WinonaKid

The primary concern was IE search page redirects and pages not loading. However that all seems to be good now. I haven't encountered the page redirects. I've scanned using the TDSSKiller and below is the log. Thanks again for the assist. 20:07:30.0116 4364 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 20:07:30.0708 4364 ============================================================ 20:07:30.0708 4364 Current date / time: 2012/05/07 20:07:30.0708 20:07:30.0708 4364 SystemInfo: 20:07:30.0708 4364 20:07:30.0708 4364 OS Version: 6.1.7601 ServicePack: 1.0 20:07:30.0708 4364 Product type: Workstation 20:07:30.0708 4364 ComputerName: OWNER-PC 20:07:30.0708 4364 UserName: chrissy 20:07:30.0708 4364 Windows directory: C:\Windows 20:07:30.0708 4364 System windows directory: C:\Windows 20:07:30.0708 4364 Running under WOW64 20:07:30.0708 4364 Processor architecture: Intel x64 20:07:30.0708 4364 Number of processors: 2 20:07:30.0708 4364 Page size: 0x1000 20:07:30.0708 4364 Boot type: Normal boot 20:07:30.0708 4364 ============================================================ 20:07:31.0660 4364 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:07:31.0676 4364 ============================================================ 20:07:31.0676 4364 \Device\Harddisk0\DR0: 20:07:31.0676 4364 MBR partitions: 20:07:31.0676 4364 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D4B178, BlocksNum 0x3863A6B8 20:07:31.0676 4364 ============================================================ 20:07:31.0722 4364 C: <-> \Device\Harddisk0\DR0\Partition0 20:07:31.0722 4364 ============================================================ 20:07:31.0722 4364 Initialize success 20:07:31.0722 4364 ============================================================ 20:08:12.0017 4160 ============================================================ 20:08:12.0017 4160 Scan started 20:08:12.0017 4160 Mode: Manual; SigCheck; TDLFS; 20:08:12.0017 4160 ============================================================ 20:08:12.0673 4160 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 20:08:12.0875 4160 1394ohci - ok 20:08:12.0953 4160 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 20:08:13.0016 4160 ACPI - ok 20:08:13.0078 4160 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 20:08:13.0156 4160 AcpiPmi - ok 20:08:13.0250 4160 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 20:08:13.0343 4160 adp94xx - ok 20:08:13.0406 4160 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 20:08:13.0484 4160 adpahci - ok 20:08:13.0515 4160 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 20:08:13.0546 4160 adpu320 - ok 20:08:13.0702 4160 ADSMService (c0bf554d2277f7a4c735d475ade2e3b2) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe 20:08:13.0765 4160 ADSMService ( UnsignedFile.Multi.Generic ) - warning 20:08:13.0765 4160 ADSMService - detected UnsignedFile.Multi.Generic (1) 20:08:13.0796 4160 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 20:08:13.0967 4160 AeLookupSvc - ok 20:08:14.0014 4160 AFBAgent (2d00d3dadc1d3326ba788eb071f2726e) C:\Windows\system32\FBAgent.exe 20:08:14.0077 4160 AFBAgent - ok 20:08:14.0186 4160 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 20:08:14.0311 4160 AFD - ok 20:08:14.0373 4160 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 20:08:14.0420 4160 agp440 - ok 20:08:14.0467 4160 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 20:08:14.0513 4160 ALG - ok 20:08:14.0591 4160 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 20:08:14.0638 4160 aliide - ok 20:08:14.0654 4160 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 20:08:14.0701 4160 amdide - ok 20:08:14.0732 4160 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 20:08:14.0825 4160 AmdK8 - ok 20:08:14.0841 4160 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 20:08:14.0903 4160 AmdPPM - ok 20:08:14.0935 4160 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 20:08:14.0981 4160 amdsata - ok 20:08:15.0028 4160 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 20:08:15.0059 4160 amdsbs - ok 20:08:15.0106 4160 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 20:08:15.0169 4160 amdxata - ok 20:08:15.0247 4160 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 20:08:15.0449 4160 AppID - ok 20:08:15.0481 4160 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 20:08:15.0590 4160 AppIDSvc - ok 20:08:15.0668 4160 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 20:08:15.0746 4160 Appinfo - ok 20:08:15.0886 4160 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:08:15.0964 4160 Apple Mobile Device - ok 20:08:15.0995 4160 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 20:08:16.0042 4160 arc - ok 20:08:16.0073 4160 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 20:08:16.0105 4160 arcsas - ok 20:08:16.0151 4160 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys 20:08:16.0167 4160 AsDsm - ok 20:08:16.0245 4160 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe 20:08:16.0261 4160 ASLDRService - ok 20:08:16.0276 4160 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 20:08:16.0292 4160 ASMMAP64 - ok 20:08:16.0323 4160 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 20:08:16.0432 4160 AsyncMac - ok 20:08:16.0479 4160 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 20:08:16.0541 4160 atapi - ok 20:08:16.0651 4160 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys 20:08:16.0775 4160 athr - ok 20:08:16.0869 4160 ATKGFNEXSrv (63f1212ffe13e62ca1e8d8ee19abd9a7) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe 20:08:16.0885 4160 ATKGFNEXSrv - ok 20:08:17.0056 4160 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 20:08:17.0165 4160 AudioEndpointBuilder - ok 20:08:17.0181 4160 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 20:08:17.0243 4160 AudioSrv - ok 20:08:17.0399 4160 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 20:08:17.0524 4160 AxInstSV - ok 20:08:17.0618 4160 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 20:08:17.0743 4160 b06bdrv - ok 20:08:17.0805 4160 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 20:08:17.0883 4160 b57nd60a - ok 20:08:17.0930 4160 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 20:08:18.0008 4160 BDESVC - ok 20:08:18.0039 4160 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 20:08:18.0164 4160 Beep - ok 20:08:18.0273 4160 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 20:08:18.0382 4160 BFE - ok 20:08:18.0632 4160 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120413.001\BHDrvx64.sys 20:08:18.0710 4160 BHDrvx64 - ok 20:08:18.0867 4160 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 20:08:19.0007 4160 BITS - ok 20:08:19.0054 4160 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 20:08:19.0101 4160 blbdrive - ok 20:08:19.0210 4160 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 20:08:19.0257 4160 Bonjour Service - ok 20:08:19.0319 4160 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 20:08:19.0397 4160 bowser - ok 20:08:19.0428 4160 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 20:08:19.0538 4160 BrFiltLo - ok 20:08:19.0538 4160 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 20:08:19.0584 4160 BrFiltUp - ok 20:08:19.0647 4160 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 20:08:19.0772 4160 Browser - ok 20:08:19.0803 4160 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 20:08:19.0865 4160 Brserid - ok 20:08:19.0865 4160 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 20:08:19.0912 4160 BrSerWdm - ok 20:08:19.0928 4160 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 20:08:19.0990 4160 BrUsbMdm - ok 20:08:19.0990 4160 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 20:08:20.0052 4160 BrUsbSer - ok 20:08:20.0068 4160 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 20:08:20.0115 4160 BTHMODEM - ok 20:08:20.0162 4160 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 20:08:20.0255 4160 bthserv - ok 20:08:20.0302 4160 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 20:08:20.0396 4160 cdfs - ok 20:08:20.0474 4160 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 20:08:20.0567 4160 cdrom - ok 20:08:20.0630 4160 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 20:08:20.0739 4160 CertPropSvc - ok 20:08:20.0770 4160 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 20:08:20.0833 4160 circlass - ok 20:08:20.0880 4160 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 20:08:20.0927 4160 CLFS - ok 20:08:20.0974 4160 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:08:21.0021 4160 clr_optimization_v2.0.50727_32 - ok 20:08:21.0067 4160 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:08:21.0114 4160 clr_optimization_v2.0.50727_64 - ok 20:08:21.0208 4160 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:08:21.0270 4160 clr_optimization_v4.0.30319_32 - ok 20:08:21.0333 4160 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:08:21.0364 4160 clr_optimization_v4.0.30319_64 - ok 20:08:21.0395 4160 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 20:08:21.0457 4160 CmBatt - ok 20:08:21.0489 4160 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 20:08:21.0535 4160 cmdide - ok 20:08:21.0613 4160 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 20:08:21.0707 4160 CNG - ok 20:08:21.0769 4160 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 20:08:21.0785 4160 Compbatt - ok 20:08:21.0863 4160 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 20:08:21.0925 4160 CompositeBus - ok 20:08:21.0957 4160 COMSysApp - ok 20:08:21.0972 4160 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 20:08:22.0019 4160 crcdisk - ok 20:08:22.0097 4160 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 20:08:22.0159 4160 CryptSvc - ok 20:08:22.0237 4160 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 20:08:22.0347 4160 DcomLaunch - ok 20:08:22.0393 4160 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 20:08:22.0518 4160 defragsvc - ok 20:08:22.0565 4160 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 20:08:22.0659 4160 DfsC - ok 20:08:22.0721 4160 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 20:08:22.0815 4160 Dhcp - ok 20:08:22.0846 4160 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 20:08:22.0924 4160 discache - ok 20:08:22.0971 4160 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 20:08:22.0986 4160 Disk - ok 20:08:23.0064 4160 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 20:08:23.0158 4160 Dnscache - ok 20:08:23.0236 4160 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 20:08:23.0329 4160 dot3svc - ok 20:08:23.0392 4160 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 20:08:23.0470 4160 DPS - ok 20:08:23.0501 4160 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 20:08:23.0548 4160 drmkaud - ok 20:08:23.0657 4160 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 20:08:23.0735 4160 DXGKrnl - ok 20:08:23.0782 4160 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 20:08:23.0860 4160 EapHost - ok 20:08:23.0907 4160 easytether (1d69a83033930c20583d608c622ca56b) C:\Windows\system32\DRIVERS\easytthr.sys 20:08:23.0922 4160 easytether - ok 20:08:24.0125 4160 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 20:08:24.0297 4160 ebdrv - ok 20:08:24.0421 4160 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 20:08:24.0468 4160 eeCtrl - ok 20:08:24.0577 4160 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 20:08:24.0687 4160 EFS - ok 20:08:24.0796 4160 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 20:08:24.0889 4160 ehRecvr - ok 20:08:24.0936 4160 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 20:08:24.0999 4160 ehSched - ok 20:08:25.0092 4160 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 20:08:25.0139 4160 elxstor - ok 20:08:25.0264 4160 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 20:08:25.0279 