Search engines redirecting in all browsers

I followed the steps in :http://www.bleepingcomputer.com/forums/topic448236.html
Also did the Preparation guide from step 6 and on.

Here is the log from dds:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Parent at 14:11:57 on 2012-03-31
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.851 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
.
============== Pseudo HJT Report ===============
.
mDefault_Page_URL = hxxp://www.k12.com
mStart Page = hxxp://www.k12.com
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\parent\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F77A80F6-4808-407A-9736-F90DFED35A7D} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F77A80F6-4808-407A-9736-F90DFED35A7D} : DhcpNameServer = 192.168.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\parent\application data\mozilla\firefox\profiles\9883t0w8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://irtr.startnow.com/s/?src=addrbar&provider=bing&provider_name=bing&provider_code=Z101&partner_id=313&product_id=733&affiliate_id=&channel=SNKIO2_PR&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110727&user_guid=610D7A6AB99E46BDAEC34D4D881B4E71&machine_id=f8267bd92dcef49aaf1b07b9f9ed1fcb&browser=FF&os=win&os_version=5.1-x86-SP3&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\parent\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\parent\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2010-6-18 184888]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-3-11 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-20 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-20 337880]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-20 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-20 44768]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-23 2152152]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-25 652360]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2002-12-31 44800]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-25 20464]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-5 136176]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2011-2-3 401920]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-5 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-23 15232]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-9-9 34248]
.
=============== Created Last 30 ================
.
2012-03-31 02:21:19 306 ----a-w- c:\windows\myClean.bat
2012-03-31 01:58:13 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-31 01:58:13 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-31 00:47:26 -------- d-----w- c:\documents and settings\parent\application data\SUPERAntiSpyware.com
2012-03-31 00:45:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-31 00:45:47 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-03-26 20:57:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-26 05:27:42 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 05:27:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-23 16:49:40 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-03-22 16:26:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-22 16:26:12 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-03-21 03:43:08 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-21 03:42:18 41184 ----a-w- c:\windows\avastSS.scr
2012-03-21 03:41:58 -------- d-----w- c:\program files\AVAST Software
2012-03-21 03:41:58 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-03-12 07:01:37 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-12 05:57:01 -------- d-----w- c:\program files\Lavasoft
2012-03-12 05:56:36 -------- d-----w- c:\documents and settings\parent\local settings\application data\adaware
2012-03-12 05:56:34 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2012-03-12 05:56:28 -------- d-----w- c:\program files\Toolbar Cleaner
2012-03-12 05:56:20 -------- d-----w- c:\documents and settings\parent\application data\adawaretb
2012-03-12 05:56:16 -------- d-----w- c:\program files\adawaretb
2012-03-12 05:56:07 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-03-11 07:48:59 -------- d-----w- c:\documents and settings\parent\application data\Malwarebytes
2012-03-11 07:48:48 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
.
==================== Find3M ====================
.
2012-03-25 20:04:28 26112 ----a-w- c:\windows\system32\userinit.exe
2012-02-05 07:01:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-02-05 07:01:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 14:12:52.75 ===============

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

Sorry for my late reply. Before I continue, is it okay for me to uninstall Spybot S&D? I'm having trouble disabling it.

Yes it is ok and probably better in the long run


gringo

My computer is still running fine.

Here is the log from combofix:


