:\program files\ESET
2014-04-08 13:56:56 52440 ----a-w- c:\windows\system32\drivers\jrjquxie.sys
2014-04-08 12:46:27 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-08 12:46:27 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-08 12:46:26 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-08 12:24:19 -------- d-----w- c:\windows\ERUNT
2014-04-04 00:58:53 -------- d-----w- C:\AdwCleaner
2014-03-29 14:20:38 -------- d-----w- c:\program files\Websearchy
2014-03-21 11:27:13 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-21 11:27:13 13312 ------w- c:\windows\system32\xp_eos.exe
.
==================== Find3M ====================
.
2014-04-12 06:56:24 107736 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-03-25 00:44:45 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-03-11 20:04:58 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-11 20:04:57 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-07 18:02:56 0 ----a-w- c:\documents and settings\administrator\TempWmicBatchFile.bat
2014-03-06 17:59:23 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59:22 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59:22 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 17:59:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46:54 385024 ----a-w- c:\windows\system32\html.iec
2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-25 05:19:42 231960 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 9:01:38.53 ===============

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 AM

Posted 19 April 2014 - 09:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

#3 sonnyz

sonnyz
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 AM

Posted 19 April 2014 - 07:25 PM

Thanks nasdaq for taking the time to help me out with this problem, I scanned with AdwCleaner and here is that report:

 

 

# AdwCleaner v3.100 - Report created 19/04/2014 at 20:00:44
# Updated 20/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - ONE-70FAAFBE801
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Administrator\Desktop\Continue Zip Extractor Installation.lnk
Folder Found C:\Documents and Settings\All Users\Application Data\FileCure
Folder Found C:\Program Files\Common Files\Goobzo

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\GOffers
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\Software\LevelQualityWatcher
Key Found : HKLM\Software\Lightspark Team
Key Found : HKLM\Software\MediaViewV1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v34.0.1847.116

[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [38833 octets] - [03/04/2014 20:59:19]
AdwCleaner[R1].txt - [38894 octets] - [03/04/2014 21:05:51]
AdwCleaner[R2].txt - [1107 octets] - [04/04/2014 21:28:31]
AdwCleaner[R3].txt - [1945 octets] - [19/04/2014 20:00:44]
AdwCleaner[S0].txt - [39354 octets] - [03/04/2014 21:16:31]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [2066 octets] ##########



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 AM

Posted 20 April 2014 - 08:30 AM

Good not get the Farbar Recovery Scan tool and run it.
Post the log.

#5 sonnyz

sonnyz
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 AM

Posted 21 April 2014 - 06:22 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-04-2014 02
Ran by Administrator at 2014-04-21 19:10:50
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9.3.4 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DScaler 5 Mpeg Decoders (HKLM\...\DScaler 5 Mpeg Decoders_is1) (Version: - )
eCalc Scientific (v1.5) (HKLM\...\{A3960197-74C2-4362-B816-11AB39E9C84D}_is1) (Version: - eCalc.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
hp deskjet 5600 (HKLM\...\{DB5518BE-F40F-407A-B451-012625D4497B}) (Version: 1.03.0000 - Hewlett-Packard)
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
Jarte 4.5 (HKLM\...\Jarte_is1) (Version: 4.5 - Carolina Road Software L.L.C.)
Java Auto Updater (Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden
LightScribe 1.4.136.1 (Version: 1.4.136.1 - http://www.lightscribe.com) Hidden
magicJack (HKCU\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
Media Player (HKLM\...\MediaPlayerV1alpha78) (Version: 1.1 - Media Player)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version: - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40825 - Microsoft Corporation) Hidden
Microsoft Windows XP Video Decoder Checkup Utility (HKLM\...\DECCHECK) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MyDVD-VR Recorder (Version: 1.0 - Sonic) Hidden
Opera 12.01 (HKLM\...\Opera 12.01.1532) (Version: 12.01.1532 - Opera Software ASA)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
overland (Version: 2.1.5 - HP) Hidden
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Sonic MyDVD-VR (HKLM\...\InstallShield_{897CA0D9-948F-4E5B-A20E-535E1060D3E6}) (Version: 1.0 - Sonic)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: - )
SweetPacks A11 Toolbar for IE (HKLM\...\IECT3316071) (Version: 6.17.2.8 - SweetPacks A11) <==== ATTENTION
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TidyNetwork (HKCU\...\TidyNetwork) (Version: - TidyNetwork)
Update for Foxtab (HKCU\...\FoxTab) (Version: - Update for Foxtab) <==== ATTENTION
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB978506) (HKLM\...\KB978506-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB978207) (Version: 1 - Microsoft Corporation) Hidden
Video Player (HKLM\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
VisualBee for Microsoft PowerPoint (HKCU\...\VisualBee for Microsoft PowerPoint) (Version: V4.1 - VisualBee.com)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebSearchy (HKLM\...\Websearchy) (Version: - Websearchy)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WordExtra (HKCU\...\WordExtra) (Version: 1 - http://www.wordextra.com)
YTDownloader (HKLM\...\YTDownloader) (Version: - YTDownloader)
Zoodles (HKLM\...\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1) (Version: 3.0.5 - Inquisitive Minds, Inc)
Zoodles (Version: 3.0.5 - Inquisitive Minds, Inc) Hidden

==================== Restore Points =========================


==================== Hosts content: ==========================

2004-08-04 08:00 - 2004-08-04 08:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\ADMINI~1\APPLIC~1\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\At2.job => C:\DOCUME~1\NETWOR~1\APPLIC~1\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\At3.job => C:\DOCUME~1\ADMINI~1\APPLIC~1\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\At4.job => C:\DOCUME~1\NETWOR~1\APPLIC~1\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\File Helper.job => C:\Program Files\File Helper\1.1.0.4\FileHelper.exe
Task: C:\WINDOWS\Tasks\FileCure.job => C:\Program Files\ParetoLogic\FileCure\FileCure.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1292428093-1979792683-725345543-500.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1292428093-1979792683-725345543-500.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1292428093-1979792683-725345543-500.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1292428093-1979792683-725345543-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1292428093-1979792683-725345543-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-1979792683-725345543-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-1979792683-725345543-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\temp_Plus-HD-7.7-enabler.job => C:\Program Files\Plus-HD-7.7\Plus-HD-7.7-enabler.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{A1AE6686-8B7B-473C-BFE0-A5270B74EE63}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\WebSearchy Update Task.job => C:\Program Files\Websearchy\uninstall.WebSearchy.exe
Task: C:\WINDOWS\Tasks\YTDownloaderUpd.job => C:\Program Files\YTDownloader\Updater.exe

==================== Loaded Modules (whitelisted) =============

2013-04-25 11:45 - 2006-01-09 13:56 - 00049152 _____ () C:\WINDOWS\system32\LxrSII1s.exe
2014-03-29 10:20 - 2014-03-28 17:19 - 00894464 _____ () C:\Program Files\Websearchy\WebSearchy.exe
2014-03-29 10:20 - 2014-03-28 17:19 - 00171008 _____ () C:\Program Files\Websearchy\WebSearchyDAL.dll
2013-04-25 13:32 - 2006-11-09 11:00 - 00024576 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-02-01 13:42 - 2012-02-01 13:42 - 00083352 _____ () C:\Documents and Settings\Administrator\Application Data\mjusbsp\octvqem_apiw.DLL
2004-08-04 06:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 06:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00835584 _____ () C:\Program Files\Opera\gstreamer\gstreamer.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00093696 _____ () C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00094208 _____ () C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00057344 _____ () C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00096256 _____ () C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00062976 _____ () C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00067072 _____ () C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00158208 _____ () C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00312832 _____ () C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00038912 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00073728 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00101888 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\WINDOWS:nlsPreferences
AlternateDataStreams: C:\Documents and Settings\Administrator\My Documents\My Videos:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A1D3FEF0
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher =>
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: HP Component Manager => "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
MSCONFIG\startupreg: HP Software Update => "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Shop To Win => C:\Program Files\Shop To Win\ShopToWin.exe
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/09/2014 07:46:58 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/09/2014 07:46:58 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/03/2014 07:49:53 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10401.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/02/2014 07:29:24 AM) (Source: Application Hang) (User: )
Description: Fault bucket 734562961.

Error: (04/02/2014 07:29:17 AM) (Source: Application Hang) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/29/2014 06:59:46 PM) (Source: Application Hang) (User: )
Description: Fault bucket 12043847.

Error: (03/29/2014 06:59:37 PM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 10.1.9.22, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/29/2014 03:21:33 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.
Processing media-specific event for [iexplore.exe!ws!]

Error: (03/29/2014 03:21:32 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80508007, P2 mpupdateengine, P3 am bdd, P4 11.1.4590.0, P5 mpsigstub.exe, P6 4.5.216.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/28/2014 11:50:10 AM) (Source: Application Error) (User: )
Description: Fault bucket 80804756.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.


System errors:
=============
Error: (04/21/2014 06:32:00 PM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (04/21/2014 06:32:00 PM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (04/21/2014 06:15:00 PM) (Source: Schedule) (User: )
Description: The At4.job command failed to start due to the following error:
%%2147942403

Error: (04/21/2014 06:15:00 PM) (Source: Schedule) (User: )
Description: The At3.job command failed to start due to the following error:
%%2147942403

Error: (04/21/2014 05:32:00 PM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (04/21/2014 05:32:00 PM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (04/21/2014 05:15:00 PM) (Source: Schedule) (User: )
Description: The At4.job command failed to start due to the following error:
%%2147942403

Error: (04/21/2014 05:15:00 PM) (Source: Schedule) (User: )
Description: The At3.job command failed to start due to the following error:
%%2147942403

Error: (04/21/2014 04:32:00 PM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (04/21/2014 04:32:00 PM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 82%
Total physical RAM: 1021.98 MB
Available physical RAM: 182.09 MB
Total Pagefile: 1992.16 MB
Available Pagefile: 816.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.56 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:19.01 GB) (Free:0.29 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 19 GB) (Disk ID: 1F371F36)
Partition 1: (Active) - (Size=19 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-04-2014 02
Ran by Administrator (administrator) on ONE-70FAAFBE801 on 21-04-2014 19:09:12
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
() C:\WINDOWS\system32\LxrSII1s.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Websearchy\WebSearchy.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
() C:\Documents and Settings\Administrator\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
(Nalpeiron Ltd.) C:\WINDOWS\system32\NLSSRV32.EXE
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(magicJack L.P.) C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Carolina Road Software L.L.C.) C:\Program Files\Jarte\Jarte.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe
(Farbar) C:\Documents and Settings\Administrator\Desktop\farbar.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [188416 2006-01-13] (HP)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2013-09-30] (RealNetworks, Inc.)
HKLM\...\Run: [WebSearchy] => C:\Program Files\Websearchy\WebSearchy.exe [894464 2014-03-28] ()
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect"
HKU\.DEFAULT\...\RunOnce: [Del146162140] - cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del"
HKU\.DEFAULT\...\RunOnce: [Del52844265] - cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del"
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Run: [LxrAutorun] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Lexar Media\LxrAutorun.exe [24576 2006-11-09] ()
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Run: [Сodec Performer803611.exe] => "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Сodec Performer803611.exe" /XML="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1.tmp" /ROS /STP=1:2 <===== ATTENTION
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Run: [cdloader] => C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Run: [SpeedItupFree] => "C:\Program Files\SpeedItup Free\speeditupfree.exe"
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe [841096 2014-03-11] (Adobe Systems Incorporated)
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Policies\Explorer: [NoMovingBands] 0
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Policies\Explorer: [NoCloseDragDropBands] 0
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Policies\Explorer: [ClassicShell] 0
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\MountPoints2: {4a77764d-edb0-11e2-b042-000d562a8d70} - F:\LGAutoRun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCAFBC87FDA4ECB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {16A08075-E5F9-407D-A7E4-6A30ADB032E4} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{125C7C30-D0DF-48B7-AC70-0C339C143D4D}: [NameServer]67.90.152.122,67.107.71.186

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Extension: WordExtra - C:\Program Files\Mozilla Firefox\browser\extensions\korey@markus.me [2014-03-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-30]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [12x3q4@3244516.com] - C:\Program Files\Better-Surf\ff
FF HKLM\...\Firefox\Extensions: [ext@bettersurfplusv1.com] - C:\Program Files\BetterSurf\BetterSurfPlusV1\ff