4160 EraserUtilRebootDrv - ok 20:08:25.0326 4160 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 20:08:25.0373 4160 ErrDev - ok 20:08:25.0435 4160 ETD (3c38648375b7f3988691f53a7aae10a9) C:\Windows\system32\DRIVERS\ETD.sys 20:08:25.0482 4160 ETD - ok 20:08:25.0529 4160 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 20:08:25.0623 4160 EventSystem - ok 20:08:25.0654 4160 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 20:08:25.0763 4160 exfat - ok 20:08:25.0794 4160 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 20:08:25.0872 4160 fastfat - ok 20:08:25.0966 4160 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 20:08:26.0106 4160 Fax - ok 20:08:26.0137 4160 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 20:08:26.0169 4160 fdc - ok 20:08:26.0231 4160 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 20:08:26.0293 4160 fdPHost - ok 20:08:26.0309 4160 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 20:08:26.0387 4160 FDResPub - ok 20:08:26.0434 4160 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 20:08:26.0449 4160 FileInfo - ok 20:08:26.0481 4160 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 20:08:26.0574 4160 Filetrace - ok 20:08:26.0590 4160 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 20:08:26.0621 4160 flpydisk - ok 20:08:26.0699 4160 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 20:08:26.0746 4160 FltMgr - ok 20:08:26.0793 4160 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys 20:08:26.0886 4160 FlyUsb - ok 20:08:27.0011 4160 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 20:08:27.0151 4160 FontCache - ok 20:08:27.0229 4160 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:08:27.0261 4160 FontCache3.0.0.0 - ok 20:08:27.0276 4160 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 20:08:27.0307 4160 FsDepends - ok 20:08:27.0339 4160 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys 20:08:27.0370 4160 fssfltr - ok 20:08:27.0463 4160 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 20:08:27.0541 4160 fsssvc - ok 20:08:27.0604 4160 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 20:08:27.0635 4160 Fs_Rec - ok 20:08:27.0713 4160 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 20:08:27.0791 4160 fvevol - ok 20:08:27.0822 4160 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 20:08:27.0838 4160 gagp30kx - ok 20:08:27.0931 4160 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 20:08:27.0963 4160 GEARAspiWDM - ok 20:08:28.0056 4160 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 20:08:28.0212 4160 gpsvc - ok 20:08:28.0306 4160 GUCI_AVS (5f1cf2ae2c2e14b0266e70c4960998c6) C:\Windows\system32\DRIVERS\GUCI_AVS.sys 20:08:28.0384 4160 GUCI_AVS - ok 20:08:28.0399 4160 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 20:08:28.0477 4160 hcw85cir - ok 20:08:28.0555 4160 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 20:08:28.0649 4160 HdAudAddService - ok 20:08:28.0727 4160 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 20:08:28.0821 4160 HDAudBus - ok 20:08:28.0867 4160 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 20:08:28.0914 4160 HidBatt - ok 20:08:28.0930 4160 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 20:08:28.0961 4160 HidBth - ok 20:08:28.0961 4160 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 20:08:29.0023 4160 HidIr - ok 20:08:29.0070 4160 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 20:08:29.0148 4160 hidserv - ok 20:08:29.0211 4160 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 20:08:29.0257 4160 HidUsb - ok 20:08:29.0320 4160 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 20:08:29.0398 4160 hkmsvc - ok 20:08:29.0445 4160 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 20:08:29.0538 4160 HomeGroupListener - ok 20:08:29.0601 4160 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 20:08:29.0647 4160 HomeGroupProvider - ok 20:08:29.0694 4160 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 20:08:29.0757 4160 HpSAMD - ok 20:08:29.0788 4160 HTCAND64 (cf44b25ae808765d7308f412ad492ddb) C:\Windows\system32\Drivers\ANDROIDUSB.sys 20:08:29.0850 4160 HTCAND64 - ok 20:08:29.0991 4160 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 20:08:30.0084 4160 HTTP - ok 20:08:30.0147 4160 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 20:08:30.0193 4160 hwpolicy - ok 20:08:30.0256 4160 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 20:08:30.0303 4160 i8042prt - ok 20:08:30.0427 4160 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys 20:08:30.0459 4160 iaStor - ok 20:08:30.0537 4160 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 20:08:30.0583 4160 iaStorV - ok 20:08:30.0724 4160 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:08:30.0802 4160 idsvc - ok 20:08:30.0989 4160 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120507.001\IDSvia64.sys 20:08:31.0036 4160 IDSVia64 - ok 20:08:32.0081 4160 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys 20:08:32.0502 4160 igfx - ok 20:08:32.0611 4160 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 20:08:32.0643 4160 iirsp - ok 20:08:32.0736 4160 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 20:08:32.0861 4160 IKEEXT - ok 20:08:32.0908 4160 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 20:08:32.0939 4160 intelide - ok 20:08:32.0970 4160 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 20:08:33.0017 4160 intelppm - ok 20:08:33.0048 4160 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 20:08:33.0126 4160 IPBusEnum - ok 20:08:33.0173 4160 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:08:33.0282 4160 IpFilterDriver - ok 20:08:33.0345 4160 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 20:08:33.0454 4160 iphlpsvc - ok 20:08:33.0501 4160 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 20:08:33.0547 4160 IPMIDRV - ok 20:08:33.0594 4160 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 20:08:33.0657 4160 IPNAT - ok 20:08:33.0797 4160 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 20:08:33.0891 4160 iPod Service - ok 20:08:33.0922 4160 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 20:08:34.0015 4160 IRENUM - ok 20:08:34.0062 4160 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 20:08:34.0093 4160 isapnp - ok 20:08:34.0140 4160 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 20:08:34.0203 4160 iScsiPrt - ok 20:08:34.0249 4160 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 20:08:34.0296 4160 kbdclass - ok 20:08:34.0359 4160 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 20:08:34.0421 4160 kbdhid - ok 20:08:34.0468 4160 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys 20:08:34.0483 4160 kbfiltr - ok 20:08:34.0530 4160 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:08:34.0561 4160 KeyIso - ok 20:08:34.0608 4160 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 20:08:34.0639 4160 KSecDD - ok 20:08:34.0702 4160 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 20:08:34.0733 4160 KSecPkg - ok 20:08:34.0764 4160 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 20:08:34.0858 4160 ksthunk - ok 20:08:34.0889 4160 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 20:08:35.0029 4160 KtmRm - ok 20:08:35.0076 4160 L1E (b8e670d7ef61615fa03104552854fac9) C:\Windows\system32\DRIVERS\L1E62x64.sys 20:08:35.0139 4160 L1E - ok 20:08:35.0217 4160 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 20:08:35.0326 4160 LanmanServer - ok 20:08:35.0373 4160 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 20:08:35.0466 4160 LanmanWorkstation - ok 20:08:35.0856 4160 LeapFrog Connect Device Service (24a7d535bd9e58e5bc1ac52ef7e2ec8e) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe 20:08:36.0090 4160 LeapFrog Connect Device Service - ok 20:08:36.0730 4160 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 20:08:36.0808 4160 lltdio - ok 20:08:36.0855 4160 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 20:08:36.0979 4160 lltdsvc - ok 20:08:36.0995 4160 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 20:08:37.0057 4160 lmhosts - ok 20:08:37.0120 4160 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 20:08:37.0151 4160 LSI_FC - ok 20:08:37.0167 4160 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 20:08:37.0213 4160 LSI_SAS - ok 20:08:37.0229 4160 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 20:08:37.0245 4160 LSI_SAS2 - ok 20:08:37.0260 4160 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 20:08:37.0291 4160 LSI_SCSI - ok 20:08:37.0323 4160 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 20:08:37.0385 4160 luafv - ok 20:08:37.0432 4160 lullaby (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys 20:08:37.0447 4160 lullaby - ok 20:08:37.0494 4160 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 20:08:37.0541 4160 Mcx2Svc - ok 20:08:37.0650 4160 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 20:08:37.0681 4160 MDM - ok 20:08:37.0713 4160 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 20:08:37.0728 4160 megasas - ok 20:08:37.0775 4160 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 20:08:37.0822 4160 MegaSR - ok 20:08:37.0900 4160 Microsoft SharePoint Workspace Audit Service - ok 20:08:37.0947 4160 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 20:08:38.0025 4160 MMCSS - ok 20:08:38.0071 4160 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 20:08:38.0134 4160 Modem - ok 20:08:38.0165 4160 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 20:08:38.0196 4160 monitor - ok 20:08:38.0290 4160 MotoHelper (9dfd34e6841c460b5d992a1c5327ae69) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe 20:08:38.0321 4160 MotoHelper - ok 20:08:38.0383 4160 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 20:08:38.0415 4160 mouclass - ok 20:08:38.0446 4160 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 20:08:38.0493 4160 mouhid - ok 20:08:38.0539 4160 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 20:08:38.0555 4160 mountmgr - ok 20:08:38.0617 4160 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 20:08:38.0649 4160 mpio - ok 20:08:38.0664 4160 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 20:08:38.0742 4160 mpsdrv - ok 20:08:38.0836 4160 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 20:08:38.0945 4160 MpsSvc - ok 20:08:39.0007 4160 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 20:08:39.0070 4160 MRxDAV - ok 20:08:39.0132 4160 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 20:08:39.0210 4160 mrxsmb - ok 20:08:39.0273 4160 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:08:39.0366 4160 mrxsmb10 - ok 20:08:39.0413 4160 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:08:39.0444 4160 mrxsmb20 - ok 20:08:39.0491 4160 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 20:08:39.0522 4160 msahci - ok 20:08:39.0569 4160 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 20:08:39.0600 4160 msdsm - ok 20:08:39.0631 4160 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 20:08:39.0678 4160 MSDTC - ok 20:08:39.0725 4160 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 20:08:39.0803 4160 Msfs - ok 20:08:39.0803 4160 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 20:08:39.0881 4160 mshidkmdf - ok 20:08:39.0912 4160 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 20:08:39.0943 4160 msisadrv - ok 20:08:39.0975 4160 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 20:08:40.0068 4160 MSiSCSI - ok 20:08:40.0068 4160 msiserver - ok 20:08:40.0115 4160 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 20:08:40.0177 4160 MSKSSRV - ok 20:08:40.0193 4160 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 20:08:40.0255 4160 MSPCLOCK - ok 20:08:40.0271 4160 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 20:08:40.0349 4160 MSPQM - ok 20:08:40.0411 4160 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 