Searching blocked by Google

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Searching blocked by Google

Post by rx7chick on Thu May 03, 2012 1:02 pm

Over the last week I have been getting repeated requests from Google for captchas to verify I am not a robot. Today, for the first time Google blocked me, with this message:
We're sorry...but your computer or network may be sending automated queries. To protect our users, we can't process your request right now.
Yesterday I downloaded the new version of Malwarebytes, updated and scanned my entire computer. It found nothing. I regularly update daily my Avira. I am stumped and I have no idea what to do next. Any suggestions?

rx7chick
Novice
Novice

Posts Posts : 43
Joined Joined : 2012-05-03
OS OS : Windows XP
Points Points : 17413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by Dr Jay on Thu May 03, 2012 2:17 pm

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by rx7chick on Fri May 04, 2012 12:24 pm

Thanks so much. After I posted here, I installed and ran SpywareBlaster, then Emsisoft anti malware and Immunet. Between them all about 7 trojans and over 100 problems were identified which I cleaned. Then today, when I booted up and went online, I am still blocked by Google. I was able to use Bing. I kept getting a stream of messages from Emsisoft that my computer was making calls out to various websites and trying to download software, some of those sites having a .ru extension. This after extensive cleaning yesterday. When I tried to download Combofix, Emsisoft and both Immunet identified it as a malicious program and quarantined it. I had to uninstall them both to accomplish the download and execution of combofix. I am still blocked by Google. Thank you so much for this.
Here is my log file:

ComboFix 12-05-03.03 - Carolyn Blake 05/04/2012 14:36:16.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2436 [GMT 3:00]
Running from: c:\documents and settings\Carolyn Blake\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Carolyn Blake\g2mdlhlpx.exe
c:\documents and settings\Carolyn Blake\new.txt
c:\windows\~INSX362.EXE
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-04 to 2012-05-04 )))))))))))))))))))))))))))))))
.
.
2012-05-03 21:32 . 2012-05-03 21:32 -------- d-----w- c:\documents and settings\Carolyn Blake\Application Data\Immunet
2012-05-03 16:50 . 2012-05-03 16:50 -------- d-----w- c:\documents and settings\Carolyn Blake\Application Data\Meridian93
2012-05-03 15:51 . 2012-05-03 15:51 -------- d-----w- c:\program files\Emsisoft HiJackFree
2012-05-03 13:13 . 2012-05-03 13:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-03 13:13 . 2012-05-03 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-01 13:23 . 2012-05-01 13:23 -------- d-----w- c:\program files\HMA! Pro VPN
2012-04-28 08:06 . 2012-05-03 16:47 -------- d-----w- c:\documents and settings\Carolyn Blake\Application Data\LegacyInteractive
2012-04-27 20:56 . 2012-04-27 20:59 -------- d-----w- c:\documents and settings\Carolyn Blake\Application Data\ImgBurn
2012-04-27 20:52 . 2012-04-27 20:52 -------- d-----w- c:\program files\ImgBurn
2012-04-27 18:06 . 2012-04-27 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\DailyMagic
2012-04-27 17:41 . 2012-04-27 17:42 -------- d-----w- c:\program files\Vampire Saga - Break Out
2012-04-27 15:15 . 2012-04-27 15:49 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-27 15:14 . 2012-05-03 21:15 -------- d-----w- c:\windows\system32\logs
2012-04-23 16:12 . 2012-04-27 10:27 -------- d-----w- c:\documents and settings\Carolyn Blake\Local Settings\Application Data\Roozz
2012-04-21 09:47 . 2012-04-21 09:47 -------- d-----w- C:\AirTies
2012-04-21 09:47 . 2012-04-21 09:47 -------- d-----w- c:\documents and settings\Carolyn Blake\Local Settings\Application Data\AirTies
2012-04-20 15:40 . 2012-04-26 13:19 -------- d-----w- c:\program files\AirTies
2012-04-20 15:40 . 2012-04-20 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AirTies
2012-04-12 10:13 . 2012-04-12 16:38 -------- d-----w- c:\documents and settings\Carolyn Blake\Application Data\calibre
2012-04-12 10:12 . 2012-04-30 17:48 -------- d-----w- c:\program files\Calibre2
2012-04-04 21:05 . 2011-05-12 12:05 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-27 15:49 . 2011-05-13 04:33 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 12:56 . 2012-01-18 12:29 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 12:24 . 2010-01-18 06:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-03-20 12:24 . 2010-01-18 06:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-02-22 14:05 . 2012-02-22 14:05 7680 ----a-w- c:\windows\~INSX462.EXE
2011-09-29 06:53 . 2011-10-05 14:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2009-07-23 544768]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-03-23 33599488]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-03-30 418816]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Aspwdflt]
2009-02-10 18:33 1556480 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AirTies Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AirTies Utility.lnk
backup=c:\windows\pss\AirTies Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^FancyStart daemon.lnk]
backup=c:\windows\pss\FancyStart daemon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OnlyWire.LNK]
backup=c:\windows\pss\OnlyWire.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Carolyn Blake^Start Menu^Programs^Startup^K-Meleon Loader.lnk]
backup=c:\windows\pss\K-Meleon Loader.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]
2009-07-23 08:30 544768 ----a-w- c:\program files\ASUS\Splendid\ACMON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
2008-03-31 21:09 266240 -c--a-w- c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmIcoSinglun]
2009-04-02 18:28 237568 -c--a-w- c:\program files\AmIcoSingLun\AmIcoSinglun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2010-02-15 21:14 47672 ----a-w- c:\windows\AsScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
2007-11-30 09:20 51768 -c--a-w- c:\program files\ASUS\ASUS Live Update\ALU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2010-02-15 21:14 3054136 ----a-w- c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKHOTKEY]
2009-08-12 12:20 178816 ----a-w- c:\program files\ASUS\ATK Hotkey\HControl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2009-04-07 07:34 159744 -c--a-w- c:\program files\ASUS\ATK Media\DMedia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2009-03-04 08:26 8392704 -c--a-w- c:\program files\ASUS\ATKOSD2\ATKOSD2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare]
2009-03-30 09:04 418816 ----a-r- c:\program files\Elantech\ETDCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-29 19:28 136176 ----atw- c:\documents and settings\Carolyn Blake\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
2009-06-19 08:29 105016 ----a-w- c:\program files\ASUS\ATK Hotkey\HControlUser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-03-23 13:06 33599488 ----a-w- c:\program files\VIA\VIAudioi\HDADeck\HDECK.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-02-26 05:37 173592 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 13:13 54576 -c--a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-02-26 05:37 141336 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 -c--a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 -c--a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]
2007-11-20 11:44 1145400 ------w- c:\program files\ASUS\Net4Switch\Net4Switch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-02-26 05:37 142360 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 12:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 07:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-18 15:43 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-09-17 08:28 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-03-20 12:24 296056 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VivoxHDN]
2011-07-12 15:21 8378728 ----a-w- c:\documents and settings\All Users\Application Data\Vivox\HDN\Current\Vivox.HDN.Up.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 3]
2009-02-06 14:13 1593344 -c--a-w- c:\program files\ASUS\Wireless Console 3\wcourier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Carolyn Blake\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Carolyn Blake\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\oDC\\oDC.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Micro Niche Finder 5.0\\MicroNicheFinder.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Vivox\\VVS\\Current\\VivoxVoiceService.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hammerfight\\Hammerfight.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\cogs\\cogs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\crayon physics deluxe\\launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\rx7chick\\half-life source\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\OnlyWire\\OnlyWireWindows.exe"=
"c:\\Program Files\\Sophos\\Sophos Anti-Rootkit\\sargui.exe"=
"c:\\Program Files\\Steam\\steamapps\\rx7chick\\half-life\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1319:TCP"= 1319:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/6/2010 6:27 PM 436792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 7:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/13/2011 12:55 AM 67664]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [4/5/2012 12:05 AM 18816]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [9/6/2010 4:09 PM 8576]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 2:38 AM 116608]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2/16/2010 12:15 AM 129024]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2/15/2010 11:56 PM 1057280]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/16/2010 12:36 AM 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/27/2012 6:15 PM 253088]
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;\??\e:\i386\AsProcOb.sys --> e:\i386\AsProcOb.sys [?]
S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [4/7/2008 9:00 AM 6656]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [9/24/2011 10:08 PM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [9/24/2011 10:08 PM 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/16/2010 12:36 AM 135664]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [2/16/2010 12:02 AM 41656]
S3 L6TPortGX;Service - Line 6 TonePort GX;c:\windows\system32\Drivers\L6TPortGX.sys --> c:\windows\system32\Drivers\L6TPortGX.sys [?]
S3 L6UX2;Service - Line 6 UX2;c:\windows\system32\Drivers\L6UX2.sys --> c:\windows\system32\Drivers\L6UX2.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\76.tmp --> c:\windows\system32\76.tmp [?]
S3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [9/14/2011 4:55 PM 404256]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2/16/2010 12:03 AM 233128]
S3 usbvm328;A4 TECH USB2.0 PC Camera G;c:\windows\system32\Drivers\vmcam326av.sys --> c:\windows\system32\Drivers\vmcam326av.sys [?]
S3 vvftav326_a4;VC0326 Camera Filter Service A4 TECH;c:\windows\system32\drivers\vvftav326.sys --> c:\windows\system32\drivers\vvftav326.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 15:49]
.
2012-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 14:57]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 21:36]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 21:36]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-606747145-1177238915-1003Core.job
- c:\documents and settings\Carolyn Blake\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-29 19:28]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-606747145-1177238915-1003UA.job
- c:\documents and settings\Carolyn Blake\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-29 19:28]
.
2012-05-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-606747145-1177238915-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-05-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-606747145-1177238915-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-05-03 c:\windows\Tasks\User_Feed_Synchronization-{AD86CA84-E512-4EF7-9AEF-BA4F952FD154}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride =
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
Trusted Zone: google.com\mail
Trusted Zone: line6.net
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.BabylonToolbar_i.id - 503c68bf00000000000000ffc0613c78
FF - user.js: extensions.BabylonToolbar_i.hardId - 503c68bf00000000000000ffc0613c78
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15414
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:11
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111434
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-Mobile Partner - c:\program files\VINN\VINN.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-05-04 14:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
.
C:\ADSM_PData_0150
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\76.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1016)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
- - - - - - - > 'lsass.exe'(1072)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
Completion time: 2012-05-04 14:47:01
ComboFix-quarantined-files.txt 2012-05-04 11:46
ComboFix2.txt 2011-12-27 20:15
.
Pre-Run: 9,190,551,552 bytes free
Post-Run: 9,829,380,096 bytes free
.
- - End Of File - - 6E3D8306B36B94B86919D2C3A3CED9B7

rx7chick
Novice
Novice

Posts Posts : 43
Joined Joined : 2012-05-03
OS OS : Windows XP
Points Points : 17413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by Dr Jay on Fri May 04, 2012 2:48 pm

Please download [You must be registered and logged in to see this link.] and install it. If you already have it, no need to reinstall.

Then, download [You must be registered and logged in to see this link.] and save the setup to your Desktop.

  • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  • Once inside the interface, do not fix anything. Click on the Report tab.
  • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by rx7chick on Fri May 04, 2012 7:02 pm

