Google Redirect Virus (Scour.com)

Hi. I really need some help please! I have had a Google redirect virus for a couple of weeks now and nothing I do gets rid of it. Bits & pieces get removed, but the redirect keeps coming back. It used to redirect to random different sites, but now it seems to be focused only on Scour.com (so far). Here is what I have ran:

FixTDSS
HiJack This
Hitman Pro
Malwarebytes
rkill
Spybot Search & Destroy
Super Antispyware
TDSSKiller
AVS

I am running Windows XP Home, Service Pack 3 (automatic windows updates)
Firefox 12.0

Some find nothing, some find things and claim to cure it, but it just won't stay permanently gone! Please help!

Thanks,
Tracy

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

• Please download DeFogger to your desktop.
  
  Double click DeFogger to run the tool.
  
• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.


Security Check

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Download DDS:

• Please download DDS by sUBs from one of the links below and save it to your desktop:
  
  
  Download DDS and save it to your desktop
  
  Link1
  Link2
  Link3
  
  Please disable any anti-malware program that will block scripts from running before running DDS.
  
  
  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    
  • DDS.txt
  • Attach.txt
• A window will open instructing you save & post the logs
• Save the logs to a convenient place such as your desktop
• Copy the contents of both logs & post in your next reply

information and logs:

• In your next post I need the following
  
  
• .logs from DDS
• let me know of any problems you may have had

Gringo

Hi. Thank you so much for taking out your time to help me!

Here is the checkup log:

Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java™ 6 Update 22
Java™ 7 Update 2
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (Plugin.)
Mozilla Thunderbird 10.0. Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````


Here are the DDS Logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.0
Run by Owner at 0:31:06 on 2012-06-16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.158 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [LTMSG] LTMSG.exe 7
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
Trusted Zone: dell.com\ausctrxw03.aus.amer
Trusted Zone: dell.com\outside.us
Trusted Zone: dell.com \outside.us
Trusted Zone: e-rewards.com\www
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 208.180.42.100 208.180.42.68
TCP: Interfaces\{065F4A53-AEDB-4DD1-A520-26F19F19F873} : DhcpNameServer = 192.168.2.1 208.180.42.100 208.180.42.68
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\vlhpdys9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login?.src=my&.intl=us&.partner=sbc&.done=http%3A%2F%2Fatt.my.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\firefox activex plugin\npffax.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/30/2006 12:04:30 AM
System Uptime: 6/15/2012 11:39:17 AM (13 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | Gamila/Giovani/Neon series
Processor: Intel® Celeron® CPU 2.50GHz | Socket 478 | 2500/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 31 GiB total, 5.706 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 2.377 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (FAT32) - 298 GiB total, 99.95 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Communications Port
Device ID: ACPI\PNP0501\1
Manufacturer: (Standard port types)
Name: Communications Port (COM1)
PNP Device ID: ACPI\PNP0501\1
Service: Serial
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
Action Replay Code Manager
Action Replay DSi Code Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Album Starter Edition
Adobe Reader 9.5.0
Apple Application Support
Apple Software Update
aTube Catcher
AviSynth 2.5
Bandisoft MPEG-1 Decoder
BitTorrent
Bonjour
Brother MFL-Pro Suite
calibre
Canon Digital Camera USB WIA Driver
Canon Utilities ZoomBrowser EX
CCleaner
Compaq Connections
Compaq Instant Support
Coupon Printer for Windows
DAZzle
Defraggler
Easy Graphic Converter 1.2
Express Scribe
ffdshow [rev 2583] [2009-01-05]
Firefox ActiveX Plugin r37
FLAC Installer 1.1.1a (remove only)
FM Screen Capture Codec (Remove Only)
Free Mp3 Wma Converter V 1.9
Free Video Converter V 3.1
FreeUndelete 2.0.34689.1
Freez FLV to AVI/MPEG/WMV Converter
Frost Digital Deposits Add-on
Google Update Helper
GTK+ Runtime 2.14.7 rev a (remove only)
Haali Media Splitter
HitmanPro 3.6
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HP Update
HpSdpAppCoreApp
Indeo® Software
Intel® Extreme Graphics Driver
iTunes
Java Auto Updater
Java™ 6 Update 22
Java™ 7 Update 2
KBD
Macromedia Shockwave Player
MAGIX Ringtone Maker 3 silver 3.1.0.3 (US)
Malwarebytes Anti-Malware version 1.61.0.1400
Memories Disc Creator 2.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 5.1
Microsoft IntelliType Pro 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Premium
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WinUsb 1.0
Microsoft WinUsb 2.0
Microsoft Works 7.0
mkv2vob
MKVtoolnix 4.2.0
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 10.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MySpaceIM
Next Video Converter 2.3.1
NVIDIA GART Driver
PaperPort
PC-Doctor for Windows
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2004
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RecordNow!
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Sonic Update Manager
Spybot - Search & Destroy
StreamTransport version: 1.0.2.2171
SUPERAntiSpyware
Total Recorder 8.2
Trellian WebPage
Typing Instructor for Kids 3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2718704)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
Wal-Mart Music Downloads Store
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.2.2 final uninstall
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/15/2012 5:13:21 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
6/14/2012 1:54:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL
6/14/2012 1:53:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/13/2012 12:07:04 PM, error: Service Control Manager [7023] - The Smartlinkservice service terminated with the following error: The specified module could not be found.
6/13/2012 12:07:04 PM, error: Service Control Manager [7023] - The Ovepstatusengine service terminated with the following error: The specified module could not be found.
6/13/2012 12:07:04 PM, error: Service Control Manager [7023] - The DivisCTP service terminated with the following error: The specified module could not be found.
6/13/2012 12:07:04 PM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
6/13/2012 12:07:04 PM, error: Service Control Manager [7000] - The nVidia WDM Video Capture (universal) service failed to start due to the following error: The system cannot find the file specified.
6/13/2012 12:07:04 PM, error: Service Control Manager [7000] - The nVidia WDM A/V Crossbar service failed to start due to the following error: The system cannot find the file specified.
6/13/2012 12:07:04 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
6/13/2012 12:07:04 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the path specified.
6/12/2012 11:56:48 AM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
.
==== End Of File ===========================

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
• let me know of any problems you may have had
  
• How is the computer doing now?

Ran Combofix and included the log below. I tested out some random Google searches and out of about 12, one of them still directed me to scour.com (http://click.scour.com/ads-clicktrack/click/jump1.do?sid=ed5JB7rxEuL314ZBRLfY5cmTpxv6T71d%2F6Mgl6PcCe4%3D&affiliate=46938&subid=A17500&rc=0&terms=hairspray%20shampoo). The page was blank, but it didn't take me to the intended page (which was answers.yahoo.com).

Here is the log:

ComboFix 12-06-15.06 - Owner 06/16/2012 0:59.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.276 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\avisynth.dll
c:\windows\system32\devil.dll
c:\windows\unicows.1
.
c:\windows\system32\drivers\Serial.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\serial.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-05-16 to 2012-06-16 )))))))))))))))))))))))))))))))
.
.
2012-06-16 06:18 . 2008-04-13 19:15 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys
2012-06-16 06:18 . 2008-04-13 19:15 64512 ----a-w- c:\windows\system32\drivers\Serial.sys
2012-06-14 18:48 . 2012-06-14 18:48 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-14 18:28 . 2012-06-14 18:28 -------- d-----w- c:\program files\HitmanPro
2012-06-14 18:27 . 2012-06-14 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-06-13 02:49 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-12 02:28 . 2012-06-12 02:28 -------- d-----w- c:\program files\AVG
2012-06-12 02:12 . 2012-06-12 02:12 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-06-12 02:12 . 2012-06-13 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-06-09 22:28 . 2012-06-09 22:28 -------- d-----w- C:\videooutput
2012-06-09 22:28 . 2009-06-04 18:17 8676883 ----a-w- c:\windows\system32\NCMedia2.dll
2012-06-09 22:28 . 2012-06-09 22:28 -------- d-----w- c:\program files\Smallvideosoft
2012-06-09 22:28 . 2012-06-09 22:28 -------- d-----w- c:\program files\Digiarty
2012-06-09 20:36 . 2012-06-09 20:36 -------- d-----w- c:\documents and settings\Owner\Application Data\AnvSoft
2012-05-25 04:25 . 2012-05-25 04:25 -------- d-----w- c:\program files\StreamTransport
2012-05-25 03:20 . 2012-05-25 03:21 -------- d-----w- c:\documents and settings\Owner\Application Data\FreeVideoConverter
2012-05-25 03:20 . 2012-05-25 03:20 -------- d-----w- c:\program files\Free Video Converter
2012-05-24 23:30 . 2009-10-28 00:31 3982240 ----a-w- c:\windows\system32\Flash10d.ocx
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2002-09-24 05:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2005-10-21 18:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2003-10-11 10:06 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2003-11-17 11:46 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2003-11-17 11:45 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-01-31 23:51 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2003-11-17 11:46 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2002-08-29 08:04 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2003-11-17 11:21 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-17 15:20 . 2012-01-17 17:03 768848 ----a-w- c:\windows\system32msvcr100.dll
2012-04-04 20:56 . 2011-06-02 00:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-14 21:22 . 2011-12-23 09:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-03-19 212992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
backup=c:\windows\pss\ymetray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 16:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-04 04:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 19:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-11-02 13:59 126976 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 23:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 06:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
2003-08-19 09:56 852038 ----a-w- c:\windows\system32\nview.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-15 07:27 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SBAMSvc"=2 (0x2)
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=2 (0x2)
"ZuneBusEnum"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Trellian\\Trellian WebPage\\WebPage.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56783:TCP"= 56783:TCP:Pando Media Booster
"56783:UDP"= 56783:UDP:Pando Media Booster
"8517:TCP"= 8517:TCP:uryimxz
"4704:TCP"= 4704:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [11/6/2009 12:30 AM 266240]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [11/17/2010 2:28 PM 91216]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 mrtRate;mrtRate; [x]
S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [3/7/2011 2:33 PM 29184]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [3/7/2011 5:34 PM 29184]
S3 DSSUSBF;DSSUSBF Device;c:\windows\system32\DRIVERS\DSSUSBF.sys --> c:\windows\system32\DRIVERS\DSSUSBF.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/14/2012 4:23 PM 129976]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [5/15/2012 1:05 PM 101112]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
aawservice
vaiomediaplatform-mobile-gateway
tossmbnt
XBCD
ctdvda2k
npkcusb
RR2IOMod
rxodn
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-898258525-1626216969-4265081522-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 18:40]
.
2012-06-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-898258525-1626216969-4265081522-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 18:40]
.
2011-12-17 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files\NCH Software\Scribe\scribe.exe [2011-11-23 18:38]
.
2012-06-16 c:\windows\Tasks\User_Feed_Synchronization-{DA2A0176-969B-4F71-8BF6-C869CA7340FF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: dell.com\ausctrxw03.aus.amer
Trusted Zone: dell.com\outside.us
Trusted Zone: dell.com \outside.us
Trusted Zone: e-rewards.com\www
TCP: DhcpNameServer = 192.168.2.1 208.180.42.100 208.180.42.68
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vlhpdys9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login?.src=my&.intl=us&.partner=sbc&.done=http%3A%2F%2Fatt.my.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Google Update - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
AddRemove-HaaliMkx - c:\program files\Haali\MatroskaSplitter\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-16 01:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(528)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1940)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\LTMSG.exe
.
**************************************************************************
.
Completion time: 2012-06-16 01:32:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-16 06:32
.
Pre-Run: 8,011,694,080 bytes free
Post-Run: 8,001,081,344 bytes free
.
- - End Of File - - 06F94B6BCEABD56F395ED64458A6793C

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
• it will ask to download extra definitions - ALLOW IT
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