20:08:40.0474 4160 MsRPC - ok 20:08:40.0536 4160 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 20:08:40.0567 4160 mssmbios - ok 20:08:40.0614 4160 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 20:08:40.0692 4160 MSTEE - ok 20:08:40.0692 4160 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 20:08:40.0723 4160 MTConfig - ok 20:08:40.0755 4160 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys 20:08:40.0770 4160 MTsensor - ok 20:08:40.0786 4160 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 20:08:40.0817 4160 Mup - ok 20:08:40.0895 4160 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 20:08:40.0989 4160 napagent - ok 20:08:41.0051 4160 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 20:08:41.0129 4160 NativeWifiP - ok 20:08:41.0285 4160 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120506.006\ENG64.SYS 20:08:41.0316 4160 NAVENG - ok 20:08:41.0457 4160 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120506.006\EX64.SYS 20:08:41.0597 4160 NAVEX15 - ok 20:08:41.0847 4160 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 20:08:41.0940 4160 NDIS - ok 20:08:42.0003 4160 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 20:08:42.0065 4160 NdisCap - ok 20:08:42.0096 4160 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 20:08:42.0143 4160 NdisTapi - ok 20:08:42.0205 4160 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 20:08:42.0299 4160 Ndisuio - ok 20:08:42.0346 4160 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 20:08:42.0408 4160 NdisWan - ok 20:08:42.0471 4160 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 20:08:42.0517 4160 NDProxy - ok 20:08:42.0549 4160 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 20:08:42.0627 4160 NetBIOS - ok 20:08:42.0673 4160 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 20:08:42.0767 4160 NetBT - ok 20:08:42.0814 4160 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:08:42.0845 4160 Netlogon - ok 20:08:42.0907 4160 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 20:08:43.0017 4160 Netman - ok 20:08:43.0048 4160 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 20:08:43.0157 4160 netprofm - ok 20:08:43.0219 4160 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:08:43.0251 4160 NetTcpPortSharing - ok 20:08:43.0282 4160 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 20:08:43.0313 4160 nfrd960 - ok 20:08:43.0453 4160 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe 20:08:43.0485 4160 NIS - ok 20:08:43.0563 4160 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 20:08:43.0641 4160 NlaSvc - ok 20:08:43.0687 4160 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 20:08:43.0750 4160 Npfs - ok 20:08:43.0781 4160 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 20:08:43.0859 4160 nsi - ok 20:08:43.0875 4160 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 20:08:43.0968 4160 nsiproxy - ok 20:08:44.0109 4160 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 20:08:44.0233 4160 Ntfs - ok 20:08:44.0343 4160 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 20:08:44.0436 4160 Null - ok 20:08:44.0499 4160 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 20:08:44.0561 4160 nvraid - ok 20:08:44.0608 4160 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 20:08:44.0655 4160 nvstor - ok 20:08:44.0686 4160 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 20:08:44.0717 4160 nv_agp - ok 20:08:44.0779 4160 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 20:08:44.0826 4160 ohci1394 - ok 20:08:44.0935 4160 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:08:44.0967 4160 ose - ok 20:08:45.0357 4160 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 20:08:45.0591 4160 osppsvc - ok 20:08:45.0715 4160 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 20:08:45.0809 4160 p2pimsvc - ok 20:08:45.0840 4160 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 20:08:45.0903 4160 p2psvc - ok 20:08:45.0949 4160 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 20:08:45.0981 4160 Parport - ok 20:08:46.0027 4160 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 20:08:46.0059 4160 partmgr - ok 20:08:46.0105 4160 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 20:08:46.0152 4160 PcaSvc - ok 20:08:46.0215 4160 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 20:08:46.0246 4160 pci - ok 20:08:46.0261 4160 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 20:08:46.0293 4160 pciide - ok 20:08:46.0339 4160 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 20:08:46.0402 4160 pcmcia - ok 20:08:46.0417 4160 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 20:08:46.0449 4160 pcw - ok 20:08:46.0495 4160 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 20:08:46.0620 4160 PEAUTH - ok 20:08:46.0698 4160 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 20:08:46.0761 4160 PerfHost - ok 20:08:46.0901 4160 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 20:08:47.0010 4160 pla - ok 20:08:47.0088 4160 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 20:08:47.0244 4160 PlugPlay - ok 20:08:47.0275 4160 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 20:08:47.0338 4160 PNRPAutoReg - ok 20:08:47.0369 4160 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 20:08:47.0416 4160 PNRPsvc - ok 20:08:47.0478 4160 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 20:08:47.0587 4160 PolicyAgent - ok 20:08:47.0634 4160 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 20:08:47.0728 4160 Power - ok 20:08:47.0821 4160 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 20:08:47.0915 4160 PptpMiniport - ok 20:08:47.0946 4160 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 20:08:48.0009 4160 Processor - ok 20:08:48.0071 4160 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 20:08:48.0165 4160 ProfSvc - ok 20:08:48.0243 4160 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:08:48.0274 4160 ProtectedStorage - ok 20:08:48.0336 4160 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 20:08:48.0430 4160 Psched - ok 20:08:48.0477 4160 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys 20:08:48.0492 4160 PxHlpa64 - ok 20:08:48.0601 4160 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 20:08:48.0711 4160 ql2300 - ok 20:08:48.0835 4160 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 20:08:48.0867 4160 ql40xx - ok 20:08:48.0898 4160 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 20:08:48.0976 4160 QWAVE - ok 20:08:48.0991 4160 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 20:08:49.0038 4160 QWAVEdrv - ok 20:08:49.0054 4160 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 20:08:49.0116 4160 RasAcd - ok 20:08:49.0179 4160 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 20:08:49.0225 4160 RasAgileVpn - ok 20:08:49.0257 4160 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 20:08:49.0335 4160 RasAuto - ok 20:08:49.0397 4160 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 20:08:49.0475 4160 Rasl2tp - ok 20:08:49.0537 4160 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 20:08:49.0647 4160 RasMan - ok 20:08:49.0693 4160 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 20:08:49.0787 4160 RasPppoe - ok 20:08:49.0803 4160 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 20:08:49.0881 4160 RasSstp - ok 20:08:49.0943 4160 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 20:08:50.0037 4160 rdbss - ok 20:08:50.0083 4160 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 20:08:50.0115 4160 rdpbus - ok 20:08:50.0130 4160 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 20:08:50.0193 4160 RDPCDD - ok 20:08:50.0224 4160 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 20:08:50.0317 4160 RDPENCDD - ok 20:08:50.0349 4160 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 20:08:50.0411 4160 RDPREFMP - ok 20:08:50.0473 4160 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 20:08:50.0567 4160 RDPWD - ok 20:08:50.0629 4160 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 20:08:50.0692 4160 rdyboost - ok 20:08:50.0739 4160 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 20:08:50.0848 4160 RemoteAccess - ok 20:08:50.0879 4160 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 20:08:51.0004 4160 RemoteRegistry - ok 20:08:51.0019 4160 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 20:08:51.0113 4160 RpcEptMapper - ok 20:08:51.0144 4160 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 20:08:51.0175 4160 RpcLocator - ok 20:08:51.0238 4160 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 20:08:51.0316 4160 RpcSs - ok 20:08:51.0331 4160 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 20:08:51.0441 4160 rspndr - ok 20:08:51.0487 4160 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:08:51.0519 4160 SamSs - ok 20:08:51.0565 4160 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 20:08:51.0612 4160 sbp2port - ok 20:08:51.0659 4160 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 20:08:51.0799 4160 SCardSvr - ok 20:08:51.0862 4160 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 20:08:51.0955 4160 scfilter - ok 20:08:52.0049 4160 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 20:08:52.0174 4160 Schedule - ok 20:08:52.0221 4160 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 20:08:52.0299 4160 SCPolicySvc - ok 20:08:52.0361 4160 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 20:08:52.0439 4160 SDRSVC - ok 20:08:52.0517 4160 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 20:08:52.0611 4160 secdrv - ok 20:08:52.0642 4160 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 20:08:52.0767 4160 seclogon - ok 20:08:52.0798 4160 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 20:08:52.0891 4160 SENS - ok 20:08:52.0907 4160 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 20:08:52.0969 4160 SensrSvc - ok 20:08:53.0001 4160 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 20:08:53.0047 4160 Serenum - ok 20:08:53.0079 4160 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 20:08:53.0125 4160 Serial - ok 20:08:53.0203 4160 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 20:08:53.0250 4160 sermouse - ok 20:08:53.0313 4160 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 20:08:53.0406 4160 SessionEnv - ok 20:08:53.0453 4160 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 20:08:53.0500 4160 sffdisk - ok 20:08:53.0531 4160 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 20:08:53.0578 4160 sffp_mmc - ok 20:08:53.0593 4160 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 20:08:53.0640 4160 sffp_sd - ok 20:08:53.0671 4160 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 20:08:53.0718 4160 sfloppy - ok 20:08:53.0796 4160 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 20:08:53.0890 4160 SharedAccess - ok 20:08:53.0968 4160 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 20:08:54.0061 4160 ShellHWDetection - ok 20:08:54.0093 4160 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys 20:08:54.0155 4160 SiSGbeLH - ok 20:08:54.0186 4160 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 20:08:54.0217 4160 SiSRaid2 - ok 20:08:54.0233 4160 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 20:08:54.0249 4160 SiSRaid4 - ok 20:08:54.0264 4160 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 20:08:54.0327 4160 Smb - ok 20:08:54.0389 4160 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 20:08:54.0420 4160 SNMPTRAP - ok 20:08:54.0451 4160 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 20:08:54.0467 4160 spldr - ok 20:08:54.0545 4160 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 20:08:54.0639 4160 Spooler - ok 20:08:54.0873 4160 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 20:08:55.0075 4160 sppsvc - ok 20:08:55.0185 4160 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 20:08:55.0294 4160 