I followed your instructions. Here is the report.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtCreateKey, Type: Address change 0x806237E2-->B9ECFA50 [sptd.sys]
ntkrnlpa.exe-->NtEnumerateKey, Type: Address change 0x80624022-->B9F03FFE [sptd.sys]
ntkrnlpa.exe-->NtEnumerateValueKey, Type: Address change 0x8062428C-->B9F0438C [sptd.sys]
ntkrnlpa.exe-->NtNotifyChangeKey, Type: Address change 0x806259A8-->A703E004 [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
ntkrnlpa.exe-->NtNotifyChangeMultipleKeys, Type: Address change 0x806245F8-->A703E0D4 [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
ntkrnlpa.exe-->NtOpenKey, Type: Address change 0x80624BB4-->B9ECFA30 [sptd.sys]
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x805CB43A-->A703DD76 [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
ntkrnlpa.exe-->NtQueryKey, Type: Address change 0x80624EDA-->B9F04464 [sptd.sys]
ntkrnlpa.exe-->NtQueryValueKey, Type: Address change 0x80621A1A-->B9F042E4 [sptd.sys]
ntkrnlpa.exe-->NtSetValueKey, Type: Address change 0x80621D68-->B9F044F6 [sptd.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x805D29DC-->A7A5D640 [C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS]
ntkrnlpa.exe-->NtTerminateThread, Type: Address change 0x805D2BD6-->A703DEBA [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
ntkrnlpa.exe-->NtWriteVirtualMemory, Type: Address change 0x805B43C2-->A703DF56 [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
==============================================
>Shadow
==============================================
win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0xBF849245-->A703E59E [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
win32k.sys-->NtUserGetKeyboardState, Type: Address change 0xBF8526BA-->A703E50A [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
win32k.sys-->NtUserGetKeyState, Type: Address change 0xBF820E4A-->A703E54A [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0xBF85277A-->A703E49C [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
==============================================
>Processes
==============================================
0x8ADFD660 [4] System
0x86166438 [184] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x863A6DA0 [444] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp., ETD Ware TSR Enhancements)
0x863D33E8 [656] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x863B4B10 [692] C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe (Google Inc., Google Crash Handler)
0x863CF950 [904] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK, ACMON )
0x863D1B00 [916] C:\Program Files\VIA\VIAudioi\HDADeck\HDECK.EXE (VIA Technologies, Inc., HDeck MFC Application)
0x8ABB2438 [944] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x85E4C020 [952] C:\WINDOWS\system32\spider.exe (Microsoft Corporation, Spider)
0x8634A758 [956] C:\WINDOWS\system32\ACEngSvr.exe (ASUSTeK, ACEngSvr Module)
0x848B7100 [1164] C:\WINDOWS\system32\notepad.exe (Microsoft Corporation, Notepad)
0x8AC52578 [1224] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8AC42BA8 [1252] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x85F8D660 [1292] C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o., AVG Watchdog Service)
0x8ABAC020 [1300] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x8A5A9188 [1312] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x8638F430 [1464] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8AD0B3F0 [1532] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8AD085E8 [1572] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A5B72D8 [1652] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS, HControlUser)
0x86352500 [1664] C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS, HControl)
0x86376020 [1708] C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS, ATKOSD)
0x8AC28D78 [1716] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8627AB78 [1728] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com, SUPERAntiSpyware Application)
0x863E8DA0 [1744] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86387358 [1772] C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe (ASUS, KBFiltr)
0x8640DC28 [1784] C:\Program Files\ASUS\ATK Hotkey\WDC.exe (ASUS, WDC)
0x863E6BA8 [1884] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A., Skype )
0x86273B78 [1924] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc., ADSMSrv)
0x8626C950 [1940] C:\Program Files\ATKGFNEX\GFNEXSrv.exe (-, GFNEXSrv)
0x8642B800 [1996] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x8632D500 [2068] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86227DA0 [2104] C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com, Core Service)
0x86221758 [2204] C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation, Internet Information Services)
0x8434F7F8 [2224] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x8620B728 [2240] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java(TM) Quick Starter Service)
0x8301E630 [2264] C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org, OpenOffice.org 3.3)
0x861AB4B0 [2304] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86198728 [2488] C:\Program Files\CDBurnerXP\NMSAccessU.exe
0x86184378 [2500] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86198B78 [2536] C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc, Sophos AutoUpdate Service.)
0x8618D950 [2568] C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe (-, spmgr Module)
0x86193718 [2608] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86175DA0 [2876] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service)
0x830D4020 [2924] C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org, OpenOffice.org 3.3)
0x85F93020 [3244] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x842C7848 [3340] C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0x8A5ADDA0 [3552] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service Monitor)
0x85FE5A10 [3628] C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0x85DFE4C8 [3656] C:\Documents and Settings\Carolyn Blake\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\M2b3rc2c4q.exe (UG North, RKULE, SR2 Normandy)
0x84F8EB68 [3664] C:\Program Files\OpenOffice.org 3\program\swriter.exe (OpenOffice.org, OpenOffice.org Writer)
0x8AC93020 [4084] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o., AVG Tray Monitor)
0x8A5DA738 [5860] C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
==============================================
>Drivers
==============================================
0xB89E7000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 6316032 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF324000 C:\WINDOWS\System32\igxpdx32.DLL 3518464 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xBF05F000 C:\WINDOWS\System32\igxpdv32.DLL 2904064 bytes (Intel Corporation, Component GHAL Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA7E26000 C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 1753088 bytes (-, UVC Camera Streaming Driver)
0xB8817000 C:\WINDOWS\system32\DRIVERS\athw.sys 1507328 bytes (Atheros Communications, Inc., Driver for Atheros AR5008 Wireless Network Adapter)
0xA803F000 C:\WINDOWS\system32\drivers\monfilt.sys 1392640 bytes (Creative Technology Ltd., Creative WDM Audio Driver (32-bit))
0xB9E94000 PCI_PNP7090 1126400 bytes
0xB9E94000 sptd.sys 1126400 bytes
0xA81B7000 C:\WINDOWS\system32\drivers\viahduaa.sys 1060864 bytes (VIA Technologies, Inc., VIA High Definition Audio Function Driver)
0xB9D0A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA7990000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB86E5000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA7CFA000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA6DB6000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xA7C67000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA673C000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 241664 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB879B000 C:\WINDOWS\System32\Drivers\ae80khu3.SYS 233472 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA7908000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 229376 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB8743000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9E4E000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA6FC0000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9CDD000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA475E000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA7A28000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB8987000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA7B9B000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9DF8000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA7C29000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA8193000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB89AF000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB87D4000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA6601000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xA7B79000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA7A53000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xA6A75000 C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys 135168 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB87F7000 C:\WINDOWS\system32\DRIVERS\ETD.sys 131072 bytes (ELAN Microelectronic Corp., ETD Ware TSR Enhancements)
0xB9DC0000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9E1E000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9CC3000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9DE0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9E7C000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9D97000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8784000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA744B000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB89D3000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA7D53000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9DAE000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9E3D000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8773000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA7B49000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB8FED000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA288000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA7550000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA278000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 57344 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xB901D000 C:\WINDOWS\system32\DRIVERS\l1e51x86.sys 57344 bytes (Atheros Communications, Inc., Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller ndis miniport driver)
0xBA1A8000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB900D000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA1B8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB8FFD000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA218000 C:\WINDOWS\system32\DRIVERS\tap0901.sys 45056 bytes (The OpenVPN Project, TAP-Win32 Virtual Network Driver)
0xBA0F8000 AsDsm.sys 40960 bytes (ASUSTek Computer Inc, Data Security Manager Driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA248000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA108000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA228000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB902D000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys 36864 bytes (Windows (R) Codename Longhorn DDK provider, KMWDFilter Driver from UASSOFT.COM)
0xBA208000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA198000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA5C56000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xA7DD6000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA400000 C:\WINDOWS\system32\DRIVERS\ATKACPI.sys 32768 bytes (ATK0100, ATK0100 ACPI Utility)
0xBA388000 C:\WINDOWS\system32\DRIVERS\kbfiltr.sys 32768 bytes ( , Keyboard Filter Driver)
0xBA478000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA380000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA4A0000 C:\Program Files\ATKGFNEX\ASMMAP.sys 28672 bytes (-, -)
0xBA338000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xBA460000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA448000 C:\WINDOWS\system32\DRIVERS\sncduvc.SYS 28672 bytes (-, USBCAMD for Sonix UVC)
0xBA390000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA398000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA498000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA488000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xBA378000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA468000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA428000 C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xBA470000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA410000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA418000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA458000 C:\WINDOWS\system32\SAVRKBootTasks.sys 20480 bytes (Sophos Group, Sophos boot tasks for Windows 2000)
0xBA408000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xA7968000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C8000 avgidshx.sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB9714000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xBA58C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA76BC000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xA703D000 C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys 12288 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA77A8000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA701D000 C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys 12288 bytes
0xBA56C000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB9734000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9710000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB972C000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB86E1000 C:\WINDOWS\system32\drivers\VCdRom.sys 12288 bytes (Microsoft Corporation, Driver for Virtual CD-ROMs)
0xBA590000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xBA608000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA606000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA60A000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA60C000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5F6000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5FC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA78F000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA703000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA762000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8AE0F1F8 unknown_irp_handler 3592 bytes
0x8AB231F8 unknown_irp_handler 3592 bytes
0x8AB101F8 unknown_irp_handler 3592 bytes
0x8AB681F8 unknown_irp_handler 3592 bytes
0x8642D1F8 unknown_irp_handler 3592 bytes
0x8AC0D1F8 unknown_irp_handler 3592 bytes
0x8641F1F8 unknown_irp_handler 3592 bytes
0x86274430 unknown_irp_handler 3024 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]
==============================================
>Files
==============================================
!-->[Hidden] C:\ADSM_PData_0150\DB\SI.db
!-->[Hidden] C:\ADSM_PData_0150\DB\UL.db
!-->[Hidden] C:\ADSM_PData_0150\DB\VL.db
!-->[Hidden] C:\ADSM_PData_0150\DB\WAL.db
!-->[Hidden] C:\ADSM_PData_0150\DragWait.exe
!-->[Hidden] C:\ADSM_PData_0150\_avt
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\MAGIX\MusicMaker16Premium_Download_Version\UserData\crm.dat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\MAGIX\MusicMaker16Premium_Download_Version\UserData\MusicMaker
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\MAGIX\MusicMaker16Premium_Download_Version\UserData\MusicMaker.ini
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\MAGIX\MusicMaker16Premium_Download_Version\UserData\News Feed Info\MxNewsfeed.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\MAGIX\MusicMaker16Premium_Download_Version\UserData\VstPlugins.ini
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\appletv.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\blackberry.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\blackberrybold.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\blackberrycurve.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\blackberrycurve2.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\blackberrypearl.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\blackberrystorm.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\blackberrystorm2.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\cellphone.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\custom.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-3gp.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-aac.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-h264.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-h264apple.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-mp3.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-mp4.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-ra10.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-ral.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-rv.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-wav.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-wma.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-wmv.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\generic.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\groups.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\htc.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\htcevo.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\htchero.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\htctouchdiamond.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\ipad.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\iphone.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\iphone4.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\ipod.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\lg.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\minidevice_ipad.png
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\minidevice_motorolabackflip.png
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\motorola.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\motorolabackflip.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\motorolacliq.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\motoroladroid.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\mp3player.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\nokia5800xpressmusic.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\nokiae71x.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\nokiae75.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\nokian95.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\nokian97.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\palmcentro.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\palmpre.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\pcormac.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\playstation3.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\psp.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\samsung.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\samsungbeholdii.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\samsungeternity.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\samsungjack.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\samsungmemoir.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\samsungmoment.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\sidekick.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\sonyericssonw760.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\t-mobileg1.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\xbox360.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\zune.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\pnup0.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpcommon150browserrecordplugin.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\chrome.manifest
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.js
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.xul
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Skin\rp_logo.png
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordlegacyext.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nsirpbrowserrecord.xpt
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\install.rdf
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\cdplayer.ini
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealUpgrade\RealUpgrade_12_0.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealUpgrade\RealUpgrade_15_0.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealUpgrade\RealUpgrade_1_1.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealUpgrade\upgradeconfiginfo_8500581.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\setup\config.ini
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\Update\AllInstProds
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\Update\LastAUCheck
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Application Data\Real\Update\UpgradeHelper\RealPlayer\8.01\rnupgagent.exe
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin_port
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\1\86\B8561d01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\2\7D\114DAd01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\4\79\D35A6d01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\4\FD\A6A52d01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\5\06\8E1BEd01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\8\45\C8D31d01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\8\EA\F1A12d01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\9\07\06C95d01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\9\F7\B8F5Cd01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\A\19\4CEC7d01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\A\F3\2505Bd01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\B\54\4909Cd01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\B\D4\23555d01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\C\5D\2CDD4d01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\E\6B\36264d01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\temp\svpb0.tmp\svpbm.tmp
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\temp\svpb0.tmp\svpbn.tmp
!-->[Hidden] C:\Qoobox\BackEnv\AppData.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Cache.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Cookies.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Desktop.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Favorites.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\History.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\LocalAppData.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\LocalSettings.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Music.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\NetHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Personal.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Pictures.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\PrintHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Programs.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Recent.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SendTo.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SetPath.bat
!-->[Hidden] C:\Qoobox\BackEnv\StartMenu.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\StartUp.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SysPath.dat
!-->[Hidden] C:\Qoobox\BackEnv\Templates.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\VikPev00
!-->[Hidden] C:\WINDOWS\Prefetch\AVGCSRVX.EXE-05BD2AF6.pf
!-->[Hidden] C:\WINDOWS\Prefetch\AVGEMCX.EXE-2978CB1B.pf
!-->[Hidden] C:\WINDOWS\Prefetch\AVGIDSAGENT.EXE-0EBED5DC.pf
!-->[Hidden] C:\WINDOWS\Prefetch\AVGNSX.EXE-2B919997.pf
!-->[Hidden] C:\WINDOWS\Prefetch\AVGRSX.EXE-2355DDB7.pf
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D648, Type: Inline - RelativeJump 0x80504648-->8050462B [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006EC8E, Type: Inline - RelativeJump 0x80545C8E-->80545C95 [ntkrnlpa.exe]
[1884]Skype.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x014D20A0-->00000000 [unknown_code_page]
[1884]Skype.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x014D20A4-->00000000 [Skype.exe]
[3244]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [xul.dll]
[3628]plugin-container.exe-->user32.dll-->GetWindowInfo, Type: Inline - RelativeJump 0x7E42C49C-->00000000 [xul.dll]
[3628]plugin-container.exe-->user32.dll-->SetWindowLongA, Type: Inline - RelativeJump 0x7E42C29D-->00000000 [xul.dll]
[3628]plugin-container.exe-->user32.dll-->SetWindowLongW, Type: Inline - RelativeJump 0x7E42C2BB-->00000000 [xul.dll]
[3628]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [xul.dll]
[656]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[656]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[656]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[656]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[656]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[656]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[656]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]


rx7chick
Novice
Novice

Posts Posts : 43
Joined Joined : 2012-05-03
OS OS : Windows XP
Points Points : 17413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by rx7chick on Fri May 04, 2012 9:07 pm

I have reason to believe the previous Rootkit unhooker file is incorrect because my antivirus flagged it. So I turned it off and reran the process. Here is the new report log file. Please disregard the one just previous.