02:49:43.0390 0196 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
02:49:43.0875 0196 ============================================================
02:49:43.0875 0196 Current date / time: 2012/06/16 02:49:43.0875
02:49:43.0875 0196 SystemInfo:
02:49:43.0875 0196
02:49:43.0875 0196 OS Version: 5.1.2600 ServicePack: 3.0
02:49:43.0875 0196 Product type: Workstation
02:49:43.0875 0196 ComputerName: DESKTOP
02:49:43.0875 0196 UserName: Owner
02:49:43.0875 0196 Windows directory: C:\WINDOWS
02:49:43.0875 0196 System windows directory: C:\WINDOWS
02:49:43.0890 0196 Processor architecture: Intel x86
02:49:43.0890 0196 Number of processors: 1
02:49:43.0890 0196 Page size: 0x1000
02:49:43.0890 0196 Boot type: Normal boot
02:49:43.0890 0196 ============================================================
02:49:48.0562 0196 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
02:49:48.0656 0196 ============================================================
02:49:48.0656 0196 \Device\Harddisk0\DR0:
02:49:48.0656 0196 MBR partitions:
02:49:48.0656 0196 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xD39011
02:49:48.0656 0196 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xD39050, BlocksNum 0x3D4C2B0
02:49:48.0656 0196 ============================================================
02:49:48.0703 0196 C: <-> \Device\Harddisk0\DR0\Partition1
02:49:48.0703 0196 D: <-> \Device\Harddisk0\DR0\Partition0
02:49:48.0734 0196 ============================================================
02:49:48.0734 0196 Initialize success
02:49:48.0734 0196 ============================================================
02:49:59.0015 1896 ============================================================
02:49:59.0015 1896 Scan started
02:49:59.0015 1896 Mode: Manual;
02:49:59.0015 1896 ============================================================
02:49:59.0515 1896 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
02:49:59.0515 1896 !SASCORE - ok
02:49:59.0781 1896 aawservice - ok
02:49:59.0843 1896 Abiosdsk - ok
02:49:59.0890 1896 abp480n5 - ok
02:49:59.0968 1896 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:49:59.0968 1896 ACPI - ok
02:50:00.0078 1896 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
02:50:00.0078 1896 ACPIEC - ok
02:50:00.0140 1896 ActionReplayDS (f35b5d0cc142b87e687fc504baa69d82) C:\WINDOWS\system32\Drivers\ActionReplayDS.sys
02:50:00.0140 1896 ActionReplayDS - ok
02:50:00.0171 1896 adpu160m - ok
02:50:00.0265 1896 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
02:50:00.0265 1896 aec - ok
02:50:00.0359 1896 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
02:50:00.0359 1896 AFD - ok
02:50:00.0390 1896 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
02:50:00.0390 1896 AFS2K - ok
02:50:00.0468 1896 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
02:50:00.0468 1896 agp440 - ok
02:50:00.0500 1896 Aha154x - ok
02:50:00.0546 1896 aic78u2 - ok
02:50:00.0578 1896 aic78xx - ok
02:50:00.0984 1896 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
02:50:01.0093 1896 ALCXWDM - ok
02:50:01.0312 1896 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
02:50:01.0328 1896 Alerter - ok
02:50:01.0359 1896 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
02:50:01.0375 1896 ALG - ok
02:50:01.0484 1896 AliIde - ok
02:50:01.0578 1896 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
02:50:01.0578 1896 AmdK7 - ok
02:50:01.0609 1896 amsint - ok
02:50:01.0656 1896 AppMgmt - ok
02:50:01.0687 1896 asc - ok
02:50:01.0718 1896 asc3350p - ok
02:50:01.0734 1896 asc3550 - ok
02:50:01.0921 1896 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:50:01.0984 1896 aspnet_state - ok
02:50:02.0046 1896 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:50:02.0046 1896 AsyncMac - ok
02:50:02.0093 1896 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:50:02.0109 1896 atapi - ok
02:50:02.0125 1896 Atdisk - ok
02:50:02.0203 1896 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:50:02.0218 1896 Atmarpc - ok
02:50:02.0281 1896 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
02:50:02.0281 1896 AudioSrv - ok
02:50:02.0359 1896 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:50:02.0359 1896 audstub - ok
02:50:02.0437 1896 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
02:50:02.0437 1896 Beep - ok
02:50:02.0562 1896 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
02:50:02.0593 1896 BITS - ok
02:50:02.0828 1896 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
02:50:02.0843 1896 Bonjour Service - ok
02:50:02.0921 1896 BRGSp50 (ee0f41fa0466189a2c8b9caf7d1cddd5) C:\WINDOWS\system32\Drivers\BRGSp50.sys
02:50:02.0921 1896 BRGSp50 - ok
02:50:03.0000 1896 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
02:50:03.0000 1896 Browser - ok
02:50:03.0062 1896 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
02:50:03.0062 1896 BrScnUsb - ok
02:50:03.0125 1896 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys
02:50:03.0125 1896 BrSerIf - ok
02:50:03.0156 1896 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
02:50:03.0156 1896 BrUsbSer - ok
02:50:03.0187 1896 catchme - ok
02:50:03.0250 1896 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:50:03.0265 1896 cbidf2k - ok
02:50:03.0312 1896 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:50:03.0328 1896 CCDECODE - ok
02:50:03.0343 1896 cd20xrnt - ok
02:50:03.0406 1896 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:50:03.0406 1896 Cdaudio - ok
02:50:03.0468 1896 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
02:50:03.0468 1896 Cdfs - ok
02:50:03.0531 1896 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:50:03.0531 1896 Cdrom - ok
02:50:03.0546 1896 Changer - ok
02:50:03.0625 1896 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
02:50:03.0625 1896 CiSvc - ok
02:50:03.0656 1896 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
02:50:03.0656 1896 ClipSrv - ok
02:50:03.0812 1896 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:50:03.0906 1896 clr_optimization_v2.0.50727_32 - ok
02:50:03.0937 1896 CmdIde - ok
02:50:03.0953 1896 COMSysApp - ok
02:50:04.0000 1896 Cpqarray - ok
02:50:04.0062 1896 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
02:50:04.0078 1896 CryptSvc - ok
02:50:04.0093 1896 CrystalSysInfo - ok
02:50:04.0187 1896 CSHelper (aefb8558199bd5212b268b09bfa1d71a) C:\WINDOWS\system32\CSHelper.exe
02:50:04.0203 1896 CSHelper - ok
02:50:04.0218 1896 dac2w2k - ok
02:50:04.0250 1896 dac960nt - ok
02:50:04.0281 1896 DCamUSBEMPIA - ok
02:50:04.0375 1896 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
02:50:04.0390 1896 DcomLaunch - ok
02:50:04.0468 1896 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
02:50:04.0484 1896 Dhcp - ok
02:50:04.0546 1896 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
02:50:04.0546 1896 Disk - ok
02:50:04.0625 1896 DM1Service - ok
02:50:04.0656 1896 dmadmin - ok
02:50:04.0828 1896 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
02:50:04.0890 1896 dmboot - ok
02:50:04.0968 1896 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
02:50:04.0984 1896 dmio - ok
02:50:05.0046 1896 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:50:05.0046 1896 dmload - ok
02:50:05.0109 1896 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
02:50:05.0109 1896 dmserver - ok
02:50:05.0156 1896 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
02:50:05.0156 1896 DMusic - ok
02:50:05.0218 1896 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
02:50:05.0234 1896 Dnscache - ok
02:50:05.0312 1896 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
02:50:05.0312 1896 Dot3svc - ok
02:50:05.0328 1896 dpti2o - ok
02:50:05.0390 1896 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
02:50:05.0390 1896 drmkaud - ok
02:50:05.0453 1896 dsiarhwprog (f35b5d0cc142b87e687fc504baa69d82) C:\WINDOWS\system32\Drivers\dsiarhwprog.sys
02:50:05.0453 1896 dsiarhwprog - ok
02:50:05.0468 1896 DSSUSBF - ok
02:50:05.0515 1896 EagleNT - ok
02:50:05.0562 1896 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
02:50:05.0562 1896 EapHost - ok
02:50:05.0640 1896 emAudio (200da4f1964c11b3c19a07f937394624) C:\WINDOWS\system32\drivers\emAudio.sys
02:50:05.0640 1896 emAudio - ok
02:50:05.0718 1896 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
02:50:05.0718 1896 ERSvc - ok
02:50:05.0796 1896 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
02:50:05.0796 1896 Eventlog - ok
02:50:05.0906 1896 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
02:50:05.0921 1896 EventSystem - ok
02:50:06.0015 1896 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
02:50:06.0015 1896 Fastfat - ok
02:50:06.0093 1896 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
02:50:06.0109 1896 FastUserSwitchingCompatibility - ok
02:50:06.0203 1896 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
02:50:06.0234 1896 Fax - ok
02:50:06.0296 1896 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
02:50:06.0312 1896 Fdc - ok
02:50:06.0312 1896 FiltUSBEMPIA - ok
02:50:06.0375 1896 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
02:50:06.0390 1896 Fips - ok
02:50:06.0437 1896 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
02:50:06.0453 1896 Flpydisk - ok
02:50:06.0515 1896 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
02:50:06.0515 1896 FltMgr - ok
02:50:06.0687 1896 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:50:06.0687 1896 FontCache3.0.0.0 - ok
02:50:06.0750 1896 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:50:06.0765 1896 Fs_Rec - ok
02:50:06.0796 1896 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:50:06.0812 1896 Ftdisk - ok
02:50:06.0906 1896 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
02:50:06.0906 1896 GEARAspiWDM - ok
02:50:06.0953 1896 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:50:07.0031 1896 Gpc - ok
02:50:07.0093 1896 gupdate - ok
02:50:07.0218 1896 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:50:07.0218 1896 helpsvc - ok
02:50:07.0281 1896 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
02:50:07.0281 1896 HidServ - ok
02:50:07.0375 1896 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:50:07.0375 1896 HidUsb - ok
02:50:07.0453 1896 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
02:50:07.0453 1896 hkmsvc - ok
02:50:07.0484 1896 hpn - ok
02:50:07.0531 1896 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
02:50:07.0546 1896 HPZid412 - ok
02:50:07.0609 1896 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
02:50:07.0609 1896 HPZipr12 - ok
02:50:07.0671 1896 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
02:50:07.0671 1896 HPZius12 - ok
02:50:07.0765 1896 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
02:50:07.0765 1896 HTTP - ok
02:50:07.0843 1896 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
02:50:07.0859 1896 HTTPFilter - ok
02:50:07.0875 1896 i2omgmt - ok
02:50:07.0906 1896 i2omp - ok
02:50:07.0984 1896 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:50:07.0984 1896 i8042prt - ok
02:50:08.0125 1896 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
02:50:08.0171 1896 ialm - ok
02:50:08.0359 1896 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:50:08.0359 1896 IDriverT - ok
02:50:08.0578 1896 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:50:08.0625 1896 idsvc - ok
02:50:08.0812 1896 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:50:08.0812 1896 Imapi - ok
02:50:08.0906 1896 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
02:50:08.0906 1896 ImapiService - ok
02:50:08.0937 1896 ini910u - ok
02:50:09.0000 1896 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
02:50:09.0000 1896 IntelIde - ok
02:50:09.0062 1896 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:50:09.0062 1896 intelppm - ok
02:50:09.0125 1896 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
02:50:09.0125 1896 ip6fw - ok