ComboFix 12-04-01.03 - Parent 04/02/2012 15:04:39.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.1305 [GMT -7:00]
Running from: c:\documents and settings\Parent\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\documents and settings\Jeremy\Start Menu\Programs\System Check
c:\documents and settings\Jeremy\Start Menu\Programs\System Check\System Check.lnk
c:\documents and settings\Jeremy\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\documents and settings\Parent\Application Data\Mozilla\Firefox\Profiles\9883t0w8.default\searchplugins\bing-zugo.xml
c:\documents and settings\Parent\Start Menu\Programs\System Check
c:\documents and settings\Parent\Start Menu\Programs\System Check\System Check.lnk
c:\documents and settings\Parent\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\documents and settings\Parent\WINDOWS
c:\program files\getdislike
c:\program files\getdislike\chrome.crx
c:\program files\getdislike\GetDislike.dll
c:\program files\getdislike\GetDislike.xpi
c:\program files\getdislike\Interop.MSHTML.dll
c:\program files\getdislike\Interop.SHDocVw.dll
c:\windows\$NtUninstallKB40321$
c:\windows\$NtUninstallKB40321$\737719929\@
c:\windows\$NtUninstallKB40321$\737719929\cfg.ini
c:\windows\$NtUninstallKB40321$\737719929\Desktop.ini
c:\windows\$NtUninstallKB40321$\737719929\L\zwpoogcz
c:\windows\$NtUninstallKB40321$\737719929\U\00000001.@
c:\windows\$NtUninstallKB40321$\737719929\U\00000002.@
c:\windows\$NtUninstallKB40321$\737719929\U\00000004.@
c:\windows\$NtUninstallKB40321$\737719929\U\80000000.@
c:\windows\$NtUninstallKB40321$\737719929\U\80000004.@
c:\windows\$NtUninstallKB40321$\737719929\U\80000032.@
c:\windows\$NtUninstallKB40321$\737719929\version
c:\windows\$NtUninstallKB40321$\772495234
c:\windows\system\oeminfo.ini
c:\windows\system\WINSPOOL.DRV
c:\windows\system32\SET11C.tmp
c:\windows\system32\SET120.tmp
c:\windows\system32\SET121.tmp
c:\windows\system32\SET128.tmp
.
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\system volume information\_restore{3AF892E4-CE55-4C4D-B386-8A15189CF21C}\RP405\A0060790.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-03-31 02:21 . 2009-07-23 08:13 306 ----a-w- c:\windows\myClean.bat
2012-03-31 01:58 . 2012-03-31 01:58 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-31 01:58 . 2012-03-31 01:58 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-31 00:47 . 2012-03-31 00:47 -------- d-----w- c:\documents and settings\Parent\Application Data\SUPERAntiSpyware.com
2012-03-31 00:45 . 2012-03-31 00:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-31 00:45 . 2012-03-31 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-26 20:57 . 2012-03-26 20:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-26 05:27 . 2012-03-31 03:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-26 05:27 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-23 16:49 . 2012-03-12 07:01 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-03-22 16:26 . 2012-04-02 17:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-22 16:26 . 2012-04-02 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-03-21 03:43 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-21 03:43 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-21 03:43 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-21 03:43 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-21 03:43 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-21 03:43 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-21 03:43 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-21 03:43 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-21 03:42 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-21 03:42 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-21 03:41 . 2012-03-21 03:41 -------- d-----w- c:\program files\AVAST Software
2012-03-21 03:41 . 2012-03-21 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-03-12 07:01 . 2012-03-12 07:01 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-12 05:57 . 2012-03-12 05:57 -------- d-----w- c:\program files\Lavasoft
2012-03-12 05:57 . 2012-03-12 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-03-12 05:56 . 2012-03-12 05:56 -------- d-----w- c:\documents and settings\Parent\Local Settings\Application Data\adaware
2012-03-12 05:56 . 2012-03-26 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-03-12 05:56 . 2012-03-12 05:56 -------- d-----w- c:\program files\Toolbar Cleaner
2012-03-12 05:56 . 2012-03-26 22:33 -------- d-----w- c:\documents and settings\Parent\Application Data\adawaretb
2012-03-12 05:56 . 2012-03-12 05:56 -------- d-----w- c:\program files\adawaretb
2012-03-12 05:56 . 2011-12-23 14:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-03-11 07:48 . 2012-03-11 07:48 -------- d-----w- c:\documents and settings\Parent\Application Data\Malwarebytes
2012-03-11 07:48 . 2012-03-11 07:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-25 20:04 . 2002-12-31 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
2012-02-05 07:01 . 2010-09-20 12:51 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-02-05 07:01 . 2010-09-20 12:51 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-02-03 09:22 . 2002-12-31 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 03:45 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2010-06-18 22:42 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-31 01:58 . 2011-03-30 21:59 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\sp3qfe\usp10.dll
[-] 2007-05-24 . 456FB859236C9074ACF6C3B6243D8B46 . 502784 . . [1.0626.6000.16386] . . c:\windows\system32\usp10.dll
[-] 2007-05-24 . 456FB859236C9074ACF6C3B6243D8B46 . 502784 . . [1.0626.6000.16386] . . c:\windows\system32\dllcache\usp10.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-12-21 15:44 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-12-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-10 19523616]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-19 54576]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-02-05 296056]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-11-14 197288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-12-13 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Documents and Settings\\Parent\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\adawaretb\\dtUser.exe"=
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [6/18/2010 12:10 PM 184888]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/11/2012 10:56 PM 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/20/2012 8:43 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/20/2012 8:43 PM 337880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 4:38 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/20/2012 8:43 PM 20696]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/25/2012 10:27 PM 652360]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [12/31/2002 5:00 AM 44800]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/25/2012 10:27 PM 20464]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2012 12:01 AM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/23/2011 7:12 AM 2152152]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2/3/2011 7:59 PM 401920]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2012 12:01 AM 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 07:01]
.
2012-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-05 07:01]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-05 07:01]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2143260530-359561344-2389969595-1003Core.job
- c:\documents and settings\Parent\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-03 04:46]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2143260530-359561344-2389969595-1003UA.job
- c:\documents and settings\Parent\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-03 04:46]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2143260530-359561344-2389969595-1008Core.job
- c:\documents and settings\Jeremy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-10 00:02]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2143260530-359561344-2389969595-1008UA.job
- c:\documents and settings\Jeremy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-10 00:02]
.
2012-04-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2143260530-359561344-2389969595-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-30 00:02]
.
2012-04-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2143260530-359561344-2389969595-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-30 00:02]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.k12.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F77A80F6-4808-407A-9736-F90DFED35A7D}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Parent\Application Data\Mozilla\Firefox\Profiles\9883t0w8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://irtr.startnow.com/s/?src=addrbar&provider=bing&provider_name=bing&provider_code=Z101&partner_id=313&product_id=733&affiliate_id=&channel=SNKIO2_PR&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110727&user_guid=610D7A6AB99E46BDAEC34D4D881B4E71&machine_id=f8267bd92dcef49aaf1b07b9f9ed1fcb&browser=FF&os=win&os_version=5.1-x86-SP3&q=
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-GetDislike - c:\program files\getdislike\unninstall.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-02 15:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(936)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3140)
c:\windows\system32\WININET.dll
c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-04-02 15:21:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-02 22:21
.
Pre-Run: 128,345,333,760 bytes free
Post-Run: 129,856,028,672 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 65ADD0827D839F6AD76BDEE33CEFC37E

I also forgot to mention that combofix's scan found zero access rootkit.

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
• it will ask to download extra definitions - ALLOW IT
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