Part 1

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtCreateKey, Type: Address change 0x806237E2-->B9ECFA50 [sptd.sys]
ntkrnlpa.exe-->NtEnumerateKey, Type: Address change 0x80624022-->B9F03FFE [sptd.sys]
ntkrnlpa.exe-->NtEnumerateValueKey, Type: Address change 0x8062428C-->B9F0438C [sptd.sys]
ntkrnlpa.exe-->NtNotifyChangeKey, Type: Address change 0x806259A8-->A703E004 [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
ntkrnlpa.exe-->NtNotifyChangeMultipleKeys, Type: Address change 0x806245F8-->A703E0D4 [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
ntkrnlpa.exe-->NtOpenKey, Type: Address change 0x80624BB4-->B9ECFA30 [sptd.sys]
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x805CB43A-->A703DD76 [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
ntkrnlpa.exe-->NtQueryKey, Type: Address change 0x80624EDA-->B9F04464 [sptd.sys]
ntkrnlpa.exe-->NtQueryValueKey, Type: Address change 0x80621A1A-->B9F042E4 [sptd.sys]
ntkrnlpa.exe-->NtSetValueKey, Type: Address change 0x80621D68-->B9F044F6 [sptd.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x805D29DC-->A7A5D640 [C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS]
ntkrnlpa.exe-->NtTerminateThread, Type: Address change 0x805D2BD6-->A703DEBA [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
ntkrnlpa.exe-->NtWriteVirtualMemory, Type: Address change 0x805B43C2-->A703DF56 [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
==============================================
>Shadow
==============================================

rx7chick
Novice
Novice

Posts Posts : 43
Joined Joined : 2012-05-03
OS OS : Windows XP
Points Points : 17413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by rx7chick on Fri May 04, 2012 9:09 pm

Part 2 of the report log:


win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0xBF849245-->A703E59E [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
win32k.sys-->NtUserGetKeyboardState, Type: Address change 0xBF8526BA-->A703E50A [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
win32k.sys-->NtUserGetKeyState, Type: Address change 0xBF820E4A-->A703E54A [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0xBF85277A-->A703E49C [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
==============================================
>Processes
==============================================
0x8ADFD660 [4] System
0x86166438 [184] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x863A6DA0 [444] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp., ETD Ware TSR Enhancements)
0x863D33E8 [656] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x863B4B10 [692] C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe (Google Inc., Google Crash Handler)
0x863CF950 [904] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK, ACMON )
0x863D1B00 [916] C:\Program Files\VIA\VIAudioi\HDADeck\HDECK.EXE (VIA Technologies, Inc., HDeck MFC Application)
0x8ABB2438 [944] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x85E4C020 [952] C:\WINDOWS\system32\spider.exe (Microsoft Corporation, Spider)
0x8634A758 [956] C:\WINDOWS\system32\ACEngSvr.exe (ASUSTeK, ACEngSvr Module)
0xFF92CDA0 [1028] C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o., AVG Resident Shield Service)
0x8AC52578 [1224] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8AC42BA8 [1252] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x8ABAC020 [1300] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x8A5A9188 [1312] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x8638F430 [1464] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8AD0B3F0 [1532] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8AD085E8 [1572] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A5B72D8 [1652] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS, HControlUser)
0x86352500 [1664] C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS, HControl)
0x86376020 [1708] C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS, ATKOSD)
0x8AC28D78 [1716] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8627AB78 [1728] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com, SUPERAntiSpyware Application)
0x863E8DA0 [1744] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86387358 [1772] C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe (ASUS, KBFiltr)
0x8640DC28 [1784] C:\Program Files\ASUS\ATK Hotkey\WDC.exe (ASUS, WDC)
0x863E6BA8 [1884] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A., Skype )
0x86273B78 [1924] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc., ADSMSrv)
0x8626C950 [1940] C:\Program Files\ATKGFNEX\GFNEXSrv.exe (-, GFNEXSrv)
0x8642B800 [1996] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x8632D500 [2068] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86227DA0 [2104] C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com, Core Service)
0x86221758 [2204] C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation, Internet Information Services)
0x8434F7F8 [2224] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x8620B728 [2240] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java(TM) Quick Starter Service)
0x861AB4B0 [2304] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86198728 [2488] C:\Program Files\CDBurnerXP\NMSAccessU.exe
0x86184378 [2500] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86198B78 [2536] C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc, Sophos AutoUpdate Service.)
0x8618D950 [2568] C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe (-, spmgr Module)
0x86193718 [2608] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86175DA0 [2876] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service)
0x85F93020 [3244] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x8A5ADDA0 [3552] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service Monitor)
0x85DF3CF8 [3580] C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0x85FE5A10 [3628] C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0xFF98EC00 [4128] C:\Documents and Settings\Carolyn Blake\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\M2b3rc2c4q.exe (UG North, RKULE, SR2 Normandy)
0x84467DA0 [4180] C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o., AVG E-mail Scanner)
0x82EC4020 [4952] C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o., AVG Online Shield Service)
0x83796BE8 [5524] C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)
0x85656568 [5540] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe (Google, Google Talk Plugin)
0x85F8D660 [1292] C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o., AVG Watchdog Service)
0x8AC93020 [4084] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o., AVG Tray Monitor)
0x853F9940 [5232] C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o., AVG Identity Protection Service)

rx7chick
Novice
Novice

Posts Posts : 43
Joined Joined : 2012-05-03
OS OS : Windows XP
Points Points : 17413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by rx7chick on Fri May 04, 2012 9:09 pm

Part 3 of the report log:


==============================================
>Drivers
==============================================
0xB89E7000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 6316032 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF324000 C:\WINDOWS\System32\igxpdx32.DLL 3518464 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xBF05F000 C:\WINDOWS\System32\igxpdv32.DLL 2904064 bytes (Intel Corporation, Component GHAL Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA7E26000 C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 1753088 bytes (-, UVC Camera Streaming Driver)
0xB8817000 C:\WINDOWS\system32\DRIVERS\athw.sys 1507328 bytes (Atheros Communications, Inc., Driver for Atheros AR5008 Wireless Network Adapter)
0xA803F000 C:\WINDOWS\system32\drivers\monfilt.sys 1392640 bytes (Creative Technology Ltd., Creative WDM Audio Driver (32-bit))
0xB9E94000 PCI_PNP7090 1126400 bytes
0xB9E94000 sptd.sys 1126400 bytes
0xA81B7000 C:\WINDOWS\system32\drivers\viahduaa.sys 1060864 bytes (VIA Technologies, Inc., VIA High Definition Audio Function Driver)
0xB9D0A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA7990000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB86E5000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA7CFA000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA6DB6000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xA7C67000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA673C000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 241664 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB879B000 C:\WINDOWS\System32\Drivers\ae80khu3.SYS 233472 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA7908000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 229376 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB8743000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9E4E000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA6FC0000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9CDD000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA3C03000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA7A28000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB8987000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA7B9B000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9DF8000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA7C29000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA8193000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB89AF000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB87D4000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA6601000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xA7B79000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA7A53000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xA6A75000 C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys 135168 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB87F7000 C:\WINDOWS\system32\DRIVERS\ETD.sys 131072 bytes (ELAN Microelectronic Corp., ETD Ware TSR Enhancements)
0xB9DC0000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9E1E000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9CC3000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9DE0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9E7C000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9D97000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8784000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA744B000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB89D3000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA7D53000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9DAE000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9E3D000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8773000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA7B49000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB8FED000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA288000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA7550000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA278000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 57344 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xB901D000 C:\WINDOWS\system32\DRIVERS\l1e51x86.sys 57344 bytes (Atheros Communications, Inc., Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller ndis miniport driver)
0xBA1A8000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB900D000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA1B8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB8FFD000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA218000 C:\WINDOWS\system32\DRIVERS\tap0901.sys 45056 bytes (The OpenVPN Project, TAP-Win32 Virtual Network Driver)
0xBA0F8000 AsDsm.sys 40960 bytes (ASUSTek Computer Inc, Data Security Manager Driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA248000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA108000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA228000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB902D000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys 36864 bytes (Windows (R) Codename Longhorn DDK provider, KMWDFilter Driver from UASSOFT.COM)
0xBA208000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA198000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA5C56000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xA7DD6000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA400000 C:\WINDOWS\system32\DRIVERS\ATKACPI.sys 32768 bytes (ATK0100, ATK0100 ACPI Utility)
0xBA388000 C:\WINDOWS\system32\DRIVERS\kbfiltr.sys 32768 bytes ( , Keyboard Filter Driver)
0xBA478000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA380000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA4A0000 C:\Program Files\ATKGFNEX\ASMMAP.sys 28672 bytes (-, -)
0xBA338000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xBA460000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA448000 C:\WINDOWS\system32\DRIVERS\sncduvc.SYS 28672 bytes (-, USBCAMD for Sonix UVC)
0xBA390000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA398000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA498000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA488000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xBA378000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA468000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA428000 C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xBA470000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA410000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA418000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA458000 C:\WINDOWS\system32\SAVRKBootTasks.sys 20480 bytes (Sophos Group, Sophos boot tasks for Windows 2000)
0xBA408000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xA7968000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C8000 avgidshx.sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB9714000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xBA58C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA76BC000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xA703D000 C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys 12288 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA77A8000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA701D000 C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys 12288 bytes
0xBA56C000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB9734000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9710000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB972C000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB86E1000 C:\WINDOWS\system32\drivers\VCdRom.sys 12288 bytes (Microsoft Corporation, Driver for Virtual CD-ROMs)
0xBA590000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xBA608000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA606000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA60A000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA60C000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5F6000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5FC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA78F000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA703000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA762000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8AE0F1F8 unknown_irp_handler 3592 bytes
0x8AB231F8 unknown_irp_handler 3592 bytes
0x8AB101F8 unknown_irp_handler 3592 bytes
0x8AB681F8 unknown_irp_handler 3592 bytes
0x8642D1F8 unknown_irp_handler 3592 bytes
0x8AC0D1F8 unknown_irp_handler 3592 bytes
0x8641F1F8 unknown_irp_handler 3592 bytes
0x86274430 unknown_irp_handler 3024 bytes
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D648, Type: Inline - RelativeJump 0x80504648-->8050462B [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006EC8E, Type: Inline - RelativeJump 0x80545C8E-->80545C95 [ntkrnlpa.exe]
[1884]Skype.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x014D20A0-->00000000 [unknown_code_page]
[1884]Skype.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x014D20A4-->00000000 [Skype.exe]
[3244]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [xul.dll]
[3628]plugin-container.exe-->user32.dll-->GetWindowInfo, Type: Inline - RelativeJump 0x7E42C49C-->00000000 [xul.dll]
[3628]plugin-container.exe-->user32.dll-->SetWindowLongA, Type: Inline - RelativeJump 0x7E42C29D-->00000000 [xul.dll]
[3628]plugin-container.exe-->user32.dll-->SetWindowLongW, Type: Inline - RelativeJump 0x7E42C2BB-->00000000 [xul.dll]
[3628]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [xul.dll]
[656]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[656]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[656]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[656]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[656]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[656]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[656]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

rx7chick
Novice
Novice

Posts Posts : 43
Joined Joined : 2012-05-03
OS OS : Windows XP
Points Points : 17413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by Dr Jay on Sat May 05, 2012 8:18 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by rx7chick on Sun May 06, 2012 9:45 am

Thanks! Here are the 2 report logs from OTL:
OTL.txt part 1
OTL logfile created on: 5/6/2012 12:25:39 PM - Run 5
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Carolyn Blake\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 82.92% Memory free
4.81 Gb Paging File | 4.20 Gb Available in Paging File | 87.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 7.72 Gb Free Space | 15.80% Space Free | Partition Type: NTFS
Drive D: | 184.05 Gb Total Space | 12.15 Gb Free Space | 6.60% Space Free | Partition Type: NTFS

Computer Name: PRISS | User Name: Carolyn Blake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (SafeList) ==========