02:50:09.0187 1896 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:50:09.0187 1896 IpFilterDriver - ok
02:50:09.0265 1896 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:50:09.0265 1896 IpInIp - ok
02:50:09.0343 1896 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:50:09.0343 1896 IpNat - ok
02:50:09.0531 1896 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe
02:50:09.0578 1896 iPod Service - ok
02:50:09.0671 1896 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:50:09.0671 1896 IPSec - ok
02:50:09.0703 1896 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:50:09.0718 1896 IRENUM - ok
02:50:09.0781 1896 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:50:09.0781 1896 isapnp - ok
02:50:09.0906 1896 JavaQuickStarterService (973db7ac74c554c546f8b0b7b98fb855) C:\Program Files\Java\jre7\bin\jqs.exe
02:50:09.0937 1896 JavaQuickStarterService - ok
02:50:10.0031 1896 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:50:10.0031 1896 Kbdclass - ok
02:50:10.0078 1896 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:50:10.0078 1896 kbdhid - ok
02:50:10.0156 1896 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
02:50:10.0171 1896 kmixer - ok
02:50:10.0234 1896 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
02:50:10.0250 1896 KSecDD - ok
02:50:10.0328 1896 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
02:50:10.0328 1896 lanmanserver - ok
02:50:10.0390 1896 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
02:50:10.0406 1896 lanmanworkstation - ok
02:50:10.0437 1896 lbrtfdc - ok
02:50:10.0515 1896 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
02:50:10.0515 1896 LmHosts - ok
02:50:10.0640 1896 ltmodem5 (829ef680a308c12e2a80e5e0da0d958d) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
02:50:10.0671 1896 ltmodem5 - ok
02:50:10.0734 1896 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
02:50:10.0750 1896 MarvinBus - ok
02:50:10.0781 1896 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
02:50:10.0796 1896 Messenger - ok
02:50:10.0859 1896 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:50:10.0859 1896 mnmdd - ok
02:50:10.0953 1896 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
02:50:10.0953 1896 mnmsrvc - ok
02:50:11.0015 1896 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
02:50:11.0015 1896 Modem - ok
02:50:11.0093 1896 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:50:11.0093 1896 Mouclass - ok
02:50:11.0171 1896 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:50:11.0171 1896 mouhid - ok
02:50:11.0250 1896 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
02:50:11.0250 1896 MountMgr - ok
02:50:11.0359 1896 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
02:50:11.0359 1896 MozillaMaintenance - ok
02:50:11.0406 1896 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
02:50:11.0406 1896 MPE - ok
02:50:11.0437 1896 mraid35x - ok
02:50:11.0468 1896 mrtRate - ok
02:50:11.0515 1896 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:50:11.0515 1896 MRxDAV - ok
02:50:11.0625 1896 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:50:11.0640 1896 MRxSmb - ok
02:50:11.0703 1896 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
02:50:11.0703 1896 MSDTC - ok
02:50:11.0781 1896 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
02:50:11.0796 1896 Msfs - ok
02:50:11.0812 1896 MSIServer - ok
02:50:11.0859 1896 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:50:11.0859 1896 MSKSSRV - ok
02:50:11.0921 1896 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:50:11.0921 1896 MSPCLOCK - ok
02:50:11.0937 1896 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
02:50:11.0953 1896 MSPQM - ok
02:50:12.0015 1896 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:50:12.0015 1896 mssmbios - ok
02:50:12.0031 1896 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
02:50:12.0031 1896 MSTEE - ok
02:50:12.0078 1896 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
02:50:12.0078 1896 Mup - ok
02:50:12.0093 1896 MxlW2k - ok
02:50:12.0156 1896 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:50:12.0156 1896 NABTSFEC - ok
02:50:12.0265 1896 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
02:50:12.0281 1896 napagent - ok
02:50:12.0343 1896 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
02:50:12.0343 1896 NDIS - ok
02:50:12.0375 1896 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:50:12.0375 1896 NdisIP - ok
02:50:12.0437 1896 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:50:12.0453 1896 NdisTapi - ok
02:50:12.0515 1896 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:50:12.0515 1896 Ndisuio - ok
02:50:12.0546 1896 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:50:12.0546 1896 NdisWan - ok
02:50:12.0625 1896 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
02:50:12.0625 1896 NDProxy - ok
02:50:12.0656 1896 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:50:12.0656 1896 NetBIOS - ok
02:50:12.0718 1896 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:50:12.0718 1896 NetBT - ok
02:50:12.0796 1896 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
02:50:12.0796 1896 NetDDE - ok
02:50:12.0812 1896 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
02:50:12.0828 1896 NetDDEdsdm - ok
02:50:12.0890 1896 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:50:12.0890 1896 Netlogon - ok
02:50:12.0984 1896 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
02:50:13.0000 1896 Netman - ok
02:50:13.0171 1896 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:50:13.0171 1896 NetTcpPortSharing - ok
02:50:13.0250 1896 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
02:50:13.0265 1896 Nla - ok
02:50:13.0328 1896 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
02:50:13.0328 1896 Npfs - ok
02:50:13.0421 1896 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
02:50:13.0437 1896 Ntfs - ok
02:50:13.0515 1896 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
02:50:13.0515 1896 NtLmSsp - ok
02:50:13.0625 1896 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
02:50:13.0640 1896 NtmsSvc - ok
02:50:13.0703 1896 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
02:50:13.0703 1896 NuidFltr - ok
02:50:13.0765 1896 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:50:13.0765 1896 Null - ok
02:50:14.0093 1896 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:50:14.0187 1896 nv - ok
02:50:14.0468 1896 nvcap - ok
02:50:14.0546 1896 NVSvc (88a8cfcd2bc3ff1484901ce985782e6e) C:\WINDOWS\System32\nvsvc32.exe
02:50:14.0546 1896 NVSvc - ok
02:50:14.0578 1896 NVXBAR - ok
02:50:14.0640 1896 nv_agp (01621905ae34bc24aaa2fddb93977299) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
02:50:14.0656 1896 nv_agp - ok
02:50:14.0718 1896 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:50:14.0718 1896 NwlnkFlt - ok
02:50:14.0765 1896 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:50:14.0781 1896 NwlnkFwd - ok
02:50:14.0843 1896 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
02:50:14.0859 1896 Parport - ok
02:50:14.0890 1896 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
02:50:14.0890 1896 PartMgr - ok
02:50:14.0937 1896 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
02:50:14.0937 1896 ParVdm - ok
02:50:14.0968 1896 PCASp50 - ok
02:50:15.0000 1896 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
02:50:15.0000 1896 PCI - ok
02:50:15.0015 1896 PCIDump - ok
02:50:15.0078 1896 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
02:50:15.0078 1896 PCIIde - ok
02:50:15.0156 1896 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
02:50:15.0156 1896 Pcmcia - ok
02:50:15.0187 1896 PDCOMP - ok
02:50:15.0203 1896 PDFRAME - ok
02:50:15.0234 1896 PDRELI - ok
02:50:15.0250 1896 PDRFRAME - ok
02:50:15.0281 1896 perc2 - ok
02:50:15.0312 1896 perc2hib - ok
02:50:15.0421 1896 pfc (2c1eb94c24a6a1d3434481b0a5fa9c08) C:\WINDOWS\System32\drivers\pfc.sys
02:50:15.0421 1896 pfc - ok
02:50:15.0484 1896 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
02:50:15.0484 1896 PlugPlay - ok
02:50:15.0546 1896 Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) C:\WINDOWS\system32\HPZipm12.exe
02:50:15.0562 1896 Pml Driver HPZ12 - ok
02:50:15.0625 1896 Point32 (bd5a1efe9e08ba4b2770c3eab3a95d91) C:\WINDOWS\system32\DRIVERS\point32.sys
02:50:15.0625 1896 Point32 - ok
02:50:15.0703 1896 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:50:15.0703 1896 PolicyAgent - ok
02:50:15.0781 1896 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:50:15.0781 1896 PptpMiniport - ok
02:50:15.0859 1896 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
02:50:15.0859 1896 Processor - ok
02:50:15.0890 1896 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:50:15.0890 1896 ProtectedStorage - ok
02:50:15.0984 1896 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
02:50:15.0984 1896 Ps2 - ok
02:50:16.0015 1896 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
02:50:16.0015 1896 PSched - ok
02:50:16.0062 1896 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:50:16.0062 1896 Ptilink - ok
02:50:16.0125 1896 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
02:50:16.0125 1896 PxHelp20 - ok
02:50:16.0140 1896 ql1080 - ok
02:50:16.0171 1896 Ql10wnt - ok
02:50:16.0203 1896 ql12160 - ok
02:50:16.0218 1896 ql1240 - ok
02:50:16.0250 1896 ql1280 - ok
02:50:16.0281 1896 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:50:16.0281 1896 RasAcd - ok
02:50:16.0359 1896 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
02:50:16.0375 1896 RasAuto - ok
02:50:16.0421 1896 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:50:16.0437 1896 Rasl2tp - ok
02:50:16.0500 1896 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
02:50:16.0515 1896 RasMan - ok
02:50:16.0562 1896 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:50:16.0562 1896 RasPppoe - ok
02:50:16.0625 1896 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:50:16.0625 1896 Raspti - ok
02:50:16.0718 1896 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:50:16.0718 1896 Rdbss - ok
02:50:16.0750 1896 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:50:16.0765 1896 RDPCDD - ok
02:50:16.0859 1896 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
02:50:16.0859 1896 RDPWD - ok
02:50:16.0953 1896 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
02:50:16.0968 1896 RDSessMgr - ok
02:50:17.0046 1896 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:50:17.0046 1896 redbook - ok
02:50:17.0140 1896 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
02:50:17.0140 1896 RemoteAccess - ok
02:50:17.0203 1896 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
02:50:17.0203 1896 RpcLocator - ok
02:50:17.0296 1896 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
02:50:17.0312 1896 RpcSs - ok
02:50:17.0328 1896 RR2IOMod - ok
02:50:17.0406 1896 rspndr (a3b23fb3f295694091f51865f98588b2) C:\WINDOWS\system32\DRIVERS\rspndr.sys
02:50:17.0406 1896 rspndr - ok
02:50:17.0468 1896 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
02:50:17.0468 1896 RSVP - ok
02:50:17.0531 1896 RT25USBAP (3ae0728e82edeae0d9c37651c0451535) C:\WINDOWS\system32\DRIVERS\rt25usbap.sys
02:50:17.0546 1896 RT25USBAP - ok
02:50:17.0593 1896 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
02:50:17.0609 1896 rtl8139 - ok
02:50:17.0687 1896 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
02:50:17.0687 1896 S3Psddr - ok
02:50:17.0718 1896 samhid - ok
02:50:17.0781 1896 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:50:17.0781 1896 SamSs - ok
02:50:17.0921 1896 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
02:50:17.0937 1896 SASDIFSV - ok
02:50:17.0968 1896 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
02:50:17.0984 1896 SASKUTIL - ok
02:50:18.0031 1896 SbcpHid (2f0d9848b2eb1fa97d089bb3521d5377) C:\WINDOWS\system32\Drivers\SbcpHid.sys
02:50:18.0031 1896 SbcpHid - ok