Chrome:
=======
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: http://www.google.com
CHR DefaultNewTabURL: http://www.websearchy.com?&hspart=adk&hsimp=yhs-adk_sychp&param1=20140329&param2=c259b665-b046-4082-975b-184e7c23c608&param3=websearchy&param4=
CHR Extension: (Plus-HD-7.7) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dljbcjbfojhlfhgenhepllagfecdpchb [2014-03-07]
CHR Extension: (WordExtra) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gfmgibapgochmjeecdcjkloehhhcoekj [2014-03-04]
CHR Extension: (Webexp Enhanced) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hepojocegndfehljhiioejinmhdgpdpd [2013-12-20]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-08-14]
CHR Extension: (Video Player) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifiajmbfaokdgfbigbhpnpbpiclfecei [2014-02-13]
CHR Extension: (Foxtab Speed Dial) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kcendgajlhoaiiccpijilcpmgphfflnj [2013-08-14]
CHR Extension: (Media Player) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nloimbaagfdajkmmmmfclbiedijenaic [2014-02-13]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR HKLM\...\Chrome\Extension: [ajadlheagenmmedmhaoafgkdenfilcme] - C:\Program Files\BetterSurf\BetterSurfPlusV1\ch\BetterSurfPlusV1.crx [2013-09-12]
CHR HKLM\...\Chrome\Extension: [bpenbjflfomjcbdlemgaapphnlkmoefp] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1882\ch\MediaViewerV1alpha1882.crx [2013-09-12]
CHR HKLM\...\Chrome\Extension: [hepojocegndfehljhiioejinmhdgpdpd] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha653\ch\WebexpEnhancedV1alpha653.crx [2013-09-12]
CHR HKLM\...\Chrome\Extension: [hfimjncgpflkpkhbnnblhblobjjjhjhd] - C:\Program Files\qualitink\hfimjncgpflkpkhbnnblhblobjjjhjhd.crx [2013-09-12]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [ifiajmbfaokdgfbigbhpnpbpiclfecei] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta980\ch\VideoPlayerV3beta980.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [kcendgajlhoaiiccpijilcpmgphfflnj] - C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\newhb.crx [2013-07-31]
CHR HKLM\...\Chrome\Extension: [lobnbdjmfmejhlggkjabhapkjajdfcei] - C:\Program Files\MediaViewV1\MediaViewV1alpha2967\ch\MediaViewV1alpha2967.crx [2013-07-31]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com)
R2 LxrSII1s; C:\WINDOWS\system32\LxrSII1s.exe [49152 2006-01-09] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
S3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]
S2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42272 2014-03-24] (AVG Technologies)
R3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [163840 2006-10-29] (Intel Corporation)
R2 LxrSII1d; C:\WINDOWS\system32\Drivers\LxrSII1d.sys [72672 2006-12-14] ()
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-12] (Malwarebytes Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13024 2012-09-07] ()
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 cmuda; system32\drivers\cmuda.sys [X]
S3 gkmixern; \??\C:\DOCUME~1\ADMINA~1\LOCALS~1\Temp\gkmixern.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;
U3 mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-21 19:09 - 2014-04-21 19:09 - 00016485 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-04-21 19:06 - 2014-04-21 19:09 - 00000000 ____D () C:\FRST
2014-04-21 19:06 - 2014-04-21 19:06 - 01048064 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\farbar.exe
2014-04-21 19:04 - 2014-04-21 19:04 - 02061312 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe
2014-04-15 09:01 - 2014-04-15 09:01 - 00020155 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2014-04-15 09:01 - 2014-04-15 09:01 - 00010265 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt
2014-04-15 08:52 - 2014-04-15 08:52 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.com
2014-04-11 08:04 - 2014-04-11 08:04 - 00000000 ____D () C:\Program Files\ESET
2014-04-10 03:31 - 2014-04-10 03:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-10 03:02 - 2014-04-10 03:08 - 00011264 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-09 19:40 - 2014-04-10 03:31 - 00012875 _____ () C:\WINDOWS\KB2922229.log
2014-04-09 08:42 - 2014-04-09 08:42 - 00001221 _____ () C:\Documents and Settings\Administrator\Desktop\MBAMLOG.xml
2014-04-08 10:35 - 2014-04-09 08:38 - 00001055 _____ () C:\MBAM.txt
2014-04-08 09:56 - 2014-04-08 09:56 - 00052440 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\jrjquxie.sys
2014-04-08 08:41 - 2014-04-08 08:41 - 00006438 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt
2014-04-08 08:24 - 2014-04-08 08:24 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-06 18:37 - 2014-04-09 08:34 - 00005845 _____ () C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2014-04-03 20:58 - 2014-04-19 20:01 - 00000000 ____D () C:\AdwCleaner
2014-04-03 20:58 - 2014-04-19 19:27 - 01308369 _____ () C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
2014-04-03 20:31 - 2014-04-03 20:31 - 04134240 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
2014-03-29 10:23 - 2014-03-29 10:23 - 00001376 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Create Amazing Presentations.lnk
2014-03-29 10:23 - 2014-03-29 10:23 - 00001376 _____ () C:\Documents and Settings\Administrator\Desktop\Create Amazing Presentations.lnk
2014-03-29 10:22 - 2014-03-29 10:22 - 00000000 _____ () C:\Documents and Settings\All Users\Application Data\spds90.txt
2014-03-29 10:20 - 2014-04-21 10:20 - 00000666 _____ () C:\WINDOWS\Tasks\WebSearchy Update Task.job
2014-03-29 10:20 - 2014-03-29 10:20 - 00000000 ____D () C:\Program Files\Websearchy
2014-03-28 03:14 - 2014-04-20 01:50 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-03-27 17:02 - 2014-03-27 17:02 - 00001136 _____ () C:\Documents and Settings\Administrator\Desktop\Live PC Help.lnk
2014-03-22 14:58 - 2014-04-10 06:44 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-22 14:58 - 2014-04-08 16:48 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-22 03:01 - 2014-03-22 03:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-22 03:00 - 2014-03-22 03:01 - 00014542 _____ () C:\WINDOWS\KB2934207.log

==================== One Month Modified Files and Folders =======

2014-04-21 19:09 - 2014-04-21 19:09 - 00016485 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-04-21 19:09 - 2014-04-21 19:06 - 00000000 ____D () C:\FRST
2014-04-21 19:06 - 2014-04-21 19:06 - 01048064 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\farbar.exe
2014-04-21 19:04 - 2014-04-21 19:04 - 02061312 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe
2014-04-21 19:02 - 2012-07-02 10:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-21 18:32 - 2014-02-08 01:32 - 00000420 _____ () C:\WINDOWS\Tasks\At2.job
2014-04-21 18:32 - 2013-11-17 11:32 - 00000420 _____ () C:\WINDOWS\Tasks\At1.job
2014-04-21 18:22 - 2011-10-12 10:20 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-21 18:15 - 2014-02-14 02:15 - 00000416 _____ () C:\WINDOWS\Tasks\At4.job
2014-04-21 18:15 - 2014-02-13 02:16 - 00000416 _____ () C:\WINDOWS\Tasks\At3.job
2014-04-21 13:15 - 2009-08-17 23:12 - 00032212 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-21 10:20 - 2014-03-29 10:20 - 00000666 _____ () C:\WINDOWS\Tasks\WebSearchy Update Task.job
2014-04-21 07:32 - 2014-03-04 08:32 - 00000364 _____ () C:\WINDOWS\Tasks\YTDownloaderUpd.job
2014-04-21 07:24 - 2009-08-17 22:58 - 01287799 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-21 07:22 - 2011-10-12 10:20 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-20 03:56 - 2009-10-23 00:01 - 00000378 _____ () C:\WINDOWS\Tasks\File Helper.job
2014-04-20 01:50 - 2014-03-28 03:14 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-04-19 20:06 - 2010-08-01 18:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Jarte
2014-04-19 20:01 - 2014-04-03 20:58 - 00000000 ____D () C:\AdwCleaner
2014-04-19 19:27 - 2014-04-03 20:58 - 01308369 _____ () C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
2014-04-19 06:56 - 2014-03-12 07:25 - 00000294 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1292428093-1979792683-725345543-500.job
2014-04-19 06:56 - 2012-12-22 18:29 - 00000302 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1292428093-1979792683-725345543-500.job
2014-04-19 06:56 - 2011-06-21 11:16 - 00000302 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-1979792683-725345543-500.job
2014-04-19 02:45 - 2010-04-06 14:46 - 00000380 _____ () C:\WINDOWS\Tasks\FileCure.job
2014-04-16 19:40 - 2013-10-14 11:52 - 00000324 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1292428093-1979792683-725345543-500.job
2014-04-16 19:40 - 2013-10-14 11:52 - 00000316 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1292428093-1979792683-725345543-500.job
2014-04-15 09:01 - 2014-04-15 09:01 - 00020155 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2014-04-15 09:01 - 2014-04-15 09:01 - 00010265 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt
2014-04-15 08:52 - 2014-04-15 08:52 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.com
2014-04-12 11:52 - 2013-10-14 11:52 - 00000342 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1292428093-1979792683-725345543-500.job
2014-04-12 02:56 - 2012-09-08 11:09 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-04-11 08:04 - 2014-04-11 08:04 - 00000000 ____D () C:\Program Files\ESET
2014-04-10 15:49 - 2010-08-03 17:11 - 00000438 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{A1AE6686-8B7B-473C-BFE0-A5270B74EE63}.job
2014-04-10 09:33 - 2013-07-28 22:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\mjusbsp
2014-04-10 09:33 - 2013-06-22 10:49 - 00001054 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\magicJack.lnk
2014-04-10 09:33 - 2013-06-22 10:49 - 00001048 _____ () C:\Documents and Settings\Administrator\Desktop\magicJack.lnk
2014-04-10 06:45 - 2012-09-30 08:43 - 00000294 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-1979792683-725345543-500.job
2014-04-10 06:44 - 2014-03-22 14:58 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-10 06:44 - 2013-08-08 19:09 - 00000486 _____ () C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job
2014-04-10 06:44 - 2009-08-17 15:51 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-10 06:44 - 2009-08-17 15:51 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-10 06:44 - 2004-08-04 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-10 06:43 - 2009-08-17 23:12 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-10 03:46 - 2009-08-17 23:12 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-04-10 03:31 - 2014-04-10 03:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-10 03:31 - 2014-04-09 19:40 - 00012875 _____ () C:\WINDOWS\KB2922229.log
2014-04-10 03:31 - 2009-08-17 15:49 - 02813853 _____ () C:\WINDOWS\FaxSetup.log
2014-04-10 03:31 - 2009-08-17 15:49 - 01433575 _____ () C:\WINDOWS\ocgen.log
2014-04-10 03:31 - 2009-08-17 15:49 - 01327718 _____ () C:\WINDOWS\tsoc.log
2014-04-10 03:31 - 2009-08-17 15:49 - 01243114 _____ () C:\WINDOWS\iis6.log
2014-04-10 03:31 - 2009-08-17 15:49 - 00926975 _____ () C:\WINDOWS\comsetup.log
2014-04-10 03:31 - 2009-08-17 15:49 - 00896500 _____ () C:\WINDOWS\msmqinst.log
2014-04-10 03:31 - 2009-08-17 15:49 - 00568884 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-10 03:31 - 2009-08-17 15:49 - 00499688 _____ () C:\WINDOWS\netfxocm.log
2014-04-10 03:31 - 2009-08-17 15:49 - 00200437 _____ () C:\WINDOWS\MedCtrOC.log
2014-04-10 03:31 - 2009-08-17 15:49 - 00152551 _____ () C:\WINDOWS\ocmsn.log
2014-04-10 03:31 - 2009-08-17 15:49 - 00144153 _____ () C:\WINDOWS\msgsocm.log
2014-04-10 03:31 - 2009-08-17 15:49 - 00141139 _____ () C:\WINDOWS\tabletoc.log
2014-04-10 03:31 - 2009-08-17 15:49 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-04-10 03:29 - 2013-07-18 03:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-10 03:13 - 2009-12-06 21:39 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-10 03:08 - 2014-04-10 03:02 - 00011264 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-10 03:08 - 2009-10-23 06:00 - 00313736 _____ () C:\WINDOWS\updspapi.log
2014-04-10 03:08 - 2009-08-17 15:49 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-04-10 03:07 - 2010-02-12 23:42 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-04-09 08:42 - 2014-04-09 08:42 - 00001221 _____ () C:\Documents and Settings\Administrator\Desktop\MBAMLOG.xml
2014-04-09 08:38 - 2014-04-08 10:35 - 00001055 _____ () C:\MBAM.txt
2014-04-09 08:34 - 2014-04-06 18:37 - 00005845 _____ () C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2014-04-09 07:32 - 2014-03-04 08:31 - 00000000 ____D () C:\Program Files\YTDownloader
2014-04-08 16:48 - 2014-03-22 14:58 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-08 09:56 - 2014-04-08 09:56 - 00052440 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\jrjquxie.sys
2014-04-08 09:56 - 2014-03-12 03:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-04-08 09:56 - 2014-02-27 19:18 - 00000000 ____D () C:\Program Files\MediaViewV1
2014-04-08 09:56 - 2014-02-23 19:18 - 00000000 ____D () C:\Program Files\MediaViewerV1
2014-04-08 08:46 - 2010-02-12 20:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-04-08 08:41 - 2014-04-08 08:41 - 00006438 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt
2014-04-08 08:24 - 2014-04-08 08:24 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-05 16:03 - 2009-08-17 15:47 - 00255067 _____ () C:\WINDOWS\setupact.log
2014-04-03 21:30 - 2014-03-04 08:31 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2014-04-03 21:26 - 2009-08-17 23:12 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-04-03 20:31 - 2014-04-03 20:31 - 04134240 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
2014-04-03 20:15 - 2012-07-11 22:02 - 00000000 ____D () C:\Program Files\Opera
2014-03-31 08:38 - 2012-07-11 22:02 - 00001492 _____ () C:\Documents and Settings\Administrator\Desktop\Opera.lnk
2014-03-31 00:32 - 2013-08-03 22:37 - 00000102 _____ () C:\Documents and Settings\NetworkService\Application Data\WB.CFG
2014-03-29 10:42 - 2009-10-22 21:55 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-03-29 10:33 - 2009-08-17 15:49 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-29 10:23 - 2014-03-29 10:23 - 00001376 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Create Amazing Presentations.lnk
2014-03-29 10:23 - 2014-03-29 10:23 - 00001376 _____ () C:\Documents and Settings\Administrator\Desktop\Create Amazing Presentations.lnk
2014-03-29 10:22 - 2014-03-29 10:22 - 00000000 _____ () C:\Documents and Settings\All Users\Application Data\spds90.txt
2014-03-29 10:20 - 2014-03-29 10:20 - 00000000 ____D () C:\Program Files\Websearchy
2014-03-28 03:05 - 2012-09-06 11:51 - 00001698 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-03-28 03:05 - 2012-09-06 11:48 - 00001945 ____C () C:\WINDOWS\epplauncher.mif
2014-03-28 03:03 - 2013-11-27 19:44 - 00022499 ____C () C:\WINDOWS\setupapi.log
2014-03-28 03:03 - 2012-09-06 11:50 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-27 17:02 - 2014-03-27 17:02 - 00001136 _____ () C:\Documents and Settings\Administrator\Desktop\Live PC Help.lnk
2014-03-24 20:45 - 2013-06-26 16:07 - 00000000 ____D () C:\WINDOWS\system32\cache
2014-03-24 20:44 - 2013-06-15 09:14 - 00042272 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-03-23 21:44 - 2013-06-18 06:55 - 00067216 ____C () C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-03-22 03:01 - 2014-03-22 03:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-22 03:01 - 2014-03-22 03:00 - 00014542 _____ () C:\WINDOWS\KB2934207.log