17:29:49.0375 4004 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
17:29:49.0875 4004 ============================================================
17:29:49.0875 4004 Current date / time: 2012/04/02 17:29:49.0875
17:29:49.0875 4004 SystemInfo:
17:29:49.0875 4004
17:29:49.0875 4004 OS Version: 5.1.2600 ServicePack: 3.0
17:29:49.0875 4004 Product type: Workstation
17:29:49.0875 4004 ComputerName: K12-49BEB9EB7B1
17:29:49.0875 4004 UserName: Parent
17:29:49.0875 4004 Windows directory: C:\WINDOWS
17:29:49.0875 4004 System windows directory: C:\WINDOWS
17:29:49.0875 4004 Processor architecture: Intel x86
17:29:49.0875 4004 Number of processors: 1
17:29:49.0875 4004 Page size: 0x1000
17:29:49.0875 4004 Boot type: Normal boot
17:29:49.0875 4004 ============================================================
17:29:50.0531 4004 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
17:29:50.0531 4004 \Device\Harddisk0\DR0:
17:29:50.0531 4004 MBR used
17:29:50.0531 4004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
17:29:50.0562 4004 Initialize success
17:29:50.0562 4004 ============================================================
17:30:51.0234 3048 ============================================================
17:30:51.0234 3048 Scan started
17:30:51.0234 3048 Mode: Manual;
17:30:51.0234 3048 ============================================================
17:30:51.0421 3048 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:30:51.0421 3048 !SASCORE - ok
17:30:51.0546 3048 6to4 (c07d5197410aab28d0d93f943f59656d) C:\WINDOWS\System32\6to4svc.dll
17:30:51.0546 3048 6to4 - ok
17:30:51.0640 3048 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
17:30:51.0640 3048 Aavmker4 - ok
17:30:51.0656 3048 Abiosdsk - ok
17:30:51.0671 3048 abp480n5 - ok
17:30:51.0718 3048 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:30:51.0734 3048 ACPI - ok
17:30:51.0781 3048 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:30:51.0781 3048 ACPIEC - ok
17:30:51.0781 3048 adpu160m - ok
17:30:51.0859 3048 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:30:51.0859 3048 aec - ok
17:30:51.0906 3048 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:30:51.0906 3048 AFD - ok
17:30:52.0000 3048 AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Program Files\LSI SoftModem\agrsmsvc.exe
17:30:52.0000 3048 AgereModemAudio - ok
17:30:52.0031 3048 AgereSoftModem (75e3fec5a4aac46fff76ac794c8340ea) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
17:30:52.0046 3048 AgereSoftModem - ok
17:30:52.0062 3048 Aha154x - ok
17:30:52.0109 3048 ahcix86 (14bd6cffdb2adb40563aa60abc561303) C:\WINDOWS\system32\DRIVERS\ahcix86.sys
17:30:52.0109 3048 ahcix86 - ok
17:30:52.0125 3048 aic78u2 - ok
17:30:52.0140 3048 aic78xx - ok
17:30:52.0171 3048 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:30:52.0171 3048 Alerter - ok
17:30:52.0203 3048 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:30:52.0203 3048 ALG - ok
17:30:52.0218 3048 AliIde - ok
17:30:52.0343 3048 Amazon Download Agent (ff6f0f6a2d72065ae4300426fa414693) C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
17:30:52.0343 3048 Amazon Download Agent - ok
17:30:52.0406 3048 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
17:30:52.0406 3048 AmdPPM - ok
17:30:52.0406 3048 amsint - ok
17:30:52.0484 3048 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:30:52.0484 3048 Apple Mobile Device - ok
17:30:52.0531 3048 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:30:52.0531 3048 AppMgmt - ok
17:30:52.0531 3048 asc - ok
17:30:52.0546 3048 asc3350p - ok
17:30:52.0562 3048 asc3550 - ok
17:30:52.0640 3048 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:30:52.0640 3048 aspnet_state - ok
17:30:52.0687 3048 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:30:52.0687 3048 aswFsBlk - ok
17:30:52.0703 3048 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
17:30:52.0703 3048 aswMon2 - ok
17:30:52.0734 3048 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
17:30:52.0734 3048 AswRdr - ok
17:30:52.0765 3048 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
17:30:52.0765 3048 aswSnx - ok
17:30:52.0781 3048 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
17:30:52.0781 3048 aswSP - ok
17:30:52.0796 3048 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
17:30:52.0796 3048 aswTdi - ok
17:30:52.0859 3048 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:30:52.0859 3048 AsyncMac - ok
17:30:52.0875 3048 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
17:30:52.0875 3048 atapi - ok
17:30:52.0890 3048 Atdisk - ok
17:30:52.0937 3048 Ati HotKey Poller (88d85f00622727fa29eb1b148d874262) C:\WINDOWS\system32\Ati2evxx.exe
17:30:52.0937 3048 Ati HotKey Poller - ok
17:30:53.0062 3048 ati2mtag (257ec6953fc5e03f3fd3ddc722595844) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:30:53.0093 3048 ati2mtag - ok
17:30:53.0156 3048 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:30:53.0156 3048 Atmarpc - ok
17:30:53.0187 3048 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:30:53.0187 3048 AudioSrv - ok
17:30:53.0234 3048 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:30:53.0234 3048 audstub - ok
17:30:53.0359 3048 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:30:53.0359 3048 avast! Antivirus - ok
17:30:53.0421 3048 b57w2k (e951d262c9144c05d3b21ccdda6c7e47) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:30:53.0421 3048 b57w2k - ok
17:30:53.0468 3048 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:30:53.0468 3048 Beep - ok
17:30:53.0546 3048 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:30:53.0546 3048 BITS - ok
17:30:53.0640 3048 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:30:53.0640 3048 Bonjour Service - ok
17:30:53.0687 3048 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:30:53.0687 3048 Browser - ok
17:30:53.0687 3048 catchme - ok
17:30:53.0734 3048 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:30:53.0750 3048 cbidf2k - ok
17:30:53.0765 3048 cd20xrnt - ok
17:30:53.0765 3048 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:30:53.0765 3048 Cdaudio - ok
17:30:53.0781 3048 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:30:53.0781 3048 Cdfs - ok
17:30:53.0796 3048 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:30:53.0796 3048 Cdrom - ok
17:30:53.0812 3048 Changer - ok
17:30:53.0843 3048 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:30:53.0843 3048 CiSvc - ok
17:30:53.0859 3048 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:30:53.0859 3048 ClipSrv - ok
17:30:53.0953 3048 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:30:53.0953 3048 clr_optimization_v2.0.50727_32 - ok
17:30:53.0953 3048 CmdIde - ok
17:30:53.0968 3048 COMSysApp - ok
17:30:53.0984 3048 Cpqarray - ok
17:30:54.0015 3048 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:30:54.0015 3048 CryptSvc - ok
17:30:54.0015 3048 dac2w2k - ok
17:30:54.0031 3048 dac960nt - ok
17:30:54.0093 3048 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:30:54.0093 3048 DcomLaunch - ok
17:30:54.0109 3048 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:30:54.0109 3048 Dhcp - ok
17:30:54.0125 3048 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:30:54.0125 3048 Disk - ok
17:30:54.0140 3048 dmadmin - ok
17:30:54.0171 3048 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:30:54.0187 3048 dmboot - ok
17:30:54.0203 3048 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:30:54.0203 3048 dmio - ok
17:30:54.0234 3048 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:30:54.0234 3048 dmload - ok