02:50:18.0140 1896 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\WINDOWS\system32\drivers\SBREdrv.sys
02:50:18.0140 1896 SBRE - ok
02:50:18.0156 1896 ScanUSBEMPIA - ok
02:50:18.0218 1896 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
02:50:18.0218 1896 SCardSvr - ok
02:50:18.0296 1896 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
02:50:18.0312 1896 Schedule - ok
02:50:18.0375 1896 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:50:18.0375 1896 Secdrv - ok
02:50:18.0437 1896 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
02:50:18.0453 1896 seclogon - ok
02:50:18.0484 1896 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
02:50:18.0484 1896 SENS - ok
02:50:18.0562 1896 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
02:50:18.0562 1896 Serenum - ok
02:50:18.0640 1896 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
02:50:18.0640 1896 Serial - ok
02:50:18.0734 1896 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:50:18.0734 1896 Sfloppy - ok
02:50:18.0828 1896 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
02:50:18.0843 1896 SharedAccess - ok
02:50:18.0906 1896 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
02:50:18.0921 1896 ShellHWDetection - ok
02:50:18.0937 1896 Simbad - ok
02:50:19.0062 1896 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
02:50:19.0093 1896 SiS315 - ok
02:50:19.0156 1896 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
02:50:19.0156 1896 SISAGP - ok
02:50:19.0218 1896 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys
02:50:19.0218 1896 SiSkp - ok
02:50:19.0296 1896 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
02:50:19.0296 1896 SLIP - ok
02:50:19.0328 1896 Sparrow - ok
02:50:19.0375 1896 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
02:50:19.0375 1896 splitter - ok
02:50:19.0500 1896 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
02:50:19.0515 1896 Spooler - ok
02:50:19.0578 1896 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
02:50:19.0578 1896 sr - ok
02:50:19.0656 1896 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
02:50:19.0671 1896 srservice - ok
02:50:19.0796 1896 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
02:50:19.0828 1896 Srv - ok
02:50:19.0890 1896 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
02:50:19.0906 1896 SSDPSRV - ok
02:50:20.0046 1896 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
02:50:20.0093 1896 stisvc - ok
02:50:20.0171 1896 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:50:20.0171 1896 streamip - ok
02:50:20.0234 1896 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:50:20.0234 1896 swenum - ok
02:50:20.0562 1896 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
02:50:20.0562 1896 swmidi - ok
02:50:20.0578 1896 SwPrv - ok
02:50:21.0281 1896 Symantec Core LC (43cfca936d211bf7f1cde1ddf807cb76) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
02:50:21.0343 1896 Symantec Core LC - ok
02:50:21.0390 1896 symc810 - ok
02:50:21.0406 1896 symc8xx - ok
02:50:21.0421 1896 sym_hi - ok
02:50:21.0437 1896 sym_u3 - ok
02:50:21.0500 1896 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
02:50:21.0515 1896 sysaudio - ok
02:50:21.0562 1896 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
02:50:21.0578 1896 SysmonLog - ok
02:50:21.0671 1896 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
02:50:21.0687 1896 TapiSrv - ok
02:50:21.0781 1896 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:50:21.0812 1896 Tcpip - ok
02:50:21.0875 1896 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:50:21.0875 1896 TDPIPE - ok
02:50:21.0937 1896 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
02:50:21.0953 1896 TDTCP - ok
02:50:21.0984 1896 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:50:22.0000 1896 TermDD - ok
02:50:22.0078 1896 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
02:50:22.0093 1896 TermService - ok
02:50:22.0156 1896 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
02:50:22.0171 1896 Themes - ok
02:50:22.0187 1896 TosIde - ok
02:50:22.0250 1896 TotRec8 (273728fdaba227f007d54974862f96df) C:\WINDOWS\system32\drivers\TotRec8.sys
02:50:22.0250 1896 TotRec8 - ok
02:50:22.0312 1896 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
02:50:22.0328 1896 TrkWks - ok
02:50:22.0375 1896 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
02:50:22.0390 1896 Udfs - ok
02:50:22.0406 1896 ultra - ok
02:50:22.0484 1896 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
02:50:22.0515 1896 Update - ok
02:50:23.0140 1896 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
02:50:23.0140 1896 upnphost - ok
02:50:23.0250 1896 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
02:50:23.0250 1896 UPS - ok
02:50:23.0281 1896 USBAAPL - ok
02:50:23.0359 1896 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
02:50:23.0359 1896 usbaudio - ok
02:50:23.0765 1896 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:50:23.0765 1896 usbccgp - ok
02:50:23.0843 1896 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:50:23.0859 1896 usbehci - ok
02:50:24.0531 1896 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:50:24.0531 1896 usbhub - ok
02:50:24.0593 1896 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\WINDOWS\system32\Drivers\usbio.sys
02:50:24.0593 1896 USBIO - ok
02:50:24.0859 1896 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
02:50:24.0859 1896 usbohci - ok
02:50:25.0000 1896 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:50:25.0171 1896 usbprint - ok
02:50:25.0359 1896 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:50:25.0359 1896 usbscan - ok
02:50:25.0390 1896 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:50:25.0390 1896 USBSTOR - ok
02:50:25.0421 1896 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:50:25.0421 1896 usbuhci - ok
02:50:25.0437 1896 vaiomediaplatform-mobile-gateway - ok
02:50:25.0500 1896 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
02:50:25.0500 1896 VgaSave - ok
02:50:25.0562 1896 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
02:50:25.0562 1896 viaagp1 - ok
02:50:25.0640 1896 viagfx (e8c619c6c6bde90d130dda87150e1944) C:\WINDOWS\system32\DRIVERS\vtmini.sys
02:50:25.0671 1896 viagfx - ok
02:50:25.0718 1896 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
02:50:25.0718 1896 ViaIde - ok
02:50:25.0750 1896 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
02:50:25.0750 1896 VolSnap - ok
02:50:25.0843 1896 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
02:50:25.0859 1896 VSS - ok
02:50:25.0921 1896 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
02:50:25.0953 1896 W32Time - ok
02:50:26.0046 1896 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:50:26.0046 1896 Wanarp - ok
02:50:26.0187 1896 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
02:50:26.0203 1896 Wdf01000 - ok
02:50:26.0218 1896 WDICA - ok
02:50:26.0250 1896 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
02:50:26.0250 1896 wdmaud - ok
02:50:27.0546 1896 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
02:50:27.0546 1896 WebClient - ok
02:50:28.0843 1896 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
02:50:28.0875 1896 winmgmt - ok
02:50:28.0953 1896 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
02:50:28.0953 1896 WinUSB - ok
02:50:29.0046 1896 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
02:50:29.0062 1896 WmdmPmSN - ok
02:50:29.0203 1896 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
02:50:29.0218 1896 WmiApSrv - ok
02:50:29.0437 1896 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
02:50:29.0500 1896 WMPNetworkSvc - ok
02:50:29.0562 1896 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
02:50:29.0562 1896 WpdUsb - ok
02:50:29.0640 1896 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:50:29.0640 1896 WS2IFSL - ok
02:50:29.0734 1896 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
02:50:29.0734 1896 wscsvc - ok
02:50:29.0828 1896 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:50:29.0828 1896 WSTCODEC - ok
02:50:29.0890 1896 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
02:50:29.0906 1896 wuauserv - ok
02:50:30.0000 1896 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:50:30.0031 1896 WudfPf - ok
02:50:30.0078 1896 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
02:50:30.0078 1896 WUDFRd - ok
02:50:30.0156 1896 WudfSvc (575a4190d989f64732119e4114045a4f) C:\WINDOWS\System32\WUDFSvc.dll
02:50:30.0156 1896 WudfSvc - ok
02:50:30.0265 1896 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
02:50:30.0296 1896 WZCSVC - ok
02:50:30.0359 1896 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
02:50:30.0375 1896 xmlprov - ok
02:50:30.0437 1896 ZD1211BU(ZyDAS) (56122eb6a52378b0ccf5bff1ff96989d) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
02:50:30.0468 1896 ZD1211BU(ZyDAS) - ok
02:50:30.0531 1896 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
02:50:30.0531 1896 ZDPSp50 - ok
02:50:30.0546 1896 zumbus - ok
02:50:30.0625 1896 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
02:50:30.0625 1896 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
02:50:30.0828 1896 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
02:50:30.0828 1896 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
02:50:30.0937 1896 MBR (0x1B8) (8cc68602644010dfdb2a22cb60ddf258) \Device\Harddisk0\DR0
02:50:30.0984 1896 \Device\Harddisk0\DR0 - ok
02:50:31.0000 1896 Boot (0x1200) (28a5d12eaa7ad8bf452ba7644c2c2a8f) \Device\Harddisk0\DR0\Partition0
02:50:31.0000 1896 \Device\Harddisk0\DR0\Partition0 - ok
02:50:31.0062 1896 Boot (0x1200) (9568ae2498998c730155a93213d79778) \Device\Harddisk0\DR0\Partition1
02:50:31.0062 1896 \Device\Harddisk0\DR0\Partition1 - ok
02:50:31.0062 1896 ============================================================
02:50:31.0062 1896 Scan finished
02:50:31.0062 1896 ============================================================
02:50:31.0109 3332 Detected object count: 0
02:50:31.0109 3332 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-16 02:52:11
-----------------------------
02:52:11.515 OS Version: Windows 5.1.2600 Service Pack 3
02:52:11.515 Number of processors: 1 586 0x209
02:52:11.515 ComputerName: DESKTOP UserName: Owner
02:52:12.171 Initialize success
02:53:56.375 AVAST engine defs: 12061501
02:54:00.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
02:54:00.984 Disk 0 Vendor: WDC_WD400EB-11CPF0 06.04G06 Size: 38166MB BusType: 3
02:54:01.062 Disk 0 MBR read successfully
02:54:01.062 Disk 0 MBR scan
02:54:01.796 Disk 0 unknown MBR code
02:54:01.843 Disk 0 Partition 1 00 0B FAT32 RECOVERY 6770 MB offset 63
02:54:01.890 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 31384 MB offset 13865040
02:54:02.015 Disk 0 scanning sectors +78140160
02:54:02.859 Disk 0 scanning C:\WINDOWS\system32\drivers
02:54:33.281 Service scanning
02:55:18.343 Modules scanning
02:55:38.984 Disk 0 trace - called modules:
02:55:39.015 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
02:55:39.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82a58ab8]
02:55:39.390 3 CLASSPNP.SYS[f849ffd7] -> nt!IofCallDriver -> \Device\00000065[0x82a4bf18]
02:55:39.406 5 ACPI.sys[f8416620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82a59b58]
02:55:40.453 AVAST engine scan C:\WINDOWS
02:55:53.671 AVAST engine scan C:\WINDOWS\system32
03:02:49.171 AVAST engine scan C:\WINDOWS\system32\drivers
03:03:20.281 AVAST engine scan C:\Documents and Settings\Owner
03:04:35.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
03:04:35.843 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
• Under Output, ensure that Minimal Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened and the that I need posted back here
  • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
• Please post the contents of OTL.txt in your next reply.