sppuinotify - ok 20:08:55.0387 4160 SQTECH913D (a0712c312fff234801693722f65f9436) C:\Windows\system32\Drivers\Capt913D.sys 20:08:55.0434 4160 SQTECH913D - ok 20:08:55.0590 4160 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207010.003\SRTSP64.SYS 20:08:55.0668 4160 SRTSP - ok 20:08:55.0699 4160 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207010.003\SRTSPX64.SYS 20:08:55.0715 4160 SRTSPX - ok 20:08:55.0777 4160 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 20:08:55.0871 4160 srv - ok 20:08:55.0902 4160 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 20:08:55.0949 4160 srv2 - ok 20:08:55.0980 4160 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 20:08:56.0027 4160 srvnet - ok 20:08:56.0058 4160 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 20:08:56.0167 4160 SSDPSRV - ok 20:08:56.0199 4160 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 20:08:56.0261 4160 SstpSvc - ok 20:08:56.0277 4160 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 20:08:56.0308 4160 stexstor - ok 20:08:56.0401 4160 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 20:08:56.0495 4160 stisvc - ok 20:08:56.0526 4160 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 20:08:56.0557 4160 swenum - ok 20:08:56.0620 4160 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 20:08:56.0729 4160 swprv - ok 20:08:56.0807 4160 sxuptp (e77f28dabc4aded088606e6cb0c0ee70) C:\Windows\system32\DRIVERS\sxuptp.sys 20:08:56.0869 4160 sxuptp - ok 20:08:56.0994 4160 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS 20:08:57.0025 4160 SymDS - ok 20:08:57.0119 4160 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS 20:08:57.0213 4160 SymEFA - ok 20:08:57.0275 4160 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 20:08:57.0307 4160 SymEvent - ok 20:08:57.0338 4160 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS 20:08:57.0370 4160 SymIRON - ok 20:08:57.0416 4160 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS 20:08:57.0463 4160 SymNetS - ok 20:08:57.0604 4160 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 20:08:57.0728 4160 SysMain - ok 20:08:57.0853 4160 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 20:08:57.0916 4160 TabletInputService - ok 20:08:57.0947 4160 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 20:08:58.0056 4160 TapiSrv - ok 20:08:58.0087 4160 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 20:08:58.0181 4160 TBS - ok 20:08:58.0384 4160 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 20:08:58.0524 4160 Tcpip - ok 20:08:58.0774 4160 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 20:08:58.0852 4160 TCPIP6 - ok 20:08:58.0961 4160 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 20:08:59.0054 4160 tcpipreg - ok 20:08:59.0101 4160 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 20:08:59.0148 4160 TDPIPE - ok 20:08:59.0210 4160 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 20:08:59.0273 4160 TDTCP - ok 20:08:59.0320 4160 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 20:08:59.0382 4160 tdx - ok 20:08:59.0444 4160 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 20:08:59.0460 4160 TermDD - ok 20:08:59.0522 4160 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 20:08:59.0600 4160 TermService - ok 20:08:59.0632 4160 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 20:08:59.0710 4160 Themes - ok 20:08:59.0741 4160 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 20:08:59.0819 4160 THREADORDER - ok 20:08:59.0881 4160 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 20:08:59.0975 4160 TrkWks - ok 20:09:00.0068 4160 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 20:09:00.0162 4160 TrustedInstaller - ok 20:09:00.0209 4160 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 20:09:00.0302 4160 tssecsrv - ok 20:09:00.0380 4160 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 20:09:00.0443 4160 TsUsbFlt - ok 20:09:00.0521 4160 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 20:09:00.0583 4160 tunnel - ok 20:09:00.0614 4160 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 20:09:00.0646 4160 uagp35 - ok 20:09:00.0708 4160 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 20:09:00.0802 4160 udfs - ok 20:09:00.0833 4160 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 20:09:00.0880 4160 UI0Detect - ok 20:09:00.0926 4160 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 20:09:00.0958 4160 uliagpkx - ok 20:09:01.0020 4160 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 20:09:01.0067 4160 umbus - ok 20:09:01.0082 4160 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 20:09:01.0129 4160 UmPass - ok 20:09:01.0176 4160 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 20:09:01.0301 4160 upnphost - ok 20:09:01.0363 4160 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 20:09:01.0410 4160 USBAAPL64 - ok 20:09:01.0457 4160 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 20:09:01.0519 4160 usbccgp - ok 20:09:01.0582 4160 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 20:09:01.0628 4160 usbcir - ok 20:09:01.0675 4160 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 20:09:01.0706 4160 usbehci - ok 20:09:01.0753 4160 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 20:09:01.0816 4160 usbhub - ok 20:09:01.0878 4160 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 20:09:01.0940 4160 usbohci - ok 20:09:01.0987 4160 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 20:09:02.0050 4160 usbprint - ok 20:09:02.0096 4160 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 20:09:02.0159 4160 usbscan - ok 20:09:02.0206 4160 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS 20:09:02.0284 4160 USBSTOR - ok 20:09:02.0347 4160 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys 20:09:02.0378 4160 usbuhci - ok 20:09:02.0472 4160 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 20:09:02.0534 4160 usbvideo - ok 20:09:02.0550 4160 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 20:09:02.0628 4160 UxSms - ok 20:09:02.0659 4160 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:09:02.0690 4160 VaultSvc - ok 20:09:02.0784 4160 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 20:09:02.0815 4160 vdrvroot - ok 20:09:02.0924 4160 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 20:09:03.0065 4160 vds - ok 20:09:03.0111 4160 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 20:09:03.0127 4160 vga - ok 20:09:03.0143 4160 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 20:09:03.0221 4160 VgaSave - ok 20:09:03.0267 4160 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 20:09:03.0314 4160 vhdmp - ok 20:09:03.0424 4160 VIAHdAudAddService (fe595d1a1b781190bb483444b62cc607) C:\Windows\system32\drivers\viahduaa.sys 20:09:03.0502 4160 VIAHdAudAddService - ok 20:09:03.0549 4160 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 20:09:03.0580 4160 viaide - ok 20:09:03.0627 4160 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 20:09:03.0658 4160 volmgr - ok 20:09:03.0736 4160 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 20:09:03.0783 4160 volmgrx - ok 20:09:03.0861 4160 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 20:09:03.0924 4160 volsnap - ok 20:09:03.0986 4160 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 20:09:04.0033 4160 vsmraid - ok 20:09:04.0173 4160 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 20:09:04.0329 4160 VSS - ok 20:09:04.0438 4160 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 20:09:04.0485 4160 vwifibus - ok 20:09:04.0516 4160 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 20:09:04.0563 4160 vwififlt - ok 20:09:04.0610 4160 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 20:09:04.0641 4160 vwifimp - ok 20:09:04.0688 4160 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 20:09:04.0782 4160 W32Time - ok 20:09:04.0813 4160 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 20:09:04.0828 4160 WacomPen - ok 20:09:04.0906 4160 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 20:09:04.0969 4160 WANARP - ok 20:09:04.0984 4160 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 20:09:05.0047 4160 Wanarpv6 - ok 20:09:05.0156 4160 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 20:09:05.0250 4160 WatAdminSvc - ok 20:09:05.0390 4160 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 20:09:05.0530 4160 wbengine - ok 20:09:05.0640 4160 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 20:09:05.0702 4160 WbioSrvc - ok 20:09:05.0764 4160 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 20:09:05.0858 4160 wcncsvc - ok 20:09:05.0889 4160 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 20:09:06.0014 4160 WcsPlugInService - ok 20:09:06.0061 4160 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 20:09:06.0092 4160 Wd - ok 20:09:06.0154 4160 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 20:09:06.0217 4160 Wdf01000 - ok 20:09:06.0232 4160 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 20:09:06.0357 4160 WdiServiceHost - ok 20:09:06.0373 4160 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 20:09:06.0404 4160 WdiSystemHost - ok 20:09:06.0466 4160 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 20:09:06.0544 4160 WebClient - ok 20:09:06.0576 4160 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 20:09:06.0685 4160 Wecsvc - ok 20:09:06.0716 4160 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 20:09:06.0794 4160 wercplsupport - ok 20:09:06.0841 4160 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 20:09:06.0919 4160 WerSvc - ok 20:09:07.0012 4160 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 20:09:07.0090 4160 WfpLwf - ok 20:09:07.0122 4160 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys 20:09:07.0153 4160 WimFltr - ok 20:09:07.0168 4160 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 20:09:07.0184 4160 WIMMount - ok 20:09:07.0215 4160 WinDefend - ok 20:09:07.0231 4160 WinHttpAutoProxySvc - ok 20:09:07.0309 4160 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 20:09:07.0402 4160 Winmgmt - ok 20:09:07.0574 4160 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 20:09:07.0746 4160 WinRM - ok 20:09:07.0917 4160 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 20:09:07.0964 4160 WinUsb - ok 20:09:08.0058 4160 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 20:09:08.0151 4160 Wlansvc - ok 20:09:08.0401 4160 wlidsvc (e23a257a54fa12c2aef8ad51e6556357) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 20:09:08.0526 4160 wlidsvc - ok 20:09:08.0650 4160 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 20:09:08.0697 4160 WmiAcpi - ok 20:09:08.0760 4160 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 20:09:08.0822 4160 wmiApSrv - ok 20:09:08.0853 4160 WMPNetworkSvc - ok 20:09:08.0884 4160 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 20:09:08.0931 4160 WPCSvc - ok 20:09:08.0994 4160 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 20:09:09.0072 4160 WPDBusEnum - ok 20:09:09.0103 4160 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 20:09:09.0181 4160 ws2ifsl - ok 20:09:09.0212 4160 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 20:09:09.0259 4160 wscsvc - ok 20:09:09.0259 4160 WSearch - ok 20:09:09.0446 4160 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 20:09:09.0618 4160 wuauserv - ok 20:09:09.0774 4160 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 20:09:09.0867 4160 WudfPf - ok 20:09:09.0914 4160 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 20:09:09.0992 4160 WUDFRd - ok 20:09:10.0039 4160 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 20:09:10.0101 4160 wudfsvc - ok 20:09:10.0132 4160 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 20:09:10.0210 4160 WwanSvc - ok 20:09:10.0335 4160 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe 20:09:10.0366 4160 YahooAUService - ok 20:09:10.0429 4160 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 20:09:10.0647 4160 \Device\Harddisk0\DR0 - ok 20:09:10.0647 4160 Boot (0x1200) (7f8ff8bdc03f807b515c146a81878ce5) \Device\Harddisk0\DR0\Partition0 20:09:10.0647 4160 \Device\Harddisk0\DR0\Partition0 - ok 20:09:10.0647 4160 ============================================================ 20:09:10.0647 4160 Scan finished 20:09:10.0647 4160 ============================================================ 20:09:10.0678 2596 Detected object count: 1 20:09:10.0678 2596 Actual detected object count: 1 20:11:43.0726 2596 ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user 20:11:43.0726 2596 ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