Files to move or delete:
====================
C:\Documents and Settings\Administrator\TempWmicBatchFile.bat
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ======================



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 AM

Posted 22 April 2014 - 10:46 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKLM\...\Run: [WebSearchy] => C:\Program Files\Websearchy\WebSearchy.exe [894464 2014-03-28] ()
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect"
HKU\.DEFAULT\...\RunOnce: [Del146162140] - cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del"
HKU\.DEFAULT\...\RunOnce: [Del52844265] - cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del"
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Run: [?odec Performer803611.exe] => "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\?odec Performer803611.exe" /XML="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1.tmp" /ROS /STP=1:2 <===== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Extension: WordExtra - C:\Program Files\Mozilla Firefox\browser\extensions\korey@markus.me [2014-03-04]
FF HKLM\...\Firefox\Extensions: [12x3q4@3244516.com] - C:\Program Files\Better-Surf\ff
FF HKLM\...\Firefox\Extensions: [ext@bettersurfplusv1.com] - C:\Program Files\BetterSurf\BetterSurfPlusV1\ff
CHR DefaultNewTabURL: http://www.websearchy.com?&hspart=adk&hsimp=yhs-adk_sychp&param1=20140329&param2=c259b665-b046-4082-975b-184e7c23c608&param3=websearchy&param4=
CHR Extension: (WordExtra) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gfmgibapgochmjeecdcjkloehhhcoekj [2014-03-04]
CHR Extension: (Webexp Enhanced) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hepojocegndfehljhiioejinmhdgpdpd [2013-12-20]
CHR Extension: (Video Player) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifiajmbfaokdgfbigbhpnpbpiclfecei [2014-02-13]
CHR Extension: (Foxtab Speed Dial) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kcendgajlhoaiiccpijilcpmgphfflnj [2013-08-14]
CHR Extension: (Media Player) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nloimbaagfdajkmmmmfclbiedijenaic [2014-02-13]
CHR HKLM\...\Chrome\Extension: [ajadlheagenmmedmhaoafgkdenfilcme] - C:\Program Files\BetterSurf\BetterSurfPlusV1\ch\BetterSurfPlusV1.crx [2013-09-12]
CHR HKLM\...\Chrome\Extension: [bpenbjflfomjcbdlemgaapphnlkmoefp] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1882\ch\MediaViewerV1alpha1882.crx [2013-09-12]
CHR HKLM\...\Chrome\Extension: [hepojocegndfehljhiioejinmhdgpdpd] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha653\ch\WebexpEnhancedV1alpha653.crx [2013-09-12]
CHR HKLM\...\Chrome\Extension: [hfimjncgpflkpkhbnnblhblobjjjhjhd] - C:\Program Files\qualitink\hfimjncgpflkpkhbnnblhblobjjjhjhd.crx [2013-09-12]
CHR HKLM\...\Chrome\Extension: [ifiajmbfaokdgfbigbhpnpbpiclfecei] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta980\ch\VideoPlayerV3beta980.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [kcendgajlhoaiiccpijilcpmgphfflnj] - C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\newhb.crx [2013-07-31]
CHR HKLM\...\Chrome\Extension: [lobnbdjmfmejhlggkjabhapkjajdfcei] - C:\Program Files\MediaViewV1\MediaViewV1alpha2967\ch\MediaViewV1alpha2967.crx [2013-07-31]
S2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [X]
S3 gkmixern; \??\C:\DOCUME~1\ADMINA~1\LOCALS~1\Temp\gkmixern.sys [X]
U1 WS2IFSL;
U3 mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys [X]
C:\Documents and Settings\Administrator\TempWmicBatchFile.bat
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
AlternateDataStreams: C:\Documents and Settings\Administrator\My Documents\My Videos:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A1D3FEF0
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

End

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please let me know what problem persists.

#7 sonnyz

sonnyz
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 AM

Posted 23 April 2014 - 10:58 AM

No fixlisxt.txt found. The folder fixlist.txt should be in the same folder/directory the tool is located???

Need some help here locating that...Yet here is the results from the security check

 

 

 

Results of screen317's Security Check version 0.99.82
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java version out of Date!
Adobe Flash Player 12.0.0.77 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader 10.1.9 Adobe Reader out of Date!
Google Chrome 33.0.1750.154
Google Chrome 34.0.1847.116
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 40% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 AM

Posted 24 April 2014 - 07:23 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-04-2014 02
Ran by Administrator (administrator) on ONE-70FAAFBE801 on 21-04-2014 19:09:12
Running from C:\Documents and Settings\Administrator\Desktop

It's on your desktop.

Will take care of the Security Check log when all is well.

#9 sonnyz

sonnyz
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 AM

Posted 24 April 2014 - 08:03 PM

thanks for your prompt replies: I still am having trouble with fixlist.txt, I locate the farbar.exe icon on my desktop, open it and then it does a quick little " updating please wait " and then its open and when I click on "Fix" I get the message: " No fixlist.txt found. The fixlist.txt should be in the same folder/directory the tool is locater " which is on my desktop...I have gone to Google and located quite a few other people with the same problem trying to retrieve fixlist.txt. I read a couple of articles that I found on Google and they were from Bleepingcomupter.com and Techguy.net with similar request.... Again, I am not computer savvy at all but it seems that the popular trend according to these articles was to logoff, F8 into SafeMode then open up the farbar.exe and then a few of the technical support team members had a code to copy and paste and of course there was a disclaimer on each and every one of these replies that I read about that " this code is not intended but for only this particular user, using this code may permanently damage your computer", well of course I didn't do that just gonna see if you have any other suggestions for me. But, what has spiked my curiosity is that message I get telling me that fixlist.txt may be in another directory somewhere? I don't know, I thought it was the icon on my desktop, sorry about the lengthy typing here, SonnyZ



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 AM

Posted 25 April 2014 - 09:56 AM

Create a new folder on your desktop. Name if MY_FRST
Move/copy the Farbar Recovery Scan Tool (FRST.EXE) into that new folder.
Move/ or copy the fixlist.txt into that folder also.

Run the FRST.EXE and select fix. That should work.

Keep me posted.

#11 sonnyz

sonnyz
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 AM

Posted 25 April 2014 - 08:03 PM

I Yae,Yae, that is Slovak for OMG, I hope that this is what is needed, if not I need more detailed instructions on how to complete this fixlist.txt... here goes: I owe ya big time, if you're ever in the Atlanta area I'll have to buy ya a cold drink or 2

 

 

Farbar Recovery Scan Tool (x86) Version: 26-04-2014 01
Ran by Administrator at 2014-04-25 20:52:23
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal

================== Search: "fixlist.txt" ===================

C:\Documents and Settings\Administrator\Desktop\Fixlist.txt
[2014-04-25 20:20] - [2014-04-25 20:20] - 0107903 ____A () 1689aceacd2f8b78fbdb8115952f760a

=== End Of Search ===Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-04-2014
Ran by Administrator at 2014-04-25 20:10:31
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9.3.4 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DScaler 5 Mpeg Decoders (HKLM\...\DScaler 5 Mpeg Decoders_is1) (Version: - )
eCalc Scientific (v1.5) (HKLM\...\{A3960197-74C2-4362-B816-11AB39E9C84D}_is1) (Version: - eCalc.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
hp deskjet 5600 (HKLM\...\{DB5518BE-F40F-407A-B451-012625D4497B}) (Version: 1.03.0000 - Hewlett-Packard)
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
Jarte 4.5 (HKLM\...\Jarte_is1) (Version: 4.5 - Carolina Road Software L.L.C.)
Java Auto Updater (Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden

Users shortcut scan result (x86) Version: 26-04-2014
Ran by Administrator at 2014-04-25 20:12:04
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==================== Shortcuts =============================

Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\magicJack.lnk -> C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJackLoader.exe (magicJack L.P.)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk -> C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\YTDownloader\YTDownloader.lnk -> C:\Program Files\YTDownloader\YTDownloader.exe (YTDownloader)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\WordExtra\Uninstall.lnk -> C:\Documents and Settings\Administrator\Application Data\WordExtra\uninst.exe ()
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media\Microsoft Windows XP Video Decoder Checkup Utility.lnk -> C:\DECCHECK\DECCHECK.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Microsoft Calculator Plus\Microsoft Calculator Plus.lnk -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{83073C45-3003-4671-9A86-243AAADD915A}\_18be6784.exe ()
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Easy Photo Backup\Purchase.lnk -> C:\Program Files\Easy Photo Backup\Easy Photo Backup Purchase.url (No File)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Address Book.lnk -> C:\Program Files\Outlook Express\wab.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\My Documents\Shortcut to Copy of Copy of daltons.rtf.lnk -> C:\Documents and Settings\Administrator\My Documents\Timothy S Szanyi EMT Paramedic.rtf (No File)
Shortcut: C:\Documents and Settings\Administrator\My Documents\My Pictures\Sample Pictures.lnk -> C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures ()
Shortcut: C:\Documents and Settings\Administrator\My Documents\My Pictures\Shortcut to Ella's Bed 001.jpg.lnk -> C:\Documents and Settings\Administrator\My Documents\My Pictures\Ella's Bed 001.jpg ()
Shortcut: C:\Documents and Settings\Administrator\My Documents\My Pictures\Shortcut to Ella's Bed 002.jpg.lnk -> C:\Documents and Settings\Administrator\My Documents\My Pictures\Ella's Bed 002.jpg ()
Shortcut: C:\Documents and Settings\Administrator\My Documents\My Pictures\Shortcut to Ella's Bed 003.jpg.lnk -> C:\Documents and Settings\Administrator\My Documents\My Pictures\Ella's Bed 003.jpg ()
Shortcut: C:\Documents and Settings\Administrator\My Documents\My Pictures\Shortcut to Ella's Bed 004.jpg.lnk -> C:\Documents and Settings\Administrator\My Documents\My Pictures\Ella's Bed 004.jpg ()
Shortcut: C:\Documents and Settings\Administrator\My Documents\My Pictures\Shortcut to Imported Photos 00000.JPG.lnk -> C:\Documents and Settings\Administrator\My Documents\My Pictures\Imported Photos 00000.JPG ()
Shortcut: C:\Documents and Settings\Administrator\My Documents\My Pictures\Shortcut to Imported Photos 00195.JPG.lnk -> C:\Documents and Settings\Administrator\My Documents\My Pictures\Imported Photos 00195.JPG ()
Shortcut: C:\Documents and Settings\Administrator\Desktop\1st day of school.lnk -> C:\Documents and Settings\Administrator\My Documents\My Pictures\Imported Photos 00327.JPG ()
Shortcut: C:\Documents and Settings\Administrator\Desktop\Continue Video Downloader Installation.lnk -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera\Opera\temporary_downloads\setup (1).exe (No File)
Shortcut: C:\Documents and Settings\Administrator\Desktop\Continue Zip Extractor Installation.lnk -> C:\Documents and Settings\Administrator\Local Settings\Temp\ICReinstall_ZipExtractorSetup.exe (No File)
Shortcut: C:\Documents and Settings\Administrator\Desktop\magicJack.lnk -> C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJackLoader.exe (magicJack L.P.)
Shortcut: C:\Documents and Settings\Administrator\Desktop\Opera.lnk -> C:\Program Files\Opera\opera.exe (Opera Software)
Shortcut: C:\Documents and Settings\Administrator\Desktop\Shortcut to AT & T.lnk -> C:\Documents and Settings\Administrator\Desktop\AT & T ()
Shortcut: C:\Documents and Settings\Administrator\Desktop\Shortcut to IMGP5051.JPG.lnk -> C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for attachments_2013_05_22.zip\IMGP5051.JPG (No File)
Shortcut: C:\Documents and Settings\Administrator\Desktop\Shortcut to IMGP5195.JPG.lnk -> H:\DCIM\101PENTX\IMGP5195.JPG (No File)
Shortcut: C:\Documents and Settings\Administrator\Desktop\Shortcut to IMGP5197.JPG.lnk -> H:\DCIM\101PENTX\IMGP5197.JPG (No File)
Shortcut: C:\Documents and Settings\Administrator\Desktop\Shortcut to IMGP5198.JPG.lnk -> H:\DCIM\101PENTX\IMGP5198.JPG (No File)
Shortcut: C:\Documents and Settings\Administrator\Desktop\Shortcut to IMGP5199.JPG.lnk -> H:\DCIM\101PENTX\IMGP5199.JPG (No File)
Shortcut: C:\Documents and Settings\Administrator\Desktop\Shortcut to IMGP5200.JPG.lnk -> H:\DCIM\101PENTX\IMGP5200.JPG (No File)
Shortcut: C:\Documents and Settings\Administrator\Desktop\System Information.lnk -> C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Desktop\YTDownloader.lnk -> C:\Program Files\YTDownloader\YTDownloader.exe (YTDownloader)
Shortcut: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\eCalc Scientific.lnk -> C:\Program Files\eCalc Scientific\eCalc.exe ()
Shortcut: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Software Updates.lnk -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk -> C:\WINDOWS\system32\wupdmgr.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk -> C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}\SC_Reader.ico ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk -> C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk -> C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk -> C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk -> C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk -> C:\Program Files\Movie Maker\moviemk.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoodles.lnk -> C:\Program Files\Zoodles\Zoodles.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware\BootSafe.lnk -> C:\Program Files\SUPERAntiSpyware\BootSafe.exe (SuperAdBlocker.com)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk -> C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE (SUPERAdBlocker.com and SUPERAntiSpyware.com)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Free Edition.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.chm ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks\RealDownloader.lnk -> C:\WINDOWS\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe (RealNetworks, Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\WINDOWS\Installer\{57752979-A1C9-4C02-856B-FBB27AC4E02C}\RichText.ico ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\PictureViewer.lnk -> C:\WINDOWS\Installer\{57752979-A1C9-4C02-856B-FBB27AC4E02C}\PictureViewer.ico ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\WINDOWS\Installer\{57752979-A1C9-4C02-856B-FBB27AC4E02C}\QTPlayer.ico ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Jarte\Jarte.lnk -> C:\Program Files\Jarte\Jarte.exe (Carolina Road Software L.L.C.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Jarte\Uninstall Jarte.lnk -> C:\Program Files\Jarte\unins000.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hewlett-Packard\HP Software Update.lnk -> C:\Program Files\Hewlett-Packard\HP Software Update\main.hta ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hewlett-Packard\hp deskjet 5600 series\read me.lnk -> C:\Program Files\Hewlett-Packard\hpz\readme\readme.txt ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\eCalc Scientific\eCalc Scientific.lnk -> C:\Program Files\eCalc Scientific\eCalc.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\eCalc Scientific\Uninstall.lnk -> C:\Program Files\eCalc Scientific\unins000.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\WINDOWS\system32\Com\comexp.msc ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\WINDOWS\system32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk -> C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorcfg.msc ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk -> C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe ( )
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\WINDOWS\system32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Backup.lnk -> C:\WINDOWS\system32\ntbackup.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\WINDOWS\system32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Defragmenter.lnk -> C:\WINDOWS\system32\dfrg.msc ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk -> C:\WINDOWS\system32\usmt\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\WINDOWS\system32\Restore\rstrui.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sample Pictures.lnk -> C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures ()
Shortcut: C:\Documents and Settings\All Users\Desktop\eCalc Scientific.lnk -> C:\Program Files\eCalc Scientific\eCalc.exe ()
Shortcut: C:\Documents and Settings\All Users\Desktop\Jarte.lnk -> C:\Program Files\Jarte\Jarte.exe (Carolina Road Software L.L.C.)
Shortcut: C:\Documents and Settings\All Users\Application Data\Microsoft\Windows\GameExplorer\{CB9DF32B-540B-4CC6-8B5B-941492ABE82E}\PlayTasks\0\Play.lnk -> C:\Program Files\MSN Games\Zuma Deluxe\Launch.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Application Data\Microsoft\Windows\GameExplorer\{87E9F3D1-4306-4CE5-824D-E32BE4256FF3}\PlayTasks\0\Play.lnk -> C:\Program Files\MSN Games\Zuma Deluxe\Launch.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Application Data\Microsoft\Windows\GameExplorer\{625485D3-5C15-4D46-BC6A-9E38933FF41C}\PlayTasks\0\Zuma Deluxe.lnk -> C:\Program Files\PopCap Games\Zuma Deluxe\Zuma.exe (No File)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)


ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www-search.net/?s=E36z01&pi=1
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www-search.net/?s=E36z01&pi=1
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www-search.net/?s=E36z01&pi=1
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\'Hey there Delilah' - Plain White T's WITH LYRICS - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/watch?v=1UFQAg3ilTg
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\-Hey There Delilah- - Plain White T's (ft. Kurt Schneider) - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/watch?v=KOnSLuLNJEQ
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\-So Sick- - Neyo (ft. Sam Tsui & Max Schneider) - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/watch?v=7_Gm1Re3FgM&list=RD02KOnSLuLNJEQ
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\A Video Christmas Card - Tim on Technology - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/watch?v=LviUYvWAYtA&list=PL23671C052FA0BC6F
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Anna Kendrick - Cups (Pitch Perfect's -When I'm Gone-) - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/watch?v=cmSbXsFE3l8
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Chick-fil-A - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/watch?v=NsJHqstPuNo&list=RD02XpFD-kgQxnI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Chick-Fil-A Drive-Through Bully Hassles Employee And Gets Fired - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/watch?v=DqhjFkfDbcg&list=RD02XpFD-kgQxnI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Christians Don't Have curse Words - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/watch?v=YShtFyjsUVk&list=PL23671C052FA0BC6F
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Do You Hear What I Hear- - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/watch?v=ey_IL57a-b0&list=PL23671C052FA0BC6F
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\gonna make this place your home - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/results?search_query=gonna+make+this+place+your+home&oq=gonna+make+this+&gs_l=youtube.1.0.0l10.38344.41844.0.50015.16.11.0.3.3.0.343.1391.0j6j1j1.8.0...0.0...1ac.1.11.youtube.bvYW5EYvAkQ
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\hey there delilah - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/results?search_query=hey+there+delilah&oq=hey+ther&gs_l=youtube.1.0.0l10.6446921.6450046.0.6453515.8.4.0.0.0.0.1891.2860.2-1j6-1j0j1.3.0...0.0...1ac.1.11.youtube.ASgLO64ATno
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\http---switchboard.real.com-player--cd=home&CB=client&PT=FREE&OS=WinNT%205.1..lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://switchboard.real.com/player/?cd=home&CB=client&PT=FREE&OS=WinNT%205.1.2600&LP=sv&OC=R61EUDF&PV=16.0.0.282&PBR=10485800&LI=en&PN=RealPlayer&DC=R81UBH11&DT=221212&u=4011cf370b9442d0aeb66db810e9359b
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\http---switchboard.real.com-player--cd=morevideo&PT=FREE&OS=WinNT%205.1.2600&.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://switchboard.real.com/player/?cd=morevideo&PT=FREE&OS=WinNT%205.1.2600&LP=sv&OC=R61EUDF&PV=16.0.0.282&PBR=10485800&LI=en&PN=RealPlayer&DC=R81UBH11&DT=221212&u=4011cf370b9442d0aeb66db810e9359b
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\http---switchboard.real.com-player--cd=search&PT=FREE&OS=WinNT%205.1.2600&LP=.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://switchboard.real.com/player/?cd=search&PT=FREE&OS=WinNT%205.1.2600&LP=sv&OC=R61EUDF&PV=16.0.0.282&PBR=10485800&LI=en&PN=RealPlayer&DC=R81UBH11&DT=221212&u=4011cf370b9442d0aeb66db810e9359b
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\http---switchboard.real.com-player-videofeed.html-cd=bookmark&language=en-US&.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://switchboard.real.com/player/videofeed.html?cd=bookmark&language=en-US&PT=FREE&OS=WinNT%205.1.2600&LP=sv&OC=R61EUDF&PV=16.0.0.282&PBR=10485800&LI=en&PN=RealPlayer&DC=R81UBH11&DT=221212&u=4011cf370b9442d0aeb66db810e9359b
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\http---switchboard.real.com-player-videofeed.html-cd=facebook&language=en-US&.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://switchboard.real.com/player/videofeed.html?cd=facebook&language=en-US&PT=FREE&OS=WinNT%205.1.2600&LP=sv&OC=R61EUDF&PV=16.0.0.282&PBR=10485800&LI=en&PN=RealPlayer&DC=R81UBH11&DT=221212&u=4011cf370b9442d0aeb66db810e9359b
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Incredible 25,000 Domino Fall.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://videos.real.com/rp/web_videos?cd=home&CB=client&PT=FREE&OS=WinNT%205.1.2600&LP=sv&OC=R61EUDF&PV=16.0.3.51&PBR=10485800&LI=en&PN=RealPlayer&DC=R81UBH20&DT=221212&u=4011cf370b9442d0aeb66db810e9359b#channel/Popular
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Insanitized- Tim Hawkins - about ungrateful kids - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/watch?v=qunmtzN8pcg
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Navigation Canceled.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> res://ieframe.dll/navcancl.htm#hxxp://switchboard.real.com/player/?cd=home&CB=client&PT=FREE&OS=WinNT%205.1.2600&LP=sv&OC=R61EUDF&PV=16.0.3.51&PBR=10485800&LI=en&PN=RealPlayer&DC=R81UBH20&DT=221212&u=4011cf370b9442d0aeb66db810e9359b
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Phillip Phillips Home with lyrics - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/watch?v=DTI4ExONgFs
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\RealPlayer Daily Videos.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://videos.real.com/rp/web_videos?cd=home&CB=client&PT=FREE&OS=WinNT%205.1.2600&LP=sv&OC=R61EUDF&PV=16.0.3.51&PBR=10485800&LI=en&PN=RealPlayer&DC=R81UBH20&DT=221212&u=4011cf370b9442d0aeb66db810e9359b#channel/BestOfWeb
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\RealPlayer- Tell me more....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.real.com/products/player/more_info/moreinfo.html?ID=504&DC=R81UBH20&LANG=en&PN=RealPlayer&PV=16.0.3.51&PT=FREE&OS=Win&CM=&CMV=&LS=&RE=&RA=burntocd&RV=general
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Santa Clause joined the Mafia- Tim Hawkins - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/watch?v=SmHI3g17akw
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\The Wife Song - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/watch?v=XpFD-kgQxnI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Tim Hawkins - Hey There Delilah Parody - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/watch?v=2ZUgSrSlYy8
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Tim Hawkins - On nursery rhymes - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/watch?v=atr7lYGy2Zs
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Tim Hawkins in Short Songs - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/watch?v=39-oy5QKYTI&list=PL23671C052FA0BC6F
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Tim Hawkins Kids Jokes - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/watch?v=VfVq8fO3k40
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Tim Hawkins on National Anthems - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/watch?v=2Pb80dbVUKM
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Tim Hawkins- Old Rock Star Songs - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/watch?v=HxKeCmTCDV4
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Tim on Gift Giving - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/watch?v=yf1fNjZUzPo&list=PL23671C052FA0BC6F
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Tim on Noah's Ark - YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/watch?v=YVxRddVYYig
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Web Videos - RealPlayer.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://videos.real.com/rp/web_videos?cd=home&CB=client&PT=FREE&OS=WinNT%205.1.2600&LP=sv&OC=R61EUDF&PV=16.0.0.282&PBR=10485800&LI=en&PN=RealPlayer&DC=R81UBH11&DT=221212&u=4011cf370b9442d0aeb66db810e9359b
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\YouTube.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.youtube.com/
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk -> C:\Program Files\Opera\opera.exe (Opera Software) -> hxxp://www-search.net/?s=E36z01&pi=1
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www-search.net/?s=E36z01&pi=1


ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\-script-document.write(pageTitle);--script-.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> file://C:\Program Files\Real\RealPlayer\DataCache\GetMedia\home.html
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\2013 001.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/2013 001.jpg
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\2013 002.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/2013 002.jpg
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\2013 068.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/2013 068.jpg
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\2013 069.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/2013 069.jpg
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\2013 085.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/2013 085.jpg
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\2013 086.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/2013 086.jpg
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\2013 087.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/2013 087.jpg
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Anna Kendrick - Cups (Pitch Perfect's....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Videos/RealPlayer Downloads/Anna Kendrick - Cups (Pitch Perfect's When I'm Gone) - YouTube.mp4
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\apollo16.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/Local Settings/Application Data/Opera/Opera/temporary_downloads/apollo16.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\AT&T High Speed Internet.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> https://pattcwprt.att.motive.com/tunnelSusp.html?memberid=timszanyi@att.net
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\chimes.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/chimes.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\chord.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/chord.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Circus 2012 029.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Circus 2012 029.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Circus 2012 030.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Circus 2012 030.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Circus 2012 031.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Circus 2012 031.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Circus 2012 032.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Circus 2012 032.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Circus 2012 033.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Circus 2012 033.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Circus 2012 035.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Circus 2012 035.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Circus 2012 037.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Circus 2012 037.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Circus 2012 039.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Circus 2012 039.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Circus 2012 040.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Circus 2012 040.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Circus 2012 041.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Circus 2012 041.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Circus 2012 043.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Circus 2012 043.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Circus 2012 045.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Circus 2012 045.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Circus 2012 046.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Circus 2012 046.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Circus 2012 047.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Circus 2012 047.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Circus 2012 049.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Circus 2012 049.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Circus 2012 050.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Circus 2012 050.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Circus 2012 052.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Circus 2012 052.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Circus 2012 055.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Circus 2012 055.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Circus 2012 056.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Circus 2012 056.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\ding.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/ding.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\flourish.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/flourish.mid
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\IMGP4417.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Videos/Wednesday, July 27, 2011/IMGP4417.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\IMGP4418 (1).lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Videos/Wednesday, July 27, 2011/IMGP4418 (1).AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\IMGP4418.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Videos/Wednesday, July 27, 2011/IMGP4418.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\IMGP5083.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://H:/DCIM/101PENTX/IMGP5083.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\IMGP5094.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://H:/DCIM/101PENTX/IMGP5094.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\IMGP5095.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://H:/DCIM/101PENTX/IMGP5095.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\IMGP5096.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://H:/DCIM/101PENTX/IMGP5096.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\IMGP5097.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://H:/DCIM/101PENTX/IMGP5097.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\IMGP5098.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://H:/DCIM/101PENTX/IMGP5098.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\IMGP5099.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://H:/DCIM/101PENTX/IMGP5099.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\IMGP5100.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://H:/DCIM/101PENTX/IMGP5100.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\IMGP5101.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://H:/DCIM/101PENTX/IMGP5101.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00001.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/Copy of My Pictures/Imported Photos 00001.WAV
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00006.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Imported Photos 00006.WAV
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00011.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/Copy of My Pictures/Imported Photos 00011.WAV
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00012.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/Copy of My Pictures/Imported Photos 00012.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00019.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Imported Photos 00019.WAV
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00085.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Imported Photos 00085.WAV
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00100.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Imported Photos 00100.JPG
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00104.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Imported Photos 00104.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00194.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Imported Photos 00194.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00213.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Imported Photos 00213.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00214.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Imported Photos 00214.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00221.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Imported Photos 00221.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00241.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Imported Photos 00241.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00243.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Imported Photos 00243.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00256.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Imported Photos 00256.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00257.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Imported Photos 00257.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00260.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Imported Photos 00260.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00267.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Imported Photos 00267.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00298.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Imported Photos 00298.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00309.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Imported Photos 00309.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00314.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Imported Photos 00314.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00315.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Imported Photos 00315.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00334.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Imported Photos 00334.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00367.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Imported Photos 00367.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Imported Photos 00368.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Imported Photos 00368.AVI
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Internet Explorer cannot display the webpage.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> res://ieframe.dll/dnserrordiagoff_webOC.htm
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\notify.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/notify.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\onestop.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/onestop.mid
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\opr00XSX.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/DOCUME~1/ADMINI~1/LOCALS~1/APPLIC~1/Opera/Opera/cache/g_0056/opr00XSX.tmp
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\opr0FV11.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/DOCUME~1/ADMINI~1/LOCALS~1/APPLIC~1/Opera/Opera/cache/g_0015/opr0FV11.tmp
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\opr0FV1G.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/DOCUME~1/ADMINI~1/LOCALS~1/APPLIC~1/Opera/Opera/cache/g_0015/opr0FV1G.tmp
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\opr0FV2I.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/DOCUME~1/ADMINI~1/LOCALS~1/APPLIC~1/Opera/Opera/cache/g_0016/opr0FV2I.tmp
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\opr0FW0S.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/DOCUME~1/ADMINI~1/LOCALS~1/APPLIC~1/Opera/Opera/cache/g_001F/opr0FW0S.tmp
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\opr0IFBL.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/DOCUME~1/ADMINI~1/LOCALS~1/APPLIC~1/Opera/Opera/cache/g_003C/opr0IFBL.tmp
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\opr0IUDV.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/DOCUME~1/ADMINI~1/LOCALS~1/APPLIC~1/Opera/Opera/cache/g_0054/opr0IUDV.tmp
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\opr0IUDY.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/DOCUME~1/ADMINI~1/LOCALS~1/APPLIC~1/Opera/Opera/cache/g_0054/opr0IUDY.tmp
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\opr0JLHA.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/DOCUME~1/ADMINI~1/LOCALS~1/APPLIC~1/Opera/Opera/cache/g_0066/opr0JLHA.tmp
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\opr0KGCA.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/DOCUME~1/ADMINI~1/LOCALS~1/APPLIC~1/Opera/Opera/cache/g_001F/opr0KGCA.tmp
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\opr0KGDV.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/DOCUME~1/ADMINI~1/LOCALS~1/APPLIC~1/Opera/Opera/cache/g_001F/opr0KGDV.tmp
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\opr0N6FD.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/DOCUME~1/ADMINI~1/LOCALS~1/APPLIC~1/Opera/Opera/cache/g_0000/opr0N6FD.tmp
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\opr0NG00.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/DOCUME~1/ADMINI~1/LOCALS~1/APPLIC~1/Opera/Opera/cache/g_0061/opr0NG00.tmp
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\opr0OPKB.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/DOCUME~1/ADMINI~1/LOCALS~1/APPLIC~1/Opera/Opera/cache/g_002E/opr0OPKB.tmp
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\opr0PO16.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/DOCUME~1/ADMINI~1/LOCALS~1/APPLIC~1/Opera/Opera/cache/g_000B/opr0PO16.tmp
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\opr0PO29.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/DOCUME~1/ADMINI~1/LOCALS~1/APPLIC~1/Opera/Opera/cache/g_000C/opr0PO29.tmp
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\opr0QA69.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/DOCUME~1/ADMINI~1/LOCALS~1/APPLIC~1/Opera/Opera/cache/g_006C/opr0QA69.tmp
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\opr0XC79.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/DOCUME~1/ADMINI~1/LOCALS~1/APPLIC~1/Opera/Opera/cache/g_0078/opr0XC79.tmp
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\opr122FA.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/DOCUME~1/ADMINI~1/LOCALS~1/APPLIC~1/Opera/Opera/cache/g_0033/opr122FA.tmp
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\opr138HU.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/DOCUME~1/ADMINI~1/LOCALS~1/APPLIC~1/Opera/Opera/cache/g_005D/opr138HU.tmp
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\opr138JO.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/DOCUME~1/ADMINI~1/LOCALS~1/APPLIC~1/Opera/Opera/cache/g_005E/opr138JO.tmp
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Phillip Phillips Home with lyrics - Y....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Videos/RealPlayer Downloads/Phillip Phillips Home with lyrics - YouTube.mp4
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Pre K 3 Thanksgiving 004.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Pre K 3 Thanksgiving 004.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\recycle.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/recycle.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\ringin.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/ringin.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\ringout.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/ringout.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Ryan and Ella Graduation 2013 004.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Ryan and Ella Graduation 2013 004.jpg
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Ryan and Ella Graduation 2013 005.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Ryan and Ella Graduation 2013 005.jpg
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Ryan and Ella Graduation 2013 006.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Ryan and Ella Graduation 2013 006.jpg
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Ryan and Ella Graduation 2013 007.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Ryan and Ella Graduation 2013 007.jpg
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Ryan and Ella Graduation 2013 008.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/My Documents/My Pictures/Ryan and Ella Graduation 2013 008.jpg
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\ScreenShot.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://h:/DumpFiles.RoundRobin/00000019/ScreenShot.bmp
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\start.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/start.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\sts51a.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/Administrator/Local Settings/Application Data/Opera/Opera/temporary_downloads/sts51a.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Summer 2011 082.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Summer 2011 082.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Summer 2011 092.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Summer 2011 092.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Summer 2011 095.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Summer 2011 095.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Summer 2011 096.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Summer 2011 096.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Summer 2011 098.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Summer 2011 098.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Summer 2011 099.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Summer 2011 099.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Summer 2011 104.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Summer 2011 104.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Summer 2011 105.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Summer 2011 105.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Summer 2011 106.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Summer 2011 106.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Summer 2011 107.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Summer 2011 107.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Summer 2011 108.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Summer 2011 108.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Summer 2011 109.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Summer 2011 109.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Summer 2011 116.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Summer 2011 116.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Summer 2011 117.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Documents and Settings/All Users/Documents/My Pictures/Summer 2011 117.avi
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\tada.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/tada.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\town.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/town.mid
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\VBIED.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/unzipped/watch explosion[1]/watch explosion..wmv
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Balloon.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Balloon.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Battery Critical.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Battery Critical.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Battery Low.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Battery Low.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Critical Stop.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Critical Stop.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Default.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Default.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Ding.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Ding.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Error.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Error.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Exclamation.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Exclamation.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Hardware Fail.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Hardware Fail.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Hardware Insert.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Hardware Insert.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Hardware Remove.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Hardware Remove.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Information Bar.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Information Bar.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Logoff Sound.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Logoff Sound.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Logon Sound.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Logon Sound.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Menu Command.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Menu Command.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Minimize.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Minimize.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Notify.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Notify.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Pop-up Blocked.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Pop-up Blocked.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Print complete.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Print complete.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Recycle.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Recycle.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Restore.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Restore.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Ringin.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Ringin.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Ringout.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Ringout.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Shutdown.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Shutdown.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Start.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Start.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Windows XP Startup.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://F:/WINDOWS/Media/Windows XP Startup.wav
ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk -> C:\WINDOWS\system32\control.exe (Microsoft Corporation) -> appwiz.cpl,,3
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) -> /register
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks\RealPlayer Converter.lnk -> C:\Program Files\Real\RealPlayer\realconverter.exe (RealNetworks, Inc.) -> /launch:start_menu
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks\RealPlayer Trimmer.lnk -> C:\Program Files\Real\RealPlayer\realtrimmer.exe (RealNetworks, Inc.) -> /launch:start_menu
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks\RealPlayer.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /launch:start_menu
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\WINDOWS\system32\msiexec.exe (Microsoft Corporation) -> /i {57752979-A1C9-4C02-856B-FBB27AC4E02C} /qf
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Hewlett-Packard\hp deskjet 5600 series\printer assistant.lnk -> C:\Program Files\Hewlett-Packard\hp deskjet assistant\bin\browser.exe (Hewlett-Packard Company) -> -s"dugout:///dugout_home.html" -l"enu" -p"5600"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Hewlett-Packard\hp deskjet 5600 series\taskbar icon.lnk -> C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbu09.exe (HP) -> -n "hp deskjet 5600 series" -force
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Hewlett-Packard\hp deskjet 5600 series\uninstall software.lnk -> C:\WINDOWS\system32\msiexec.exe (Microsoft Corporation) -> /x {DB5518BE-F40F-407A-B451-012625D4497B}
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Hewlett-Packard\hp deskjet 5600 series\user's guide.lnk -> C:\Program Files\Hewlett-Packard\hp deskjet assistant\bin\browser.exe (Hewlett-Packard Company) -> -s"dugout:///ug_home_fs.html" -l"enu" -p"5600"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\WINDOWS\system32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\WINDOWS\system32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Local Security Policy.lnk -> C:\WINDOWS\system32\secpol.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Performance.lnk -> C:\WINDOWS\system32\perfmon.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk -> C:\WINDOWS\system32\services.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Scanner and Camera Wizard.lnk -> C:\WINDOWS\system32\wiaacmgr.exe (Microsoft Corporation) -> -SelectDevice
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Scheduled Tasks.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{D6277990-4C6A-11CF-8D87-00AA0060F5BF}
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Connections.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{7007acc7-3202-11d1-aad2-00805fc1270e}
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Setup Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> hnetwiz.dll,HomeNetWizardRunDll
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\New Connection Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> netshell.dll,StartNCW
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> shell32.dll,Control_RunDLL NetSetup.cpl,@0,WNSW
ShortcutWithArgument: C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /launch:desktop
ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start