PRC - [2012/05/06 12:04:47 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carolyn Blake\Desktop\OTL.exe
PRC - [2012/05/01 19:48:04 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/23 11:39:39 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/08/12 02:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/12 15:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/07/23 11:30:06 | 000,544,768 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2009/06/19 11:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 11:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/03/30 12:04:16 | 000,418,816 | R--- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2008/12/22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/13 22:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/06/26 18:00:39 | 000,172,032 | ---- | M] (Sophos Plc) -- c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2008/04/14 15:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 15:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/03/31 03:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/03 13:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2005/07/06 16:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\WINDOWS\system32\ACEngSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/06 11:47:46 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/05/06 11:47:45 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/05/03 16:14:07 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/05/03 16:14:07 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/01/08 16:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/10/01 00:02:44 | 000,009,216 | ---- | M] () -- C:\Program Files\ASUS\Splendid\GLCDdll.dll
MOD - [2007/09/14 11:00:52 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\SPDISKEX.dll
MOD - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
MOD - [2007/08/03 13:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
MOD - [2007/06/15 11:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007/06/01 18:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
MOD - [2006/04/04 11:24:24 | 000,036,864 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
MOD - [2005/08/29 16:24:22 | 000,081,920 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
MOD - [2005/04/07 20:25:46 | 000,077,824 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
MOD - [2003/11/28 03:11:04 | 000,135,168 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spos.dll
MOD - [2003/09/09 17:08:00 | 000,049,152 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\97891B4D.exe -- (97891B4D)
SRV - [2012/05/05 13:49:10 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/08/12 02:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/07/13 17:00:16 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/06/26 18:00:39 | 000,172,032 | ---- | M] (Sophos Plc) [Auto | Running] -- c:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2008/04/14 15:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/14 15:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/03/31 03:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/08/03 13:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\vvftav326.sys -- (vvftav326_a4)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\vmcam326av.sys -- (usbvm328)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\rt73.sys -- (RT73)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\76.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\L6UX2.sys -- (L6UX2)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\L6TPortGX.sys -- (L6TPortGX)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\CAROLY~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\CAROLY~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\I386\AsProcOb.sys -- (ASUSProcObsrv)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a6cinb9o)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/08/01 12:44:26 | 000,404,256 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_AE_i386.sys -- (SRS_AE_Service)
DRV - [2011/07/29 13:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/07/22 19:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 17:00:14 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/07/13 00:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/12 15:05:32 | 000,018,816 | ---- | M] (Sophos Group) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2010/10/18 20:34:13 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/04/12 11:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/19 18:15:49 | 000,046,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2010/02/16 00:00:37 | 000,030,264 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/04/01 15:12:48 | 000,233,128 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2009/03/20 15:21:28 | 001,057,280 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/02/13 19:00:02 | 001,503,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/11/03 10:03:28 | 000,013,880 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/08/11 10:14:12 | 001,752,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/04/07 09:00:46 | 000,006,656 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CRFILTER.sys -- (CRFILTER)
DRV - [2008/02/14 15:12:00 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007/08/03 07:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007/08/01 15:51:42 | 000,041,656 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipswuio.sys -- (ipswuio)
DRV - [2007/07/24 12:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2006/12/17 18:11:58 | 000,007,680 | R--- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2004/05/27 19:13:04 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\ASUS\ATK Hotkey\ASNDIS5.SYS -- (ASNDIS5)
DRV - [2001/12/19 11:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\VCdRom.sys -- (vcdrom)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{551C878C-D8EA-4EBA-9EB7-33BCCDDB10D7}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = [You must be registered and logged in to see this link.] 15:08:01&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@xmlauthor.com/downloads: C:\WINDOWS\system32\npmirage.dll (XMLAuthor Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011/05/09 17:57:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/20 15:25:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/08 13:38:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/04 15:08:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/04 15:06:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\K-Meleon\Extensions\\Plugins: C:\Program Files\K-Meleon\Plugins [2012/03/20 15:26:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\K-Meleon\Extensions\\Components: C:\Program Files\K-Meleon\Components [2012/04/01 19:56:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/23 13:39:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/20 15:26:29 | 000,000,000 | ---D | M]

[2011/12/29 22:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Extensions
[2011/12/29 22:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/04/28 19:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions
[2011/12/10 11:15:00 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/07/20 21:35:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/04/10 22:12:44 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012/04/25 20:48:32 | 000,000,000 | ---D | M] ("Usage Stat") -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
[2010/03/21 04:29:38 | 000,000,000 | ---D | M] (U Flv) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
[2011/03/15 21:20:41 | 000,000,000 | ---D | M] (KFD Flv) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
[2011/06/11 08:06:37 | 000,000,000 | ---D | M] (VFD Flv) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
[2011/11/04 14:24:31 | 000,000,000 | ---D | M] (VFD Flv) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a18}
[2011/11/05 18:50:31 | 000,000,000 | ---D | M] (Feedback module) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a19}
[2012/04/21 21:04:34 | 000,000,000 | ---D | M] ("VFT Flv") -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{8675f4b3-2f19-11ed-2d6b-1823600c0a19}
[2012/04/05 16:19:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/02 15:20:12 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/07/18 16:34:14 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\en-US@dictionaries.addons.mozilla.org
[2012/05/05 12:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/05 12:48:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/13 11:34:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/12 23:42:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/07/07 22:37:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/12/07 02:26:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/29 09:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/06 18:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/08/10 20:08:00 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009/11/06 18:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/05/04 15:07:56 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/03/15 15:11:22 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/09/29 03:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\np-mswmp.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: XMLAuthor Inc. npmirage (Enabled) = C:\WINDOWS\system32\npmirage.dll
CHR - Extension: Google Translate = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Entanglement = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Bejeweled = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: SEOquake = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.0_0\
CHR - Extension: YouTube = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: The Treasures Of Mystery Island = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cakimmoclemogopdpkmnhnhlbdbhople\0.0.0.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Mystery Land of Aksharit Hindi = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ecdlniallajbcgfeaognaemffnmnimhl\1.12.3.16_0\
CHR - Extension: Stylish = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.32_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Natalie Brooks - Secrets of Treasure House = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbkkcfaophahlafjdkefklddeciahohm\0.0.0.4_0\
CHR - Extension: Shareaholic for Google Chrome\u2122 = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep\5.3.0_0\
CHR - Extension: Jacko In Hell = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kiccfhlkfcabmpkfbfkghbcddbnbioej\1.0.1_0\
CHR - Extension: Go Button (Toolbar) = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\koinaeomacgddcepgblmbelbejidpmbn\1.0.3_0\
CHR - Extension: The Secret of Grisly Manor = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpaadcbfeeiehmjlfbgpafdjbeikhgff\1.0_0\
CHR - Extension: Sprocket Rocket = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lpdichmkdadfihhbgllepglgbkonlehe\1.0_0\
CHR - Extension: Word\u00B2 = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lpibnckjjeaabeepofhfmmpjmnomohee\2.5_0\
CHR - Extension: Poppit = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: RSS Subscription Extension (by Google) = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.1.3_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: The Treasures Of Montezuma 2 = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pnkbgfbadepkchobgohbkhfcgackdejf\0.0.0.3_0\







rx7chick
Novice
Novice

Posts Posts : 43
Joined Joined : 2012-05-03
OS OS : Windows XP
Points Points : 17413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by rx7chick on Sun May 06, 2012 9:46 am

otl.txt part 2

O1 HOSTS File: ([2012/05/04 14:44:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {73E71843-3A3D-4B26-AB6E-0ADCEE4B5FA7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SeoQuake) - {9C590067-8A6A-4db6-B052-069283790B04} - C:\Program Files\SeoQuake\SeoQuake.dll ()
O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ATKHOTKEY] C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} [You must be registered and logged in to see this link.] (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C1DE315-5661-4764-8FB9-ED7F722BD42A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\Aspwdflt: DllName - (C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll) - C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll (ASUSTek Computer Inc.)
O24 - Desktop Components:1 () - [You must be registered and logged in to see this link.]
O24 - Desktop WallPaper: C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/15 23:31:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 360 Days ==========