MrC, Thanks for the help, here is the requested log file. RogueKiller V7.4.3 [05/04/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: chrissy [Admin rights] Mode: Scan -- Date: 05/06/2012 13:25:30 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 7 ¤¤¤ [sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND [sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{05F67C82-00B4-4D9A-9EF3-BC19332973E0} : NameServer (206.230.105.4,206.230.105.5) -> FOUND [DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{05F67C82-00B4-4D9A-9EF3-BC19332973E0} : NameServer (206.230.105.4,206.230.105.5) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500325AS +++++ --- User --- [MBR] ecfb9639bd329c89520bd3e1a1fe21e2 [bSP] 430eaf6ed8558d670d2c84579f07828f : Windows Vista MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 14997 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30716280 | Size: 461940 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt

I've removed what I was able to manually and from different sets of instructions I've found on the web, however I believe the infection is still there as some websites open with no problems and others I can't get to open. The problem seems to be random as well. Any and all assistance would be appreaciated. Thanks, Darien Requested log files: DDS Log: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by chrissy at 8:34:32 on 2012-05-06 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2496 [GMT -5:00] . AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\FBAgent.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe C:\Windows\PixArt\PAP7501\GUCI_AVS.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe C:\Program Files\BUFFALO\Device server\Connect.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe C:\Program Files (x86)\Fisher-Price\iXL\iXL.Middleware.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://asus.msn.com uInternet Settings,ProxyOverride = *.local;192.168.*.* uURLSearchHooks: H - No File uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: MRI_DISABLED - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll BHO: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No File TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [Google Update] "C:\Users\chrissy\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" mRun: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions mRun: [iXL_MiddleWare] C:\Program Files (x86)\Fisher-Price\iXL\iXL.Middleware.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices StartupFolder: C:\Users\chrissy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BESTBU~1.LNK - C:\Program Files (x86)\Best Buy Software Installer\Best Buy Software Installer.exe StartupFolder: C:\Users\chrissy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NETWOR~1.LNK - C:\Program Files (x86)\BUFFALO\Device server\Connect.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MRI_DI~1\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: pbskids.org DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab TCP: DhcpNameServer = 192.168.11.1 TCP: Interfaces\{05F67C82-00B4-4D9A-9EF3-BC19332973E0} : NameServer = 206.230.105.4,206.230.105.5 TCP: Interfaces\{05F67C82-00B4-4D9A-9EF3-BC19332973E0} : DhcpNameServer = 192.168.11.1 TCP: Interfaces\{05F67C82-00B4-4D9A-9EF3-BC19332973E0}\2456C6B696E6F5E4B2F5444344735303 : DhcpNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{05F67C82-00B4-4D9A-9EF3-BC19332973E0}\46C696E6B6 : NameServer = 206.230.105.4,206.230.105.5 TCP: Interfaces\{05F67C82-00B4-4D9A-9EF3-BC19332973E0}\46C696E6B6 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{EFE48AC0-FFEB-4FAE-92E7-D4A693271A24} : DhcpNameServer = 168.94.0.15 168.94.0.14 TCP: Interfaces\{F93B70BE-C7B7-4F2B-94EA-535E85284ED4} : DhcpNameServer = 8.8.8.8 8.8.4.4 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: MRI_DISABLED - No File BHO-X64: AcroIEHelperStub - No File BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll BHO-X64: Symantec NCO BHO - No File BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL BHO-X64: Symantec Intrusion Prevention - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll BHO-X64: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No File BHO-X64: NetAssistantBHO - No File TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" mRun-x64: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions mRun-x64: [iXL_MiddleWare] C:\Program Files (x86)\Fisher-Price\iXL\iXL.Middleware.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-4-19 1160824] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120505.001\IDSviA64.sys [2012-5-5 488568] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207010.003\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416] R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008] R2 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys --> C:\Windows\system32\DRIVERS\sxuptp.sys [?] R3 easytether;easytether;C:\Windows\system32\DRIVERS\easytthr.sys --> C:\Windows\system32\DRIVERS\easytthr.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-13 138360] R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?] R3 GUCI_AVS;ASUS USB2.0 UVC VGA WebCam;C:\Windows\system32\DRIVERS\GUCI_AVS.sys --> C:\Windows\system32\DRIVERS\GUCI_AVS.sys [?] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864] S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?] S3 SQTECH913D;913D Camera;C:\Windows\system32\Drivers\Capt913D.sys --> C:\Windows\system32\Drivers\Capt913D.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-05-06 03:21:12 -------- d-----w- C:\Users\chrissy\AppData\Roaming\Malwarebytes 2012-05-03 03:32:05 -------- d-----w- C:\Users\chrissy\AppData\Roaming\Motorola 2012-05-03 03:31:45 -------- d-----w- C:\Program Files\Motorola Inc 2012-04-27 20:21:16 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-27 20:21:16 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-27 04:22:08 -------- d-----w- C:\Windows\System32\SPReview 2012-04-27 04:20:21 -------- d-----w- C:\Windows\System32\EventProviders 2012-04-27 03:40:18 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2012-04-27 03:39:45 -------- d-----w- C:\Windows\PCHEALTH 2012-04-27 03:32:32 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8 2012-04-27 03:31:50 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2012-04-20 21:33:04 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-04-20 21:33:04 -------- d-----w- C:\ProgramData\Malwarebytes 2012-04-20 21:33:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-04-14 21:33:53 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-04-14 21:33:52 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-04-14 21:33:52 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-04-14 21:26:17 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-04-14 21:26:17 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-04-14 21:26:17 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-04-14 21:26:15 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-04-14 21:26:15 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-04-14 21:26:15 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-04-14 21:26:15 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-04-09 21:37:08 -------- d-----w- C:\Program Files\Paint.NET 2012-04-09 21:36:42 -------- d-----w- C:\Users\chrissy\AppData\Local\Paint.NET 2012-04-09 21:31:02 87552 ----a-w- C:\Windows\System32\custmon64i.dll 2012-04-09 21:30:59 -------- d-----w- C:\Program1 2012-04-09 21:30:56 -------- d-----w- C:\Users\chrissy\AppData\Local\Babylon 2012-04-09 21:30:54 -------- d-----w- C:\Program Files (x86)\FoxTabPDFCreator 2012-04-09 21:30:53 -------- d-----w- C:\Users\chrissy\AppData\Roaming\Babylon 2012-04-09 21:30:53 -------- d-----w- C:\ProgramData\Babylon . ==================== Find3M ==================== . 2012-04-27 04:36:41 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-04-27 04:36:41 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys 2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll 2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2009-04-08 18:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll 2008-08-12 05:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll . ============= FINISH: 8:35:08.88 =============== Attach Log: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 3/20/2010 7:16:23 AM System Uptime: 5/6/2012 8:18:43 AM (0 hours ago) . Motherboard: ASUSTeK Computer Inc. | | K60IJ Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz | Socket 478 | 1584/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 377.873 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP104: 4/26/2012 11:21:58 PM - Windows 7 Service Pack 1 RP105: 4/27/2012 3:22:40 PM - Windows Update RP106: 4/28/2012 1:13:22 PM - Windows Update RP107: 4/30/2012 4:51:23 PM - Windows Update RP108: 4/30/2012 5:07:30 PM - Removed ShellShock:Nam'67 RP109: 4/30/2012 5:08:26 PM - Removed Passport A+ . ==== Installed Programs ====================== . 913D Camera Acrobat.com Adobe AIR Adobe Flash Player 10 Plugin Adobe Reader 9.2 MUI Alcor Micro USB Card Reader Apple Application Support Apple Software Update ASUS AI Recovery ASUS AP Bank ASUS CopyProtect ASUS Data Security Manager ASUS FancyStart ASUS LifeFrame3 ASUS Live Update ASUS MultiFrame ASUS SmartLogon ASUS Splendid Video Enhancement Technology ASUS USB2.0 UVC VGA WebCam ASUS Virtual Camera ASUS_Screensaver ATK Package AviSynth 2.5 AVS Cover Editor 2.0.1.3 AVS Disc Creator 5 AVS Update Manager 1.0 AVS Video Converter 8 AVS4YOU Software Navigator 1.4 Best Buy pc app Compatibility Pack for the 2007 Office system ControlDeck Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DVD Shrink 3.2 Fisher-Price iXL - Disney Princess Fisher-Price iXL - Kai-lan Fisher-Price iXL Computer Software Free DVD ISO Maker version 1.2 Freeze.com NetAssistant Geek Squad 24 Hour Computer Support Google Chrome HTC Driver Installer HTC Sync Intel® Control Center Intel® Graphics Media Accelerator Driver InterActual Player Junk Mail filter update Languages of the World LeapFrog Connect LeapFrog Tag Plugin Logitech Harmony Remote Software Logitech Harmony Remote Software 7 Magic ISO Maker v5.5 (build 0281) Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft Choice Guard Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Live Add-in 1.4 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works MotoHelper 2.1.32 Driver 5.4.0 MotoHelper MergeModules MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Norton Internet Security Photo Viewer S2.5 Platform Remote Control USB Driver Roxio Burn Roxio Roxio Burn Roxio Update Manager Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) VIA Platform Device Manager Videora Android Converter 6 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer WinFlash WinZip 15.0 Wireless Console 3 Yahoo! Software Update YouTube Downloader App 3.00 . ==== End Of File ===========================

Everything appears clear. I am not getting random pop-ups, nor are my searches being redirected to random sites. System performance also seems much better. Thanks for the assistance.

