google results hijacked in firefox

[tkpro72]

Hi. For the past 3 days when I click on google results they are redirected to a spammy fake search engine results type page. It does not happen everytime but often enough to be very annoying. I have already done a full malwarebytes scan which unfortunately did not get rid of the redirects. Once these spammy pages load I cannot back out of them. I have to load a different page. I work online and this has interfered with my work. Help with this issue would be greatly appreciated

I already downloaded dds and these were the results:

dds

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Toshiba at 14:57:27 on 2012-03-16

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.639.332 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Common Files\AOL\1215722999\ee\AOLSoftware.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE

C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe

C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\aol\1215722999\ee\AOLDesktop.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Common Files\Search Protection\spHost.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ntvdm.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a

uStart Page = hxxp://search.bearshare.com

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll

mURLSearchHooks: AOL Search Toolbar Search Class: {17712359-13c1-4fc3-bcd9-1201af814ef0} - c:\program files\aol search toolbar\aolsearchtb.dll

mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll

BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\datamngr\toolbar\wincorebsdtx.dll

BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll

BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Search Protection Class: {dee1f01a-e6a8-4740-b420-3c521f234f74} - c:\program files\common files\search protection\sp.dll

BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: AOL Search Toolbar Loader: {edf92137-1dfd-46e0-9c24-99abc0ae7be1} - c:\program files\aol search toolbar\aolsearchtb.dll

BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL

TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll

TB: AOL Search Toolbar: {d6050929-7dfc-44c9-a2f3-f12f57d779d6} - c:\program files\aol search toolbar\aolsearchtb.dll

TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll

TB: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\datamngr\toolbar\wincorebsdtx.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [HostManager] c:\program files\common files\aol\1215722999\ee\AOLSoftware.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [LMPDPSRV] c:\windows\system32\spool\drivers\w32x86\3\LMPDPSRV.EXE

mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"

mRun: [DataMngr] c:\progra~1\bearsh~1\mediabar\datamngr\DATAMN~1.EXE

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

StartupFolder: c:\docume~1\toshiba\startm~1\programs\startup\aoldes~1.lnk - c:\program files\common files\aol\launch\aollaunch.exe

IE: &Search

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {B1C5B118-8240-47a6-AE84-103B05FB5AEF} - c:\program files\common files\search protection\spControl.exe

IE: {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - c:\program files\crawler\radio\CRadio.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: magicjack.com\data

Trusted Zone: magicjack.com\my

Trusted Zone: talk4free.com\reg

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} - hxxps://live.edirectglass.com/edg/shop/reports/activexviewer.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {58444091-851A-46BC-BA63-904886070C0D} - hxxps://live.edirectglass.com/edg/Shop/Attachments/dbpix/dbpix20.ocx

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214755402687

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 205.152.37.23 205.152.132.23

TCP: Interfaces\{850331D3-6C10-4F7E-9B50-8055FE37EDC6} : DhcpNameServer = 205.152.37.23 205.152.132.23

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

AppInit_DLLs: c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\bearsh~1\mediabar\datamngr\iebho.dll c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\toshiba\applic~1\mozilla\firefox\profiles\a0v7ilao.default\

FF - prefs.js: browser.search.selectedEngine - Search Results

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=2&sr=0&q=

FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll

FF - plugin: c:\documents and settings\toshiba\application data\mozilla\plugins\np-mswmp.dll

FF - plugin: c:\progra~1\sonyon~1\npsoe.dll

FF - plugin: c:\progra~1\sonyon~1\npsoeact.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll

FF - plugin: c:\program files\itunes\mozilla plugins\npitunes.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeploytk.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin2.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin3.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin4.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin5.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin6.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin7.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\windows media player\npdrmv2.dll

FF - plugin: c:\program files\windows media player\npdsplay.dll

FF - plugin: c:\program files\windows media player\npwmsdrm.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-10 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-4-8 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-8 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-20 44768]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]

R2 SPHost;SPHost;c:\program files\common files\search protection\spHost.exe [2009-6-24 107816]

S0 lartgkrs;lartgkrs;c:\windows\system32\drivers\eilagbqh.sys --> c:\windows\system32\drivers\eilagbqh.sys [?]

S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [2011-2-10 25728]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-30 30192]

S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys [2011-2-10 100864]

S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [2011-2-10 108032]

.

=============== Created Last 30 ================

.

2012-03-16 18:56:54 -------- d--h--w- c:\windows\PIF

2012-03-16 14:23:46 -------- d-----w- c:\docume~1\toshiba\applic~1\simppulltoolbar

2012-03-16 13:33:57 4752 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-03-16 03:11:27 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-03-16 03:11:27 -------- d-----w- c:\windows\system32\wbem\Repository

2012-03-16 02:03:14 -------- d-----w- c:\progra~1\StartNow Toolbar

2012-03-15 23:53:59 -------- d-----w- c:\docume~1\alluse~1\application data\HitmanPro

2012-03-07 18:37:15 -------- d-----w- c:\windows\pss

2012-02-23 04:02:30 -------- d-----w- c:\docume~1\alluse~1\application data\Seagate

2012-02-23 04:02:11 -------- d-----w- c:\progra~1\Carbonite

2012-02-23 04:02:10 -------- d-sh--w- c:\windows\ftpcache

2012-02-23 03:55:56 -------- d-----w- c:\progra~1\Seagate

2012-02-23 03:55:49 -------- d-----w- c:\progra~1\common~1\muvee Technologies

2012-02-15 22:55:29 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-02-15 22:55:29 3072 ------w- c:\windows\system32\iacenc.dll

.

==================== Find3M ====================

.

2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-22 15:07:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl

.

============= FINISH: 15:01:35.54 ===============

attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 6/13/2008 6:05:55 PM

System Uptime: 3/16/2012 10:01:00 AM (5 hours ago)

.

Motherboard: TOSHIBA | | EDW10

Processor: Mobile Intel® Pentium® 4 CPU 3.20GHz | NWD | 3200/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 38.44 GiB free.

D: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description:

Device ID: ACPI\CMP0101\2&DABA3FF&0

Manufacturer:

Name:

PNP Device ID: ACPI\CMP0101\2&DABA3FF&0

Service:

.

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}

Description: Deskjet F4500 series

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: Deskjet F4500,10.0.0.8

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Deskjet F4500 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Deskjet F4500 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP686: 2/19/2012 12:09:49 PM - Software Distribution Service 3.0

RP687: 2/20/2012 9:59:10 AM - Software Distribution Service 3.0

RP688: 2/20/2012 7:00:28 PM - Software Distribution Service 3.0

RP689: 2/21/2012 11:44:33 AM - Software Distribution Service 3.0

RP690: 2/21/2012 11:52:28 AM - Software Distribution Service 3.0

RP691: 2/21/2012 3:49:28 PM - Software Distribution Service 3.0

RP692: 2/22/2012 10:01:12 AM - Software Distribution Service 3.0

RP693: 2/22/2012 10:55:34 PM - Installed muvee autoProducer 6.1 Seagate Edition

RP694: 2/22/2012 11:01:01 PM - Installed Seagate Manager Installer

RP695: 2/23/2012 10:09:03 AM - Software Distribution Service 3.0

RP696: 2/24/2012 11:17:29 AM - Software Distribution Service 3.0

RP697: 2/25/2012 10:24:38 AM - Software Distribution Service 3.0

RP698: 2/26/2012 10:24:27 AM - Software Distribution Service 3.0

RP699: 2/27/2012 11:11:45 AM - Software Distribution Service 3.0

RP700: 2/27/2012 7:00:34 PM - Software Distribution Service 3.0

RP701: 2/28/2012 10:03:13 AM - Software Distribution Service 3.0

RP702: 2/29/2012 9:27:18 AM - Software Distribution Service 3.0

RP703: 3/3/2012 10:57:09 AM - Software Distribution Service 3.0

RP704: 3/4/2012 9:27:12 AM - Software Distribution Service 3.0

RP705: 3/5/2012 11:01:39 AM - Software Distribution Service 3.0

RP706: 3/5/2012 7:00:34 PM - Software Distribution Service 3.0

RP707: 3/6/2012 9:20:32 AM - Software Distribution Service 3.0

RP708: 3/7/2012 8:48:34 AM - Software Distribution Service 3.0

RP709: 3/8/2012 8:34:53 AM - Software Distribution Service 3.0

RP710: 3/9/2012 9:06:25 AM - Software Distribution Service 3.0

RP711: 3/10/2012 11:32:19 AM - Software Distribution Service 3.0

RP712: 3/11/2012 10:42:11 AM - Software Distribution Service 3.0

RP713: 3/12/2012 10:17:08 AM - Software Distribution Service 3.0

RP714: 3/12/2012 7:00:29 PM - Software Distribution Service 3.0

RP715: 3/13/2012 9:30:56 AM - Software Distribution Service 3.0

RP716: 3/14/2012 9:49:19 AM - Software Distribution Service 3.0

RP717: 3/15/2012 9:51:43 AM - Software Distribution Service 3.0

RP718: 3/15/2012 10:00:42 PM - Restore Operation

RP719: 3/16/2012 9:32:42 AM - Software Distribution Service 3.0

RP720: 3/16/2012 10:05:00 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

.