[2012/05/06 12:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\test files
[2012/05/06 12:04:20 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carolyn Blake\Desktop\OTL.exe
[2012/05/05 13:17:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/05 13:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\Secrets of the Dark - Eclipse Mountain Collector's Edition
[2012/05/05 13:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Secrets of the Dark - Eclipse Mountain Collector's Edition
[2012/05/05 12:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/05/05 12:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/05/04 20:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rootkit Unhooker LE
[2012/05/04 20:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\RkU3.8.388.590
[2012/05/04 20:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2012/05/04 15:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\AVG2012
[2012/05/04 15:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/05/04 15:06:51 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/05/04 15:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/05/04 15:06:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/05/04 15:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/05/04 15:03:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/05/04 15:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/05/04 15:03:28 | 003,878,264 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Carolyn Blake\Desktop\avg_free_stb_all_2012_2169_cnet.exe
[2012/05/04 14:48:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/04 13:13:52 | 004,483,323 | R--- | C] (Swearware) -- C:\Documents and Settings\Carolyn Blake\Desktop\ComboFix.exe
[2012/05/04 12:54:01 | 018,376,624 | ---- | C] (Mooii) -- C:\Documents and Settings\Carolyn Blake\Desktop\PhotoScape_V3.6.2.exe
[2012/05/04 00:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Immunet
[2012/05/03 19:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Meridian93
[2012/05/03 18:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\Anti-Malware
[2012/05/03 18:51:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft HiJackFree
[2012/05/03 18:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft HiJackFree
[2012/05/03 16:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/05/03 16:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/05/03 16:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/02 16:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\cc cleaner reg bkups
[2012/05/02 16:41:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Carolyn Blake\Recent
[2012/05/02 13:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Start Menu\Programs\Google Chrome
[2012/05/01 16:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HMA! Pro VPN
[2012/05/01 16:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\HMA! Pro VPN
[2012/04/28 11:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\LegacyInteractive
[2012/04/27 23:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\ImgBurn
[2012/04/27 23:52:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2012/04/27 23:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012/04/27 21:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DailyMagic
[2012/04/27 20:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Vampire Saga - Break Out
[2012/04/27 20:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Vampire Saga - Break Out
[2012/04/27 18:15:35 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/27 18:14:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\logs
[2012/04/26 16:19:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AirTies
[2012/04/23 19:12:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Roozz
[2012/04/21 16:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\critters
[2012/04/21 12:47:41 | 000,000,000 | ---D | C] -- C:\AirTies
[2012/04/21 12:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\AirTies
[2012/04/20 18:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\AirTies
[2012/04/20 18:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AirTies
[2012/04/19 04:50:26 | 000,024,896 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2012/04/15 20:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\a84632f1fa0167a7f7aeceb41a5c45ff02455954
[2012/04/12 13:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\Calibre Library
[2012/04/12 13:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\calibre
[2012/04/12 13:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2012/04/12 13:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\calibre - E-book Management
[2012/04/05 13:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\The Net Results
[2012/04/05 00:05:37 | 000,018,816 | ---- | C] (Sophos Group) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2012/04/04 21:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\Unused Desktop Shortcuts
[2012/04/03 18:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\4 Friends Games
[2012/04/03 18:42:35 | 000,000,000 | ---D | C] -- C:\games
[2012/04/03 16:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Micro Niche Finder 5.0
[2012/04/03 15:15:51 | 000,051,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbame.dll
[2012/03/31 11:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DAEMON Tools Images
[2012/03/20 15:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/03/20 15:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\RealNetworks
[2012/03/19 05:17:28 | 000,301,248 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2012/03/16 12:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\EbookNicheExplorer
[2012/03/16 12:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\The Net Results
[2012/03/15 15:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\energizer
[2012/03/15 15:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Babylon
[2012/03/15 15:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Babylon
[2012/03/15 15:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/03/15 15:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2012/03/09 02:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\John
[2012/03/08 22:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Sophos
[2012/03/08 21:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/03/08 21:48:27 | 000,000,000 | ---D | C] -- C:\stdtsa
[2012/03/08 20:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2012/03/08 20:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/03/03 12:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\ted
[2012/03/03 01:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\spun articles
[2012/02/28 13:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\JonathanLeger.com
[2012/02/28 13:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\IsolatedStorage
[2012/02/28 13:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\JonathanLeger.com
[2012/02/28 13:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Start Menu\Programs\TheBestSpinner3
[2012/02/28 13:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\TheBestSpinner3
[2012/02/25 18:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Article Marketing Robot
[2012/02/25 18:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\Article Marketing Robot
[2012/02/25 18:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Article Marketing Robot
[2012/02/24 17:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\The Agency of Anomalies - Cinderstone Orphanage Collector's Edition
[2012/02/24 17:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\The Agency of Anomalies - Cinderstone Orphanage Collector's Edition
[2012/02/22 05:25:32 | 000,235,216 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2012/02/19 16:29:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\produkey
[2012/02/14 00:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\2012-02-13
[2012/02/11 22:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\Standard8-in-Right
[2012/02/11 22:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\8in1
[2012/02/09 12:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\Sticky-Notes
[2012/02/09 12:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Conceptworld
[2012/02/09 12:02:45 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71.dll
[2012/02/09 12:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\Conceptworld
[2012/01/31 04:46:50 | 000,031,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2012/01/30 16:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\sun
[2012/01/29 21:22:01 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3
[2012/01/29 21:16:17 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/01/29 21:16:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/01/29 21:16:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/01/20 20:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\.linkassistant
[2012/01/18 15:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/18 15:29:06 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/18 15:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/17 14:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mirillis
[2012/01/17 14:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Mirillis
[2012/01/17 14:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mirillis
[2012/01/13 17:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\APN
[2012/01/12 22:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\.ranktracker
[2012/01/12 22:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\SEO PowerSuite
[2012/01/10 11:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\2012-01-10
[2012/01/08 04:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Grim Tales - The Bride Collector's Edition
[2012/01/08 04:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Grim Tales - The Bride Collector's Edition
[2012/01/06 18:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012/01/06 18:24:47 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2012/01/04 03:48:42 | 000,354,176 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2011/12/29 22:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Thunderbird
[2011/12/29 22:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Thunderbird
[2011/12/29 22:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Eudora OSE
[2011/12/29 00:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\Micro Niche Finder 5.0
[2011/12/27 23:02:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/27 23:00:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/27 23:00:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/27 23:00:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/27 23:00:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/27 22:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/27 22:46:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/27 21:52:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/27 14:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2011/12/27 14:27:58 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2011/12/27 14:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/12/27 14:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\TestApp
[2011/12/27 14:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/12/23 13:32:14 | 000,041,040 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/12/23 13:32:08 | 000,017,232 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2011/12/23 13:32:06 | 000,024,144 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidsfilterx.sys
[2011/12/23 13:32:00 | 000,139,856 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys
[2011/12/21 13:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Turkcell Teknoloji
[2011/12/19 01:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Ilivid Player
[2011/12/19 01:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\PackageAware
[2011/12/11 17:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/12/11 17:39:31 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2011/12/11 17:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/12/07 02:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/06 20:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2011/12/05 20:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\TextPad 5
[2011/12/05 15:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Start Menu\Programs\Notepad++
[2011/12/05 15:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
[2011/12/05 15:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2011/11/26 13:10:57 | 000,372,736 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2011/11/26 13:10:57 | 000,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2011/11/26 01:55:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carolyn Blake\Start Menu\Programs\Administrative Tools
[2011/11/26 01:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Start Menu\Programs\Revo Uninstaller
[2011/11/25 15:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Start Menu\Programs\XHeader
[2011/11/25 15:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Thraex Software
[2011/11/25 11:58:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/11/25 11:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/11/23 13:40:47 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/11/23 13:40:24 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/11/23 13:40:24 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/11/23 13:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/11/22 17:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Tool
[2011/11/22 14:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Start Menu\Programs\Turkcell
[2011/11/22 14:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\DriverInstall
[2011/11/22 14:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Turkcell_Teknoloji
[2011/11/22 14:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\VINN
[2011/11/22 14:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Turkcell
[2011/11/20 13:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Fuzzy Bug Interactive
[2011/11/20 02:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\RMVB Player
[2011/11/19 00:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\SMIGames
[2011/11/17 17:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\VendelGAMES
[2011/11/17 02:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\BlamGames
[2011/11/14 00:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\MKV Player
[2011/11/07 21:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\IronCode
[2011/11/07 04:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Monkey Barrel Games
[2011/11/06 18:48:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/11/05 23:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\DieselPuppet
[2011/11/04 14:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\SpinTop Games
[2011/10/30 15:02:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2011/10/28 15:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Hidden Mysteries - Notre Dame - Secrets of Paris
[2011/10/28 15:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hidden Mysteries - Notre Dame - Secrets of Paris
[2011/10/27 20:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2011/10/24 15:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2011/10/24 15:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2011/10/23 19:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Start Menu\Programs\Broderbund Software
[2011/10/23 19:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Myst
[2011/10/23 14:22:48 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2011/10/23 01:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Eidos Interactive
[2011/10/22 17:02:04 | 000,000,000 | ---D | C] -- C:\Program Files\Blood Oath
[2011/10/20 18:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\AV Technologies
[2011/10/16 18:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\SystemUpdate13604USB
[2011/10/16 15:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Start Menu\Programs\LIMBO
[2011/10/16 15:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\LIMBO
[2011/10/09 02:08:22 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2011/10/08 17:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Chayowo Games
[2011/10/05 20:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\MediaArt
[2011/10/05 20:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MediaArt
[2011/10/04 19:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\XboxMB
[2011/10/04 19:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Datel
[2011/10/04 02:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Team_Horizon
[2011/10/04 02:26:04 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2011/10/04 02:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Xenocode
[2011/10/02 15:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\URSE Games
[2011/10/01 23:59:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Enlightenus2SE_BFG
[2011/10/01 22:48:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Cursed House
[2011/09/29 23:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\uTorrentBar
[2011/09/29 17:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\usb xtaf
[2011/09/29 17:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2011/09/28 13:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ergo Romanian
[2011/09/28 13:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ergo Romanian
[2011/09/28 13:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/09/24 22:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EASEUS Partition Master 9.1.0 Home Edition
[2011/09/24 22:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2011/09/24 15:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\RenPy
[2011/09/24 15:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\Always Remember Me
[2011/09/22 21:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\HSA
[2011/09/20 12:23:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\rank&pillage
[2011/09/19 18:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Urban Legends - The Maze
[2011/09/19 18:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Urban Legends - The Maze
[2011/09/18 22:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\md studio
[2011/09/17 20:48:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\BitTorrent
[2011/09/15 02:40:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\GreenSauceGames
[2011/09/14 16:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2011/09/12 16:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\Sant Mat
[2011/09/10 00:26:14 | 000,000,000 | ---D | C] -- C:\new fonts
[2011/09/05 01:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\HdO Adventure
[2011/09/01 15:12:28 | 004,528,854 | ---- | C] (FileZilla Project) -- C:\Documents and Settings\Carolyn Blake\My Documents\FileZilla_3.5.1_win32-setup.exe
[2011/08/31 23:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\casualArts
[2011/08/31 23:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\casualArts
[2011/08/31 18:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Fenomen Games
[2011/08/19 23:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Alawar Stargaze
[2011/08/18 02:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Time Mysteries - Inheritance
[2011/08/15 18:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Free PDF to Word Converter
[2011/08/15 18:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SBSolutions
[2011/08/15 17:26:04 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2011/08/15 16:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Start Menu\Programs\WinRAR
[2011/08/15 16:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/08/15 16:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/08/15 16:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\.scribus
[2011/08/11 17:41:52 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2011/08/11 17:41:52 | 000,040,960 | ---- | C] (DNAML Pty Ltd) -- C:\WINDOWS\dbrmdwb.exe
[2011/08/11 17:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\My eBooks
[2011/08/09 20:02:53 | 000,061,440 | ---- | C] (Xaudio Corporation) -- C:\WINDOWS\System32\xa_dsound_output.dll
[2011/08/09 20:02:52 | 000,270,336 | ---- | C] (Xaudio Corporation) -- C:\WINDOWS\System32\xaudio.dll
[2011/08/09 20:02:52 | 000,069,632 | ---- | C] (Xaudio Corporation) -- C:\WINDOWS\System32\xanalyze.dll
[2011/08/08 14:49:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\My Pictures
[2011/08/07 15:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\Solveig Multimedia
[2011/08/07 15:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\HandBrake
[2011/08/07 15:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\HandBrake
[2011/08/07 15:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2011/08/06 11:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/01 15:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/07/31 03:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\Abandonware
[2011/07/31 03:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\empowerment gifts
[2011/07/30 02:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\2011-07-25
[2011/07/29 15:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Broken Rules
[2011/07/29 14:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\VVVVVV
[2011/07/29 13:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\Crayon Physics Deluxe
[2011/07/29 13:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Crayon Physics Deluxe
[2011/07/29 11:25:46 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/07/29 01:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Lazy 8 Studios
[2011/07/29 01:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Lazy 8 Studios
[2011/07/29 01:20:24 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2011/07/28 01:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2011/07/27 21:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OnlyWire
[2011/07/27 21:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\OnlyWire
[2011/07/26 11:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TheFallTrilogyEp3-BF
[2011/07/26 00:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/07/25 16:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Facebook
[2011/07/22 23:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\GameInvest
[2011/07/21 22:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\HitPoint Studios
[2011/07/15 12:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Astar Games
[2011/07/13 17:00:14 | 000,026,112 | ---- | C] (The OpenVPN Project) -- C:\WINDOWS\System32\drivers\tap0901.sys
[2011/07/13 16:11:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Boolat Games
[2011/07/12 20:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\VampireSagaHL
[2011/07/12 20:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Vampire Saga - Welcome To Hell Lock
[2011/07/12 20:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Vampire Saga - Welcome To Hell Lock
[2011/07/10 13:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\LestaStudio
[2011/07/07 17:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1
[2011/07/06 00:12:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\TheFallTrilogy
[2011/07/04 23:48:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Xilisoft
[2011/06/30 18:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Deep Shadows
[2011/06/25 13:01:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011/06/22 19:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVI to 3GP
[2011/06/21 14:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\Ghost in the Sheet
[2011/06/14 16:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/06/14 16:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/06/14 12:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Dekovir
[2011/06/11 00:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\com.socialbox.socialbox
[2011/06/08 23:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\DailyMagic
[2011/06/07 18:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/31 13:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Vivox
[2011/05/27 11:47:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Ashampoo Music Studio 3
[2011/05/20 13:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Instant Eyedropper
[2011/05/20 13:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\InstantEyedropper
[2011/05/17 00:28:40 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2011/05/17 00:28:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2011/05/14 14:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Colibri Games
[2011/05/14 14:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Colibri Games
[2011/05/14 08:50:34 | 000,000,000 | ---D | C] -- C:\Program Files\1916 - Der Unbekannte Krieg
[2011/05/13 10:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Canon
[2011/05/13 09:47:26 | 000,352,256 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNQL1213.DLL
[2011/05/13 09:47:26 | 000,057,344 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNQU110.DLL
[2011/05/13 09:47:26 | 000,000,000 | ---D | C] -- C:\CanoScan
[2011/05/13 07:33:50 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/12 23:42:10 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl


rx7chick
Novice
Novice

Posts Posts : 43
Joined Joined : 2012-05-03
OS OS : Windows XP
Points Points : 17413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by rx7chick on Sun May 06, 2012 9:46 am