Here is the latest ComboFix log: ComboFix 10-08-24.06 - Owner 08/24/2010 15:55:40.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1016.472 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\Malware removal tools\Combo-Fix.exe Command switches used :: c:\documents and settings\Owner\Desktop\Malware removal tools\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Viewpoint c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\ComparativeSearch.xml c:\documents and settings\Owner\Application Data\Viewpoint c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\alert.xml c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\DogEars.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\DogEarsList.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\GeneralOptions.ini c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Group.1.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Group.2.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Group.3.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Group.4.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Groups.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Opts.AdvancedOptions.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Opts.AlertOptions.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Opts.Alerts.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Opts.ClassicSkinOptions.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Opts.GeneralOptions.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Opts.NonPropogatingOptions.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Opts.Popups.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Opts.Search.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Opts.SelectorEditor.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Opts.ThemeCustomizer.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Pings.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\PopupBlacklist.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\PopupWhitelist.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\SavedAlerts.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\SavedAlerts\Channel7.1.xml c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\SearchHistory.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Selectors.dat c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\SitesBlacklist.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\SitesWhitelist.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Thumbnails.tdb c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Thumbnails\Thumb.11.jpg c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Thumbnails\Thumb.13.jpg c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Thumbnails\Thumb.2.jpg c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Thumbnails\Thumb.3.jpg c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Thumbnails\Thumb.5.jpg c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Thumbnails\Thumb.7.jpg c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\Thumbnails\Thumb.9.jpg c:\documents and settings\Owner\Application Data\Viewpoint\ViewBar\ViewBar.ddb c:\program files\Viewpoint . ((((((((((((((((((((((((( Files Created from 2010-07-24 to 2010-08-24 ))))))))))))))))))))))))))))))) . 2010-08-10 20:42 . 2010-05-26 15:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys 2010-08-09 02:44 . 2010-08-09 02:44 -------- d-----w- c:\program files\Sophos 2010-08-07 05:44 . 2010-08-07 05:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-08-06 03:43 . 2010-08-06 03:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2010-08-06 02:28 . 2010-08-06 02:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-08-04 06:13 . 2010-08-04 06:13 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll 2010-08-04 06:13 . 2010-08-04 06:13 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe 2010-08-04 06:13 . 2010-08-04 06:13 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2010-08-04 06:13 . 2010-08-04 06:13 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll 2010-08-04 02:18 . 2010-08-04 02:18 -------- d-----w- c:\documents and settings\Ronald\Application Data\Malwarebytes 2010-08-04 02:17 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-04 02:17 . 2010-08-04 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-04 02:17 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-04 02:17 . 2010-08-04 02:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-23 21:39 . 2003-07-24 09:32 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-23 21:29 . 2003-07-24 09:32 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-08 20:24 . 2010-07-20 14:53 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-05 21:03 . 2008-08-18 14:17 -------- d-----w- c:\documents and settings\Ronald\Application Data\HPAppData 2010-07-20 13:20 . 2008-08-11 19:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Hoyle Puzzle and Board Games 2010-07-15 13:53 . 2009-11-28 14:43 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-15 13:53 . 2010-07-15 13:53 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-15 13:46 . 2009-11-28 14:43 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-06-30 12:31 . 2004-09-11 16:02 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:15 . 2004-09-11 16:02 832512 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 12:15 . 2009-11-28 04:33 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-06-24 12:15 . 2004-09-11 16:04 17408 ----a-w- c:\windows\system32\corpol.dll 2010-06-23 13:44 . 2004-09-11 16:02 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2004-09-11 16:02 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2004-09-11 16:04 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2004-09-11 16:05 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe 2010-06-14 07:41 . 2004-09-11 16:03 1172480 ----a-w- c:\windows\system32\msxml3.dll 2010-06-02 13:52 . 2009-11-28 14:43 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2004-01-07 22:58 . 2004-01-04 23:36 56 --sh--r- c:\windows\system32\4D5F065ECC.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIEW"="nview.dll" [2003-05-03 835654] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-07-24 151597] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-03 4640768] "nwiz"="nwiz.exe" [2003-05-03 323584] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-07-15 13:53 12536 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] 2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/28/2009 10:28 AM 64288] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/28/2009 9:43 AM 216400] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/28/2009 9:43 AM 243024] R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [8/10/2010 3:42 PM 18816] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 8:46 AM 921952] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 8:52 AM 308136] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1181328] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/3/2010 9:17 PM 38224] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5E.tmp --> c:\windows\system32\5E.tmp [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 . Contents of the 'Scheduled Tasks' folder 2010-08-24 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:30] 2010-08-24 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:30] 2010-08-24 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:30] 2010-08-24 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:30] 2010-08-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:30] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com/ uDefault_Search_URL = hxxp://srch-qus9.hpwis.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz= mSearch Bar = hxxp://srch-qus9.hpwis.com/ uInternet Connection Wizard,ShellNext = hxxp://qus9.hpwis.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-24 16:05 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\5E.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2138137709-1631759246-3435112801-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-2138137709-1631759246-3435112801-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:d4,eb,0e,58,34,c2,8b,96,a8,30,42,3d,46,8b,bf,8a,c4,30,2f,08,6f,3d,a6, d7,16,20,14,82,ea,12,f7,dc,4f,0c,46,1e,6a,ef,89,b0,5d,e2,87,ee,b8,1a,74,85,\ "??"=hex:7c,d6,c6,b0,b3,95,9f,1a,cf,6e,c6,d2,64,be,f1,43 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(656) c:\program files\Softex\OmniPass\opxpgina.dll . Completion time: 2010-08-24 16:11:17 ComboFix-quarantined-files.txt 2010-08-24 21:11 ComboFix2.txt 2010-08-24 01:57 Pre-Run: 53,465,149,440 bytes free Post-Run: 53,463,453,696 bytes free - - End Of File - - D7520179F2D61B3A77B251CC44CDB21B

Borislav, I apologize for mistyping your name. Below are the requested scan logs. JavaRa Log: JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Mon Aug 23 16:46:31 2010 Found and removed: SOFTWARE\Classes\JavaPlugin.141_02 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\JavaPlugin.160_19 Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} ------------------------------------ Finished reporting. Combo-Fix Log: ComboFix 10-08-23.01 - Owner 08/23/2010 18:33:10.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1016.510 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\Malware removal tools\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\Local Settings\Temporary Internet Files\pse_350_enu.exe c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf c:\windows\ikiriyiji.dll c:\windows\iminipavurogehu.dll c:\windows\iwijuxapivehadaj.dll c:\windows\upaqivoqulicak.dll c:\windows\utugugek.dll D:\Autorun.inf Infected copy of c:\windows\system32\drivers\agp440.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-07-24 to 2010-08-24 ))))))))))))))))))))))))))))))) . 2010-08-10 20:42 . 2010-05-26 15:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys 2010-08-09 02:44 . 2010-08-09 02:44 -------- d-----w- c:\program files\Sophos 2010-08-07 05:44 . 2010-08-07 05:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-08-06 03:43 . 2010-08-06 03:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2010-08-06 02:28 . 2010-08-06 02:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-08-04 02:18 . 2010-08-04 02:18 -------- d-----w- c:\documents and settings\Ronald\Application Data\Malwarebytes 2010-08-04 02:17 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-04 02:17 . 2010-08-04 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-04 02:17 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-04 02:17 . 2010-08-04 02:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-23 22:04 . 2003-07-24 09:33 -------- d-----w- c:\program files\Viewpoint 2010-08-23 21:51 . 2005-07-10 15:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Viewpoint 2010-08-23 21:51 . 2005-02-07 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2010-08-23 21:44 . 2003-12-13 20:16 -------- d-----w- c:\program files\Java 2010-08-23 21:39 . 2003-07-24 09:32 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-23 21:29 . 2003-07-24 09:32 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-08 20:24 . 2010-07-20 14:53 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-05 21:03 . 2008-08-18 14:17 -------- d-----w- c:\documents and settings\Ronald\Application Data\HPAppData 2010-08-04 06:13 . 2010-08-04 06:13 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll 2010-08-04 06:13 . 2010-08-04 06:13 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe 2010-08-04 06:13 . 2010-08-04 06:13 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2010-08-04 06:13 . 2010-08-04 06:13 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll 2010-07-20 13:20 . 2008-08-11 19:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Hoyle Puzzle and Board Games 2010-07-15 13:53 . 2009-11-28 14:43 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-15 13:53 . 2010-07-15 13:53 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-15 13:46 . 2009-11-28 14:43 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-06-02 13:52 . 2009-11-28 14:43 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2004-01-07 22:58 . 2004-01-04 23:36 56 --sh--r- c:\windows\system32\4D5F065ECC.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIEW"="nview.dll" [2003-05-03 835654] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-07-24 151597] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-03 4640768] "nwiz"="nwiz.exe" [2003-05-03 323584] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136] c:\documents and settings\Default User\Start Menu\Programs\Startup\ mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-07-15 13:53 12536 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] 2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/28/2009 10:28 AM 64288] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/28/2009 9:43 AM 216400] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/28/2009 9:43 AM 243024] R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [8/10/2010 3:42 PM 18816] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 8:46 AM 921952] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 8:52 AM 308136] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1181328] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/3/2010 9:17 PM 38224] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5E.tmp --> c:\windows\system32\5E.tmp [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 . Contents of the 'Scheduled Tasks' folder 2010-08-24 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:30] 2010-08-24 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:30] 2010-08-24 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:30] 2010-08-24 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:30] 2010-08-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:30] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com/ uDefault_Search_URL = hxxp://srch-qus9.hpwis.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz= mSearch Bar = hxxp://srch-qus9.hpwis.com/ uInternet Connection Wizard,ShellNext = hxxp://qus9.hpwis.com/ uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5643 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - ORPHANS REMOVED - - - - HKCU-Run-MoneyAgent - c:\program files\Microsoft Money\System\mnyexpr.exe HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe SafeBoot-svcWRSSSDK ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-23 20:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\5E.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2138137709-1631759246-3435112801-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-2138137709-1631759246-3435112801-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:d4,eb,0e,58,34,c2,8b,96,a8,30,42,3d,46,8b,bf,8a,c4,30,2f,08,6f,3d,a6, d7,16,20,14,82,ea,12,f7,dc,4f,0c,46,1e,6a,ef,89,b0,5d,e2,87,ee,b8,1a,74,85,\ "??"=hex:7c,d6,c6,b0,b3,95,9f,1a,cf,6e,c6,d2,64,be,f1,43 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(660) c:\program files\Softex\OmniPass\opxpgina.dll - - - - - - - > 'explorer.exe'(27600) c:\windows\system32\WININET.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\Softex\OmniPass\Omniserv.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Softex\OmniPass\OPXPApp.exe c:\windows\system32\SearchIndexer.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Completion time: 2010-08-23 20:57:52 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-24 01:57 Pre-Run: 50,649,509,888 bytes free Post-Run: 54,024,826,880 bytes free - - End Of File - - 1BCE82C8717682CF3FFF3A3BC34411A4 Thanks again for the assistance.