17:30:54.0265 3048 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:30:54.0265 3048 dmserver - ok
17:30:54.0312 3048 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:30:54.0312 3048 DMusic - ok
17:30:54.0359 3048 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:30:54.0359 3048 Dnscache - ok
17:30:54.0390 3048 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:30:54.0390 3048 Dot3svc - ok
17:30:54.0390 3048 dpti2o - ok
17:30:54.0421 3048 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:30:54.0421 3048 drmkaud - ok
17:30:54.0421 3048 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:30:54.0437 3048 EapHost - ok
17:30:54.0437 3048 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:30:54.0437 3048 ERSvc - ok
17:30:54.0484 3048 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:30:54.0500 3048 Eventlog - ok
17:30:54.0546 3048 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:30:54.0546 3048 EventSystem - ok
17:30:54.0578 3048 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:30:54.0578 3048 Fastfat - ok
17:30:54.0625 3048 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:30:54.0625 3048 FastUserSwitchingCompatibility - ok
17:30:54.0656 3048 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:30:54.0656 3048 Fdc - ok
17:30:54.0671 3048 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:30:54.0671 3048 Fips - ok
17:30:54.0687 3048 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:30:54.0687 3048 Flpydisk - ok
17:30:54.0750 3048 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:30:54.0750 3048 FltMgr - ok
17:30:54.0828 3048 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:30:54.0828 3048 FontCache3.0.0.0 - ok
17:30:54.0859 3048 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:30:54.0875 3048 Fs_Rec - ok
17:30:54.0906 3048 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:30:54.0906 3048 Ftdisk - ok
17:30:54.0953 3048 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:30:54.0953 3048 GEARAspiWDM - ok
17:30:55.0015 3048 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:30:55.0015 3048 Gpc - ok
17:30:55.0140 3048 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:30:55.0140 3048 gupdate - ok
17:30:55.0156 3048 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:30:55.0156 3048 gupdatem - ok
17:30:55.0203 3048 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:30:55.0203 3048 gusvc - ok
17:30:55.0265 3048 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:30:55.0265 3048 HDAudBus - ok
17:30:55.0328 3048 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:30:55.0328 3048 helpsvc - ok
17:30:55.0343 3048 HidServ - ok
17:30:55.0390 3048 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:30:55.0390 3048 hidusb - ok
17:30:55.0406 3048 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:30:55.0406 3048 hkmsvc - ok
17:30:55.0406 3048 hpn - ok
17:30:55.0546 3048 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:30:55.0546 3048 hpqcxs08 - ok
17:30:55.0562 3048 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:30:55.0562 3048 hpqddsvc - ok
17:30:55.0625 3048 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
17:30:55.0640 3048 HPSLPSVC - ok
17:30:55.0687 3048 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:30:55.0687 3048 HPZid412 - ok
17:30:55.0687 3048 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:30:55.0687 3048 HPZipr12 - ok
17:30:55.0718 3048 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:30:55.0718 3048 HPZius12 - ok
17:30:55.0750 3048 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:30:55.0765 3048 HTTP - ok
17:30:55.0796 3048 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:30:55.0796 3048 HTTPFilter - ok
17:30:55.0812 3048 i2omgmt - ok
17:30:55.0828 3048 i2omp - ok
17:30:55.0890 3048 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:30:55.0890 3048 i8042prt - ok
17:30:56.0000 3048 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:30:56.0015 3048 idsvc - ok
17:30:56.0031 3048 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
17:30:56.0031 3048 IFXTPM - ok
17:30:56.0078 3048 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:30:56.0078 3048 Imapi - ok
17:30:56.0093 3048 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:30:56.0093 3048 ImapiService - ok
17:30:56.0109 3048 ini910u - ok
17:30:56.0265 3048 IntcAzAudAddService (a07d4742186b3cc41b0eddecbbcec34a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:30:56.0296 3048 IntcAzAudAddService - ok
17:30:56.0343 3048 IntelIde - ok
17:30:56.0390 3048 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:30:56.0390 3048 Ip6Fw - ok
17:30:56.0453 3048 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:30:56.0453 3048 IpFilterDriver - ok
17:30:56.0484 3048 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:30:56.0484 3048 IpInIp - ok
17:30:56.0500 3048 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:30:56.0500 3048 IpNat - ok
17:30:56.0609 3048 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
17:30:56.0625 3048 iPod Service - ok
17:30:56.0640 3048 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:30:56.0640 3048 IPSec - ok
17:30:56.0671 3048 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:30:56.0671 3048 IRENUM - ok
17:30:56.0718 3048 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:30:56.0718 3048 isapnp - ok
17:30:56.0859 3048 JavaQuickStarterService (09417134f248dfceea15c72bcc87f592) C:\Program Files\Java\jre6\bin\jqs.exe
17:30:56.0859 3048 JavaQuickStarterService - ok
17:30:56.0906 3048 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:30:56.0906 3048 Kbdclass - ok
17:30:56.0921 3048 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:30:56.0921 3048 kbdhid - ok
17:30:56.0968 3048 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:30:56.0968 3048 kmixer - ok
17:30:57.0000 3048 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:30:57.0000 3048 KSecDD - ok
17:30:57.0046 3048 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:30:57.0046 3048 LanmanServer - ok
17:30:57.0093 3048 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:30:57.0109 3048 lanmanworkstation - ok
17:30:57.0265 3048 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
17:30:57.0281 3048 Lavasoft Ad-Aware Service - ok
17:30:57.0359 3048 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
17:30:57.0359 3048 Lbd - ok
17:30:57.0359 3048 lbrtfdc - ok
17:30:57.0421 3048 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:30:57.0421 3048 LmHosts - ok
17:30:57.0453 3048 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
17:30:57.0468 3048 MBAMProtector - ok
17:30:57.0562 3048 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:30:57.0562 3048 MBAMService - ok
17:30:57.0625 3048 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:30:57.0625 3048 MDM - ok
17:30:57.0656 3048 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:30:57.0656 3048 Messenger - ok
17:30:57.0687 3048 MfeRKDK (820d6aa3f7f0cfa8a1fa8f63d3f1df04) C:\WINDOWS\system32\drivers\MfeRKDK.sys
17:30:57.0687 3048 MfeRKDK - ok
17:30:57.0718 3048 mfetdik (3812e49fa67a3f604895f0d0c2e1ef90) C:\WINDOWS\system32\drivers\mfetdik.sys
17:30:57.0718 3048 mfetdik - ok
17:30:57.0765 3048 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:30:57.0781 3048 mnmdd - ok
17:30:57.0828 3048 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:30:57.0828 3048 mnmsrvc - ok
17:30:57.0875 3048 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:30:57.0875 3048 Modem - ok
17:30:57.0937 3048 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:30:57.0937 3048 Mouclass - ok