InternetURL: C:\Documents and Settings\Administrator\Favorites\timmy\Emergency Medical Services (EMS) and Trauma.url -> hxxp://ems.ga.gov/
InternetURL: C:\Documents and Settings\Administrator\Favorites\timmy\Georgia Highlands College.url -> hxxp://www.highlands.edu/academics/extended/index.htm
InternetURL: C:\Documents and Settings\Administrator\Favorites\timmy\Home Page.url -> https://mycampus.southuniversity.edu/portal/server.pt?
InternetURL: C:\Documents and Settings\Administrator\Favorites\timmy\LabCorp Careers, Jobs and Employment.url -> https://www5.apply2jobs.com/LabCorp/ProfExt/index.cfm?fuseaction=mExternal.showLogin
InternetURL: C:\Documents and Settings\Administrator\Favorites\timmy\Section 8 Division.url -> hxxp://www.mariettaga.gov/departments/devsvcs/section8/default.aspx
InternetURL: C:\Documents and Settings\Administrator\Favorites\timmy\Section 8 Housing Information.url -> hxxp://section8housinginfo.com/
InternetURL: C:\Documents and Settings\Administrator\Favorites\timmy\Stress Position - EKG Tech, Exercise Phys, CVT, RN or NP.url -> hxxp://atlanta.craigslist.org/atl/hea/1467727001.html
InternetURL: C:\Documents and Settings\Administrator\Favorites\timmy\SupportSoft Support Center Web.url -> https://eqa.chartercom.com/sdchealtop/framework/frameset.asp
InternetURL: C:\Documents and Settings\Administrator\Favorites\timmy\teas.url -> hxxp://www.utm.edu/departments/acadpro/library/tutorial/proftests/
InternetURL: C:\Documents and Settings\Administrator\Favorites\timmy\YouTube - The exorcist tutorial PIANO (easy).url -> hxxp://www.youtube.com/watch?v=2hgbXH7gUnM
InternetURL: C:\Documents and Settings\Administrator\Favorites\Links\Search.url -> hxxp://search.conduit.com/?SearchSource=10&CUI=UN29175749772724914&ctid=CT3239904
InternetURL: C:\Documents and Settings\Administrator\Favorites\Links\Suggested Sites (2).url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Documents and Settings\Administrator\Favorites\Links\Suggested Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Documents and Settings\Administrator\Favorites\laurie\chattahoocheetech.com.url -> hxxp://www.chattahoocheetech.com/
InternetURL: C:\Documents and Settings\Administrator\Favorites\laurie\Discovery Point - Discovery Point Experience - Get Started - Overview.url -> hxxp://www.discoverypoint.com/experience/get-started/overview/
InternetURL: C:\Documents and Settings\Administrator\Favorites\ELLA\barbie.com Games & Activities for Girls.url -> hxxp://www.barbie.com/
InternetURL: C:\Documents and Settings\Administrator\Favorites\ELLA\Disney Princess Visit Princess Snow White.url -> hxxp://disney.go.com/princess/
InternetURL: C:\Documents and Settings\Administrator\Favorites\ELLA\Journey into a magical world of horses.url -> hxxp://www.bellasara.com/index_bs.aspx
InternetURL: C:\Documents and Settings\Administrator\Favorites\ELLA\Princess Games - Play Free Princess Games for Girls online at GirlsgoGames.com.url -> hxxp://www.girlsgogames.com/games/princess.html
InternetURL: C:\Documents and Settings\Administrator\Favorites\ELLA\Sleeping Beauty.url -> hxxp://www.igameflash.com/play.php?gid=462
InternetURL: C:\Documents and Settings\Administrator\Favorites\ELLA\YouTube - Nursery Rhymes Video - I'm a Little Teapot.url -> hxxp://www.youtube.com/watch?v=YhkR06ZtSmM
InternetURL: C:\Documents and Settings\Administrator\Desktop\desktop-shortcut.url -> hxxp://www.abcmouse.com/desktop-shortcut?shortcutURL=/
InternetURL: C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater(2)\Privacy Policy.url -> hxxp://policy.installiqlearnmore.com/privacypolicy.html
InternetURL: C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater(2)\Terms & Conditions.url -> hxxp://policy.installiqlearnmore.com/terms-and-conditions.html
InternetURL: C:\Documents and Settings\All Users\Start Menu\Programs\InstaCodecs\InstaCodecs Homepage.url -> hxxp://click.w3i.com/default.aspx?programid=196&elementname=StartMenuHome
InternetURL: C:\Documents and Settings\All Users\Start Menu\Programs\eCalc Scientific\eCalc Home.url -> hxxp://www.ecalc.com/
InternetURL: C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics\Disk Defrag\ Check Your PC Performance.url -> hxxp://www.auslogics.com/en/cpages/free-system-scan/?source=smenu&reason=disk-defrag
InternetURL: C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics\Disk Defrag\Auslogics Disk Defrag on the Web.url -> hxxp://www.auslogics.com/en/software/disk-defrag

==================== End of log =============================

LightScribe 1.4.136.1 (Version: 1.4.136.1 - http://www.lightscribe.com) Hidden
magicJack (HKCU\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
MapsGalaxy Internet Explorer Toolbar (HKLM\...\MapsGalaxy_39bar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network)
Media Player (HKLM\...\MediaPlayerV1alpha78) (Version: 1.1 - Media Player)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version: - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40825 - Microsoft Corporation) Hidden
Microsoft Windows XP Video Decoder Checkup Utility (HKLM\...\DECCHECK) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MyDVD-VR Recorder (Version: 1.0 - Sonic) Hidden
Opera 12.01 (HKLM\...\Opera 12.01.1532) (Version: 12.01.1532 - Opera Software ASA)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
overland (Version: 2.1.5 - HP) Hidden
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Sonic MyDVD-VR (HKLM\...\InstallShield_{897CA0D9-948F-4E5B-A20E-535E1060D3E6}) (Version: 1.0 - Sonic)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: - )
SweetPacks A11 Toolbar for IE (HKLM\...\IECT3316071) (Version: 6.17.2.8 - SweetPacks A11) <==== ATTENTION
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TidyNetwork (HKCU\...\TidyNetwork) (Version: - TidyNetwork)
Update for Foxtab (HKCU\...\FoxTab) (Version: - Update for Foxtab) <==== ATTENTION
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB978506) (HKLM\...\KB978506-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB978207) (Version: 1 - Microsoft Corporation) Hidden
Video Player (HKLM\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
VisualBee for Microsoft PowerPoint (HKCU\...\VisualBee for Microsoft PowerPoint) (Version: V4.1 - VisualBee.com)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebSearchy (HKLM\...\Websearchy) (Version: - Websearchy)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WordExtra (HKCU\...\WordExtra) (Version: 1 - http://www.wordextra.com)
YTDownloader (HKLM\...\YTDownloader) (Version: - YTDownloader)
Zoodles (HKLM\...\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1) (Version: 3.0.5 - Inquisitive Minds, Inc)
Zoodles (Version: 3.0.5 - Inquisitive Minds, Inc) Hidden

==================== Restore Points =========================

21-04-2014 11:00:52 Software Distribution Service 3.0
22-04-2014 07:00:29 Software Distribution Service 3.0
22-04-2014 10:58:11 Software Distribution Service 3.0
23-04-2014 07:00:43 Software Distribution Service 3.0
23-04-2014 10:59:51 Software Distribution Service 3.0
24-04-2014 07:00:44 Software Distribution Service 3.0
24-04-2014 10:57:35 Software Distribution Service 3.0
25-04-2014 07:00:38 Software Distribution Service 3.0
25-04-2014 11:00:41 Software Distribution Service 3.0

==================== Hosts content: ==========================

2004-08-04 08:00 - 2004-08-04 08:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\ADMINI~1\APPLIC~1\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\At2.job => C:\DOCUME~1\NETWOR~1\APPLIC~1\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\At3.job => C:\DOCUME~1\ADMINI~1\APPLIC~1\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\At4.job => C:\DOCUME~1\NETWOR~1\APPLIC~1\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\File Helper.job => C:\Program Files\File Helper\1.1.0.4\FileHelper.exe
Task: C:\WINDOWS\Tasks\FileCure.job => C:\Program Files\ParetoLogic\FileCure\FileCure.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1292428093-1979792683-725345543-500.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1292428093-1979792683-725345543-500.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1292428093-1979792683-725345543-500.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1292428093-1979792683-725345543-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1292428093-1979792683-725345543-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-1979792683-725345543-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-1979792683-725345543-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\temp_Plus-HD-7.7-enabler.job => C:\Program Files\Plus-HD-7.7\Plus-HD-7.7-enabler.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{A1AE6686-8B7B-473C-BFE0-A5270B74EE63}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\WebSearchy Update Task.job => C:\Program Files\Websearchy\uninstall.WebSearchy.exe
Task: C:\WINDOWS\Tasks\YTDownloaderUpd.job => C:\Program Files\YTDownloader\Updater.exe

==================== Loaded Modules (whitelisted) =============

2009-12-23 20:44 - 2009-12-24 20:38 - 00043520 _____ () C:\WINDOWS\system32\CmdLineExt03.dll
2013-04-25 11:45 - 2006-01-09 13:56 - 00049152 _____ () C:\WINDOWS\system32\LxrSII1s.exe
2014-03-29 10:20 - 2014-03-28 17:19 - 00894464 _____ () C:\Program Files\Websearchy\WebSearchy.exe
2014-03-29 10:20 - 2014-03-28 17:19 - 00171008 _____ () C:\Program Files\Websearchy\WebSearchyDAL.dll
2013-04-25 13:32 - 2006-11-09 11:00 - 00024576 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-02-01 13:42 - 2012-02-01 13:42 - 00083352 _____ () C:\Documents and Settings\Administrator\Application Data\mjusbsp\octvqem_apiw.DLL
2014-04-24 13:59 - 2014-04-24 13:59 - 00179480 _____ () C:\Program Files\MapsGalaxy_39\bar\1.bin\39tpinst.dll
2004-08-04 06:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 06:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00835584 _____ () C:\Program Files\Opera\gstreamer\gstreamer.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00093696 _____ () C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00094208 _____ () C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00057344 _____ () C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00096256 _____ () C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00062976 _____ () C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00067072 _____ () C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00158208 _____ () C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00312832 _____ () C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00038912 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00073728 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
2012-07-11 22:02 - 2013-07-22 20:15 - 00101888 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\WINDOWS:nlsPreferences
AlternateDataStreams: C:\Documents and Settings\Administrator\My Documents\My Videos:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A1D3FEF0
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher =>
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: HP Component Manager => "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
MSCONFIG\startupreg: HP Software Update => "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Shop To Win => C:\Program Files\Shop To Win\ShopToWin.exe
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/25/2014 09:12:28 AM) (Source: Application Hang) (User: )
Description: Fault bucket -605795790.

Error: (04/25/2014 09:11:03 AM) (Source: Application Hang) (User: )
Description: Hanging application opera.exe, version 12.16.1860.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/09/2014 07:46:58 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/09/2014 07:46:58 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/03/2014 07:49:53 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10401.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/02/2014 07:29:24 AM) (Source: Application Hang) (User: )
Description: Fault bucket 734562961.

Error: (04/02/2014 07:29:17 AM) (Source: Application Hang) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/29/2014 06:59:46 PM) (Source: Application Hang) (User: )
Description: Fault bucket 12043847.

Error: (03/29/2014 06:59:37 PM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 10.1.9.22, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/29/2014 03:21:33 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.
Processing media-specific event for [iexplore.exe!ws!]


System errors:
=============
Error: (04/25/2014 07:32:00 PM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (04/25/2014 07:32:00 PM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (04/25/2014 07:15:00 PM) (Source: Schedule) (User: )
Description: The At4.job command failed to start due to the following error:
%%2147942403

Error: (04/25/2014 07:15:00 PM) (Source: Schedule) (User: )
Description: The At3.job command failed to start due to the following error:
%%2147942403

Error: (04/25/2014 06:32:00 PM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (04/25/2014 06:32:00 PM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (04/25/2014 06:15:00 PM) (Source: Schedule) (User: )
Description: The At4.job command failed to start due to the following error:
%%2147942403

Error: (04/25/2014 06:15:00 PM) (Source: Schedule) (User: )
Description: The At3.job command failed to start due to the following error:
%%2147942403

Error: (04/25/2014 05:32:00 PM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (04/25/2014 05:32:00 PM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 65%
Total physical RAM: 1021.98 MB
Available physical RAM: 352.91 MB
Total Pagefile: 1992.16 MB
Available Pagefile: 991.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1923.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:19.01 GB) (Free:0.31 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 19 GB) (Disk ID: 1F371F36)
Partition 1: (Active) - (Size=19 GB) - (Type=07 NTFS)

==================== End Of Log ============================


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/12/2010 6:49:07 PM
System Uptime: 4/10/2014 6:40:49 AM (123 hours ago)
.
Motherboard: Dell Computer Corp. | | 0U1325
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 19 GiB total, 0.614 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2322: 4/13/2014 6:57:49 AM - Software Distribution Service 3.0
RP2323: 4/14/2014 3:00:43 AM - Software Distribution Service 3.0
RP2324: 4/14/2014 6:57:39 AM - Software Distribution Service 3.0
RP2325: 4/15/2014 3:00:40 AM - Software Distribution Service 3.0
RP2326: 4/15/2014 6:58:49 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader 9.3.4
Adobe Reader X (10.1.9)
Adobe Shockwave Player 12.0
Compatibility Pack for the 2007 Office system
DScaler 5 Mpeg Decoders
eCalc Scientific (v1.5)
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 5600
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Connections Drivers
Jarte 4.5
Java Auto Updater
LightScribe 1.4.136.1
magicJack
Malwarebytes Anti-Malware version 2.0.1.1004
Media Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Calculator Plus
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Windows XP Video Decoder Checkup Utility
MSXML 4.0 SP2 (KB954430)
MyDVD-VR Recorder
Opera 12.01
Opera 12.16
overland
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic MyDVD-VR
SoundMAX
SweetPacks A11 Toolbar for IE
swMSM
TidyNetwork
Update for Foxtab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Video Player
VisualBee for Microsoft PowerPoint
WebFldrs XP
WebSearchy
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WordExtra
YTDownloader
Zoodles
.
==== Event Viewer Messages From Past Week ========
.
4/9/2014 7:33:49 PM, error: Dhcp [1002] - The IP address lease 10.0.0.19 for the Network Card with network address 000D562A8D70 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
4/8/2014 9:32:00 PM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942403
4/8/2014 9:32:00 PM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942403
4/8/2014 9:15:00 PM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942403
4/8/2014 9:15:00 PM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942403
4/8/2014 3:04:37 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2932677).
4/8/2014 10:13:21 AM, error: Microsoft Antimalware [2041] - The support for your operating system has expired. Running Microsoft Antimalware on an out of support operating system is not an adequate solution to protect against threats.
4/8/2014 10:04:31 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
4/8/2014 10:04:01 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
4/8/2014 10:03:55 AM, error: Service Control Manager [7000] - The vToolbarUpdater18.0.5 service failed to start due to the following error: The system cannot find the file specified.
4/8/2014 10:03:38 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
4/8/2014 10:03:38 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
.
==== End Of File ===========================




 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 AM

Posted 26 April 2014 - 07:47 AM

Just to be on the safe side please run the Farbar Recovery Scan Tool one more time and post the content of the FRST.txt log.