32 Bit HP CIO Components Installer

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.0

Adobe Shockwave Player 11.5

ALOT Toolbar

AOL Registration

AOL Search Toolbar

AOL Toolbar for Firefox

AOL Toolbar for Internet Explorer

AOL Uninstaller (Choose which Products to Remove)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ask Toolbar

Atheros Wireless LAN MiniPCI card Driver

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

ATT-HSI

avast! Free Antivirus

Banner Maker Pro Version 7

BearShare

Bonjour

BufferChm

Canon MP470 series

Carbonite Online Backup Setup

Cisco WebEx Meeting Center for Firefox or Chrome

CoffeeCup Web Form Builder

Copy

Coupon Printer for Windows

Crawler Radio & MP3 Player

Critical Update for Windows Media Player 11 (KB959772)

Destinations

DeviceDiscovery

DirectX for Managed Code Update (December 2004)

DJ_AIO_06_F4500_SW_MIN

Download Updater (AOL LLC)

Easy Thumbnails (Remove only)

F4500

FileZilla Client 3.5.0

FinePix Studio

FinePixViewer Resource

FinePixViewer Ver.5.3

FoxTab PDF Converter

Free InuYasha Screensaver 1.0

Free Realms Installer

FUJIFILM USB Driver

Garmin WebUpdater

Google Desktop

GoToMeeting 4.0.0.320

GPBaseService2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Customer Participation Program 14.0

HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6

HP Imaging Device Functions 14.0

HP Photo Creations

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPDiagnosticAlert

HPProductAssistant

HPSSupply

ImageMixer VCD2 LE for FinePix

Inspyder Sitemap Creator

InstallIQ Updater

InterVideo Register Manager

InterVideo WinDVD

iTunes

Java™ 6 Update 18

Java™ 6 Update 7

Java™ SE Runtime Environment 6 Update 1

Lexmark X125

LimeWire 5.5.8

magicJack

Malwarebytes Anti-Malware version 1.60.1.1000

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Default Manager

Microsoft DirectX 9.0 SDK Update (December 2004)

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office Live Small Business Image Uploader

Microsoft Search Enhancement Pack

Microsoft UI Engine

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual J# .NET Redistributable Package 1.1

Mozilla Firefox 10.0.2 (x86 en-US)

MP3 Rocket

MSN Toolbar

MSN Toolbar Platform

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

muvee autoProducer 6.1 Seagate Edition

MyFax® Print-to-Fax Assistant

NetAssistant

NetAssistant for Firefox

Network

NTI Backup NOW! 3

NTI DriveBackup! 3

NTI DVD-Maker

NTI DVD-Maker Gold

NTI DVD Player

OpenOffice.org Installer 1.0

QuickBooks

QuickBooks Product Listing Service

QuickBooks Simple Start 2009

QuickTime

Realtek AC'97 Audio

Realtek Fast Ethernet Adapter Driver

Registry Patrol

RoboForm 7-3-2 (All Users)

Safari

Scan

Seagate Manager Installer

Search Protection

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Shop for HP Supplies

SmartWebPrinting

SMSC IrCC V5.1.3600.3 SP1

SolutionCenter

Spelling Dictionaries Support For Adobe Reader 9

Status

SupportSoft Assisted Service

Toolbox

TOSHIBA Software Modem

TouchPad On/Off Utility

TrayApp

TuneUp Companion 2.2.4

UB-04's HCFA-1500 Software

Uninstall AOL Emergency Connect Utility 1.0

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB972636)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB942763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Viewpoint Media Player

VoiceOver Kit

WebEx

WebFldrs XP

WebReg

Wincore MediaBar

Windows Defender

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live ID Sign-in Assistant

Windows Media Format 11 runtime

Windows Media Player 11

Windows PowerShell™ 1.0

Windows XP Service Pack 3

Yahoo! Install Manager

Yahoo! Toolbar

Yontoo Layers Client 1.10.01

.

==== Event Viewer Messages From Past Week ========

.

3/9/2012 9:10:34 AM, error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

3/16/2012 9:31:23 AM, error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.

3/16/2012 10:06:41 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.121.1660.0).

3/15/2012 9:58:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips intelppm SrvcTPIOMngr

3/15/2012 9:58:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/15/2012 9:57:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

3/15/2012 9:19:09 PM, error: Service Control Manager [7024] - The HitmanPro 3.6 Crusader (Boot) service terminated with service-specific error 0 (0x0).

3/15/2012 9:06:00 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

3/15/2012 8:55:02 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

3/15/2012 6:55:25 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

3/14/2012 8:45:44 PM, error: Service Control Manager [7034] - The Updater Service for StartNow Toolbar service terminated unexpectedly. It has done this 1 time(s).

3/13/2012 9:31:22 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.121.1421.0).

3/12/2012 7:01:40 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).

3/12/2012 10:12:56 AM, error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The system cannot find the path specified.

3/12/2012 10:12:56 AM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.

3/11/2012 10:42:33 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.121.1200.0).

.

==== End Of File ===========================

[Maniac]

Hello tkpro72 and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictlya and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Step 1

Please uninstall the following applications:

ALOT Toolbar

AOL Search Toolbar

Ask Toolbar

NetAssistant

NetAssistant for Firefox

Wincore MediaBar

Yontoo Layers Client 1.10.01

Viewpoint Media Player

BearShare

LimeWire 5.5.8

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
   
6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
   
   
7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• TDSSKiller log
  
• Malwarebytes' Anti-Malware log
  
• a new fresh DDS log file

[tkpro72]

Hi. I removed all of the applications except Yontoo Layers Client. Everytime I try to remove it I get a message that says "Setup Initialization Error". I downloaded and ran TDSSKiller but I was not given the option to cure so I chose skip. The results of that scan were as follows:

17:58:15.0250 3912 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

17:58:15.0734 3912 ============================================================

17:58:15.0734 3912 Current date / time: 2012/03/16 17:58:15.0734

17:58:15.0734 3912 SystemInfo:

17:58:15.0734 3912

17:58:15.0734 3912 OS Version: 5.1.2600 ServicePack: 3.0

17:58:15.0734 3912 Product type: Workstation

17:58:15.0734 3912 ComputerName: TOSHIBA-ZASS3K4

17:58:15.0734 3912 UserName: Toshiba

17:58:15.0734 3912 Windows directory: C:\WINDOWS

17:58:15.0734 3912 System windows directory: C:\WINDOWS

17:58:15.0734 3912 Processor architecture: Intel x86

17:58:15.0734 3912 Number of processors: 2

17:58:15.0734 3912 Page size: 0x1000

17:58:15.0734 3912 Boot type: Normal boot

17:58:15.0734 3912 ============================================================

17:58:18.0937 3912 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

17:58:18.0968 3912 \Device\Harddisk0\DR0:

17:58:18.0968 3912 MBR used

17:58:18.0968 3912 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482

17:58:19.0015 3912 Initialize success

17:58:19.0015 3912 ============================================================

17:58:29.0218 3024 ============================================================

17:58:29.0218 3024 Scan started

17:58:29.0218 3024 Mode: Manual; SigCheck; TDLFS;

17:58:29.0218 3024 ============================================================

17:58:31.0093 3024 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys

17:58:31.0328 3024 Aavmker4 - ok

17:58:31.0359 3024 Abiosdsk - ok

17:58:31.0375 3024 abp480n5 - ok

17:58:31.0453 3024 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:58:33.0828 3024 ACPI - ok

17:58:34.0015 3024 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

17:58:34.0218 3024 ACPIEC - ok

17:58:34.0250 3024 adpu160m - ok

17:58:34.0328 3024 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:58:34.0531 3024 aec - ok

17:58:34.0609 3024 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

17:58:34.0687 3024 AFD - ok

17:58:34.0843 3024 AgereSoftModem (052343cd49c8da20c48958cfe73c7d44) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

17:58:35.0000 3024 AgereSoftModem - ok

17:58:35.0203 3024 Aha154x - ok

17:58:35.0234 3024 aic78u2 - ok

17:58:35.0250 3024 aic78xx - ok

17:58:35.0312 3024 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

17:58:35.0531 3024 ALCXSENS - ok

17:58:35.0593 3024 ALCXWDM (5ff6f7e58c798f1474c0bbffc23cb78d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

17:58:35.0828 3024 ALCXWDM - ok

17:58:36.0234 3024 AliIde - ok

17:58:36.0312 3024 amsint - ok

17:58:36.0390 3024 androidusb (e94e2ea7faaa05c776a711edb198b9fd) C:\WINDOWS\system32\Drivers\smhwadb.sys

17:58:36.0468 3024 androidusb - ok

17:58:36.0593 3024 AR5211 (37e1a3630872b3ccaa45e2468f437df0) C:\WINDOWS\system32\DRIVERS\ar5211.sys

17:58:36.0687 3024 AR5211 - ok

17:58:36.0765 3024 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

17:58:36.0937 3024 Arp1394 - ok

17:58:36.0968 3024 asc - ok

17:58:37.0000 3024 asc3350p - ok

17:58:37.0015 3024 asc3550 - ok

17:58:37.0171 3024 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys

17:58:37.0187 3024 aswFsBlk - ok

17:58:37.0250 3024 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys

17:58:37.0281 3024 aswMon2 - ok

17:58:37.0359 3024 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys

17:58:37.0375 3024 aswRdr - ok

17:58:37.0468 3024 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys

17:58:37.0515 3024 aswSnx - ok

17:58:37.0578 3024 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys

17:58:37.0609 3024 aswSP - ok

17:58:37.0640 3024 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys

17:58:37.0671 3024 aswTdi - ok

17:58:37.0703 3024 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:58:37.0890 3024 AsyncMac - ok

17:58:38.0000 3024 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:58:38.0218 3024 atapi - ok

17:58:38.0296 3024 Atdisk - ok

17:58:38.0406 3024 ati2mtag (4938ad74de9088f70922fabf86912eee) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

17:58:38.0515 3024 ati2mtag - ok

17:58:38.0609 3024 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:58:38.0796 3024 Atmarpc - ok

17:58:38.0921 3024 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:58:39.0109 3024 audstub - ok

17:58:39.0234 3024 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:58:39.0421 3024 Beep - ok

17:58:39.0546 3024 caboagp (10d5fb74ee18ea49c30daaa203c0e0ec) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys

17:58:39.0609 3024 caboagp - ok

17:58:39.0843 3024 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:58:40.0078 3024 cbidf2k - ok

17:58:40.0093 3024 cd20xrnt - ok

17:58:40.0125 3024 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:58:40.0359 3024 Cdaudio - ok

17:58:40.0468 3024 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:58:40.0671 3024 Cdfs - ok

17:58:40.0718 3024 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:58:40.0906 3024 Cdrom - ok

17:58:40.0921 3024 Changer - ok

17:58:40.0984 3024 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

17:58:41.0187 3024 CmBatt - ok

17:58:41.0203 3024 CmdIde - ok

17:58:41.0250 3024 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

17:58:41.0421 3024 Compbatt - ok

17:58:41.0453 3024 Cpqarray - ok

17:58:41.0468 3024 dac2w2k - ok

17:58:41.0484 3024 dac960nt - ok

17:58:41.0546 3024 DgiVecp - ok

17:58:41.0562 3024 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:58:41.0796 3024 Disk - ok

17:58:42.0031 3024 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

17:58:42.0453 3024 dmboot - ok

17:58:42.0593 3024 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

17:58:42.0859 3024 dmio - ok

17:58:42.0875 3024 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:58:43.0109 3024 dmload - ok

17:58:43.0218 3024 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:58:43.0453 3024 DMusic - ok

17:58:43.0515 3024 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

17:58:43.0781 3024 dot4 - ok

17:58:43.0828 3024 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

17:58:44.0078 3024 Dot4Print - ok

17:58:44.0093 3024 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys

17:58:44.0328 3024 Dot4Scan - ok

17:58:44.0343 3024 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

17:58:44.0593 3024 dot4usb - ok

17:58:44.0609 3024 dpti2o - ok

17:58:44.0625 3024 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:58:44.0796 3024 drmkaud - ok

17:58:44.0859 3024 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:58:45.0140 3024 Fastfat - ok

17:58:45.0203 3024 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

17:58:45.0437 3024 Fdc - ok

17:58:45.0609 3024 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

17:58:45.0843 3024 Fips - ok

17:58:45.0859 3024 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

17:58:46.0062 3024 Flpydisk - ok

17:58:46.0156 3024 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

17:58:46.0437 3024 FltMgr - ok

17:58:46.0484 3024 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:58:46.0687 3024 Fs_Rec - ok

17:58:46.0781 3024 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:58:47.0015 3024 Ftdisk - ok

17:58:47.0093 3024 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

17:58:47.0125 3024 GEARAspiWDM - ok

17:58:47.0812 3024 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:58:48.0156 3024 Gpc - ok

17:58:48.0437 3024 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys

17:58:48.0453 3024 grmnusb ( UnsignedFile.Multi.Generic ) - warning

17:58:48.0453 3024 grmnusb - detected UnsignedFile.Multi.Generic (1)

17:58:48.0531 3024 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:58:48.0765 3024 HidUsb - ok

17:58:48.0812 3024 hpn - ok

17:58:48.0921 3024 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:58:49.0031 3024 HTTP - ok

17:58:49.0125 3024 i2omgmt - ok

17:58:49.0140 3024 i2omp - ok

17:58:49.0234 3024 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:58:49.0468 3024 i8042prt - ok

17:58:49.0500 3024 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:58:49.0718 3024 Imapi - ok

17:58:49.0781 3024 ini910u - ok

17:58:49.0812 3024 IntelIde - ok

17:58:49.0859 3024 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:58:50.0078 3024 intelppm - ok

17:58:50.0171 3024 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

17:58:50.0437 3024 ip6fw - ok

17:58:50.0562 3024 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:58:50.0781 3024 IpFilterDriver - ok

17:58:50.0796 3024 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:58:51.0015 3024 IpInIp - ok

17:58:51.0078 3024 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:58:51.0234 3024 IpNat - ok

17:58:51.0375 3024 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:58:51.0531 3024 IPSec - ok

17:58:51.0609 3024 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

17:58:51.0796 3024 irda - ok

17:58:51.0859 3024 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:58:52.0093 3024 IRENUM - ok

17:58:52.0281 3024 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:58:52.0546 3024 isapnp - ok

17:58:52.0593 3024 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:58:52.0781 3024 Kbdclass - ok

17:58:52.0875 3024 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:58:53.0390 3024 kmixer - ok

17:58:53.0468 3024 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:58:53.0546 3024 KSecDD - ok

17:58:53.0562 3024 lartgkrs - ok

17:58:53.0578 3024 lbrtfdc - ok

17:58:53.0671 3024 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:58:53.0890 3024 mnmdd - ok