17:30:57.0968 3048 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:30:57.0968 3048 mouhid - ok
17:30:58.0015 3048 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:30:58.0015 3048 MountMgr - ok
17:30:58.0015 3048 mraid35x - ok
17:30:58.0031 3048 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:30:58.0031 3048 MRxDAV - ok
17:30:58.0093 3048 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:30:58.0093 3048 MRxSmb - ok
17:30:58.0140 3048 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:30:58.0140 3048 MSDTC - ok
17:30:58.0187 3048 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:30:58.0187 3048 Msfs - ok
17:30:58.0187 3048 MSIServer - ok
17:30:58.0234 3048 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:30:58.0234 3048 MSKSSRV - ok
17:30:58.0250 3048 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:30:58.0250 3048 MSPCLOCK - ok
17:30:58.0265 3048 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:30:58.0265 3048 MSPQM - ok
17:30:58.0296 3048 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:30:58.0296 3048 mssmbios - ok
17:30:58.0328 3048 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:30:58.0328 3048 Mup - ok
17:30:58.0375 3048 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:30:58.0375 3048 napagent - ok
17:30:58.0406 3048 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:30:58.0406 3048 NDIS - ok
17:30:58.0453 3048 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:30:58.0453 3048 NdisTapi - ok
17:30:58.0468 3048 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:30:58.0468 3048 Ndisuio - ok
17:30:58.0484 3048 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:30:58.0484 3048 NdisWan - ok
17:30:58.0515 3048 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:30:58.0515 3048 NDProxy - ok
17:30:58.0562 3048 Net Driver HPZ12 (80b7a96f908da13617e7e6832c5c6a64) C:\WINDOWS\system32\HPZinw12.dll
17:30:58.0562 3048 Net Driver HPZ12 - ok
17:30:58.0562 3048 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:30:58.0578 3048 NetBIOS - ok
17:30:58.0593 3048 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:30:58.0593 3048 NetBT - ok
17:30:58.0625 3048 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:30:58.0625 3048 NetDDE - ok
17:30:58.0640 3048 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:30:58.0640 3048 NetDDEdsdm - ok
17:30:58.0671 3048 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:30:58.0671 3048 Netlogon - ok
17:30:58.0703 3048 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:30:58.0703 3048 Netman - ok
17:30:58.0828 3048 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:30:58.0843 3048 NetTcpPortSharing - ok
17:30:58.0890 3048 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:30:58.0890 3048 Nla - ok
17:30:58.0921 3048 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
17:30:58.0921 3048 nm - ok
17:30:58.0937 3048 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:30:58.0937 3048 Npfs - ok
17:30:59.0000 3048 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:30:59.0000 3048 Ntfs - ok
17:30:59.0062 3048 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:30:59.0062 3048 NtLmSsp - ok
17:30:59.0093 3048 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:30:59.0093 3048 NtmsSvc - ok
17:30:59.0140 3048 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:30:59.0140 3048 Null - ok
17:30:59.0171 3048 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:30:59.0171 3048 NwlnkFlt - ok
17:30:59.0187 3048 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:30:59.0187 3048 NwlnkFwd - ok
17:30:59.0281 3048 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:30:59.0281 3048 ose - ok
17:30:59.0328 3048 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
17:30:59.0328 3048 Parport - ok
17:30:59.0343 3048 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:30:59.0343 3048 PartMgr - ok
17:30:59.0375 3048 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:30:59.0375 3048 ParVdm - ok
17:30:59.0390 3048 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:30:59.0390 3048 PCI - ok
17:30:59.0406 3048 PCIDump - ok
17:30:59.0421 3048 PCIIde - ok
17:30:59.0437 3048 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:30:59.0437 3048 Pcmcia - ok
17:30:59.0453 3048 PDCOMP - ok
17:30:59.0453 3048 PDFRAME - ok
17:30:59.0468 3048 PDRELI - ok
17:30:59.0484 3048 PDRFRAME - ok
17:30:59.0484 3048 perc2 - ok
17:30:59.0500 3048 perc2hib - ok
17:30:59.0546 3048 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:30:59.0562 3048 PlugPlay - ok
17:30:59.0609 3048 Pml Driver HPZ12 (0c155c5d8942b3cbcf9506a9d376b9ad) C:\WINDOWS\system32\HPZipm12.dll
17:30:59.0609 3048 Pml Driver HPZ12 - ok
17:30:59.0640 3048 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:30:59.0640 3048 PolicyAgent - ok
17:30:59.0671 3048 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:30:59.0671 3048 PptpMiniport - ok
17:30:59.0687 3048 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:30:59.0703 3048 Processor - ok
17:30:59.0703 3048 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:30:59.0703 3048 ProtectedStorage - ok
17:30:59.0718 3048 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:30:59.0718 3048 PSched - ok
17:30:59.0734 3048 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:30:59.0734 3048 Ptilink - ok
17:30:59.0750 3048 ql1080 - ok
17:30:59.0750 3048 Ql10wnt - ok
17:30:59.0765 3048 ql12160 - ok
17:30:59.0781 3048 ql1240 - ok
17:30:59.0781 3048 ql1280 - ok
17:30:59.0796 3048 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:30:59.0796 3048 RasAcd - ok
17:30:59.0843 3048 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:30:59.0859 3048 RasAuto - ok
17:30:59.0890 3048 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:30:59.0890 3048 Rasl2tp - ok
17:30:59.0937 3048 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:30:59.0937 3048 RasMan - ok
17:30:59.0968 3048 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:30:59.0968 3048 RasPppoe - ok
17:30:59.0968 3048 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:30:59.0968 3048 Raspti - ok
17:31:00.0000 3048 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:31:00.0000 3048 Rdbss - ok
17:31:00.0000 3048 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:31:00.0000 3048 RDPCDD - ok
17:31:00.0062 3048 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:31:00.0078 3048 rdpdr - ok
17:31:00.0125 3048 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:31:00.0125 3048 RDPWD - ok
17:31:00.0140 3048 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:31:00.0140 3048 RDSessMgr - ok
17:31:00.0171 3048 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:31:00.0171 3048 redbook - ok
17:31:00.0218 3048 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:31:00.0218 3048 RemoteAccess - ok
17:31:00.0250 3048 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:31:00.0250 3048 RemoteRegistry - ok
17:31:00.0265 3048 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:31:00.0265 3048 RpcLocator - ok
17:31:00.0328 3048 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
17:31:00.0328 3048 RpcSs - ok
17:31:00.0375 3048 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:31:00.0375 3048 RSVP - ok
17:31:00.0406 3048 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:31:00.0406 3048 SamSs - ok
17:31:00.0546 3048 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:31:00.0546 3048 SASDIFSV - ok
17:31:00.0546 3048 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:31:00.0546 3048 SASKUTIL - ok
17:31:00.0593 3048 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:31:00.0593 3048 SCardSvr - ok