otl.txt part 3

========== Files - Modified Within 360 Days ==========

[2012/05/06 12:04:47 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carolyn Blake\Desktop\OTL.exe
[2012/05/06 12:04:01 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-606747145-1177238915-1003UA.job
[2012/05/06 11:52:42 | 097,285,812 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/05/06 11:51:22 | 000,443,020 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/06 11:51:22 | 000,070,812 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/06 11:51:08 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AD86CA84-E512-4EF7-9AEF-BA4F952FD154}.job
[2012/05/06 11:49:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/06 11:46:48 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-606747145-1177238915-1003.job
[2012/05/06 11:46:46 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/06 11:46:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/06 03:44:03 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/05 22:04:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-606747145-1177238915-1003Core.job
[2012/05/05 13:49:10 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/05 13:49:10 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/05 13:17:41 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Secrets of the Dark - Eclipse Mountain Collector's Edition.lnk
[2012/05/05 13:17:41 | 000,001,282 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2012/05/05 12:48:31 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/05/04 20:38:40 | 000,629,057 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\RkU3.8.388.590.rar
[2012/05/04 20:35:46 | 001,110,476 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\7z920.exe
[2012/05/04 18:01:10 | 000,034,142 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/05/04 15:08:14 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/05/04 15:03:30 | 003,878,264 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Carolyn Blake\Desktop\avg_free_stb_all_2012_2169_cnet.exe
[2012/05/04 14:44:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/04 13:14:35 | 004,483,323 | R--- | M] (Swearware) -- C:\Documents and Settings\Carolyn Blake\Desktop\ComboFix.exe
[2012/05/04 12:59:14 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2012/05/04 12:59:14 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\PhotoScape.lnk
[2012/05/04 12:57:43 | 018,376,624 | ---- | M] (Mooii) -- C:\Documents and Settings\Carolyn Blake\Desktop\PhotoScape_V3.6.2.exe
[2012/05/04 12:45:40 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/04 01:16:01 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-606747145-1177238915-1003.job
[2012/05/03 23:27:54 | 000,000,030 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2012/05/03 21:51:41 | 000,034,853 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\ascension.jpg
[2012/05/03 18:51:35 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft HiJackFree.lnk
[2012/05/03 16:52:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/03 16:13:26 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/02 16:39:10 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/05/02 13:51:18 | 000,002,346 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Google Chrome.lnk
[2012/05/02 13:51:18 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/02 13:33:25 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/01 16:23:04 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HMA! Pro VPN.lnk
[2012/04/30 20:48:19 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2012/04/30 01:02:14 | 000,024,243 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\img_1640_aliens-vs-predator-birthday-cake-360p.jpg
[2012/04/30 00:53:17 | 000,031,518 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\birthday-alien.jpg
[2012/04/30 00:51:30 | 000,183,878 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\alien cake.jpg
[2012/04/29 21:10:44 | 000,000,237 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\WirelessSecurityPassword.ini
[2012/04/27 23:52:04 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/04/27 23:52:03 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2012/04/27 23:05:07 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/27 20:42:37 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Vampire Saga - Break Out.lnk
[2012/04/27 18:42:58 | 000,007,194 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\rita.jpg
[2012/04/26 16:19:08 | 000,001,533 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AirTies Utility.lnk
[2012/04/25 22:53:27 | 000,012,711 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Carolyn's Stuff.odt
[2012/04/24 22:10:31 | 000,105,102 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Van Gogh Cake.jpg
[2012/04/23 00:09:47 | 000,148,824 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\tom_hardy.jpg
[2012/04/21 12:30:26 | 000,000,468 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\spider.sav
[2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2012/04/18 01:49:58 | 000,126,709 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\.ranktracker.properties
[2012/04/06 19:29:50 | 000,196,551 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\banedarkknightrises.jpg
[2012/04/05 13:18:42 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ebook Niche Explorer.lnk
[2012/04/04 17:49:26 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/04 17:48:13 | 000,039,280 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\cc_20120404_174754.reg
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/03 16:07:25 | 000,001,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Micro Niche Finder 5.0.lnk
[2012/03/29 00:17:22 | 000,078,585 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\MoneywordMatrix-competition-latest.png
[2012/03/25 22:41:42 | 000,184,124 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Ray Bradbury - Skeleton.pdf
[2012/03/20 15:25:18 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/03/20 15:24:32 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/03/20 15:24:32 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/03/20 15:24:26 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2012/03/17 13:45:35 | 000,011,813 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\jos kindle stuff et al.dxp
[2012/03/15 15:13:21 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012/03/15 15:11:41 | 000,000,237 | ---- | M] () -- C:\user.js
[2012/03/14 17:36:17 | 000,062,996 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\LiveLinks Report for [You must be registered and logged in to see this link.]
[2012/03/09 12:16:44 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to Article Marketing Robot.exe.lnk
[2012/03/08 21:39:03 | 090,600,384 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\std20sasfx.exe
[2012/02/28 13:55:14 | 000,001,665 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\BestSpinner.lnk
[2012/02/22 17:29:29 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to UNINV.EXE.lnk
[2012/02/22 17:05:47 | 000,007,680 | ---- | M] () -- C:\WINDOWS\~INSX462.EXE
[2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2012/02/19 16:37:29 | 000,254,650 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\census.cache
[2012/02/19 16:37:27 | 000,222,827 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\ars.cache
[2012/02/14 00:31:58 | 000,136,506 | ---- | M] () -- C:\WINDOWS\hphins33.dat
[2012/02/01 14:32:58 | 000,036,363 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2012/01/30 12:19:09 | 000,305,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/20 21:42:57 | 000,086,062 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\.linkassistant.properties
[2012/01/12 22:17:31 | 000,001,906 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Rank Tracker.lnk
[2012/01/10 11:43:35 | 000,022,528 | -H-- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\photothumb.db
[2012/01/04 03:48:42 | 000,354,176 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2011/12/28 00:47:31 | 000,542,900 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/12/28 00:34:46 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/26 18:42:59 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidsfilterx.sys
[2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys
[2011/12/12 22:19:07 | 000,000,536 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to budgetineriordes_ideas.lnk
[2011/12/11 22:49:09 | 000,074,216 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/12/07 12:04:33 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\TextPad.lnk
[2011/12/05 18:38:50 | 000,233,819 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Servant.pdf
[2011/11/26 01:13:10 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Revo Uninstaller.lnk
[2011/11/25 15:03:12 | 000,201,972 | ---- | M] () -- C:\WINDOWS\XHeader Uninstaller.exe
[2011/11/25 15:03:12 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\XHeader.lnk
[2011/11/22 20:42:40 | 000,185,560 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2011/10/29 17:33:31 | 000,090,218 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\unclesam.odp
[2011/10/25 15:54:24 | 005,049,658 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\sponsorship.wmv
[2011/10/24 15:48:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/24 15:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2011/10/24 15:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2011/10/17 21:22:54 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\.recently-used.xbel
[2011/10/16 17:34:06 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/10/16 15:20:40 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\LIMBO.lnk
[2011/10/14 19:45:56 | 000,174,356 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\cc_20111014_194550.reg
[2011/10/12 21:14:52 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Mozilla Firefox (2).lnk
[2011/10/07 16:11:51 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Instant Eyedropper (2).lnk
[2011/10/03 06:06:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/03 06:06:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/03 06:06:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/10/03 06:06:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/10/03 03:37:52 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/09/23 18:33:38 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Eusing Registry Cleaner.lnk
[2011/09/17 20:49:17 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/09/17 20:49:17 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2011/09/14 17:08:39 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HD ADeck.lnk
[2011/09/12 16:06:50 | 001,982,848 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\spiritualgems.pdf
[2011/09/09 18:23:34 | 002,469,760 | ---- | M] () -- C:\WINDOWS\System32\BootMan.exe
[2011/09/08 17:31:30 | 000,000,439 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to Allen affiliiate sites.lnk
[2011/09/06 02:35:23 | 000,000,369 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to Torrents.lnk
[2011/09/05 13:08:04 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Windows Explorer.lnk
[2011/09/01 15:12:35 | 004,528,854 | ---- | M] (FileZilla Project) -- C:\Documents and Settings\Carolyn Blake\My Documents\FileZilla_3.5.1_win32-setup.exe
[2011/08/11 17:44:42 | 000,040,960 | ---- | M] (DNAML Pty Ltd) -- C:\WINDOWS\dbrmdwb.exe
[2011/08/11 17:41:52 | 000,638,464 | ---- | M] () -- C:\WINDOWS\dbplugin.exe
[2011/08/11 17:41:52 | 000,356,352 | ---- | M] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2011/08/11 17:41:51 | 002,416,752 | ---- | M] () -- C:\WINDOWS\dbplugin.ocx
[2011/08/11 17:41:51 | 000,823,296 | ---- | M] () -- C:\WINDOWS\npdbplug.dll
[2011/08/11 17:41:51 | 000,668,160 | ---- | M] () -- C:\WINDOWS\dtaplugin.exe
[2011/08/11 17:41:51 | 000,000,601 | ---- | M] () -- C:\WINDOWS\npdbplug.xpt
[2011/08/10 11:30:36 | 000,001,171 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to kompozer.lnk
[2011/08/08 14:28:34 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Xilisoft.lnk
[2011/08/01 12:44:26 | 000,404,256 | R--- | M] () -- C:\WINDOWS\System32\drivers\SRS_AE_i386.sys
[2011/07/30 02:16:37 | 000,042,472 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\wordlist3-1.rtf
[2011/07/29 13:54:56 | 000,086,408 | ---- | M] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/07/29 13:54:56 | 000,013,192 | ---- | M] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/07/29 13:54:56 | 000,008,456 | ---- | M] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/07/29 13:54:46 | 000,019,840 | ---- | M] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/07/26 10:30:53 | 000,145,732 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\options_managing_repayment.pdf
[2011/07/21 15:12:32 | 000,045,056 | ---- | M] () -- C:\WINDOWS\System32\acovcnt.exe
[2011/07/13 17:00:14 | 000,026,112 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\System32\drivers\tap0901.sys
[2011/07/12 18:18:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\{B2817EA7-36DE-4109-AA27-C0BCC302C745}
[2011/07/07 12:26:51 | 000,003,595 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\bday.jpg
[2011/07/07 12:25:58 | 000,034,181 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\bday.gif
[2011/07/07 12:24:44 | 000,010,180 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\birrthday.gif
[2011/06/26 09:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/20 09:58:36 | 001,219,799 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\A_New_Earth.pdf
[2011/06/16 01:31:43 | 000,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI
[2011/06/15 12:02:31 | 000,000,208 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/05/24 20:44:08 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2011/05/24 20:42:47 | 000,006,348 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\cd.dxp
[2011/05/20 09:58:09 | 000,000,190 | ---- | M] () -- C:\WINDOWS\settings.ini
[2011/05/20 09:40:39 | 000,001,417 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2011/05/20 09:40:39 | 000,001,399 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2011/05/12 15:05:32 | 000,018,816 | ---- | M] (Sophos Group) -- C:\WINDOWS\System32\SAVRKBootTasks.sys

========== Files Created - No Company Name ==========

[2012/05/06 11:52:42 | 097,285,812 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/05/05 13:17:41 | 000,002,062 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Secrets of the Dark - Eclipse Mountain Collector's Edition.lnk
[2012/05/05 13:17:41 | 000,001,282 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2012/05/04 20:38:37 | 000,629,057 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\RkU3.8.388.590.rar
[2012/05/04 20:35:45 | 001,110,476 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\7z920.exe
[2012/05/04 18:01:10 | 000,034,142 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/05/04 15:08:14 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/05/04 12:59:14 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2012/05/03 21:51:39 | 000,034,853 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\ascension.jpg
[2012/05/03 18:51:35 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft HiJackFree.lnk
[2012/05/03 16:13:26 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/02 13:51:18 | 000,002,346 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Google Chrome.lnk
[2012/05/02 13:51:18 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/01 16:23:04 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HMA! Pro VPN.lnk
[2012/04/30 01:02:16 | 000,024,243 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\img_1640_aliens-vs-predator-birthday-cake-360p.jpg
[2012/04/30 00:53:19 | 000,031,518 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\birthday-alien.jpg
[2012/04/30 00:51:45 | 000,183,878 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\alien cake.jpg
[2012/04/27 23:52:04 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/04/27 23:52:03 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2012/04/27 20:42:37 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Vampire Saga - Break Out.lnk
[2012/04/27 18:43:07 | 000,007,194 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\rita.jpg
[2012/04/27 18:15:37 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/26 16:19:08 | 000,001,533 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AirTies Utility.lnk
[2012/04/25 22:53:33 | 000,012,711 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Carolyn's Stuff.odt
[2012/04/24 22:10:44 | 000,105,102 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Van Gogh Cake.jpg
[2012/04/23 00:10:05 | 000,148,824 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\tom_hardy.jpg
[2012/04/21 12:47:41 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\WirelessSecurityPassword.ini
[2012/04/12 13:12:57 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2012/04/06 19:29:54 | 000,196,551 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\banedarkknightrises.jpg
[2012/04/04 17:48:03 | 000,039,280 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\cc_20120404_174754.reg
[2012/04/03 16:07:25 | 000,001,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Micro Niche Finder 5.0.lnk
[2012/03/29 00:17:27 | 000,078,585 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\MoneywordMatrix-competition-latest.png
[2012/03/25 22:40:48 | 000,184,124 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Ray Bradbury - Skeleton.pdf
[2012/03/17 13:45:35 | 000,011,813 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\jos kindle stuff et al.dxp
[2012/03/16 12:43:24 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ebook Niche Explorer.lnk
[2012/03/15 15:11:40 | 000,000,237 | ---- | C] () -- C:\user.js
[2012/03/15 15:01:21 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Market Samurai.lnk
[2012/03/14 17:00:22 | 000,062,996 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\LiveLinks Report for [You must be registered and logged in to see this link.]
[2012/03/08 21:29:57 | 090,600,384 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\std20sasfx.exe
[2012/03/08 15:18:31 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to Article Marketing Robot.exe.lnk
[2012/02/28 13:55:14 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\BestSpinner.lnk
[2012/02/22 17:29:29 | 000,000,919 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to UNINV.EXE.lnk
[2012/02/22 17:05:47 | 000,007,680 | ---- | C] () -- C:\WINDOWS\~INSX462.EXE
[2012/02/14 00:24:46 | 000,136,506 | ---- | C] () -- C:\WINDOWS\hphins33.dat
[2012/02/14 00:24:46 | 000,000,512 | ---- | C] () -- C:\WINDOWS\hphmdl33.dat
[2012/01/20 21:42:57 | 000,086,062 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\.linkassistant.properties
[2012/01/18 15:29:10 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/12 23:24:32 | 000,126,709 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\.ranktracker.properties
[2012/01/12 22:17:31 | 000,001,906 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Rank Tracker.lnk
[2012/01/10 11:43:35 | 000,022,528 | -H-- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\photothumb.db
[2011/12/29 16:34:20 | 000,254,650 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\census.cache
[2011/12/29 16:34:14 | 000,222,827 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\ars.cache
[2011/12/27 23:02:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/27 23:02:34 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/27 23:00:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/27 23:00:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/27 23:00:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/27 23:00:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/27 23:00:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/27 14:28:02 | 000,542,900 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/12/12 22:19:11 | 000,000,536 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to budgetineriordes_ideas.lnk
[2011/12/07 12:04:33 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\TextPad.lnk
[2011/12/05 20:18:30 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TextPad.lnk
[2011/12/05 18:38:49 | 000,233,819 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Servant.pdf
[2011/11/26 15:10:03 | 002,248,101 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\15 0405tbforcarolyn.mp3
[2011/11/26 01:13:10 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Revo Uninstaller.lnk
[2011/11/25 15:03:12 | 000,201,972 | ---- | C] () -- C:\WINDOWS\XHeader Uninstaller.exe
[2011/11/25 15:03:12 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\XHeader.lnk
[2011/10/29 17:32:52 | 000,090,218 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\unclesam.odp
[2011/10/25 15:53:26 | 005,049,658 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\sponsorship.wmv
[2011/10/22 13:16:29 | 000,000,030 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011/10/17 21:22:54 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\.recently-used.xbel
[2011/10/17 14:43:11 | 001,982,848 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\spiritualgems.pdf
[2011/10/16 15:20:40 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\LIMBO.lnk
[2011/10/14 19:45:52 | 000,174,356 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\cc_20111014_194550.reg
[2011/10/12 21:14:52 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Mozilla Firefox (2).lnk
[2011/10/07 16:11:51 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Instant Eyedropper (2).lnk
[2011/10/05 17:10:26 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/24 22:08:26 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/09/24 22:08:25 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/09/24 22:08:25 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/09/24 22:08:25 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/09/24 22:08:25 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/09/23 18:33:38 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Eusing Registry Cleaner.lnk
[2011/09/17 20:49:17 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/09/17 20:49:17 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2011/09/14 17:08:39 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HD ADeck.lnk
[2011/09/14 16:55:53 | 000,404,256 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_AE_i386.sys
[2011/09/08 17:31:30 | 000,000,439 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to Allen affiliiate sites.lnk
[2011/09/06 02:35:29 | 000,000,369 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to Torrents.lnk
[2011/08/11 17:41:52 | 000,638,464 | ---- | C] () -- C:\WINDOWS\dbplugin.exe
[2011/08/11 17:41:51 | 002,416,752 | ---- | C] () -- C:\WINDOWS\dbplugin.ocx
[2011/08/11 17:41:51 | 000,823,296 | ---- | C] () -- C:\WINDOWS\npdbplug.dll
[2011/08/11 17:41:51 | 000,668,160 | ---- | C] () -- C:\WINDOWS\dtaplugin.exe
[2011/08/11 17:41:51 | 000,000,601 | ---- | C] () -- C:\WINDOWS\npdbplug.xpt
[2011/08/10 11:30:36 | 000,001,171 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to kompozer.lnk
[2011/08/08 14:28:34 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Xilisoft.lnk
[2011/07/31 03:52:42 | 000,003,595 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\bday.jpg
[2011/07/31 03:50:42 | 000,145,732 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\options_managing_repayment.pdf
[2011/07/31 03:48:23 | 001,219,799 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\A_New_Earth.pdf
[2011/07/31 03:43:40 | 000,010,180 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\birrthday.gif
[2011/07/31 03:33:06 | 000,034,181 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\bday.gif
[2011/07/29 20:28:55 | 000,042,472 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\wordlist3-1.rtf
[2011/07/26 00:47:08 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/25 22:25:14 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2011/07/12 18:18:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\{B2817EA7-36DE-4109-AA27-C0BCC302C745}
[2011/07/09 09:55:10 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/06/14 16:14:46 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/24 20:42:46 | 000,006,348 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\cd.dxp
[2011/05/06 01:56:13 | 000,000,208 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011/05/04 12:45:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/03/14 02:37:39 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/02/03 22:12:56 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
[2010/12/16 13:31:11 | 000,000,057 | ---- | C] () -- C:\WINDOWS\ANTSWLIB.INI
[2010/12/01 16:01:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/10/19 13:56:45 | 000,168,189 | ---- | C] () -- C:\WINDOWS\hphins33.dat.temp
[2010/10/19 13:56:45 | 000,000,512 | ---- | C] () -- C:\WINDOWS\hphmdl33.dat.temp
[2010/10/18 22:03:20 | 000,000,138 | ---- | C] () -- C:\WINDOWS\trsubreader.INI
[2010/10/04 14:53:43 | 000,004,007 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2010/09/09 15:45:13 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/09/09 15:41:05 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/08/25 15:55:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010/08/08 20:55:49 | 000,019,521 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2010/08/05 21:56:19 | 000,000,190 | ---- | C] () -- C:\WINDOWS\settings.ini
[2010/07/11 16:02:07 | 000,074,216 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/10 19:50:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/05 13:46:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI
[2010/06/28 22:28:57 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\acovcnt.exe
[2010/06/12 17:39:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/05/24 22:08:21 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96372A73