Gringo

OTL logfile created on: 6/16/2012 3:17:57 AM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.48 Mb Total Physical Memory | 146.86 Mb Available Physical Memory | 29.17% Memory free
1.19 Gb Paging File | 0.80 Gb Available in Paging File | 67.60% Paging File free
Paging file location(s): C:\pagefile.sys 744 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.65 Gb Total Space | 7.34 Gb Free Space | 23.96% Space Free | Partition Type: NTFS
Drive D: | 6.60 Gb Total Space | 2.38 Gb Free Space | 36.02% Space Free | Partition Type: FAT32

Computer Name: DESKTOP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\system32\CSHelper.exe ()
PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ltmsg.exe (Agere Systems)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\WINDOWS\system32\CSHelper.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (vaiomediaplatform-mobile-gateway) -- %systemroot%\system32\iAimFP6.dll File not found
SRV - (RR2IOMod) -- %systemroot%\system32\tgsrvc_smartagent.dll File not found
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc File not found
SRV - (DM1Service) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (aawservice) -- %systemroot%\system32\nwlnkfwd.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (CSHelper) -- C:\WINDOWS\system32\CSHelper.exe ()
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (zumbus) -- system32\DRIVERS\zumbus.sys File not found
DRV - (WDICA) -- File not found
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (ScanUSBEMPIA) -- system32\DRIVERS\emScan.sys File not found
DRV - (samhid) -- system32\drivers\samhid.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PCASp50) -- File not found
DRV - (NVXBAR) -- System32\DRIVERS\NVxbar.sys File not found
DRV - (nvcap) nVidia WDM Video Capture (universal) -- System32\DRIVERS\nvcap.sys File not found
DRV - (MxlW2k) -- File not found
DRV - (mrtRate) -- File not found
DRV - (mbr) -- C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (FiltUSBEMPIA) -- system32\DRIVERS\emFilter.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\system32\drivers\EagleNT.sys File not found
DRV - (DSSUSBF) -- system32\DRIVERS\DSSUSBF.sys File not found
DRV - (DCamUSBEMPIA) -- system32\DRIVERS\emDevice.sys File not found
DRV - (CrystalSysInfo) -- C:\Program Files\MediaCoder PMP Edition\SysInfo.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (aswMBR) -- C:\DOCUME~1\Owner\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (GFI Software)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (TotRec8) -- C:\WINDOWS\system32\drivers\TotRec8.sys (High Criteria inc.)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (ActionReplayDS) -- C:\WINDOWS\system32\drivers\ActionReplayDS.sys (Thesycon GmbH, Germany)
DRV - (dsiarhwprog) -- C:\WINDOWS\system32\drivers\dsiarhwprog.sys (Thesycon GmbH, Germany)
DRV - (emAudio) -- C:\WINDOWS\system32\drivers\emAudio.sys (Pinnacle Systems GmbH)
DRV - (RT25USBAP) -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS (Ralink Technology Inc.)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation)
DRV - (BRGSp50) -- C:\WINDOWS\system32\drivers\BRGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (S3Psddr) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (nv_agp) -- C:\WINDOWS\system32\drivers\nv_agp.SYS (NVIDIA Corporation)
DRV - (viaagp1) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS (VIA Technologies, Inc.)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (Agere Systems)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (SbcpHid) -- C:\WINDOWS\system32\drivers\SbcpHid.sys ()
DRV - (USBIO) USBIO Driver (usbio.sys) -- C:\WINDOWS\system32\drivers\usbio.sys (Thesycon GmbH, Germany)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\..\SearchScopes\{00BC0C11-D36B-4D46-BEFE-1E778BB45C09}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU3&o=15384&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=UL&apn_dtid=YYYYYYYYUS&apn_uid=cad2d157-9792-4355-a08d-5f8315a6cad9&apn_sauid=0D18A0B8-D9CB-4363-BFFF-4C70088F5453
IE - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\..\SearchScopes\{5E538986-AF45-476C-8C91-DB0C919CD06A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
IE - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll File not found
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@itstructures.com/ffactivex: C:\Program Files\Firefox ActiveX Plugin\npffax.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.0: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll File not found
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/30 18:38:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/14 16:22:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/17 11:49:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/02/08 11:59:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/02/17 11:49:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{AAEEC20E-8A55-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\Owner\Local Settings\Application Data\{AAEEC20E-8A55-11E1-826D-B8AC6F996F26}\ [2012/04/19 14:26:43 | 000,000,000 | ---D | M]