17:31:00.0640 3048 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:31:00.0640 3048 Schedule - ok
17:31:00.0671 3048 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:31:00.0671 3048 Secdrv - ok
17:31:00.0703 3048 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:31:00.0703 3048 seclogon - ok
17:31:00.0718 3048 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:31:00.0718 3048 SENS - ok
17:31:00.0734 3048 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:31:00.0734 3048 serenum - ok
17:31:00.0750 3048 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:31:00.0750 3048 Serial - ok
17:31:00.0781 3048 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:31:00.0781 3048 Sfloppy - ok
17:31:00.0828 3048 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:31:00.0859 3048 SharedAccess - ok
17:31:00.0890 3048 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:31:00.0890 3048 ShellHWDetection - ok
17:31:00.0906 3048 Simbad - ok
17:31:00.0953 3048 Sparrow - ok
17:31:01.0000 3048 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:31:01.0000 3048 splitter - ok
17:31:01.0062 3048 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:31:01.0062 3048 Spooler - ok
17:31:01.0109 3048 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:31:01.0109 3048 sr - ok
17:31:01.0125 3048 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:31:01.0125 3048 srservice - ok
17:31:01.0187 3048 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:31:01.0187 3048 Srv - ok
17:31:01.0234 3048 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:31:01.0234 3048 SSDPSRV - ok
17:31:01.0265 3048 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:31:01.0265 3048 stisvc - ok
17:31:01.0312 3048 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:31:01.0312 3048 swenum - ok
17:31:01.0375 3048 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:31:01.0375 3048 swmidi - ok
17:31:01.0390 3048 SwPrv - ok
17:31:01.0406 3048 symc810 - ok
17:31:01.0406 3048 symc8xx - ok
17:31:01.0421 3048 sym_hi - ok
17:31:01.0437 3048 sym_u3 - ok
17:31:01.0453 3048 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:31:01.0453 3048 sysaudio - ok
17:31:01.0500 3048 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:31:01.0500 3048 SysmonLog - ok
17:31:01.0546 3048 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:31:01.0546 3048 TapiSrv - ok
17:31:01.0593 3048 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:31:01.0609 3048 Tcpip - ok
17:31:01.0656 3048 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
17:31:01.0656 3048 Tcpip6 - ok
17:31:01.0703 3048 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:31:01.0703 3048 TDPIPE - ok
17:31:01.0718 3048 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:31:01.0718 3048 TDTCP - ok
17:31:01.0750 3048 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:31:01.0750 3048 TermDD - ok
17:31:01.0781 3048 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:31:01.0781 3048 TermService - ok
17:31:01.0828 3048 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:31:01.0843 3048 Themes - ok
17:31:01.0890 3048 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
17:31:01.0890 3048 TlntSvr - ok
17:31:01.0906 3048 TosIde - ok
17:31:01.0937 3048 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:31:01.0937 3048 TrkWks - ok
17:31:01.0984 3048 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
17:31:01.0984 3048 tunmp - ok
17:31:02.0015 3048 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:31:02.0015 3048 Udfs - ok
17:31:02.0031 3048 ultra - ok
17:31:02.0078 3048 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:31:02.0093 3048 Update - ok
17:31:02.0125 3048 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:31:02.0125 3048 upnphost - ok
17:31:02.0140 3048 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:31:02.0140 3048 UPS - ok
17:31:02.0171 3048 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:31:02.0171 3048 USBAAPL - ok
17:31:02.0203 3048 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:31:02.0203 3048 usbccgp - ok
17:31:02.0234 3048 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:31:02.0234 3048 usbehci - ok
17:31:02.0250 3048 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:31:02.0250 3048 usbhub - ok
17:31:02.0265 3048 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:31:02.0265 3048 usbohci - ok
17:31:02.0296 3048 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:31:02.0296 3048 usbprint - ok
17:31:02.0312 3048 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:31:02.0312 3048 usbscan - ok
17:31:02.0359 3048 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:31:02.0359 3048 USBSTOR - ok
17:31:02.0375 3048 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:31:02.0375 3048 VgaSave - ok
17:31:02.0390 3048 ViaIde - ok
17:31:02.0406 3048 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:31:02.0406 3048 VolSnap - ok
17:31:02.0437 3048 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:31:02.0437 3048 VSS - ok
17:31:02.0468 3048 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:31:02.0468 3048 W32Time - ok
17:31:02.0500 3048 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:31:02.0500 3048 Wanarp - ok
17:31:02.0515 3048 WDICA - ok
17:31:02.0562 3048 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:31:02.0562 3048 wdmaud - ok
17:31:02.0593 3048 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:31:02.0593 3048 WebClient - ok
17:31:02.0640 3048 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:31:02.0656 3048 winmgmt - ok
17:31:02.0781 3048 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:31:02.0781 3048 wlidsvc - ok
17:31:02.0828 3048 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:31:02.0828 3048 WmdmPmSN - ok
17:31:02.0875 3048 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
17:31:02.0875 3048 Wmi - ok
17:31:02.0937 3048 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:31:02.0937 3048 WmiAcpi - ok
17:31:02.0968 3048 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:31:02.0968 3048 WmiApSrv - ok
17:31:03.0125 3048 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:31:03.0140 3048 WMPNetworkSvc - ok
17:31:03.0187 3048 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:31:03.0187 3048 WS2IFSL - ok
17:31:03.0250 3048 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:31:03.0250 3048 wscsvc - ok
17:31:03.0281 3048 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:31:03.0296 3048 wuauserv - ok
17:31:03.0359 3048 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:31:03.0359 3048 WudfPf - ok
17:31:03.0375 3048 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:31:03.0375 3048 WudfRd - ok
17:31:03.0406 3048 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:31:03.0406 3048 WudfSvc - ok
17:31:03.0437 3048 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:31:03.0453 3048 WZCSVC - ok
17:31:03.0484 3048 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:31:03.0484 3048 xmlprov - ok
17:31:03.0500 3048 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:31:03.0703 3048 \Device\Harddisk0\DR0 - ok
17:31:03.0703 3048 Boot (0x1200) (23a72dda9b081a03e4adffa5398a79a8) \Device\Harddisk0\DR0\Partition0
17:31:03.0703 3048 \Device\Harddisk0\DR0\Partition0 - ok
17:31:03.0703 3048 ============================================================
17:31:03.0703 3048 Scan finished
17:31:03.0703 3048 ============================================================
17:31:03.0718 2948 Detected object count: 0
17:31:03.0718 2948 Actual detected object count: 0