< End of report >

rx7chick
Novice
Novice

Posts Posts : 43
Joined Joined : 2012-05-03
OS OS : Windows XP
Points Points : 17413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by rx7chick on Sun May 06, 2012 9:51 am

No extras.txt file was generated by OTL. I even ran a search function on both my C and D drives and it was not found.

rx7chick
Novice
Novice

Posts Posts : 43
Joined Joined : 2012-05-03
OS OS : Windows XP
Points Points : 17413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by Dr Jay on Mon May 07, 2012 8:16 am

Please go to: [You must be registered and logged in to see this link.]




  • Click the Browse button and search for the following file: C:\WINDOWS\system32\97891B4D.exe
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now"

Please post the results in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by rx7chick on Mon May 07, 2012 9:31 am

This file does not exist on my computer. I ran a search function plus I manually searched, making sure to search hidden files and folders. It is not there.

rx7chick
Novice
Novice

Posts Posts : 43
Joined Joined : 2012-05-03
OS OS : Windows XP
Points Points : 17413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by Dr Jay on Tue May 08, 2012 4:57 pm

Please open OTL -- Click None and paste this in the Custom Scans box:

Code:
*97891B4D*

Then click Run Scan. It shall launch a log. Please post it in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by rx7chick on Tue May 08, 2012 5:14 pm

as you requested:

OTL logfile created on: 5/8/2012 8:11:39 PM - Run 7
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Carolyn Blake\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 83.60% Memory free
4.81 Gb Paging File | 4.44 Gb Available in Paging File | 92.29% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 7.64 Gb Free Space | 15.65% Space Free | Partition Type: NTFS
Drive D: | 184.05 Gb Total Space | 0.89 Gb Free Space | 0.48% Space Free | Partition Type: NTFS

Computer Name: PRISS | User Name: Carolyn Blake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< *97891B4D* >

< End of report >

rx7chick
Novice
Novice

Posts Posts : 43
Joined Joined : 2012-05-03
OS OS : Windows XP
Points Points : 17413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by Dr Jay on Tue May 08, 2012 5:31 pm

What different ways have you tried to search in Google?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by rx7chick on Tue May 08, 2012 5:44 pm

I open up the google main page and type my queries into the search bar on the page. When I use Chrome, I put the queries into their "omni bar." I have not been using Google since I started this process of trying to fix it but the last time I tried to search Google just before I posted here, I was blocked. I do a lot of in depth searching like keyword research, using Google keyword tool, and I do searches using terms like inurl:
After I did all the cleaning, before I came here, I installed emsisoft and Immunate and both of them were flagging just about everything coming in as malware. I had to uninstall them both to download combofix. I did see some flags from Immunate saying my computer was making calls to suspicious websites, and some of them had a .ru extension. I have no idea why that would be. I only use Google for personal searching and for my business. I build Wordpress sites and do some internet marketing.

rx7chick
Novice
Novice

Posts Posts : 43
Joined Joined : 2012-05-03
OS OS : Windows XP
Points Points : 17413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by Dr Jay on Wed May 09, 2012 10:29 am

Please test your DNS Resolution by visiting here: [You must be registered and logged in to see this link.]

Tell me if that is green or not...

Also for this site: [You must be registered and logged in to see this link.]

Tell me if you see all six images at the top...


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by rx7chick on Wed May 09, 2012 11:34 am

Yes, green and yes, 6 images

rx7chick
Novice
Novice

Posts Posts : 43
Joined Joined : 2012-05-03
OS OS : Windows XP
Points Points : 17413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by Dr Jay on Wed May 09, 2012 3:50 pm

Excellent!

Real quick...Do you happen to have Google Toolbar installed at all?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by rx7chick on Wed May 09, 2012 3:53 pm

in Firefox, but it is not available for Chrome, which I used 90% of the time. i am not using Chrome since this happened, nor have I used Google since I started this process with you...using Firefox, K-Meleon and Bing only. But yes, Google Toolbar in Firefox

rx7chick
Novice
Novice

Posts Posts : 43
Joined Joined : 2012-05-03
OS OS : Windows XP
Points Points : 17413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by Dr Jay on Wed May 09, 2012 3:55 pm

Please Download [You must be registered and logged in to see this link.] by jpshortstuff and save it to your Desktop.

  • Close all other programs before executing!.
  • Double click Kenco.exe, to begin execution. Scan should only take a few minutes.
  • When finished, the log file " Kenco.log" will open in Notepad.
    It will also be saved in the same location as Kenco.exe which should be on your desktop.
  • Please post the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by rx7chick on Wed May 09, 2012 4:12 pm

kenko report, which incidentally took about 3 seconds, and you said a few minutes, so I hope it is accurate.

Kenco by jpshortstuff (31.12.09.1)
Log created at 19:11 on 09/05/2012 (Carolyn Blake)

========== Task Unlocker ==========

========== KencoScan ==========

========== C:\WINDOWS\Tasks ==========
Adobe Flash Player Updater.job -> [15:15 27/04/2012] 830 bytes
AppleSoftwareUpdate.job -> [11:56 17/02/2010] 284 bytes
GoogleUpdateTaskMachineCore.job -> [21:36 15/02/2010] 896 bytes
GoogleUpdateTaskMachineUA.job -> [21:36 15/02/2010] 900 bytes
GoogleUpdateTaskUserS-1-5-21-823518204-606747145-1177238915-1003Core.job -> [22:51 15/02/2010] 958 bytes
GoogleUpdateTaskUserS-1-5-21-823518204-606747145-1177238915-1003UA.job -> [22:51 15/02/2010] 1010 bytes
RealUpgradeLogonTaskS-1-5-21-823518204-606747145-1177238915-1003.job -> [23:07 02/02/2011] 294 bytes
RealUpgradeScheduledTaskS-1-5-21-823518204-606747145-1177238915-1003.job -> [23:07 02/02/2011] 302 bytes
User_Feed_Synchronization-{AD86CA84-E512-4EF7-9AEF-BA4F952FD154}.job -> [21:46 15/02/2010] 438 bytes

-=E.O.F=-

rx7chick
Novice
Novice

Posts Posts : 43
Joined Joined : 2012-05-03
OS OS : Windows XP
Points Points : 17413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by Dr Jay on Wed May 09, 2012 4:29 pm

As far as we know here, your computer is indeed clean, bu let's do a couple of other checks:

Please download aswMBR from [You must be registered and logged in to see this link.]


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below




Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are [You must be registered and logged in to see this link.]


  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by rx7chick on Wed May 09, 2012 5:18 pm

awembr log file. It sat on the last line related to documents and settings for a very long time with no activity, and finally I clicked on save log. I assume it was finished but it never did say it was complete

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-09 19:56:15
-----------------------------
19:56:15.562 OS Version: Windows 5.1.2600 Service Pack 3
19:56:15.562 Number of processors: 2 586 0x170A
19:56:15.562 ComputerName: PRISS UserName:
19:56:16.031 Initialize success
20:08:07.125 AVAST engine defs: 12050900
20:08:18.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:08:18.187 Disk 0 Vendor: ST9250315AS 0002SDM1 Size: 238475MB BusType: 3
20:08:18.203 Disk 0 MBR read successfully
20:08:18.218 Disk 0 MBR scan
20:08:18.265 Disk 0 Windows XP default MBR code
20:08:18.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49999 MB offset 63
20:08:18.281 Disk 0 Partition - 00 0F Extended LBA 188465 MB offset 102398310
20:08:18.296 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 188465 MB offset 102398373
20:08:18.312 Disk 0 scanning sectors +488376000
20:08:18.421 Disk 0 scanning C:\WINDOWS\system32\drivers
20:08:31.031 Service scanning
20:08:32.609 Service ASUSProcObsrv E:\I386\AsProcOb.sys **LOCKED** 21
20:08:44.421 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
20:08:48.046 Modules scanning
20:08:56.281 Disk 0 trace - called modules:
20:08:56.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
20:08:56.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad25ab8]
20:08:56.343 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000087[0x8ad59f18]
20:08:56.359 5 ACPI.sys[b9e54620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad81d98]
20:08:56.781 AVAST engine scan C:\WINDOWS
20:09:07.281 AVAST engine scan C:\WINDOWS\system32
20:11:58.750 AVAST engine scan C:\WINDOWS\system32\drivers
20:12:15.703 AVAST engine scan C:\Documents and Settings\Carolyn Blake
20:13:20.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Carolyn Blake\Desktop\MBR.dat"
20:13:20.343 The log file has been saved successfully to "C:\Documents and Settings\Carolyn Blake\Desktop\aswMBR.txt"



rx7chick
Novice
Novice

Posts Posts : 43
Joined Joined : 2012-05-03
OS OS : Windows XP
Points Points : 17413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by rx7chick on Wed May 09, 2012 5:59 pm

Please disregard the previous asw scan, it was incomplete

Correct ASW scan log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-09 20:19:35
-----------------------------
20:19:35.265 OS Version: Windows 5.1.2600 Service Pack 3
20:19:35.265 Number of processors: 2 586 0x170A
20:19:35.265 ComputerName: PRISS UserName:
20:19:35.937 Initialize success
20:19:41.515 AVAST engine defs: 12050900
20:20:00.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:20:00.296 Disk 0 Vendor: ST9250315AS 0002SDM1 Size: 238475MB BusType: 3
20:20:00.312 Disk 0 MBR read successfully
20:20:00.328 Disk 0 MBR scan
20:20:00.359 Disk 0 Windows XP default MBR code
20:20:00.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49999 MB offset 63
20:20:00.375 Disk 0 Partition - 00 0F Extended LBA 188465 MB offset 102398310
20:20:00.406 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 188465 MB offset 102398373
20:20:00.421 Disk 0 scanning sectors +488376000
20:20:00.531 Disk 0 scanning C:\WINDOWS\system32\drivers
20:20:16.953 Service scanning
20:20:18.500 Service ASUSProcObsrv E:\I386\AsProcOb.sys **LOCKED** 21
20:20:30.187 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
20:20:33.750 Modules scanning
20:20:50.265 Disk 0 trace - called modules:
20:20:50.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
20:20:50.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad25ab8]
20:20:50.343 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000087[0x8ad59f18]
20:20:50.359 5 ACPI.sys[b9e54620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad81d98]
20:20:50.812 AVAST engine scan C:\WINDOWS
20:21:03.484 AVAST engine scan C:\WINDOWS\system32
20:24:44.187 AVAST engine scan C:\WINDOWS\system32\drivers
20:25:08.171 AVAST engine scan C:\Documents and Settings\Carolyn Blake
20:49:00.265 AVAST engine scan C:\Documents and Settings\All Users
20:55:33.000 Scan finished successfully
20:57:01.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Carolyn Blake\Desktop\MBR.dat"
20:57:01.468 The log file has been saved successfully to "C:\Documents and Settings\Carolyn Blake\Desktop\aswMBR.txt"



rx7chick
Novice
Novice

Posts Posts : 43
Joined Joined : 2012-05-03
OS OS : Windows XP
Points Points : 17413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by Dr Jay on Wed May 09, 2012 8:35 pm

Your IP address is likely banned.