17:58:53.0937 3024 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

17:58:54.0125 3024 Modem - ok

17:58:54.0234 3024 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:58:54.0406 3024 Mouclass - ok

17:58:54.0484 3024 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:58:54.0671 3024 mouhid - ok

17:58:54.0750 3024 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:58:54.0937 3024 MountMgr - ok

17:58:54.0953 3024 mraid35x - ok

17:58:55.0093 3024 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

17:58:55.0171 3024 MREMP50 ( UnsignedFile.Multi.Generic ) - warning

17:58:55.0171 3024 MREMP50 - detected UnsignedFile.Multi.Generic (1)

17:58:55.0171 3024 MREMP50a64 - ok

17:58:55.0187 3024 MREMPR5 - ok

17:58:55.0203 3024 MRENDIS5 - ok

17:58:55.0203 3024 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

17:58:55.0218 3024 MRESP50 ( UnsignedFile.Multi.Generic ) - warning

17:58:55.0218 3024 MRESP50 - detected UnsignedFile.Multi.Generic (1)

17:58:55.0234 3024 MRESP50a64 - ok

17:58:55.0390 3024 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:58:55.0718 3024 MRxDAV - ok

17:58:55.0812 3024 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:58:55.0968 3024 MRxSmb - ok

17:58:56.0046 3024 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:58:56.0234 3024 Msfs - ok

17:58:56.0265 3024 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:58:56.0468 3024 MSKSSRV - ok

17:58:56.0484 3024 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:58:56.0671 3024 MSPCLOCK - ok

17:58:56.0687 3024 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:58:56.0890 3024 MSPQM - ok

17:58:57.0031 3024 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:58:57.0203 3024 mssmbios - ok

17:58:57.0234 3024 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:58:57.0281 3024 Mup - ok

17:58:57.0328 3024 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:58:57.0515 3024 NDIS - ok

17:58:57.0578 3024 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:58:57.0656 3024 NdisTapi - ok

17:58:57.0687 3024 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:58:57.0890 3024 Ndisuio - ok

17:58:57.0953 3024 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:58:58.0140 3024 NdisWan - ok

17:58:58.0187 3024 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:58:58.0250 3024 NDProxy - ok

17:58:58.0265 3024 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:58:58.0468 3024 NetBIOS - ok

17:58:58.0671 3024 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:58:59.0015 3024 NetBT - ok

17:58:59.0062 3024 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

17:58:59.0250 3024 NIC1394 - ok

17:58:59.0265 3024 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:58:59.0453 3024 Npfs - ok

17:58:59.0578 3024 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:58:59.0812 3024 Ntfs - ok

17:58:59.0968 3024 NTIDrvr (15a72d5b8f0b6a718207f14bd5ebb8ff) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys

17:58:59.0984 3024 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning

17:58:59.0984 3024 NTIDrvr - detected UnsignedFile.Multi.Generic (1)

17:59:00.0046 3024 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:59:00.0281 3024 Null - ok

17:59:00.0375 3024 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:59:00.0593 3024 NwlnkFlt - ok

17:59:00.0781 3024 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:59:01.0000 3024 NwlnkFwd - ok

17:59:01.0031 3024 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

17:59:01.0218 3024 ohci1394 - ok

17:59:01.0281 3024 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

17:59:01.0500 3024 Parport - ok

17:59:01.0578 3024 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:59:01.0781 3024 PartMgr - ok

17:59:01.0921 3024 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:59:02.0125 3024 ParVdm - ok

17:59:02.0140 3024 PCASp50 - ok

17:59:02.0156 3024 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

17:59:02.0375 3024 PCI - ok

17:59:02.0390 3024 PCIDump - ok

17:59:02.0437 3024 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:59:02.0640 3024 PCIIde - ok

17:59:02.0750 3024 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

17:59:02.0921 3024 Pcmcia - ok

17:59:03.0046 3024 PDCOMP - ok

17:59:03.0062 3024 PDFRAME - ok

17:59:03.0078 3024 PDRELI - ok

17:59:03.0093 3024 PDRFRAME - ok

17:59:03.0109 3024 perc2 - ok

17:59:03.0125 3024 perc2hib - ok

17:59:03.0171 3024 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:59:03.0343 3024 PptpMiniport - ok

17:59:03.0375 3024 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

17:59:03.0531 3024 Processor - ok

17:59:03.0562 3024 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:59:03.0734 3024 PSched - ok

17:59:03.0750 3024 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:59:03.0906 3024 Ptilink - ok

17:59:03.0968 3024 ql1080 - ok

17:59:03.0968 3024 Ql10wnt - ok

17:59:03.0984 3024 ql12160 - ok

17:59:04.0000 3024 ql1240 - ok

17:59:04.0015 3024 ql1280 - ok

17:59:04.0046 3024 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:59:04.0265 3024 RasAcd - ok

17:59:04.0390 3024 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

17:59:04.0687 3024 Rasirda - ok

17:59:04.0703 3024 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:59:04.0937 3024 Rasl2tp - ok

17:59:04.0968 3024 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:59:05.0218 3024 RasPppoe - ok

17:59:05.0250 3024 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:59:05.0531 3024 Raspti - ok

17:59:05.0718 3024 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:59:05.0921 3024 Rdbss - ok

17:59:05.0953 3024 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:59:06.0218 3024 RDPCDD - ok

17:59:06.0406 3024 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

17:59:06.0500 3024 RDPWD - ok

17:59:06.0593 3024 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:59:06.0796 3024 redbook - ok

17:59:06.0921 3024 RTL8023 (29f9879a1fd386f7251ae9fdadb2cbf1) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys

17:59:07.0031 3024 RTL8023 - ok

17:59:07.0218 3024 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

17:59:07.0406 3024 rtl8139 - ok

17:59:07.0500 3024 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

17:59:07.0734 3024 sdbus - ok

17:59:07.0812 3024 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:59:08.0015 3024 Secdrv - ok

17:59:08.0046 3024 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

17:59:08.0265 3024 Serial - ok

17:59:08.0359 3024 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:59:08.0531 3024 Sfloppy - ok

17:59:08.0562 3024 Simbad - ok

17:59:08.0656 3024 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys

17:59:08.0750 3024 SMCIRDA - ok

17:59:08.0812 3024 smhwdev (2a0bde6dd58ac2935a80f984b3af0b0e) C:\WINDOWS\system32\DRIVERS\smhwdev.sys

17:59:08.0906 3024 smhwdev - ok

17:59:09.0000 3024 smhwser (54b5dd15eef72aee8d1c765ab2235610) C:\WINDOWS\system32\DRIVERS\smhwser.sys

17:59:09.0046 3024 smhwser - ok

17:59:09.0093 3024 Sparrow - ok

17:59:09.0125 3024 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:59:09.0312 3024 splitter - ok

17:59:09.0359 3024 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

17:59:09.0531 3024 sr - ok

17:59:09.0671 3024 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:59:09.0765 3024 Srv - ok

17:59:09.0828 3024 SrvcTPIOMngr (cbc0be9758bace83fc9ac25f4cca20e7) C:\WINDOWS\system32\Drivers\TPIoMngr.sys

17:59:09.0843 3024 SrvcTPIOMngr ( UnsignedFile.Multi.Generic ) - warning

17:59:09.0843 3024 SrvcTPIOMngr - detected UnsignedFile.Multi.Generic (1)

17:59:09.0906 3024 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

17:59:10.0125 3024 StillCam - ok

17:59:10.0312 3024 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:59:10.0578 3024 swenum - ok

17:59:10.0656 3024 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:59:10.0890 3024 swmidi - ok

17:59:10.0984 3024 symc810 - ok

17:59:11.0000 3024 symc8xx - ok

17:59:11.0015 3024 sym_hi - ok

17:59:11.0031 3024 sym_u3 - ok

17:59:11.0062 3024 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:59:11.0250 3024 sysaudio - ok

17:59:11.0312 3024 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:59:11.0437 3024 Tcpip - ok

17:59:11.0484 3024 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:59:11.0703 3024 TDPIPE - ok