Boris, thanks for the assist. Sorry this has taken so long, been having power problems so I have been having problems getting all the scans to finish, but I have now. Below is the requested information. DDS.TXT: DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 12:08:42.37 on Sun 08/15/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1016.340 [GMT -5:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe svchost.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\igfxtray.exe C:\HP\KBD\KBD.EXE C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Owner\Desktop\Malware removal tools\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.aol.com/ uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://qus9.hpwis.com/ uDefault_Search_URL = hxxp://srch-qus9.hpwis.com/ uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz= mSearch Bar = hxxp://srch-qus9.hpwis.com/ uInternet Connection Wizard,ShellNext = hxxp://qus9.hpwis.com/ uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5643 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe dRun: [moxqiuaw] c:\documents and settings\networkservice\local settings\application data\guxbftdeo\lhpsfwftssd.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281057412251 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Kraft/Coupons.cab DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxsrvc.dll Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll LSA: Notification Packages = scecli scecli scecli ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-28 64288] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-28 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-28 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-28 243024] R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-8-10 18816] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-8-3 38224] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5e.tmp --> c:\windows\system32\5E.tmp [?] =============== Created Last 30 ================ ==================== Find3M ==================== 2010-07-15 13:53:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-15 13:53:23 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-15 13:46:42 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2004-01-07 22:58:50 56 --sh--r- c:\windows\system32\4D5F065ECC.sys ============= FINISH: 12:10:52.10 =============== MBAM Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4426 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 8/13/2010 8:33:13 PM mbam-log-2010-08-13 (20-33-13).txt Scan type: Quick scan Objects scanned: 246611 Time elapsed: 29 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) AVG Scan Log: "Scan ""Scan whole computer"" completed." "Warnings";"300";"300";"0" "Folders selected for scanning:";"Scan whole computer" "Scan started:";"Saturday, August 14, 2010, 8:03:40 AM" "Scan finished:";"Saturday, August 14, 2010, 10:25:42 AM (2 hour(s) 22 minute(s) 1 second(s))" "Total object scanned:";"508346" "User who launched the scan:";"Owner" "Warnings" "File";"Infection";"Result" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc87.txt:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc87.txt:\casalemedia.com.8c65eddd";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc87.txt:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc87.txt:\casalemedia.com.650648e8";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc87.txt:\casalemedia.com.350339d4";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc87.txt:\casalemedia.com.2d37ad26";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc87.txt:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc87.txt";"Found Tracking cookie.Casalemedia";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc81.txt:\burstnet.com.c4fe2ebb";"Found Tracking cookie.Burstnet";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc81.txt:\burstnet.com.a3218a37";"Found Tracking cookie.Burstnet";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc81.txt:\burstnet.com.27341d57";"Found Tracking cookie.Burstnet";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc81.txt";"Found Tracking cookie.Burstnet";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc80.txt:\burstbeacon.com.c4fe2ebb";"Found Tracking cookie.Burstbeacon";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc80.txt";"Found Tracking cookie.Burstbeacon";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc77.txt:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc77.txt";"Found Tracking cookie.Serving-sys";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc72.txt:\bluestreak.com.bf396750";"Found Tracking cookie.Bluestreak";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc72.txt";"Found Tracking cookie.Bluestreak";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc7.txt:\247realmedia.com.e14be39e";"Found Tracking cookie.247realmedia";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc7.txt:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc7.txt:\247realmedia.com.125a868c";"Found Tracking cookie.247realmedia";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc7.txt";"Found Tracking cookie.247realmedia";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc56.txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc56.txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc56.txt";"Found Tracking cookie.Atdmt";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc413.txt:\zedo.com.f1d14556";"Found Tracking cookie.Zedo";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc413.txt:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc413.txt:\zedo.com.a5b6a132";"Found Tracking cookie.Zedo";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc413.txt:\zedo.com.6a4b36ab";"Found Tracking cookie.Zedo";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc413.txt:\zedo.com.27f1639b";"Found Tracking cookie.Zedo";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc413.txt:\zedo.com.14a38114";"Found Tracking cookie.Zedo";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc413.txt";"Found Tracking cookie.Zedo";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc4.txt:\2o7.net.71053f32";"Found Tracking cookie.2o7";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc4.txt:\2o7.net.4ceb623c";"Found Tracking cookie.2o7";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc4.txt:\2o7.net.2f21f4a";"Found Tracking cookie.2o7";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc4.txt";"Found Tracking cookie.2o7";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc37.txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc37.txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc37.txt:\advertising.com.893d35c2";"Found Tracking cookie.Advertising";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc37.txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc37.txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc37.txt:\advertising.com.1dfa2206";"Found Tracking cookie.Advertising";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc37.txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc37.txt";"Found Tracking cookie.Advertising";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc315.txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc315.txt";"Found Tracking cookie.Tribalfusion";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc310.txt:\trafficmp.com.f3e5803e";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc310.txt:\trafficmp.com.eff57afe";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc310.txt:\trafficmp.com.e2e71e33";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc310.txt:\trafficmp.com.cf3055d6";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc310.txt:\trafficmp.com.ae53b8b";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc310.txt:\trafficmp.com.a9153769";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc310.txt:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc310.txt:\trafficmp.com.92823228";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc310.txt:\trafficmp.com.37644bdb";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc310.txt:\trafficmp.com.301c66d3";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc310.txt";"Found Tracking cookie.Trafficmp";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc300.txt:\tacoda.net.ed9c50d1";"Found Tracking cookie.Tacoda";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc300.txt:\tacoda.net.cd7ce44f";"Found Tracking cookie.Tacoda";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc300.txt:\tacoda.net.c4fe2ebb";"Found Tracking cookie.Tacoda";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc300.txt:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc300.txt:\tacoda.net.4366831a";"Found Tracking cookie.Tacoda";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc300.txt:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc300.txt";"Found Tracking cookie.Tacoda";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc283.txt:\statse.webtrendslive.com.b4ca7df0";"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc283.txt";"Found Tracking cookie.Webtrendslive";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc269.txt:\serving-sys.com.db46cecc";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc269.txt:\serving-sys.com.ac41fe5a";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc269.txt:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc269.txt:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc269.txt:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc269.txt:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc269.txt:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc269.txt";"Found Tracking cookie.Serving-sys";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc254.txt:\ru4.com.ac04fc10";"Found Tracking cookie.Ru4";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc254.txt:\ru4.com.a281be05";"Found Tracking cookie.Ru4";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc254.txt:\ru4.com.a15d2f4b";"Found Tracking cookie.Ru4";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc254.txt:\ru4.com.5a5e0633";"Found Tracking cookie.Ru4";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc254.txt:\ru4.com.429cde9a";"Found Tracking cookie.Ru4";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc254.txt:\ru4.com.3f5f8743";"Found Tracking cookie.Ru4";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc254.txt:\ru4.com.229907d0";"Found Tracking cookie.Ru4";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc254.txt";"Found Tracking cookie.Ru4";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc248.txt:\revsci.net.f3475212";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc248.txt:\revsci.net.f0067737";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc248.txt:\revsci.net.a5a8b88c";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc248.txt:\revsci.net.50e13b1b";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc248.txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc248.txt:\revsci.net.3ca1e936";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc248.txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc248.txt:\revsci.net.18a1d1b2";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc248.txt";"Found Tracking cookie.Revsci";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc243.txt:\realmedia.com.ef906bac";"Found Tracking cookie.Realmedia";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc243.txt:\realmedia.com.e14be39e";"Found Tracking cookie.Realmedia";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc243.txt:\realmedia.com.dc841856";"Found Tracking cookie.Realmedia";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc243.txt:\realmedia.com.a2b49f1a";"Found Tracking cookie.Realmedia";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc243.txt:\realmedia.com.9514c147";"Found Tracking cookie.Realmedia";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc243.txt:\realmedia.com.855b46d";"Found Tracking cookie.Realmedia";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc243.txt:\realmedia.com.125a868c";"Found Tracking cookie.Realmedia";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc243.txt";"Found Tracking cookie.Realmedia";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc237.txt:\questionmarket.com.bc498985";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc237.txt:\questionmarket.com.767e4302";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc237.txt:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc237.txt:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc237.txt";"Found Tracking cookie.Questionmarket";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc232.txt:\pointroll.com.f2d5a6f6";"Found Tracking cookie.Pointroll";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc232.txt:\pointroll.com.72c0abc9";"Found Tracking cookie.Pointroll";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc232.txt";"Found Tracking cookie.Pointroll";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc221.txt:\overture.com.e626e6be";"Found Tracking cookie.Overture";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc221.txt:\overture.com.52ca467a";"Found Tracking cookie.Overture";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc221.txt";"Found Tracking cookie.Overture";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc189.txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc189.txt:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc189.txt";"Found Tracking cookie.Mediaplex";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc16.txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc16.txt:\adbrite.com.44f92a69";"Found Tracking cookie.Adbrite";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc16.txt";"Found Tracking cookie.Adbrite";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc158.txt:\hitbox.com.bbf2a6e8";"Found Tracking cookie.Hitbox";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc158.txt:\hitbox.com.2b95f8a3";"Found Tracking cookie.Hitbox";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc158.txt";"Found Tracking cookie.Hitbox";"Healed" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc140.txt:\fastclick.net.94ca190b";"Found Tracking cookie.Fastclick";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc140.txt:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc140.txt:\fastclick.net.6fd479aa";"Found Tracking cookie.Fastclick";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc140.txt:\fastclick.net.57e8da10";"Found Tracking cookie.Fastclick";"Moved to Virus Vault" "C:\RECYCLER\S-1-5-21-2138137709-1631759246-3435112801-1008\Dc140.txt";"Found Tracking cookie.Fastclick";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@zedo[2].txt:\zedo.com.f462b69f";"Found Tracking cookie.Zedo";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@zedo[2].txt:\zedo.com.dab23eee";"Found Tracking cookie.Zedo";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@zedo[2].txt:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@zedo[2].txt:\zedo.com.b59b1f48";"Found Tracking cookie.Zedo";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@zedo[2].txt:\zedo.com.a5b6a132";"Found Tracking cookie.Zedo";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@zedo[2].txt:\zedo.com.27f1639b";"Found Tracking cookie.Zedo";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@zedo[2].txt:\zedo.com.14a38114";"Found Tracking cookie.Zedo";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@zedo[2].txt";"Found Tracking cookie.Zedo";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@yadro[2].txt:\yadro.ru.c77afad5";"Found Tracking cookie.Yadro";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@yadro[2].txt";"Found Tracking cookie.Yadro";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@xxxcounter[1].txt:\xxxcounter.com.f0633e39";"Found Tracking cookie.Xxxcounter";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@xxxcounter[1].txt:\xxxcounter.com.df3d22a9";"Found Tracking cookie.Xxxcounter";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@xxxcounter[1].txt:\xxxcounter.com.b3b26b34";"Found Tracking cookie.Xxxcounter";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@xxxcounter[1].txt:\xxxcounter.com.64895ca8";"Found Tracking cookie.Xxxcounter";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@xxxcounter[1].txt:\xxxcounter.com.169841a2";"Found Tracking cookie.Xxxcounter";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@xxxcounter[1].txt";"Found Tracking cookie.Xxxcounter";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@tribalfusion[2].txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@tribalfusion[2].txt";"Found Tracking cookie.Tribalfusion";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@trafficmp[1].txt:\trafficmp.com.f3e5803e";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@trafficmp[1].txt:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@trafficmp[1].txt:\trafficmp.com.67ca3d00";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@trafficmp[1].txt";"Found Tracking