I downloaded and ran aswMBR.exe, but it did not ask me to download extra definitions, what do I do?

go ahead and run it


gringo

Here is the results:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-03 10:29:16
-----------------------------
10:29:16.218 OS Version: Windows 5.1.2600 Service Pack 3
10:29:16.218 Number of processors: 1 586 0x603
10:29:16.218 ComputerName: K12-49BEB9EB7B1 UserName: Parent
10:29:16.640 Initialize success
10:29:16.703 AVAST engine defs: 12040300
10:29:25.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\ahcix861Port0Path0Target0Lun0
10:29:25.359 Disk 0 Vendor: SAMSUNG_ 1AC0 Size: 152627MB BusType: 1
10:29:25.375 Disk 0 MBR read successfully
10:29:25.375 Disk 0 MBR scan
10:29:25.375 Disk 0 Windows XP default MBR code
10:29:25.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
10:29:25.390 Disk 0 scanning sectors +312576705
10:29:25.421 Disk 0 scanning C:\WINDOWS\system32\drivers
10:29:30.671 Service scanning
10:29:41.796 Modules scanning
10:29:46.234 Disk 0 trace - called modules:
10:29:46.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll ahcix86.sys
10:29:46.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89c15708]
10:29:46.734 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Scsi\ahcix861Port0Path0Target0Lun0[0x89c2b030]
10:29:47.125 AVAST engine scan C:\WINDOWS
10:29:56.828 AVAST engine scan C:\WINDOWS\system32
10:31:14.031 AVAST engine scan C:\WINDOWS\system32\drivers
10:31:22.171 AVAST engine scan C:\Documents and Settings\Parent
10:34:03.453 AVAST engine scan C:\Documents and Settings\All Users
10:35:00.656 Scan finished successfully
10:38:24.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Parent\Desktop\MBR.dat"
10:38:24.656 The log file has been saved successfully to "C:\Documents and Settings\Parent\Desktop\aswMBR.txt"

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
  
• report from Combofix
• let me know of any problems you may have had
• How is the computer doing now after running the script?