17:59:11.0750 3024 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:59:11.0968 3024 TDTCP - ok

17:59:12.0062 3024 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:59:12.0296 3024 TermDD - ok

17:59:12.0343 3024 TosIde - ok

17:59:12.0421 3024 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:59:12.0671 3024 Udfs - ok

17:59:12.0703 3024 ultra - ok

17:59:12.0781 3024 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:59:13.0031 3024 Update - ok

17:59:13.0203 3024 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

17:59:13.0281 3024 USBAAPL - ok

17:59:13.0437 3024 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

17:59:13.0640 3024 usbaudio - ok

17:59:13.0734 3024 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:59:13.0906 3024 usbccgp - ok

17:59:13.0953 3024 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:59:14.0171 3024 usbehci - ok

17:59:14.0265 3024 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:59:14.0453 3024 usbhub - ok

17:59:14.0468 3024 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

17:59:14.0687 3024 usbohci - ok

17:59:14.0781 3024 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:59:15.0015 3024 usbprint - ok

17:59:15.0031 3024 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:59:15.0218 3024 usbscan - ok

17:59:15.0296 3024 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:59:15.0484 3024 USBSTOR - ok

17:59:15.0500 3024 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:59:15.0640 3024 VgaSave - ok

17:59:15.0671 3024 ViaIde - ok

17:59:15.0765 3024 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

17:59:16.0109 3024 VolSnap - ok

17:59:16.0203 3024 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:59:16.0390 3024 Wanarp - ok

17:59:16.0500 3024 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

17:59:16.0531 3024 wanatw - ok

17:59:16.0671 3024 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

17:59:16.0750 3024 Wdf01000 - ok

17:59:16.0828 3024 WDICA - ok

17:59:16.0890 3024 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:59:17.0140 3024 wdmaud - ok

17:59:17.0328 3024 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

17:59:17.0390 3024 WpdUsb - ok

17:59:17.0515 3024 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

17:59:17.0562 3024 WudfPf - ok

17:59:17.0625 3024 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

17:59:17.0656 3024 WudfRd - ok

17:59:17.0734 3024 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

17:59:17.0921 3024 \Device\Harddisk0\DR0 - ok

17:59:17.0921 3024 Boot (0x1200) (fef2d246c79aadafefa79110069d95b9) \Device\Harddisk0\DR0\Partition0

17:59:17.0921 3024 \Device\Harddisk0\DR0\Partition0 - ok

17:59:17.0937 3024 ============================================================

17:59:17.0937 3024 Scan finished

17:59:17.0937 3024 ============================================================

17:59:18.0062 1336 Detected object count: 5

17:59:18.0062 1336 Actual detected object count: 5

17:59:29.0109 1336 grmnusb ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:29.0109 1336 grmnusb ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:59:29.0109 1336 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:29.0109 1336 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:59:29.0109 1336 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:29.0109 1336 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:59:29.0125 1336 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:29.0125 1336 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:59:29.0125 1336 SrvcTPIOMngr ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:29.0125 1336 SrvcTPIOMngr ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:00:30.0468 3480 ============================================================

18:00:30.0468 3480 Scan started

18:00:30.0468 3480 Mode: Manual; SigCheck; TDLFS;

18:00:30.0468 3480 ============================================================

18:00:30.0875 3480 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys

18:00:30.0921 3480 Aavmker4 - ok

18:00:30.0937 3480 Abiosdsk - ok

18:00:30.0968 3480 abp480n5 - ok

18:00:31.0046 3480 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:00:31.0250 3480 ACPI - ok

18:00:31.0296 3480 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

18:00:31.0515 3480 ACPIEC - ok

18:00:31.0546 3480 adpu160m - ok

18:00:31.0593 3480 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:00:31.0765 3480 aec - ok

18:00:31.0828 3480 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

18:00:31.0875 3480 AFD - ok

18:00:32.0015 3480 AgereSoftModem (052343cd49c8da20c48958cfe73c7d44) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

18:00:32.0078 3480 AgereSoftModem - ok

18:00:32.0250 3480 Aha154x - ok

18:00:32.0281 3480 aic78u2 - ok

18:00:32.0312 3480 aic78xx - ok

18:00:32.0390 3480 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

18:00:32.0515 3480 ALCXSENS - ok

18:00:32.0593 3480 ALCXWDM (5ff6f7e58c798f1474c0bbffc23cb78d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

18:00:32.0765 3480 ALCXWDM - ok

18:00:32.0796 3480 AliIde - ok

18:00:32.0828 3480 amsint - ok

18:00:32.0890 3480 androidusb (e94e2ea7faaa05c776a711edb198b9fd) C:\WINDOWS\system32\Drivers\smhwadb.sys

18:00:32.0937 3480 androidusb - ok

18:00:33.0031 3480 AR5211 (37e1a3630872b3ccaa45e2468f437df0) C:\WINDOWS\system32\DRIVERS\ar5211.sys

18:00:33.0109 3480 AR5211 - ok

18:00:33.0281 3480 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

18:00:33.0484 3480 Arp1394 - ok

18:00:33.0500 3480 asc - ok

18:00:33.0515 3480 asc3350p - ok

18:00:33.0546 3480 asc3550 - ok

18:00:33.0625 3480 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys

18:00:33.0656 3480 aswFsBlk - ok

18:00:33.0687 3480 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys

18:00:33.0718 3480 aswMon2 - ok

18:00:33.0765 3480 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys

18:00:33.0781 3480 aswRdr - ok

18:00:33.0875 3480 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys

18:00:33.0906 3480 aswSnx - ok

18:00:33.0984 3480 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys

18:00:34.0015 3480 aswSP - ok

18:00:34.0031 3480 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys

18:00:34.0062 3480 aswTdi - ok

18:00:34.0093 3480 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:00:34.0265 3480 AsyncMac - ok

18:00:34.0281 3480 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:00:34.0484 3480 atapi - ok

18:00:34.0500 3480 Atdisk - ok

18:00:34.0609 3480 ati2mtag (4938ad74de9088f70922fabf86912eee) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

18:00:34.0718 3480 ati2mtag - ok

18:00:34.0875 3480 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:00:35.0062 3480 Atmarpc - ok

18:00:35.0203 3480 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:00:35.0421 3480 audstub - ok

18:00:35.0562 3480 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:00:35.0906 3480 Beep - ok

18:00:35.0984 3480 caboagp (10d5fb74ee18ea49c30daaa203c0e0ec) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys

18:00:36.0015 3480 caboagp - ok

18:00:36.0062 3480 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:00:36.0296 3480 cbidf2k - ok

18:00:36.0312 3480 cd20xrnt - ok

18:00:36.0375 3480 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:00:36.0609 3480 Cdaudio - ok

18:00:36.0640 3480 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:00:36.0875 3480 Cdfs - ok

18:00:36.0968 3480 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:00:37.0156 3480 Cdrom - ok

18:00:37.0171 3480 Changer - ok

18:00:37.0218 3480 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

18:00:37.0390 3480 CmBatt - ok

18:00:37.0421 3480 CmdIde - ok

18:00:37.0437 3480 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

18:00:37.0625 3480 Compbatt - ok

18:00:37.0656 3480 Cpqarray - ok

18:00:37.0687 3480 dac2w2k - ok

18:00:37.0718 3480 dac960nt - ok

18:00:37.0750 3480 DgiVecp - ok

18:00:37.0781 3480 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:00:37.0953 3480 Disk - ok

18:00:38.0046 3480 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

18:00:38.0234 3480 dmboot - ok

18:00:38.0390 3480 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

18:00:38.0593 3480 dmio - ok

18:00:38.0671 3480 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:00:38.0875 3480 dmload - ok

18:00:38.0968 3480 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:00:39.0125 3480 DMusic - ok

18:00:39.0156 3480 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

18:00:39.0312 3480 dot4 - ok

18:00:39.0343 3480 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

18:00:39.0531 3480 Dot4Print - ok

18:00:39.0546 3480 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys

18:00:39.0734 3480 Dot4Scan - ok

18:00:39.0750 3480 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

18:00:39.0937 3480 dot4usb - ok

18:00:39.0953 3480 dpti2o - ok

18:00:39.0984 3480 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:00:40.0156 3480 drmkaud - ok