Call your ISP to get a new IP address assigned. This is best to be able to access Google again.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by rx7chick on Thu May 10, 2012 10:10 am

Thank you Jay for all your help. I am in Turkey and things are difficult here for getting things like that accomplished. I am leaving in 3 weeks so my problem may be solved then. I have only had this IP address for 3 weeks, having picked up this new service then. I wonder if there could be someone on my network who is doing something to cause this. I deeply appreciate your help and how you stuck with me through this. If I have the same problem when I move to Romania, I will be back to address it again.

rx7chick
Novice
Novice

Posts Posts : 43
Joined Joined : 2012-05-03
OS OS : Windows XP
Points Points : 17413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Searching blocked by Google

Post by Dr Jay on Thu May 10, 2012 10:51 am

It might have actually been malware. ComboFix reported deletions of two of the latest infections, reported in [You must be registered and logged in to see this link.]:

c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Carolyn Blake\g2mdlhlpx.exe IDENTIFIED as Trojan:fake-GoToMeeting Application
c:\documents and settings\Carolyn Blake\new.txt
c:\windows\~INSX362.EXE Commonly a Trojan paired with redirect malware
c:\windows\system32\drivers\etc\hosts.ics Static HOSTS file (modified by malware)
c:\windows\system32\roboot.exe Possibly related to Trojan.ZeroAccess

EXPLAINED:

Google takes these actions prevent DDoS, which is Distributed Denial of Service. When it detects potential suspicious behavior from an IP address, the IP address is put on a temporary or permanent ban list.

Problem is, the malware you had, had the ability to control your computer and send anonymous requests to unknown/known servers, such as Google.

Only way to solve this issue the hard way is to remove the malware first, and then wait it out.

The easy way is to change your IP address after the malware is removed.


Just curious...run this scan real quick:


  1. Download Win32kDiag from any of the following locations and save it to your Desktop.

  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.


  • Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Searching blocked by Google

    Post by rx7chick on Thu May 10, 2012 1:38 pm

    Ok, I'm on it...back as soon as it's done. I just tried to use Google again and it instantly asked me for a captcha, because of "unusual activity," so I closed it and went back to bing. BRB...

    rx7chick
    Novice
    Novice

    Posts Posts : 43
    Joined Joined : 2012-05-03
    OS OS : Windows XP
    Points Points : 17413
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Searching blocked by Google

    Post by rx7chick on Thu May 10, 2012 1:43 pm

    Running from: C:\Documents and Settings\Carolyn Blake\Desktop\Win32kDiag.exe

    Log file at : C:\Documents and Settings\Carolyn Blake\Desktop\Win32kDiag.txt

    WARNING: Could not get backup privileges!

    Searching 'C:\WINDOWS'...





    Finished!

    rx7chick
    Novice
    Novice

    Posts Posts : 43
    Joined Joined : 2012-05-03
    OS OS : Windows XP
    Points Points : 17413
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Searching blocked by Google

    Post by rx7chick on Thu May 10, 2012 3:52 pm

    I just now filled out a form to join an online class...first time and only time, and I got this message (not from Google- I accessed the link from my email, and in Firefox)
    Security Image Verification

    We have received repeated subscriptions from your computer. To prevent automated signups we verify that it is a person signing up, and not an automated script.

    Type the characters below, exactly as shown, into the box provided without spaces. The letters are case sensitive.

    We monitor our system very closely to prevent the use of harmful programs to submit large numbers of signups, which may cause problems for other users, and generate undue Spam complaints.

    rx7chick
    Novice
    Novice

    Posts Posts : 43
    Joined Joined : 2012-05-03
    OS OS : Windows XP
    Points Points : 17413
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Searching blocked by Google

    Post by Dr Jay on Thu May 10, 2012 6:48 pm

    Please open Notepad and enter in the following:
    @echo off
    echo DNS renewal >log.txt
    echo %date% >>log.txt
    ipconfig /flushdns >>log.txt
    pause
    ipconfig /release >>log.txt
    pause
    ipconfig /renew >>log.txt
    pause
    ipconfig /all >>log.txt
    pause
    start log.txt
    exit
    Then, click File > Save as...
    Save as dns.bat to your Desktop.
    Choose Save as type... All Files.
    Click Save.

    Then, exit Notepad.

    Double-click on dns.bat, and it will finish quickly and launch a log.

    Please post that in your next reply.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Searching blocked by Google

    Post by rx7chick on Thu May 10, 2012 7:41 pm

    I had to "press any key" several times to get it to run, after the cmd window opened, but here it is.

    DNS renewal
    Thu 05/10/2012


    Windows IP Configuration



    Successfully flushed the DNS Resolver Cache.



    Windows IP Configuration



    No operation can be performed on Local Area Connection while it has its media disconnected.

    No operation can be performed on Local Area Connection 4 while it has its media disconnected.

    IP Address for adapter Wireless Network Connection has already been released.



    Windows IP Configuration



    No operation can be performed on Local Area Connection while it has its media disconnected.

    No operation can be performed on Local Area Connection 4 while it has its media disconnected.

    An error occurred while renewing interface Wireless Network Connection : The DHCP client has obtained an IP address that is already in use on the network. The local interface will be disabled until the DHCP client can obtain a new address.





    Windows IP Configuration



    Host Name . . . . . . . . . . . . : PRISS

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Hybrid

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No



    Ethernet adapter Local Area Connection:



    Media State . . . . . . . . . . . : Media disconnected

    Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller

    Physical Address. . . . . . . . . : 90-E6-BA-94-B4-30



    Ethernet adapter Local Area Connection 4:



    Media State . . . . . . . . . . . : Media disconnected

    Description . . . . . . . . . . . : TAP-Win32 Adapter V9

    Physical Address. . . . . . . . . : 00-FF-E9-44-45-15



    Ethernet adapter Wireless Network Connection:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter

    Physical Address. . . . . . . . . : 00-25-D3-BF-53-68

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 0.0.0.0

    Subnet Mask . . . . . . . . . . . : 0.0.0.0

    Default Gateway . . . . . . . . . :

    DHCP Server . . . . . . . . . . . : 255.255.255.255


    rx7chick
    Novice
    Novice

    Posts Posts : 43
    Joined Joined : 2012-05-03
    OS OS : Windows XP
    Points Points : 17413
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Searching blocked by Google

    Post by Dr Jay on Fri May 11, 2012 8:12 am

    You were not connected to the network when these operations were run?

    Try the sign up process again for that one thing...

    Also, if you do connect to the network, re-run the batch file as above (purposely has the pauses to press any key). Goofy


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Searching blocked by Google

    Post by rx7chick on Fri May 11, 2012 10:47 am

    I am not sure about this. I was online through my regular service. What could this mean?
    I have seen that "media disconnected" message many times during all these attempts to clean up my system. Yes I am online.

    rx7chick
    Novice
    Novice

    Posts Posts : 43
    Joined Joined : 2012-05-03
    OS OS : Windows XP
    Points Points : 17413
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Searching blocked by Google

    Post by Dr Jay on Fri May 11, 2012 4:03 pm

    What current firewalls do you have? Do you have one on a router? One on the computer(s)?


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Searching blocked by Google

    Post by rx7chick on Fri May 11, 2012 4:33 pm

    First, before I answer your question, what does "media disconnected" indicate is going on?

    I use the Windows XP native firewall, set to default. My router is an Airties RT-206v4...European I suppose, and its firewall is on, and this is the description:

    Firewall protects your computers and your network aganist harmful attacks from the Internet. Your modem's firewall has Stateful Packet Inspection (SPI) feature that will inspect every packet coming from the Internet to your modem and will not allow any that is not authorized to pass through. Using the Firewall menu, you can also define advanced rules to allow or prohibit local users in your network to access the Internet, to open certain ports that allow packets to reach applications running on local clients, and to forward all incoming traffic to a certain computer.

    rx7chick
    Novice
    Novice

    Posts Posts : 43
    Joined Joined : 2012-05-03
    OS OS : Windows XP
    Points Points : 17413
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Searching blocked by Google

    Post by Dr Jay on Sat May 12, 2012 10:35 am

    Media disconnected means the network adapter or LAN adapter or ethernet hub is not connected to the internet.

    Go to Start > Run, type in cmd and hit OK.

    Type this in to the black box:

    ping [You must be registered and logged in to see this link.] > log.txt && log.txt

    and hit enter...

    post the log back to me please.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Searching blocked by Google

    Post by rx7chick on Sat May 12, 2012 10:41 am

    I did get a report, and I am assuming I entered the syntax correctly as per spaces.


    Pinging phx1-rb-gtm3-tron-xw-lb.cnet.com [64.30.224.82] with 32 bytes of data:



    Reply from 64.30.224.82: bytes=32 time=242ms TTL=238

    Reply from 64.30.224.82: bytes=32 time=245ms TTL=238

    Reply from 64.30.224.82: bytes=32 time=243ms TTL=238

    Reply from 64.30.224.82: bytes=32 time=241ms TTL=238



    Ping statistics for 64.30.224.82:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 241ms, Maximum = 245ms, Average = 242ms

    rx7chick
    Novice
    Novice

    Posts Posts : 43
    Joined Joined : 2012-05-03
    OS OS : Windows XP
    Points Points : 17413
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Searching blocked by Google

    Post by rx7chick on Sat May 12, 2012 10:43 am

    I did it again, using a copy/paste and got a different response:



    Pinging phx1-rb-gtm3-tron-xw-lb.cnet.com [64.30.224.82] with 32 bytes of data:



    Reply from 64.30.224.82: bytes=32 time=239ms TTL=238

    Reply from 64.30.224.82: bytes=32 time=238ms TTL=238

    Reply from 64.30.224.82: bytes=32 time=240ms TTL=238

    Reply from 64.30.224.82: bytes=32 time=241ms TTL=238



    Ping statistics for 64.30.224.82:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 238ms, Maximum = 241ms, Average = 239ms

    rx7chick
    Novice
    Novice

    Posts Posts : 43
    Joined Joined : 2012-05-03
    OS OS : Windows XP
    Points Points : 17413
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Searching blocked by Google

    Post by Dr Jay on Sat May 12, 2012 2:51 pm

    Okay...I need a closer test to your country... run this command please, the same way:

    ping [You must be registered and logged in to see this link.] > log.txt && log.txt

    Post the log when done, please. Smile


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Searching blocked by Google

    Post by rx7chick on Sat May 12, 2012 4:37 pm



    Pinging [You must be registered and logged in to see this link.] [85.111.19.108] with 32 bytes of data:



    Reply from 85.111.19.108: bytes=32 time=30ms TTL=55

    Reply from 85.111.19.108: bytes=32 time=30ms TTL=55

    Reply from 85.111.19.108: bytes=32 time=30ms TTL=55

    Reply from 85.111.19.108: bytes=32 time=26ms TTL=55



    Ping statistics for 85.111.19.108:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 26ms, Maximum = 30ms, Average = 29ms

    rx7chick
    Novice
    Novice

    Posts Posts : 43
    Joined Joined : 2012-05-03
    OS OS : Windows XP
    Points Points : 17413
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Searching blocked by Google

    Post by Dr Jay on Sun May 13, 2012 8:13 pm

    Very good. Now, I'm curious...which Google are you using? Standard .com or other TLD (top level domain such as .co.uk or .it, etc.)?


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Searching blocked by Google

    Post by rx7chick on Sun May 13, 2012 8:26 pm

    Most of the time .com but sometimes my vpn is off and I might end up with .uk, .ro, .md, or .tr. I always make an effort to use US google, but sometimes I use my vpn and go thru UK or Romania or Moldova. I am in Turkey now.

    rx7chick
    Novice
    Novice

    Posts Posts : 43
    Joined Joined : 2012-05-03
    OS OS : Windows XP
    Points Points : 17413
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Searching blocked by Google

    Post by Dr Jay on Sun May 13, 2012 8:42 pm

    I'm sticking to my previous opinion: [You must be registered and logged in to see this link.]


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Searching blocked by Google

    Post by rx7chick on Mon May 14, 2012 8:25 am

    Thank you Jay for all your help. If your final advice is to get my provider to assign me a new IP address, I can try but I seriously doubt that I will have any success with that. In any case I leave Turkey in 2 weeks on May 28, to go to Romania, and if the problem is local it will be solved then. If I have the same issue, I will let you know.

    I don't know if this is pertinent, but there is another user in my household who connects wirelessly as I do to the same router and she has never had this problem. In her case, she only does email and research for her writing, not the heavy usage I do.

    rx7chick
    Novice
    Novice

    Posts Posts : 43
    Joined Joined : 2012-05-03
    OS OS : Windows XP
    Points Points : 17413
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Searching blocked by Google

    Post by Dr Jay on Mon May 14, 2012 7:41 pm

    You're saying the other user can connect and use Google.com in the same house?

    Are your IP addresses similar or different?


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Page 1 of 2 1, 2  Next

    View previous topic View next topic Back to top

    - Similar topics

     
    Permissions in this forum:
    You cannot reply to topics in this forum