[2011/12/23 04:17:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/09/18 10:30:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/08/15 20:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/06/13 12:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vlhpdys9.default\extensions
[2012/06/13 12:09:21 | 000,000,000 | ---D | M] (Personas Rotator) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vlhpdys9.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
[2012/01/13 18:49:00 | 000,000,000 | ---D | M] (Screen Capture Elite) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vlhpdys9.default\extensions\screencaptureelite@plugin
[2011/12/23 04:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/14 16:22:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/17 11:49:08 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2012/02/13 12:26:53 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/13 12:26:54 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2012/06/16 01:22:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\..\Toolbar\WebBrowser: (no name) - {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No CLSID value found.
O3 - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\..Trusted Domains: dell.com ([ausctrxw03.aus.amer] https in Trusted sites)
O15 - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\..Trusted Domains: dell.com ([outside.us] https in Trusted sites)
O15 - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\..Trusted Domains: dell.com ([outside.us] https in Trusted sites)
O15 - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\..Trusted Domains: e-rewards.com ([www] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 208.180.42.100 208.180.42.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{065F4A53-AEDB-4DD1-A520-26F19F19F873}: DhcpNameServer = 192.168.2.1 208.180.42.100 208.180.42.68
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/11 05:16:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/16 03:16:25 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/06/16 02:51:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/06/16 02:48:50 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2012/06/16 01:18:01 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serial.sys
[2012/06/16 00:53:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/16 00:53:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/16 00:53:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/16 00:53:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/16 00:53:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/16 00:50:01 | 004,559,503 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/06/16 00:30:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/06/14 13:48:28 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/06/14 13:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/06/14 13:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/06/12 21:49:09 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/11 21:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/06/11 21:12:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/06/11 21:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/06/09 17:28:59 | 000,000,000 | ---D | C] -- C:\videooutput
[2012/06/09 17:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Freez software
[2012/06/09 17:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Smallvideosoft
[2012/06/09 17:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2012/06/09 15:36:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Any Video Converter
[2012/06/09 15:36:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AnvSoft
[2012/05/24 23:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\StreamTransport
[2012/05/24 23:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\StreamTransport
[2012/05/24 22:20:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Video Converter
[2012/05/24 22:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\FreeVideoConverter
[2012/05/24 22:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\Free Video Converter
[2012/05/24 18:30:01 | 003,982,240 | ---- | C] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\Flash10d.ocx
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/16 03:37:31 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DA2A0176-969B-4F71-8BF6-C869CA7340FF}.job
[2012/06/16 03:16:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/06/16 03:04:35 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/06/16 02:51:50 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/06/16 02:48:51 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2012/06/16 01:22:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/16 01:22:21 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-898258525-1626216969-4265081522-1003.job
[2012/06/16 01:22:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/16 00:50:23 | 004,559,503 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/06/16 00:30:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/06/16 00:21:57 | 000,853,862 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2012/06/16 00:20:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2012/06/16 00:19:17 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2012/06/15 23:45:45 | 000,221,184 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/14 13:48:28 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/06/14 00:31:48 | 000,054,757 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\index.html
[2012/06/13 13:45:49 | 000,028,901 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\htc.jpg
[2012/06/13 12:06:05 | 000,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 04:13:13 | 000,450,418 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/13 04:13:13 | 000,074,874 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/12 11:51:30 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Excel.lnk
[2012/06/11 22:02:03 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-898258525-1626216969-4265081522-1003.job
[2012/06/09 15:17:30 | 000,023,136 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\TxTag bill pmt.png
[2012/06/08 17:45:30 | 000,048,208 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Roof Payment #2.png
[2012/06/08 17:43:05 | 000,066,451 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Roof Crafters Payment.png
[2012/06/06 15:17:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/31 08:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/24 22:20:41 | 000,000,842 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/16 03:04:35 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/06/16 00:53:44 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/16 00:53:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/16 00:53:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/16 00:53:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/16 00:53:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/16 00:21:56 | 000,853,862 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2012/06/16 00:20:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2012/06/16 00:19:15 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2012/06/13 13:45:36 | 000,028,901 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\htc.jpg
[2012/06/13 12:47:18 | 000,054,757 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\index.html
[2012/06/09 17:28:49 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\NCMedia2.dll
[2012/06/09 15:17:29 | 000,023,136 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\TxTag bill pmt.png
[2012/06/08 17:45:25 | 000,048,208 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Roof Payment #2.png
[2012/06/08 17:43:05 | 000,066,451 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Roof Crafters Payment.png
[2012/05/24 22:20:41 | 000,000,842 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk
[2012/05/15 14:15:33 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2012/04/19 15:10:44 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/29 19:06:37 | 000,028,705 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Ultimate.Cake.Off.S02E12.HDTV.XviD-CRiMSON.torrent
[2011/12/14 16:58:12 | 000,000,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~ezYjOgQsOLoLLEr
[2011/12/14 16:58:11 | 000,000,304 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~ezYjOgQsOLoLLE
[2011/12/14 16:57:47 | 000,000,416 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ezYjOgQsOLoLLE
[2011/10/28 13:38:35 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll
[2011/10/28 12:34:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dssole.INI
[2011/09/19 02:07:46 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\bdmjpeg.dll
[2011/09/19 02:07:32 | 000,058,368 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2011/08/25 20:13:07 | 000,000,768 | ---- | C] () -- C:\WINDOWS\Support.ini
[2011/08/18 17:21:25 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\CLEyeDevices.dll
[2011/05/06 21:59:27 | 000,013,462 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\iqr4m36f85120p55e7s6640rn580gqugku30cb6ol2kw521
[2011/05/06 21:59:26 | 000,013,462 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\iqr4m36f85120p55e7s6640rn580gqugku30cb6ol2kw521
[2011/04/30 15:38:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qnosoloputuyeze.bin
[2011/04/30 15:37:59 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hhovikiko.dat
[2011/02/01 23:33:13 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/17 12:24:15 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/10/27 22:28:24 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/10/27 22:28:24 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll


OTL Extras logfile created on: 6/16/2012 3:17:57 AM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.48 Mb Total Physical Memory | 146.86 Mb Available Physical Memory | 29.17% Memory free
1.19 Gb Paging File | 0.80 Gb Available in Paging File | 67.60% Paging File free
Paging file location(s): C:\pagefile.sys 744 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.65 Gb Total Space | 7.34 Gb Free Space | 23.96% Space Free | Partition Type: NTFS
Drive D: | 6.60 Gb Total Space | 2.38 Gb Free Space | 36.02% Space Free | Partition Type: FAT32

Computer Name: DESKTOP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-898258525-1626216969-4265081522-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"56783:TCP" = 56783:TCP:*:Enabled:Pando Media Booster
"56783:UDP" = 56783:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9999:TCP" = 9999:TCP:LocalSubNet:Enabled:DNA
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"56783:TCP" = 56783:TCP:*:Enabled:Pando Media Booster
"56783:UDP" = 56783:UDP:*:Enabled:Pando Media Booster
"8517:TCP" = 8517:TCP:*:Enabled:uryimxz
"4704:TCP" = 4704:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Trellian\Trellian WebPage\WebPage.exe" = C:\Program Files\Trellian\Trellian WebPage\WebPage.exe:*:Enabled:WebPage -- (Trellian Software)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}" = Wal-Mart Music Downloads Store
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{23397835-4520-41C5-8477-C38C19E0FE6D}" = Frost Digital Deposits Add-on
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java™ 7 Update 2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2AD89908-0987-4B9E-8AB4-905899E4D754}_is1" = Next Video Converter 2.3.1
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{483616D1-867E-46F8-BEC7-3C6475933908}" = Adobe Photoshop Album Starter Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C57D8CB-FFB6-4B58-8C07-9F2D63E05990}" = FreeUndelete 2.0.34689.1
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76E2BCDC-C7F3-4ACE-BC25-50DC7B24D526}" = Microsoft IntelliPoint 5.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{97F2985C-B74A-4672-960E-E3769AE5657A}}_is1" = Firefox ActiveX Plugin r37
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB6A6E56-F28E-44D6-9899-86F10B4AE7B1}" = Frost Digital Deposits Add-on
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{E1CAE438-DEF7-44C2-A3A9-6915ABF2A732}" = calibre
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Action Replay DSi Code Manager_is1" = Action Replay DSi Code Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aTube Catcher" = aTube Catcher
"AviSynth" = AviSynth 2.5
"BackWeb-1940576 Uninstaller" = Compaq Connections
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BitTorrent" = BitTorrent
"Canon Digital Camera USB WIA Driver" = Canon Digital Camera USB WIA Driver
"CCleaner" = CCleaner
"Compaq Instant Support" = Compaq Instant Support
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DAZzle" = DAZzle
"Defraggler" = Defraggler
"Easy Graphic Converter 1.2_is1" = Easy Graphic Converter 1.2
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"FLAC" = FLAC Installer 1.1.1a (remove only)
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"Free Video Converter_is1" = Free Video Converter V 3.1
"Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HitmanPro36" = HitmanPro 3.6
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Indeo® Software" = Indeo® Software
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"MAGIX Ringtone Maker 3 silver US" = MAGIX Ringtone Maker 3 silver 3.1.0.3 (US)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKVtoolnix" = MKVtoolnix 4.2.0
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"Mozilla Thunderbird 10.0 (x86 en-US)" = Mozilla Thunderbird 10.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MySpaceIM" = MySpaceIM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" =
"NVIDIA GART Driver" = NVIDIA GART Driver
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 12.0" = RealPlayer
"Scribe" = Express Scribe
"TotalRecorder" = Total Recorder 8.2
"Trellian WebPage_is1" = Trellian WebPage
"Typing Instructor for Kids 3" = Typing Instructor for Kids 3
"VLC media player" = VLC media player 1.1.11
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"winusb0200" = Microsoft WinUsb 2.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-898258525-1626216969-4265081522-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/24/2012 9:03:48 PM | Computer Name = DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application StreamTransport.exe, version 1.0.2.2171, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/6/2012 5:35:54 PM | Computer Name = DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application BitTorrent.exe, version 7.6.1.27208, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/6/2012 6:54:50 PM | Computer Name = DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application BitTorrent.exe, version 7.6.1.27208, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/7/2012 12:18:15 AM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application tsmuxer.exe, version 0.0.0.0, faulting module
tsmuxer.exe, version 0.0.0.0, fault address 0x00023a7c.