18:00:40.0281 3480 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:00:40.0468 3480 Fastfat - ok

18:00:40.0515 3480 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

18:00:40.0687 3480 Fdc - ok

18:00:40.0765 3480 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

18:00:40.0937 3480 Fips - ok

18:00:40.0968 3480 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

18:00:41.0140 3480 Flpydisk - ok

18:00:41.0171 3480 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

18:00:41.0500 3480 FltMgr - ok

18:00:41.0531 3480 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:00:41.0750 3480 Fs_Rec - ok

18:00:41.0796 3480 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:00:42.0015 3480 Ftdisk - ok

18:00:42.0078 3480 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

18:00:42.0093 3480 GEARAspiWDM - ok

18:00:42.0281 3480 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:00:42.0437 3480 Gpc - ok

18:00:42.0515 3480 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys

18:00:42.0546 3480 grmnusb ( UnsignedFile.Multi.Generic ) - warning

18:00:42.0546 3480 grmnusb - detected UnsignedFile.Multi.Generic (1)

18:00:42.0593 3480 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:00:42.0765 3480 HidUsb - ok

18:00:42.0781 3480 hpn - ok

18:00:42.0890 3480 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

18:00:42.0937 3480 HTTP - ok

18:00:42.0968 3480 i2omgmt - ok

18:00:43.0000 3480 i2omp - ok

18:00:43.0046 3480 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

18:00:43.0250 3480 i8042prt - ok

18:00:43.0359 3480 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:00:43.0531 3480 Imapi - ok

18:00:43.0562 3480 ini910u - ok

18:00:43.0593 3480 IntelIde - ok

18:00:43.0656 3480 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:00:43.0828 3480 intelppm - ok

18:00:43.0859 3480 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

18:00:44.0046 3480 ip6fw - ok

18:00:44.0078 3480 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:00:44.0328 3480 IpFilterDriver - ok

18:00:44.0484 3480 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:00:44.0656 3480 IpInIp - ok

18:00:44.0750 3480 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:00:44.0937 3480 IpNat - ok

18:00:44.0984 3480 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:00:45.0171 3480 IPSec - ok

18:00:45.0281 3480 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

18:00:45.0468 3480 irda - ok

18:00:45.0531 3480 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:00:45.0703 3480 IRENUM - ok

18:00:45.0750 3480 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:00:45.0937 3480 isapnp - ok

18:00:45.0984 3480 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:00:46.0156 3480 Kbdclass - ok

18:00:46.0265 3480 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:00:46.0421 3480 kmixer - ok

18:00:46.0703 3480 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

18:00:46.0734 3480 KSecDD - ok

18:00:46.0765 3480 lartgkrs - ok

18:00:46.0796 3480 lbrtfdc - ok

18:00:46.0875 3480 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:00:47.0218 3480 mnmdd - ok

18:00:47.0265 3480 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

18:00:47.0437 3480 Modem - ok

18:00:47.0453 3480 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:00:47.0640 3480 Mouclass - ok

18:00:47.0687 3480 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:00:47.0921 3480 mouhid - ok

18:00:47.0937 3480 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:00:48.0125 3480 MountMgr - ok

18:00:48.0156 3480 mraid35x - ok

18:00:48.0296 3480 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

18:00:48.0312 3480 MREMP50 ( UnsignedFile.Multi.Generic ) - warning

18:00:48.0312 3480 MREMP50 - detected UnsignedFile.Multi.Generic (1)

18:00:48.0328 3480 MREMP50a64 - ok

18:00:48.0343 3480 MREMPR5 - ok

18:00:48.0359 3480 MRENDIS5 - ok

18:00:48.0375 3480 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

18:00:48.0390 3480 MRESP50 ( UnsignedFile.Multi.Generic ) - warning

18:00:48.0390 3480 MRESP50 - detected UnsignedFile.Multi.Generic (1)

18:00:48.0406 3480 MRESP50a64 - ok

18:00:48.0484 3480 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:00:48.0656 3480 MRxDAV - ok

18:00:48.0812 3480 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:00:48.0890 3480 MRxSmb - ok

18:00:49.0046 3480 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:00:49.0250 3480 Msfs - ok

18:00:49.0343 3480 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:00:49.0515 3480 MSKSSRV - ok

18:00:49.0562 3480 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:00:49.0734 3480 MSPCLOCK - ok

18:00:49.0750 3480 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:00:49.0937 3480 MSPQM - ok

18:00:50.0046 3480 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:00:50.0218 3480 mssmbios - ok

18:00:50.0250 3480 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

18:00:50.0296 3480 Mup - ok

18:00:50.0343 3480 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:00:50.0515 3480 NDIS - ok

18:00:50.0562 3480 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:00:50.0609 3480 NdisTapi - ok

18:00:50.0640 3480 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:00:50.0828 3480 Ndisuio - ok

18:00:50.0843 3480 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:00:51.0015 3480 NdisWan - ok

18:00:51.0062 3480 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

18:00:51.0125 3480 NDProxy - ok

18:00:51.0156 3480 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:00:51.0343 3480 NetBIOS - ok

18:00:51.0593 3480 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:00:51.0734 3480 NetBT - ok

18:00:51.0859 3480 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

18:00:52.0046 3480 NIC1394 - ok

18:00:52.0140 3480 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:00:52.0359 3480 Npfs - ok

18:00:52.0500 3480 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:00:52.0968 3480 Ntfs - ok

18:00:53.0062 3480 NTIDrvr (15a72d5b8f0b6a718207f14bd5ebb8ff) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys

18:00:53.0093 3480 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning

18:00:53.0093 3480 NTIDrvr - detected UnsignedFile.Multi.Generic (1)

18:00:53.0156 3480 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:00:53.0406 3480 Null - ok

18:00:53.0625 3480 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:00:53.0921 3480 NwlnkFlt - ok

18:00:53.0937 3480 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:00:54.0171 3480 NwlnkFwd - ok

18:00:54.0234 3480 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

18:00:54.0421 3480 ohci1394 - ok

18:00:54.0484 3480 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

18:00:54.0671 3480 Parport - ok

18:00:54.0734 3480 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:00:54.0921 3480 PartMgr - ok

18:00:54.0968 3480 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

18:00:55.0171 3480 ParVdm - ok

18:00:55.0234 3480 PCASp50 - ok

18:00:55.0250 3480 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

18:00:55.0421 3480 PCI - ok

18:00:55.0437 3480 PCIDump - ok

18:00:55.0515 3480 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:00:55.0703 3480 PCIIde - ok

18:00:55.0734 3480 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

18:00:55.0906 3480 Pcmcia - ok

18:00:56.0031 3480 PDCOMP - ok

18:00:56.0046 3480 PDFRAME - ok

18:00:56.0062 3480 PDRELI - ok

18:00:56.0078 3480 PDRFRAME - ok

18:00:56.0093 3480 perc2 - ok

18:00:56.0109 3480 perc2hib - ok

18:00:56.0140 3480 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:00:56.0296 3480 PptpMiniport - ok

18:00:56.0328 3480 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

18:00:56.0500 3480 Processor - ok

18:00:56.0515 3480 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:00:56.0671 3480 PSched - ok

18:00:56.0687 3480 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:00:56.0906 3480 Ptilink - ok

18:00:56.0921 3480 ql1080 - ok

18:00:56.0937 3480 Ql10wnt - ok

18:00:56.0953 3480 ql12160 - ok

18:00:56.0968 3480 ql1240 - ok

18:00:56.0984 3480 ql1280 - ok

18:00:57.0031 3480 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:00:57.0250 3480 RasAcd - ok

18:00:57.0359 3480 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

18:00:57.0453 3480 Rasirda - ok

18:00:57.0484 3480 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:00:57.0671 3480 Rasl2tp - ok

18:00:57.0703 3480 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:00:57.0890 3480 RasPppoe - ok