Gringo

ComboFix 12-04-01.03 - Parent 04/04/2012 14:19:35.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.1110 [GMT -7:00]
Running from: c:\documents and settings\Parent\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Parent\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-03-31 02:21 . 2009-07-23 08:13 306 ----a-w- c:\windows\myClean.bat
2012-03-31 01:58 . 2012-03-31 01:58 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-31 01:58 . 2012-03-31 01:58 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-31 00:47 . 2012-03-31 00:47 -------- d-----w- c:\documents and settings\Parent\Application Data\SUPERAntiSpyware.com
2012-03-31 00:45 . 2012-03-31 00:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-31 00:45 . 2012-03-31 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-26 20:57 . 2012-03-26 20:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-26 05:27 . 2012-03-31 03:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-26 05:27 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-23 16:49 . 2012-03-12 07:01 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-03-22 16:26 . 2012-04-02 17:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-22 16:26 . 2012-04-02 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-03-21 03:43 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-21 03:43 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-21 03:43 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-21 03:43 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-21 03:43 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-21 03:43 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-21 03:43 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-21 03:43 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-21 03:42 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-21 03:42 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-21 03:41 . 2012-03-21 03:41 -------- d-----w- c:\program files\AVAST Software
2012-03-21 03:41 . 2012-03-21 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-03-12 07:01 . 2012-03-12 07:01 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-12 05:57 . 2012-03-12 05:57 -------- d-----w- c:\program files\Lavasoft
2012-03-12 05:57 . 2012-03-12 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-03-12 05:56 . 2012-03-12 05:56 -------- d-----w- c:\documents and settings\Parent\Local Settings\Application Data\adaware
2012-03-12 05:56 . 2012-03-26 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-03-12 05:56 . 2012-03-12 05:56 -------- d-----w- c:\program files\Toolbar Cleaner
2012-03-12 05:56 . 2012-03-26 22:33 -------- d-----w- c:\documents and settings\Parent\Application Data\adawaretb
2012-03-12 05:56 . 2012-03-12 05:56 -------- d-----w- c:\program files\adawaretb
2012-03-12 05:56 . 2011-12-23 14:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-03-11 07:48 . 2012-03-11 07:48 -------- d-----w- c:\documents and settings\Parent\Application Data\Malwarebytes
2012-03-11 07:48 . 2012-03-11 07:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-25 20:04 . 2002-12-31 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
2012-02-05 07:01 . 2010-09-20 12:51 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-02-05 07:01 . 2010-09-20 12:51 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-02-03 09:22 . 2002-12-31 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 03:45 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2010-06-18 22:42 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-31 01:58 . 2011-03-30 21:59 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\sp3qfe\usp10.dll
[-] 2007-05-24 . 456FB859236C9074ACF6C3B6243D8B46 . 502784 . . [1.0626.6000.16386] . . c:\windows\system32\usp10.dll
[-] 2007-05-24 . 456FB859236C9074ACF6C3B6243D8B46 . 502784 . . [1.0626.6000.16386] . . c:\windows\system32\dllcache\usp10.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-04-02_22.17.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-04 21:25 . 2012-04-04 21:25 16384 c:\windows\Temp\Perflib_Perfdata_598.dat
+ 2002-12-31 12:00 . 2012-04-02 22:20 80912 c:\windows\system32\perfc009.dat
- 2002-12-31 12:00 . 2012-04-02 22:08 80912 c:\windows\system32\perfc009.dat
+ 2002-12-31 12:00 . 2012-04-02 22:20 464272 c:\windows\system32\perfh009.dat
- 2002-12-31 12:00 . 2012-04-02 22:08 464272 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-12-21 15:44 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-12-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-10 19523616]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-19 54576]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-02-05 296056]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-11-14 197288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-12-13 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Documents and Settings\\Parent\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\adawaretb\\dtUser.exe"=
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [6/18/2010 12:10 PM 184888]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/11/2012 10:56 PM 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/20/2012 8:43 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/20/2012 8:43 PM 337880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 4:38 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/20/2012 8:43 PM 20696]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/25/2012 10:27 PM 652360]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [12/31/2002 5:00 AM 44800]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/25/2012 10:27 PM 20464]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2012 12:01 AM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/23/2011 7:12 AM 2152152]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2/3/2011 7:59 PM 401920]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2012 12:01 AM 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 07:01]
.
2012-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-05 07:01]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-05 07:01]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2143260530-359561344-2389969595-1003Core.job
- c:\documents and settings\Parent\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-03 04:46]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2143260530-359561344-2389969595-1003UA.job
- c:\documents and settings\Parent\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-03 04:46]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2143260530-359561344-2389969595-1008Core.job
- c:\documents and settings\Jeremy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-10 00:02]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2143260530-359561344-2389969595-1008UA.job
- c:\documents and settings\Jeremy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-10 00:02]
.
2012-04-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2143260530-359561344-2389969595-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-30 00:02]
.
2012-04-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2143260530-359561344-2389969595-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-30 00:02]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.k12.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F77A80F6-4808-407A-9736-F90DFED35A7D}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Parent\Application Data\Mozilla\Firefox\Profiles\9883t0w8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://irtr.startnow.com/s/?src=addrbar&provider=bing&provider_name=bing&provider_code=Z101&partner_id=313&product_id=733&affiliate_id=&channel=SNKIO2_PR&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110727&user_guid=610D7A6AB99E46BDAEC34D4D881B4E71&machine_id=f8267bd92dcef49aaf1b07b9f9ed1fcb&browser=FF&os=win&os_version=5.1-x86-SP3&q=
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-04 14:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(944)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3708)
c:\windows\system32\WININET.dll
c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-04-04 14:31:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 21:31
ComboFix2.txt 2012-04-02 22:21
.
Pre-Run: 129,622,044,672 bytes free
Post-Run: 129,639,088,128 bytes free
.
- - End Of File - - C2658C000A3D7512D909D979947BEB84


The computer seems to be loading faster. I searched the computer and the only problem is that this computer won't load when I try to go in Safe Mode With Networking.

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.4.6
Java™ 6 Update 16
[/list]

• Please download and install Revo Uninstaller Free
• Double click Revo Uninstaller to run it.
• From the list of programs double click on The Program to remove
• When prompted if you want to uninstall click Yes.
• Be sure the Moderate option is selected then click Next.
• The program will run, If prompted again click Yes
• when the built-in uninstaller is finished click on Next.
• Once the program has searched for leftovers click Next.
• Check/tick the bolded items only on the list then click Delete
• when prompted click on Yes and then on next.
• put a check on any folders that are found and select delete
• when prompted select yes then on next
• Once done click Finish.

.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

• click on the Free Java Download Button
• click on Agree and start Free download
• click on Run
• click on run again
• click on install
• when install is complete click on close

Clean Out Temp Files

• This small application you may want to keep and use once a week to keep the computer clean.
  
  Download CCleaner from here http://www.ccleaner.com/
  
  
• Run the installer to install the application.
• When it gives you the option to install Yahoo toolbar uncheck the box next to it.
• Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
• Click Run Cleaner.
• Close CCleaner.

: Malwarebytes' Anti-Malware :

• I would like you to rerun MBAM
  
• Double-click mbam icon
• go to the update tab at the top
• click on check for updates
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
• If you accidentally close it, the log file is saved here and will be named like this:
• C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

• Go Here to download HijackThis Installer
• Save HijackThis Installer to your desktop.
• Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed it will launch Hijackthis.
• Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
• Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

• In your next post I need the following
  
  
• Log From MBAM
• report from Hijackthis
• let me know of any problems you may have had
• How is the computer doing now?

Gringo

I just discovered one problem with the computer. A blue screen popped up when I opened Internet explorer and it restarted the computer before I could read what it said, but seems to be working fine after the restart.

Anyways here are the scan results to mbam:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.05.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Parent :: K12-49BEB9EB7B1 [administrator]

Protection: Enabled

4/5/2012 9:54:45 AM
mbam-log-2012-04-05 (09-54-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207533
Time elapsed: 4 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Results to hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:27:22 AM, on 4/5/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17108)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.k12.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.k12.com
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F77A80F6-4808-407A-9736-F90DFED35A7D}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 10346 bytes