Let me know what problem persists with this computer.

#13 sonnyz

sonnyz
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 AM

Posted 01 May 2014 - 01:24 PM

This computer is old, " like me" it seems to be operating alright yet at times it slows down to a crawl, pages will not load and then the green start icon is inoperative, I am not able to restart or shutdown the computer and I have to do that manually, which I know is not a good thing to do. When I power back on the page starts with F1 or F2 options, F1 does not work: F2 and then I goto CapLocks, ScrollLock and NumLock and then I have to press AltE, AltM, AltB and this finally gets my old computer back. Were you able to find or locate programs or other non essential items that I might to delete? Like in Windows Task Manager under Processes I have 45 items listed there most of them are listed under Administrator, System and Local Services. Any way, Thank You again for your time involved with this computer, here is the new list from FRST.exe

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-04-2014 03
Ran by Administrator (administrator) on ONE-70FAAFBE801 on 01-05-2014 13:44:50
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\WINDOWS\system32\LxrSII1s.exe
(Nalpeiron Ltd.) C:\WINDOWS\system32\NLSSRV32.EXE
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
( ) C:\PROGRA~1\MAPSGA~1\bar\1.bin\APPINTEGRATOR.EXE
(Mindspark) C:\PROGRA~1\MAPSGA~1\bar\1.bin\39SrchMn.exe
(VER_COMPANY_NAME) C:\PROGRA~1\MAPSGA~1\bar\1.bin\39brmon.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
() C:\Documents and Settings\Administrator\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
(magicJack L.P.) C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [188416 2006-01-13] (HP)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2013-09-30] (RealNetworks, Inc.)
HKLM\...\Run: [WebSearchy] => "C:\Program Files\Websearchy\WebSearchy.exe"
HKLM\...\Run: [MapsGalaxy Home Page Guard 32 bit] => C:\Program Files\MapsGalaxy_39\bar\1.bin\APPINTEGRATOR.EXE [421448 2014-04-24] ( )
HKLM\...\Run: [MapsGalaxy Search Scope Monitor] => C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrchMn.exe [55368 2014-04-24] (Mindspark)
HKLM\...\Run: [MapsGalaxy_39 Browser Plugin Loader] => C:\Program Files\MapsGalaxy_39\bar\1.bin\39brmon.exe [61512 2014-04-24] (VER_COMPANY_NAME)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect"
HKU\.DEFAULT\...\RunOnce: [Del146162140] - cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del"
HKU\.DEFAULT\...\RunOnce: [Del52844265] - cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del"
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Run: [LxrAutorun] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Lexar Media\LxrAutorun.exe [24576 2006-11-09] ()
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Run: [Сodec Performer803611.exe] => "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Сodec Performer803611.exe" /XML="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1.tmp" /ROS /STP=1:2 <===== ATTENTION
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Run: [cdloader] => C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Run: [SpeedItupFree] => "C:\Program Files\SpeedItup Free\speeditupfree.exe"
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Policies\Explorer: [NoMovingBands] 0
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Policies\Explorer: [NoCloseDragDropBands] 0
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Policies\Explorer: [ClassicShell] 0
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\MountPoints2: {4a77764d-edb0-11e2-b042-000d562a8d70} - F:\LGAutoRun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.tb.ask.com/index.jhtml?n=77FD35DB&p2=^UX^man000^YYA^&ptb=52BCAFAC-3A65-4937-BC79-D9412D5FCC1C
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCAFBC87FDA4ECB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
URLSearchHook: HKCU - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (Mindspark)
SearchScopes: HKLM - DefaultScope {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^man000^YYA^&ptb=52BCAFAC-3A65-4937-BC79-D9412D5FCC1C&ind=2014042414&n=780bd92e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^man000^YYA^&ptb=52BCAFAC-3A65-4937-BC79-D9412D5FCC1C&ind=2014042414&n=780bd92e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^man000^YYA^&ptb=52BCAFAC-3A65-4937-BC79-D9412D5FCC1C&ind=2014042414&n=780bd92e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^man000^YYA^&ptb=52BCAFAC-3A65-4937-BC79-D9412D5FCC1C&ind=2014042414&n=780bd92e&psa=&st=sb&searchfor={searchTerms}
BHO: Toolbar BHO - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll (Mindspark)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Search Assistant BHO - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (Mindspark)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll (Mindspark)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - MapsGalaxy - {364EA597-E728-4CE4-BB4A-ED846EF47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll (Mindspark)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{125C7C30-D0DF-48B7-AC70-0C339C143D4D}: [NameServer]67.90.152.122,67.107.71.186

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin: @MapsGalaxy_39.com/Plugin - C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (Mindspark)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Extension: WordExtra - C:\Program Files\Mozilla Firefox\browser\extensions\korey@markus.me [2014-03-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-30]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [12x3q4@3244516.com] - C:\Program Files\Better-Surf\ff
FF HKLM\...\Firefox\Extensions: [ext@bettersurfplusv1.com] - C:\Program Files\BetterSurf\BetterSurfPlusV1\ff

Chrome:
=======
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: http://www.google.com
CHR DefaultNewTabURL: http://www.websearchy.com?&hspart=adk&hsimp=yhs-adk_sychp&param1=20140329&param2=c259b665-b046-4082-975b-184e7c23c608&param3=websearchy&param4=
CHR Extension: (Plus-HD-7.7) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dljbcjbfojhlfhgenhepllagfecdpchb [2014-03-07]
CHR Extension: (WordExtra) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gfmgibapgochmjeecdcjkloehhhcoekj [2014-03-04]
CHR Extension: (Webexp Enhanced) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hepojocegndfehljhiioejinmhdgpdpd [2013-12-20]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-08-14]
CHR Extension: (Video Player) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifiajmbfaokdgfbigbhpnpbpiclfecei [2014-02-13]
CHR Extension: (Foxtab Speed Dial) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kcendgajlhoaiiccpijilcpmgphfflnj [2013-08-14]
CHR Extension: (Media Player) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nloimbaagfdajkmmmmfclbiedijenaic [2014-02-13]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR HKLM\...\Chrome\Extension: [ajadlheagenmmedmhaoafgkdenfilcme] - C:\Program Files\BetterSurf\BetterSurfPlusV1\ch\BetterSurfPlusV1.crx [2013-09-12]
CHR HKLM\...\Chrome\Extension: [bpenbjflfomjcbdlemgaapphnlkmoefp] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1882\ch\MediaViewerV1alpha1882.crx [2013-09-12]
CHR HKLM\...\Chrome\Extension: [hepojocegndfehljhiioejinmhdgpdpd] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha653\ch\WebexpEnhancedV1alpha653.crx [2013-09-12]
CHR HKLM\...\Chrome\Extension: [hfimjncgpflkpkhbnnblhblobjjjhjhd] - C:\Program Files\qualitink\hfimjncgpflkpkhbnnblhblobjjjhjhd.crx [2013-09-12]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [ifiajmbfaokdgfbigbhpnpbpiclfecei] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta980\ch\VideoPlayerV3beta980.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [kcendgajlhoaiiccpijilcpmgphfflnj] - C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\newhb.crx [2013-07-31]
CHR HKLM\...\Chrome\Extension: [lobnbdjmfmejhlggkjabhapkjajdfcei] - C:\Program Files\MediaViewV1\MediaViewV1alpha2967\ch\MediaViewV1alpha2967.crx [2013-07-31]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com)
R2 LxrSII1s; C:\WINDOWS\system32\LxrSII1s.exe [49152 2006-01-09] ()
S2 MapsGalaxy_39Service; C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe [88648 2014-04-24] (COMPANYVERS_NAME)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
S3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]
S2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42272 2014-03-24] (AVG Technologies)
R3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [163840 2006-10-29] (Intel Corporation)
R2 LxrSII1d; C:\WINDOWS\system32\Drivers\LxrSII1d.sys [72672 2006-12-14] ()
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-12] (Malwarebytes Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13024 2012-09-07] ()
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 cmuda; system32\drivers\cmuda.sys [X]
S3 gkmixern; \??\C:\DOCUME~1\ADMINA~1\LOCALS~1\Temp\gkmixern.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-25 20:52 - 2014-04-25 20:55 - 00000426 _____ () C:\Documents and Settings\Administrator\Desktop\Search.txt
2014-04-25 20:20 - 2014-04-25 21:18 - 00128490 _____ () C:\Documents and Settings\Administrator\Desktop\Fixlist.txt
2014-04-25 20:20 - 2014-04-25 20:20 - 00107903 _____ () C:\Documents and Settings\Administrator\Desktop\Fixlist.exe
2014-04-25 13:44 - 2014-04-25 20:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\MY_FRST
2014-04-24 17:45 - 2014-04-25 20:12 - 00083488 _____ () C:\Documents and Settings\Administrator\Desktop\Shortcut.txt
2014-04-24 17:37 - 2014-04-30 16:07 - 01050624 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-04-24 17:37 - 2014-04-30 16:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\FRST-OlderVersion
2014-04-24 14:00 - 2014-04-24 14:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\IAC
2014-04-24 14:00 - 2014-04-24 14:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\MapsGalaxy_39
2014-04-24 13:59 - 2014-04-24 13:59 - 00000000 ____D () C:\Program Files\MapsGalaxy_39
2014-04-23 11:46 - 2014-04-23 11:46 - 00854355 _____ () C:\Documents and Settings\Administrator\Desktop\Screen317.exe
2014-04-21 19:10 - 2014-04-25 20:12 - 00024404 _____ () C:\Documents and Settings\Administrator\Desktop\Addition.txt
2014-04-21 19:09 - 2014-05-01 13:45 - 00018497 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-04-21 19:06 - 2014-05-01 13:44 - 00000000 ____D () C:\FRST
2014-04-21 19:06 - 2014-04-21 19:06 - 01048064 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\farbar.exe
2014-04-15 09:01 - 2014-04-25 20:05 - 00034260 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2014-04-15 09:01 - 2014-04-15 09:01 - 00010265 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt
2014-04-15 08:52 - 2014-04-15 08:52 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.com
2014-04-10 03:31 - 2014-04-10 03:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-10 03:02 - 2014-04-10 03:08 - 00011264 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-09 19:40 - 2014-04-10 03:31 - 00012875 _____ () C:\WINDOWS\KB2922229.log
2014-04-09 08:42 - 2014-04-09 08:42 - 00001221 _____ () C:\Documents and Settings\Administrator\Desktop\MBAMLOG.xml
2014-04-08 10:35 - 2014-04-09 08:38 - 00001055 _____ () C:\MBAM.txt
2014-04-08 09:56 - 2014-04-08 09:56 - 00052440 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\jrjquxie.sys
2014-04-08 08:41 - 2014-04-08 08:41 - 00006438 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt
2014-04-08 08:24 - 2014-04-08 08:24 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-06 18:37 - 2014-04-09 08:34 - 00005845 _____ () C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2014-04-03 20:58 - 2014-04-19 20:01 - 00000000 ____D () C:\AdwCleaner
2014-04-03 20:58 - 2014-04-19 19:27 - 01308369 _____ () C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
2014-04-03 20:31 - 2014-04-03 20:31 - 04134240 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe

==================== One Month Modified Files and Folders =======

2014-05-01 13:45 - 2014-04-21 19:09 - 00018497 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-05-01 13:44 - 2014-04-21 19:06 - 00000000 ____D () C:\FRST
2014-05-01 13:32 - 2014-02-08 01:32 - 00000420 _____ () C:\WINDOWS\Tasks\At2.job
2014-05-01 13:32 - 2013-11-17 11:32 - 00000420 _____ () C:\WINDOWS\Tasks\At1.job
2014-05-01 13:29 - 2011-10-12 10:20 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-01 13:15 - 2014-02-14 02:15 - 00000416 _____ () C:\WINDOWS\Tasks\At4.job
2014-05-01 13:15 - 2014-02-13 02:16 - 00000416 _____ () C:\WINDOWS\Tasks\At3.job
2014-05-01 13:02 - 2012-07-02 10:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-01 10:41 - 2010-08-03 17:11 - 00000438 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{A1AE6686-8B7B-473C-BFE0-A5270B74EE63}.job
2014-05-01 07:32 - 2014-03-04 08:32 - 00000364 _____ () C:\WINDOWS\Tasks\YTDownloaderUpd.job
2014-05-01 07:22 - 2011-10-12 10:20 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-01 07:22 - 2009-08-17 23:12 - 00032640 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-01 03:05 - 2009-08-17 22:58 - 01920460 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-30 19:40 - 2013-10-14 11:52 - 00000324 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1292428093-1979792683-725345543-500.job
2014-04-30 18:27 - 2014-03-28 03:14 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-04-30 18:21 - 2013-07-28 22:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\mjusbsp
2014-04-30 18:21 - 2013-06-22 10:49 - 00001054 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\magicJack.lnk
2014-04-30 18:21 - 2013-06-22 10:49 - 00001048 _____ () C:\Documents and Settings\Administrator\Desktop\magicJack.lnk
2014-04-30 18:17 - 2014-03-22 14:58 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-30 18:17 - 2014-03-12 07:25 - 00000294 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1292428093-1979792683-725345543-500.job
2014-04-30 18:17 - 2013-10-14 11:52 - 00000316 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1292428093-1979792683-725345543-500.job
2014-04-30 18:17 - 2013-08-08 19:09 - 00000486 _____ () C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job
2014-04-30 18:17 - 2012-09-30 08:43 - 00000294 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-1979792683-725345543-500.job
2014-04-30 18:17 - 2009-08-17 15:51 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-30 18:17 - 2009-08-17 15:51 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-30 18:17 - 2004-08-04 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-30 18:16 - 2009-08-17 23:12 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-30 18:12 - 2009-08-17 23:12 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-04-30 16:07 - 2014-04-24 17:37 - 01050624 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-04-30 16:07 - 2014-04-24 17:37 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\FRST-OlderVersion
2014-04-29 19:37 - 2010-08-01 18:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Jarte
2014-04-29 02:45 - 2010-04-06 14:46 - 00000380 _____ () C:\WINDOWS\Tasks\FileCure.job
2014-04-27 03:56 - 2009-10-23 00:01 - 00000378 _____ () C:\WINDOWS\Tasks\File Helper.job
2014-04-26 06:55 - 2012-12-22 18:29 - 00000302 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1292428093-1979792683-725345543-500.job
2014-04-26 06:55 - 2011-06-21 11:16 - 00000302 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-1979792683-725345543-500.job
2014-04-25 21:18 - 2014-04-25 20:20 - 00128490 _____ () C:\Documents and Settings\Administrator\Desktop\Fixlist.txt
2014-04-25 20:55 - 2014-04-25 20:52 - 00000426 _____ () C:\Documents and Settings\Administrator\Desktop\Search.txt
2014-04-25 20:20 - 2014-04-25 20:20 - 00107903 _____ () C:\Documents and Settings\Administrator\Desktop\Fixlist.exe
2014-04-25 20:12 - 2014-04-24 17:45 - 00083488 _____ () C:\Documents and Settings\Administrator\Desktop\Shortcut.txt
2014-04-25 20:12 - 2014-04-21 19:10 - 00024404 _____ () C:\Documents and Settings\Administrator\Desktop\Addition.txt
2014-04-25 20:05 - 2014-04-15 09:01 - 00034260 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2014-04-25 20:04 - 2014-04-25 13:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\MY_FRST
2014-04-24 14:00 - 2014-04-24 14:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\IAC
2014-04-24 14:00 - 2014-04-24 14:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\MapsGalaxy_39
2014-04-24 13:59 - 2014-04-24 13:59 - 00000000 ____D () C:\Program Files\MapsGalaxy_39
2014-04-23 11:46 - 2014-04-23 11:46 - 00854355 _____ () C:\Documents and Settings\Administrator\Desktop\Screen317.exe
2014-04-22 11:52 - 2013-10-14 11:52 - 00000342 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1292428093-1979792683-725345543-500.job
2014-04-21 21:43 - 2013-11-27 19:44 - 00025188 ____C () C:\WINDOWS\setupapi.log
2014-04-21 19:06 - 2014-04-21 19:06 - 01048064 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\farbar.exe
2014-04-19 20:01 - 2014-04-03 20:58 - 00000000 ____D () C:\AdwCleaner
2014-04-19 19:27 - 2014-04-03 20:58 - 01308369 _____ () C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
2014-04-15 09:01 - 2014-04-15 09:01 - 00010265 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt
2014-04-15 08:52 - 2014-04-15 08:52 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.com
2014-04-12 02:56 - 2012-09-08 11:09 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-04-10 03:31 - 2014-04-10 03:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-10 03:31 - 2014-04-09 19:40 - 00012875 _____ () C:\WINDOWS\KB2922229.log
2014-04-10 03:31 - 2009-08-17 15:49 - 02813853 _____ () C:\WINDOWS\FaxSetup.log
2014-04-10 03:31 - 2009-08-17 15:49 - 01433575 _____ () C:\WINDOWS\ocgen.log
2014-04-10 03:31 - 2009-08-17 15:49 - 01327718 _____ () C:\WINDOWS\tsoc.log
2014-04-10 03:31 - 2009-08-17 15:49 - 01243114 _____ () C:\WINDOWS\iis6.log
2014-04-10 03:31 - 2009-08-17 15:49 - 00926975 _____ () C:\WINDOWS\comsetup.log
2014-04-10 03:31 - 2009-08-17 15:49 - 00896500 _____ () C:\WINDOWS\msmqinst.log
2014-04-10 03:31 - 2009-08-17 15:49 - 00568884 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-10 03:31 - 2009-08-17 15:49 - 00499688 _____ () C:\WINDOWS\netfxocm.log
2014-04-10 03:31 - 2009-08-17 15:49 - 00200437 _____ () C:\WINDOWS\MedCtrOC.log
2014-04-10 03:31 - 2009-08-17 15:49 - 00152551 _____ () C:\WINDOWS\ocmsn.log
2014-04-10 03:31 - 2009-08-17 15:49 - 00144153 _____ () C:\WINDOWS\msgsocm.log
2014-04-10 03:31 - 2009-08-17 15:49 - 00141139 _____ () C:\WINDOWS\tabletoc.log
2014-04-10 03:31 - 2009-08-17 15:49 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-04-10 03:29 - 2013-07-18 03:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-10 03:13 - 2009-12-06 21:39 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-10 03:08 - 2014-04-10 03:02 - 00011264 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-10 03:08 - 2009-10-23 06:00 - 00313736 _____ () C:\WINDOWS\updspapi.log
2014-04-10 03:08 - 2009-08-17 15:49 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-04-10 03:07 - 2010-02-12 23:42 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-04-09 08:42 - 2014-04-09 08:42 - 00001221 _____ () C:\Documents and Settings\Administrator\Desktop\MBAMLOG.xml
2014-04-09 08:38 - 2014-04-08 10:35 - 00001055 _____ () C:\MBAM.txt
2014-04-09 08:34 - 2014-04-06 18:37 - 00005845 _____ () C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2014-04-09 07:32 - 2014-03-04 08:31 - 00000000 ____D () C:\Program Files\YTDownloader
2014-04-08 16:48 - 2014-03-22 14:58 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-08 09:56 - 2014-04-08 09:56 - 00052440 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\jrjquxie.sys
2014-04-08 09:56 - 2014-03-12 03:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-04-08 09:56 - 2014-02-27 19:18 - 00000000 ____D () C:\Program Files\MediaViewV1
2014-04-08 09:56 - 2014-02-23 19:18 - 00000000 ____D () C:\Program Files\MediaViewerV1
2014-04-08 08:46 - 2010-02-12 20:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-04-08 08:41 - 2014-04-08 08:41 - 00006438 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt
2014-04-08 08:24 - 2014-04-08 08:24 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-05 16:03 - 2009-08-17 15:47 - 00255067 _____ () C:\WINDOWS\setupact.log
2014-04-03 21:30 - 2014-03-04 08:31 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2014-04-03 21:26 - 2009-08-17 23:12 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-04-03 20:31 - 2014-04-03 20:31 - 04134240 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
2014-04-03 20:15 - 2012-07-11 22:02 - 00000000 ____D () C:\Program Files\Opera

Files to move or delete:
====================
C:\Documents and Settings\Administrator\TempWmicBatchFile.bat
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

When completed with this request should I delete MBAM, Farbar, tdsskiller, Adwcleaner, Screen317 and the logs when finished? 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 AM

Posted 01 May 2014 - 03:49 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

( ) C:\PROGRA~1\MAPSGA~1\bar\1.bin\APPINTEGRATOR.EXE
(Mindspark) C:\PROGRA~1\MAPSGA~1\bar\1.bin\39SrchMn.exe
(VER_COMPANY_NAME) C:\PROGRA~1\MAPSGA~1\bar\1.bin\39brmon.exe
HKLM\...\Run: [WebSearchy] => "C:\Program Files\Websearchy\WebSearchy.exe"
HKLM\...\Run: [MapsGalaxy Home Page Guard 32 bit] => C:\Program Files\MapsGalaxy_39\bar\1.bin\APPINTEGRATOR.EXE [421448 2014-04-24] ( )
HKLM\...\Run: [MapsGalaxy Search Scope Monitor] => C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrchMn.exe [55368 2014-04-24] (Mindspark)
HKLM\...\Run: [MapsGalaxy_39 Browser Plugin Loader] => C:\Program Files\MapsGalaxy_39\bar\1.bin\39brmon.exe [61512 2014-04-24] (VER_COMPANY_NAME)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect"
HKU\.DEFAULT\...\RunOnce: [Del146162140] - cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del"
HKU\.DEFAULT\...\RunOnce: [Del52844265] - cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del"
HKU\S-1-5-21-1292428093-1979792683-725345543-500\...\Run: [?odec Performer803611.exe] => "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\?odec Performer803611.exe" /XML="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1.tmp" /ROS /STP=1:2 <===== ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.tb.ask.com/index.jhtml?n=77FD35DB&p2=^UX^man000^YYA^&ptb=52BCAFAC-3A65-4937-BC79-D9412D5FCC1C
SearchScopes: HKLM - DefaultScope {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^man000^YYA^&ptb=52BCAFAC-3A65-4937-BC79-D9412D5FCC1C&ind=2014042414&n=780bd92e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^man000^YYA^&ptb=52BCAFAC-3A65-4937-BC79-D9412D5FCC1C&ind=2014042414&n=780bd92e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^man000^YYA^&ptb=52BCAFAC-3A65-4937-BC79-D9412D5FCC1C&ind=2014042414&n=780bd92e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^man000^YYA^&ptb=52BCAFAC-3A65-4937-BC79-D9412D5FCC1C&ind=2014042414&n=780bd92e&psa=&st=sb&searchfor={searchTerms}
BHO: Toolbar BHO - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll (Mindspark)
BHO: Search Assistant BHO - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (Mindspark)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll (Mindspark)
Toolbar: HKCU - MapsGalaxy - {364EA597-E728-4CE4-BB4A-ED846EF47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll (Mindspark)
FF Plugin: @MapsGalaxy_39.com/Plugin - C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (Mindspark)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Extension: WordExtra - C:\Program Files\Mozilla Firefox\browser\extensions\korey@markus.me [2014-03-04]
FF HKLM\...\Firefox\Extensions: [12x3q4@3244516.com] - C:\Program Files\Better-Surf\ff
FF HKLM\...\Firefox\Extensions: [ext@bettersurfplusv1.com] - C:\Program Files\BetterSurf\BetterSurfPlusV1\ff
CHR DefaultNewTabURL: http://www.websearchy.com?&hspart=adk&hsimp=yhs-adk_sychp&param1=20140329&param2=c259b665-b046-4082-975b-184e7c23c608&param3=websearchy&param4=
CHR Extension: (WordExtra) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gfmgibapgochmjeecdcjkloehhhcoekj [2014-03-04]
CHR Extension: (Webexp Enhanced) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hepojocegndfehljhiioejinmhdgpdpd [2013-12-20]
CHR Extension: (Video Player) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifiajmbfaokdgfbigbhpnpbpiclfecei [2014-02-13]
CHR Extension: (Foxtab Speed Dial) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kcendgajlhoaiiccpijilcpmgphfflnj [2013-08-14]
CHR Extension: (Media Player) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nloimbaagfdajkmmmmfclbiedijenaic [2014-02-13]
CHR HKLM\...\Chrome\Extension: [ajadlheagenmmedmhaoafgkdenfilcme] - C:\Program Files\BetterSurf\BetterSurfPlusV1\ch\BetterSurfPlusV1.crx [2013-09-12]
CHR HKLM\...\Chrome\Extension: [bpenbjflfomjcbdlemgaapphnlkmoefp] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1882\ch\MediaViewerV1alpha1882.crx [2013-09-12]
CHR HKLM\...\Chrome\Extension: [hepojocegndfehljhiioejinmhdgpdpd] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha653\ch\WebexpEnhancedV1alpha653.crx [2013-09-12]
CHR HKLM\...\Chrome\Extension: [hfimjncgpflkpkhbnnblhblobjjjhjhd] - C:\Program Files\qualitink\hfimjncgpflkpkhbnnblhblobjjjhjhd.crx [2013-09-12]
CHR HKLM\...\Chrome\Extension: [ifiajmbfaokdgfbigbhpnpbpiclfecei] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta980\ch\VideoPlayerV3beta980.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [kcendgajlhoaiiccpijilcpmgphfflnj] - C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\newhb.crx [2013-07-31]
CHR HKLM\...\Chrome\Extension: [lobnbdjmfmejhlggkjabhapkjajdfcei] - C:\Program Files\MediaViewV1\MediaViewV1alpha2967\ch\MediaViewV1alpha2967.crx [2013-07-31]
S2 MapsGalaxy_39Service; C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe [88648 2014-04-24] (COMPANYVERS_NAME)
S2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 cmuda; system32\drivers\cmuda.sys [X]
S3 gkmixern; \??\C:\DOCUME~1\ADMINA~1\LOCALS~1\Temp\gkmixern.sys [X]
U1 WS2IFSL;
C:\Documents and Settings\Administrator\TempWmicBatchFile.bat
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job

End

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) please post it to your reply.

Let me know what problem persists.

p.s.
will take care of the clean up when completed

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 AM

Posted 07 May 2014 - 09:31 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users