18:00:57.0921 3480 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:00:58.0140 3480 Raspti - ok

18:00:58.0171 3480 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:00:58.0343 3480 Rdbss - ok

18:00:58.0796 3480 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:00:59.0000 3480 RDPCDD - ok

18:00:59.0062 3480 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

18:00:59.0109 3480 RDPWD - ok

18:00:59.0156 3480 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:00:59.0312 3480 redbook - ok

18:00:59.0375 3480 RTL8023 (29f9879a1fd386f7251ae9fdadb2cbf1) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys

18:00:59.0421 3480 RTL8023 - ok

18:00:59.0578 3480 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

18:00:59.0781 3480 rtl8139 - ok

18:00:59.0875 3480 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

18:01:00.0062 3480 sdbus - ok

18:01:00.0109 3480 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:01:00.0359 3480 Secdrv - ok

18:01:00.0453 3480 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

18:01:00.0625 3480 Serial - ok

18:01:00.0859 3480 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

18:01:01.0062 3480 Sfloppy - ok

18:01:01.0125 3480 Simbad - ok

18:01:01.0171 3480 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys

18:01:01.0296 3480 SMCIRDA - ok

18:01:01.0359 3480 smhwdev (2a0bde6dd58ac2935a80f984b3af0b0e) C:\WINDOWS\system32\DRIVERS\smhwdev.sys

18:01:01.0390 3480 smhwdev - ok

18:01:01.0406 3480 smhwser (54b5dd15eef72aee8d1c765ab2235610) C:\WINDOWS\system32\DRIVERS\smhwser.sys

18:01:01.0484 3480 smhwser - ok

18:01:01.0515 3480 Sparrow - ok

18:01:01.0593 3480 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:01:01.0765 3480 splitter - ok

18:01:01.0828 3480 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

18:01:02.0062 3480 sr - ok

18:01:02.0250 3480 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

18:01:02.0281 3480 Srv - ok

18:01:02.0359 3480 SrvcTPIOMngr (cbc0be9758bace83fc9ac25f4cca20e7) C:\WINDOWS\system32\Drivers\TPIoMngr.sys

18:01:02.0375 3480 SrvcTPIOMngr ( UnsignedFile.Multi.Generic ) - warning

18:01:02.0375 3480 SrvcTPIOMngr - detected UnsignedFile.Multi.Generic (1)

18:01:02.0468 3480 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

18:01:02.0671 3480 StillCam - ok

18:01:02.0718 3480 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:01:02.0890 3480 swenum - ok

18:01:02.0921 3480 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:01:03.0109 3480 swmidi - ok

18:01:03.0140 3480 symc810 - ok

18:01:03.0156 3480 symc8xx - ok

18:01:03.0187 3480 sym_hi - ok

18:01:03.0218 3480 sym_u3 - ok

18:01:03.0250 3480 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:01:03.0406 3480 sysaudio - ok

18:01:03.0531 3480 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:01:03.0593 3480 Tcpip - ok

18:01:04.0031 3480 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:01:04.0343 3480 TDPIPE - ok

18:01:04.0515 3480 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:01:04.0703 3480 TDTCP - ok

18:01:04.0750 3480 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:01:04.0937 3480 TermDD - ok

18:01:04.0968 3480 TosIde - ok

18:01:05.0031 3480 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:01:05.0218 3480 Udfs - ok

18:01:05.0250 3480 ultra - ok

18:01:05.0328 3480 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:01:05.0546 3480 Update - ok

18:01:05.0640 3480 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

18:01:05.0687 3480 USBAAPL - ok

18:01:05.0750 3480 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

18:01:05.0921 3480 usbaudio - ok

18:01:06.0062 3480 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:01:06.0250 3480 usbccgp - ok

18:01:06.0281 3480 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:01:06.0453 3480 usbehci - ok

18:01:06.0484 3480 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:01:06.0656 3480 usbhub - ok

18:01:06.0687 3480 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

18:01:06.0875 3480 usbohci - ok

18:01:06.0953 3480 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

18:01:07.0140 3480 usbprint - ok

18:01:07.0171 3480 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:01:07.0343 3480 usbscan - ok

18:01:07.0375 3480 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:01:07.0562 3480 USBSTOR - ok

18:01:07.0609 3480 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:01:07.0796 3480 VgaSave - ok

18:01:07.0812 3480 ViaIde - ok

18:01:07.0859 3480 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

18:01:08.0046 3480 VolSnap - ok

18:01:08.0093 3480 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:01:08.0265 3480 Wanarp - ok

18:01:08.0328 3480 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

18:01:08.0359 3480 wanatw - ok

18:01:08.0437 3480 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

18:01:08.0484 3480 Wdf01000 - ok

18:01:08.0640 3480 WDICA - ok

18:01:08.0671 3480 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:01:08.0843 3480 wdmaud - ok

18:01:09.0031 3480 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

18:01:09.0093 3480 WpdUsb - ok

18:01:09.0125 3480 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

18:01:09.0156 3480 WudfPf - ok

18:01:09.0187 3480 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

18:01:09.0218 3480 WudfRd - ok

18:01:09.0312 3480 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

18:01:09.0484 3480 \Device\Harddisk0\DR0 - ok

18:01:09.0484 3480 Boot (0x1200) (fef2d246c79aadafefa79110069d95b9) \Device\Harddisk0\DR0\Partition0

18:01:09.0500 3480 \Device\Harddisk0\DR0\Partition0 - ok

18:01:09.0500 3480 ============================================================

18:01:09.0500 3480 Scan finished

18:01:09.0500 3480 ============================================================

18:01:09.0531 3476 Detected object count: 5

18:01:09.0531 3476 Actual detected object count: 5

18:01:20.0312 3476 grmnusb ( UnsignedFile.Multi.Generic ) - skipped by user

18:01:20.0312 3476 grmnusb ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:01:20.0312 3476 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user

18:01:20.0312 3476 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:01:20.0312 3476 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user

18:01:20.0312 3476 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:01:20.0328 3476 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user

18:01:20.0328 3476 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:01:20.0328 3476 SrvcTPIOMngr ( UnsignedFile.Multi.Generic ) - skipped by user

18:01:20.0328 3476 SrvcTPIOMngr ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:10:47.0500 0248 Deinitialize success

The results for Malwarebytes was as follows:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.16.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Toshiba :: TOSHIBA-ZASS3K4 [administrator]

3/16/2012 7:02:04 PM

mbam-log-2012-03-16 (19-02-04).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 251645

Time elapsed: 32 minute(s), 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Documents and Settings\Toshiba\Local Settings\Temp\is1438683437\YontooSetup-DropDownDeals-SilentInstaller.exe (PUP.BundleInstaller.YT) -> Quarantined and deleted successfully.

(end)

I reran dds and the results were as follows:

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Toshiba at 19:51:30 on 2012-03-16

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.639.146 [GMT -4:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Common Files\AOL\1215722999\ee\AOLSoftware.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE

C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\aol\1215722999\ee\AOLDesktop.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Common Files\Search Protection\spHost.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ntvdm.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a

uStart Page = hxxp://search.bearshare.com

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll

mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll

BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Search Protection Class: {dee1f01a-e6a8-4740-b420-3c521f234f74} - c:\program files\common files\search protection\sp.dll

BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [HostManager] c:\program files\common files\aol\1215722999\ee\AOLSoftware.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [LMPDPSRV] c:\windows\system32\spool\drivers\w32x86\3\LMPDPSRV.EXE

mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

StartupFolder: c:\docume~1\toshiba\startm~1\programs\startup\aoldes~1.lnk - c:\program files\common files\aol\launch\aollaunch.exe

IE: &Search

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {B1C5B118-8240-47a6-AE84-103B05FB5AEF} - c:\program files\common files\search protection\spControl.exe

IE: {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - c:\program files\crawler\radio\CRadio.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: magicjack.com\data

Trusted Zone: magicjack.com\my

Trusted Zone: talk4free.com\reg

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} - hxxps://live.edirectglass.com/edg/shop/reports/activexviewer.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {58444091-851A-46BC-BA63-904886070C0D} - hxxps://live.edirectglass.com/edg/Shop/Attachments/dbpix/dbpix20.ocx