cookie.Trafficmp";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@tradedoubler[2].txt:\tradedoubler.com.ef90aa95";"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@tradedoubler[2].txt:\tradedoubler.com.eab0972e";"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@tradedoubler[2].txt:\tradedoubler.com.dc3c9994";"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@tradedoubler[2].txt:\tradedoubler.com.ba12c0e9";"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@tradedoubler[2].txt";"Found Tracking cookie.Tradedoubler";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@tacoda[1].txt:\tacoda.net.ed9c50d1";"Found Tracking cookie.Tacoda";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@tacoda[1].txt:\tacoda.net.cd7ce44f";"Found Tracking cookie.Tacoda";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@tacoda[1].txt:\tacoda.net.c4fe2ebb";"Found Tracking cookie.Tacoda";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@tacoda[1].txt:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@tacoda[1].txt:\tacoda.net.4366831a";"Found Tracking cookie.Tacoda";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@tacoda[1].txt:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@tacoda[1].txt";"Found Tracking cookie.Tacoda";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@statse.webtrendslive[2].txt:\statse.webtrendslive.com.b4ca7df0";"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@statse.webtrendslive[2].txt";"Found Tracking cookie.Webtrendslive";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@sextracker[2].txt:\sextracker.com.85ab4a74";"Found Tracking cookie.Sextracker";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@sextracker[2].txt:\sextracker.com.85a95eba";"Found Tracking cookie.Sextracker";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@sextracker[2].txt:\sextracker.com.76c81640";"Found Tracking cookie.Sextracker";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@sextracker[2].txt:\sextracker.com.417e7cc8";"Found Tracking cookie.Sextracker";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@sextracker[2].txt";"Found Tracking cookie.Sextracker";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@sexlist[1].txt:\sexlist.com.ed832946";"Found Tracking cookie.Sexlist";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@sexlist[1].txt:\sexlist.com.9f0358c2";"Found Tracking cookie.Sexlist";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@sexlist[1].txt:\sexlist.com.96f8df80";"Found Tracking cookie.Sexlist";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@sexlist[1].txt:\sexlist.com.851797a6";"Found Tracking cookie.Sexlist";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@sexlist[1].txt:\sexlist.com.55cd97b1";"Found Tracking cookie.Sexlist";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@sexlist[1].txt:\sexlist.com.4549c36a";"Found Tracking cookie.Sexlist";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@sexlist[1].txt";"Found Tracking cookie.Sexlist";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@serving-sys[1].txt:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@serving-sys[1].txt:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@serving-sys[1].txt:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@serving-sys[1].txt:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@serving-sys[1].txt:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@serving-sys[1].txt:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@serving-sys[1].txt";"Found Tracking cookie.Serving-sys";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@searchportal.information[1].txt:\searchportal.information.com.697bdbab";"Found Tracking cookie.Information";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@searchportal.information[1].txt:\searchportal.information.com.44e78b2";"Found Tracking cookie.Information";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@searchportal.information[1].txt:\searchportal.information.com.3a8d7204";"Found Tracking cookie.Information";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@searchportal.information[1].txt";"Found Tracking cookie.Information";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@revsci[2].txt:\revsci.net.f60c535";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@revsci[2].txt:\revsci.net.eed8dbdf";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@revsci[2].txt:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@revsci[2].txt:\revsci.net.d7f89994";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@revsci[2].txt:\revsci.net.a5a8b88c";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@revsci[2].txt:\revsci.net.8d22fa22";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@revsci[2].txt:\revsci.net.7867f5a3";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@revsci[2].txt:\revsci.net.6c0de110";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@revsci[2].txt:\revsci.net.50e13b1b";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@revsci[2].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@revsci[2].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@revsci[2].txt:\revsci.net.18a1d1b2";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@revsci[2].txt";"Found Tracking cookie.Revsci";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@realmedia[1].txt:\realmedia.com.e14be39e";"Found Tracking cookie.Realmedia";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@realmedia[1].txt:\realmedia.com.964cd308";"Found Tracking cookie.Realmedia";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@realmedia[1].txt:\realmedia.com.855b46d";"Found Tracking cookie.Realmedia";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@realmedia[1].txt:\realmedia.com.125a868c";"Found Tracking cookie.Realmedia";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@realmedia[1].txt";"Found Tracking cookie.Realmedia";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@questionmarket[2].txt:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@questionmarket[2].txt:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@questionmarket[2].txt";"Found Tracking cookie.Questionmarket";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@pro-market[2].txt:\pro-market.net.bbf67f2d";"Found Tracking cookie.Pro-market";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@pro-market[2].txt";"Found Tracking cookie.Pro-market";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@pointroll[1].txt:\pointroll.com.f2d5a6f6";"Found Tracking cookie.Pointroll";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@pointroll[1].txt:\pointroll.com.72c0abc9";"Found Tracking cookie.Pointroll";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@pointroll[1].txt";"Found Tracking cookie.Pointroll";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@overture[2].txt:\overture.com.e626e6be";"Found Tracking cookie.Overture";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@overture[2].txt:\overture.com.d727de6f";"Found Tracking cookie.Overture";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@overture[2].txt:\overture.com.52ca467a";"Found Tracking cookie.Overture";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@overture[2].txt";"Found Tracking cookie.Overture";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@msnportal.112.2o7[1].txt";"Found Tracking cookie.2o7";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@mediaplex[1].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@mediaplex[1].txt:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@mediaplex[1].txt";"Found Tracking cookie.Mediaplex";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@m.webtrends[1].txt:\m.webtrends.com.b4ca7df0";"Found Tracking cookie.Webtrends";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@m.webtrends[1].txt";"Found Tracking cookie.Webtrends";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@fastclick[1].txt:\fastclick.net.fac3d6f0";"Found Tracking cookie.Fastclick";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@fastclick[1].txt:\fastclick.net.94ca190b";"Found Tracking cookie.Fastclick";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@fastclick[1].txt:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@fastclick[1].txt:\fastclick.net.6fd479aa";"Found Tracking cookie.Fastclick";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@fastclick[1].txt:\fastclick.net.57e8da10";"Found Tracking cookie.Fastclick";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@fastclick[1].txt";"Found Tracking cookie.Fastclick";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@clickbank[1].txt:\clickbank.net.82079eb1";"Found Tracking cookie.Clickbank";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@clickbank[1].txt";"Found Tracking cookie.Clickbank";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@casalemedia[2].txt:\casalemedia.com.e1f88397";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@casalemedia[2].txt:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@casalemedia[2].txt:\casalemedia.com.8c65eddd";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@casalemedia[2].txt:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@casalemedia[2].txt:\casalemedia.com.3a28db8d";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@casalemedia[2].txt:\casalemedia.com.350339d4";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@casalemedia[2].txt:\casalemedia.com.2d37ad26";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@casalemedia[2].txt:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@casalemedia[2].txt:\casalemedia.com.156cbc67";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@casalemedia[2].txt";"Found Tracking cookie.Casalemedia";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@burstnet[1].txt:\burstnet.com.c4fe2ebb";"Found Tracking cookie.Burstnet";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@burstnet[1].txt:\burstnet.com.a3218a37";"Found Tracking cookie.Burstnet";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@burstnet[1].txt";"Found Tracking cookie.Burstnet";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@bs.serving-sys[2].txt:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@bs.serving-sys[2].txt";"Found Tracking cookie.Serving-sys";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@atdmt[1].txt:\atdmt.com.f4b86dca";"Found Tracking cookie.Atdmt";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@atdmt[1].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@atdmt[1].txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@atdmt[1].txt";"Found Tracking cookie.Atdmt";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@advertising[2].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@advertising[2].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@advertising[2].txt:\advertising.com.893d35c2";"Found Tracking cookie.Advertising";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@advertising[2].txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@advertising[2].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@advertising[2].txt:\advertising.com.1dfa2206";"Found Tracking cookie.Advertising";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@advertising[2].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@advertising[2].txt";"Found Tracking cookie.Advertising";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@adtech[1].txt:\adtech.de.a9245469";"Found Tracking cookie.Adtech";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@adtech[1].txt";"Found Tracking cookie.Adtech";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@admarketplace[1].txt:\admarketplace.net.61a250a";"Found Tracking cookie.Admarketplace";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@admarketplace[1].txt";"Found Tracking cookie.Admarketplace";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@adbrite[2].txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@adbrite[2].txt:\adbrite.com.775ee79c";"Found Tracking cookie.Adbrite";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@adbrite[2].txt:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@adbrite[2].txt:\adbrite.com.557c9f74";"Found Tracking cookie.Adbrite";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@adbrite[2].txt:\adbrite.com.44f92a69";"Found Tracking cookie.Adbrite";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@adbrite[2].txt:\adbrite.com.215df2f3";"Found Tracking cookie.Adbrite";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@adbrite[2].txt";"Found Tracking cookie.Adbrite";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@2o7[1].txt:\2o7.net.d532feaa";"Found Tracking cookie.2o7";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@2o7[1].txt:\2o7.net.ca30b7c8";"Found Tracking cookie.2o7";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@2o7[1].txt:\2o7.net.b955bfe9";"Found Tracking cookie.2o7";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@2o7[1].txt";"Found Tracking cookie.2o7";"Healed" "C:\Documents and Settings\Ronald\Cookies\ronald@247realmedia[2].txt:\247realmedia.com.ef906bac";"Found Tracking cookie.247realmedia";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@247realmedia[2].txt:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Moved to Virus Vault" "C:\Documents and Settings\Ronald\Cookies\ronald@247realmedia[2].txt";"Found Tracking cookie.247realmedia";"Healed" "C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[1].txt:\statse.webtrendslive.com.b4ca7df0";"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault" "C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[1].txt";"Found Tracking cookie.Webtrendslive";"Healed" "C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault" "C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt";"Found Tracking cookie.Mediaplex";"Healed" "C:\Documents and Settings\Owner\Cookies\owner@m.webtrends[1].txt:\m.webtrends.com.b4ca7df0";"Found Tracking cookie.Webtrends";"Moved to Virus Vault" "C:\Documents and Settings\Owner\Cookies\owner@m.webtrends[1].txt";"Found Tracking cookie.Webtrends";"Healed" "C:\Documents and Settings\Owner\Cookies\owner@liveperson[1].txt:\liveperson.net.8db0737c";"Found Tracking cookie.Liveperson";"Moved to Virus Vault" "C:\Documents and Settings\Owner\Cookies\owner@liveperson[1].txt";"Found Tracking cookie.Liveperson";"Healed" "C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault" "C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault" "C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt";"Found Tracking cookie.Atdmt";"Healed" "C:\Documents and Settings\Owner\Cookies\owner@admarketplace[1].txt:\admarketplace.net.61a250a";"Found Tracking cookie.Admarketplace";"Moved to Virus Vault" "C:\Documents and Settings\Owner\Cookies\owner@admarketplace[1].txt";"Found Tracking cookie.Admarketplace";"Healed" "C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt:\adbrite.com.f796fd05";"Found Tracking cookie.Adbrite";"Moved to Virus Vault" "C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Moved to Virus Vault" "C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt:\adbrite.com.44f92a69";"Found Tracking cookie.Adbrite";"Moved to Virus Vault" "C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt";"Found Tracking cookie.Adbrite";"Healed" "C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault" "C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault" "C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt";"Found Tracking cookie.Yieldmanager";"Healed" "C:\Documents and Settings\LocalService\Cookies\system@burstnet[1].txt:\burstnet.com.c4fe2ebb";"Found Tracking cookie.Burstnet";"Moved to Virus Vault" "C:\Documents and Settings\LocalService\Cookies\system@burstnet[1].txt";"Found Tracking cookie.Burstnet";"Healed" "C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault" "C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt:\ad.yieldmanager.com.e626e6be";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault" "C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault" "C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault" "C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt";"Found Tracking cookie.Yieldmanager";"Healed" Thanks in advance for any help you can provide. ark.zip

I've got a PC in my hands that I have had to resort to asking for help with a HijackThis log. I cannot for the life of me get this system to stay clean. Any and all assistance is greatly appreciated. Please see below HiJackThis log. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:48:27 PM, on 8/10/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxtray.exe C:\HP\KBD\KBD.EXE C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus9.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [moxqiuaw] C:\Documents and Settings\NetworkService\Local Settings\Application Data\guxbftdeo\lhpsfwftssd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1281057412251 O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4056/ftp...aft/Coupons.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 7817 bytes