Error - 6/9/2012 7:55:01 PM | Computer Name = DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application BitTorrent.exe, version 7.6.1.27208, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/10/2012 3:36:59 PM | Computer Name = DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application BitTorrent.exe, version 7.6.1.27208, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/14/2012 1:50:03 AM | Computer Name = DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application BitTorrent.exe, version 7.6.1.27208, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/14/2012 2:15:39 AM | Computer Name = DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application BitTorrent.exe, version 7.6.1.27208, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/14/2012 2:17:40 AM | Computer Name = DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application BitTorrent.exe, version 7.6.1.27208, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/16/2012 1:12:00 AM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application 30cba_xp.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 6/15/2012 6:13:21 PM | Computer Name = DESKTOP | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 6/16/2012 1:59:03 AM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = The CopySafe Helper Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 6/16/2012 2:22:21 AM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%2

Error - 6/16/2012 2:22:21 AM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7023
Description = The DivisCTP service terminated with the following error: %%126

Error - 6/16/2012 2:22:21 AM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%3

Error - 6/16/2012 2:22:21 AM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 6/16/2012 2:22:21 AM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The nVidia WDM Video Capture (universal) service failed to start due
to the following error: %%2

Error - 6/16/2012 2:22:21 AM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The nVidia WDM A/V Crossbar service failed to start due to the following
error: %%2

Error - 6/16/2012 2:22:21 AM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7023
Description = The Ovepstatusengine service terminated with the following error:
%%126

Error - 6/16/2012 2:22:21 AM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7023
Description = The Smartlinkservice service terminated with the following error:
%%126


< End of report >

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

• Double-click OTL.exe to start the program.
• Copy and Paste the following code into the textbox. Do not include the word Code
  

  :OTL
  FF - user.js - File not found
  FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
  FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll File not found
  FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll File not found
  FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll File not found
  FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
  FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll File not found
  FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll File not found
  FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll File not found
  O3 - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O3 - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
  O3 - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\..\Toolbar\WebBrowser: (no name) - {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No CLSID value found.
  O3 - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
  O3 - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.)
  IE - HKU\S-1-5-21-898258525-1626216969-4265081522-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU3&o=15384&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=UL&apn_dtid=YYYYYYYYUS&apn_uid=cad2d157-9792-4355-a08d-5f8315a6cad9&apn_sauid=0D18A0B8-D9CB-4363-BFFF-4C70088F5453
  [2011/12/14 16:58:12 | 000,000,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~ezYjOgQsOLoLLEr
  [2011/12/14 16:58:11 | 000,000,304 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~ezYjOgQsOLoLLE
  [2011/12/14 16:57:47 | 000,000,416 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ezYjOgQsOLoLLE
  [2011/05/06 21:59:27 | 000,013,462 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\iqr4m36f85120p55e7s6640rn580gqugku30cb6ol2kw521
  [2011/05/06 21:59:26 | 000,013,462 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\iqr4m36f85120p55e7s6640rn580gqugku30cb6ol2kw521
  [2011/04/30 15:38:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qnosoloputuyeze.bin
  [2011/04/30 15:37:59 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hhovikiko.dat
  :Files
  ipconfig /flushdns /c
  :Commands
  [PURITY]
  [emptyjava]
  [EMPTYFLASH]
  

• Then click the Run Fix button at the top.
• Click .
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

Below is my OTL Log after loading the script. I have tried about 30 Google searches and so far so good!! I'm going to keep checking to make sure it's really gone this time!

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=8\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-898258525-1626216969-4265081522-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-898258525-1626216969-4265081522-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-898258525-1626216969-4265081522-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71AAABE5-1F0F-11D7-BD6F-004854603DCE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71AAABE5-1F0F-11D7-BD6F-004854603DCE}\ not found.
Registry value HKEY_USERS\S-1-5-21-898258525-1626216969-4265081522-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
Registry value HKEY_USERS\S-1-5-21-898258525-1626216969-4265081522-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\S-1-5-21-898258525-1626216969-4265081522-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
C:\Documents and Settings\All Users\Application Data\~ezYjOgQsOLoLLEr moved successfully.
C:\Documents and Settings\All Users\Application Data\~ezYjOgQsOLoLLE moved successfully.
C:\Documents and Settings\All Users\Application Data\ezYjOgQsOLoLLE moved successfully.
C:\Documents and Settings\All Users\Application Data\iqr4m36f85120p55e7s6640rn580gqugku30cb6ol2kw521 moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\iqr4m36f85120p55e7s6640rn580gqugku30cb6ol2kw521 moved successfully.
C:\WINDOWS\Qnosoloputuyeze.bin moved successfully.
C:\WINDOWS\Hhovikiko.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner
->Java cache emptied: 0 bytes

User: STGDESKTOP

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 12988 bytes

User: Owner
->Flash cache emptied: 5611 bytes

User: STGDESKTOP

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.49.0 log created on 06162012_142628

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.0
BitTorrent
Java™ 6 Update 22
Java™ 7 Update 2
[/list]

• Please download and install Revo Uninstaller Free
• Double click Revo Uninstaller to run it.
• From the list of programs double click on The Program to remove
• When prompted if you want to uninstall click Yes.
• Be sure the Moderate option is selected then click Next.
• The program will run, If prompted again click Yes
• when the built-in uninstaller is finished click on Next.
• Once the program has searched for leftovers click Next.
• Check/tick the bolded items only on the list then click Delete
• when prompted click on Yes and then on next.
• put a check on any folders that are found and select delete
• when prompted select yes then on next
• Once done click Finish.

.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

• click on the Free Java Download Button
• click on Agree and start Free download
• click on Run
• click on run again
• click on install
• when install is complete click on close

Clean Out Temp Files

• This small application you may want to keep and use once a week to keep the computer clean.
  
  Download CCleaner from here http://www.ccleaner.com/
  
  
• Run the installer to install the application.
• When it gives you the option to install Yahoo toolbar uncheck the box next to it.
• Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
• Click Run Cleaner.
• Close CCleaner.

: Malwarebytes' Anti-Malware :

• I would like you to rerun MBAM
  
• Double-click mbam icon
• go to the update tab at the top
• click on check for updates
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
• If you accidentally close it, the log file is saved here and will be named like this:
• C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

• Go Here to download HijackThis Installer
• Save HijackThis Installer to your desktop.
• Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed it will launch Hijackthis.
• Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
• Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

• In your next post I need the following
  
  
• Log From MBAM
• report from Hijackthis
• let me know of any problems you may have had
• How is the computer doing now?

Gringo

I'm about to run the Hijack This log and wanted to let you know that in msconfig, startup, I have several things unchecked. Do you want me to check these and have them visible for my Hijack This log or leave them as is?

Thanks!

leave as is


gringo

Below are the requested logs. So far I haven't had any Google redirects today - so I'm optimistic that this virus has finally been fixed!

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.17.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: DESKTOP [administrator]

6/17/2012 12:52:59 AM
mbam-log-2012-06-17 (00-52-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221488
Time elapsed: 9 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:49:30 AM, on 6/17/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 3621 bytes