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214755402687

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 205.152.37.23 205.152.132.23

TCP: Interfaces\{850331D3-6C10-4F7E-9B50-8055FE37EDC6} : DhcpNameServer = 205.152.37.23 205.152.132.23

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

AppInit_DLLs: c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\toshiba\applic~1\mozilla\firefox\profiles\a0v7ilao.default\

FF - prefs.js: browser.search.selectedEngine - Search Results

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=2&sr=0&q=

FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll

FF - plugin: c:\documents and settings\toshiba\application data\mozilla\plugins\np-mswmp.dll

FF - plugin: c:\progra~1\sonyon~1\npsoe.dll

FF - plugin: c:\progra~1\sonyon~1\npsoeact.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll

FF - plugin: c:\program files\itunes\mozilla plugins\npitunes.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeploytk.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin2.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin3.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin4.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin5.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin6.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin7.dll

FF - plugin: c:\program files\windows media player\npdrmv2.dll

FF - plugin: c:\program files\windows media player\npdsplay.dll

FF - plugin: c:\program files\windows media player\npwmsdrm.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-10 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-4-8 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-8 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-20 44768]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]

R2 SPHost;SPHost;c:\program files\common files\search protection\spHost.exe [2009-6-24 107816]

R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]

S0 lartgkrs;lartgkrs;c:\windows\system32\drivers\eilagbqh.sys --> c:\windows\system32\drivers\eilagbqh.sys [?]

S2 WinDefend;Windows Defender;"c:\program files\windows defender\msmpeng.exe" --> c:\program files\windows defender\MsMpEng.exe [?]

S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [2011-2-10 25728]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-30 30192]

S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys [2011-2-10 100864]

S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [2011-2-10 108032]

.

=============== Created Last 30 ================

.

2012-03-16 21:42:40 262144 ----a-w- c:\progra~1\Uninstall Ask Toolbar.dll

2012-03-16 18:56:54 -------- d--h--w- c:\windows\PIF

2012-03-16 14:23:46 -------- d-----w- c:\docume~1\toshiba\applic~1\simppulltoolbar

2012-03-16 13:33:57 4752 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-03-16 03:11:27 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-03-16 03:11:27 -------- d-----w- c:\windows\system32\wbem\Repository

2012-03-16 02:03:14 -------- d-----w- c:\progra~1\StartNow Toolbar

2012-03-15 23:53:59 -------- d-----w- c:\docume~1\alluse~1\application data\HitmanPro

2012-03-07 18:37:15 -------- d-----w- c:\windows\pss

2012-02-23 04:02:30 -------- d-----w- c:\docume~1\alluse~1\application data\Seagate

2012-02-23 04:02:11 -------- d-----w- c:\progra~1\Carbonite

2012-02-23 04:02:10 -------- d-sh--w- c:\windows\ftpcache

2012-02-23 03:55:56 -------- d-----w- c:\progra~1\Seagate

2012-02-23 03:55:49 -------- d-----w- c:\progra~1\common~1\muvee Technologies

.

==================== Find3M ====================

.

2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-22 15:07:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

============= FINISH: 19:56:07.29 ===============

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 6/13/2008 6:05:55 PM

System Uptime: 3/16/2012 7:37:52 PM (0 hours ago)

.

Motherboard: TOSHIBA | | EDW10

Processor: Mobile Intel® Pentium® 4 CPU 3.20GHz | NWD | 3200/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 39.388 GiB free.

D: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description:

Device ID: ACPI\CMP0101\2&DABA3FF&0

Manufacturer:

Name:

PNP Device ID: ACPI\CMP0101\2&DABA3FF&0

Service:

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Deskjet F4500 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Deskjet F4500 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP693: 2/22/2012 10:55:34 PM - Installed muvee autoProducer 6.1 Seagate Edition

RP694: 2/22/2012 11:01:01 PM - Installed Seagate Manager Installer

RP695: 2/23/2012 10:09:03 AM - Software Distribution Service 3.0

RP696: 2/24/2012 11:17:29 AM - Software Distribution Service 3.0

RP697: 2/25/2012 10:24:38 AM - Software Distribution Service 3.0

RP698: 2/26/2012 10:24:27 AM - Software Distribution Service 3.0

RP699: 2/27/2012 11:11:45 AM - Software Distribution Service 3.0

RP700: 2/27/2012 7:00:34 PM - Software Distribution Service 3.0

RP701: 2/28/2012 10:03:13 AM - Software Distribution Service 3.0

RP702: 2/29/2012 9:27:18 AM - Software Distribution Service 3.0

RP703: 3/3/2012 10:57:09 AM - Software Distribution Service 3.0

RP704: 3/4/2012 9:27:12 AM - Software Distribution Service 3.0

RP705: 3/5/2012 11:01:39 AM - Software Distribution Service 3.0

RP706: 3/5/2012 7:00:34 PM - Software Distribution Service 3.0

RP707: 3/6/2012 9:20:32 AM - Software Distribution Service 3.0

RP708: 3/7/2012 8:48:34 AM - Software Distribution Service 3.0

RP709: 3/8/2012 8:34:53 AM - Software Distribution Service 3.0

RP710: 3/9/2012 9:06:25 AM - Software Distribution Service 3.0

RP711: 3/10/2012 11:32:19 AM - Software Distribution Service 3.0

RP712: 3/11/2012 10:42:11 AM - Software Distribution Service 3.0

RP713: 3/12/2012 10:17:08 AM - Software Distribution Service 3.0

RP714: 3/12/2012 7:00:29 PM - Software Distribution Service 3.0

RP715: 3/13/2012 9:30:56 AM - Software Distribution Service 3.0

RP716: 3/14/2012 9:49:19 AM - Software Distribution Service 3.0

RP717: 3/15/2012 9:51:43 AM - Software Distribution Service 3.0

RP718: 3/15/2012 10:00:42 PM - Restore Operation

RP719: 3/16/2012 9:32:42 AM - Software Distribution Service 3.0

RP720: 3/16/2012 10:05:00 AM - Software Distribution Service 3.0

RP721: 3/16/2012 5:43:43 PM - Removed NetAssistant

.

==== Installed Programs ======================

.

.

32 Bit HP CIO Components Installer

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.0

Adobe Shockwave Player 11.5

AOL Registration

AOL Toolbar for Firefox

AOL Toolbar for Internet Explorer

AOL Uninstaller (Choose which Products to Remove)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Wireless LAN MiniPCI card Driver

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

ATT-HSI

avast! Free Antivirus

Banner Maker Pro Version 7

Bonjour

BufferChm

Canon MP470 series

Carbonite Online Backup Setup

Cisco WebEx Meeting Center for Firefox or Chrome

CoffeeCup Web Form Builder

Copy

Coupon Printer for Windows

Crawler Radio & MP3 Player

Critical Update for Windows Media Player 11 (KB959772)

Destinations

DeviceDiscovery

DirectX for Managed Code Update (December 2004)

DJ_AIO_06_F4500_SW_MIN

Download Updater (AOL LLC)

Easy Thumbnails (Remove only)

F4500

FileZilla Client 3.5.0

FinePix Studio

FinePixViewer Resource

FinePixViewer Ver.5.3

FoxTab PDF Converter

Free InuYasha Screensaver 1.0

Free Realms Installer

FUJIFILM USB Driver

Garmin WebUpdater

Google Desktop

GoToMeeting 4.0.0.320

GPBaseService2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Customer Participation Program 14.0

HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6

HP Imaging Device Functions 14.0

HP Photo Creations

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPDiagnosticAlert

HPProductAssistant

HPSSupply

ImageMixer VCD2 LE for FinePix

Inspyder Sitemap Creator

InstallIQ Updater

InterVideo Register Manager

InterVideo WinDVD

iTunes

Java 6 Update 18

Java 6 Update 7

Java SE Runtime Environment 6 Update 1

Lexmark X125

magicJack

Malwarebytes Anti-Malware version 1.60.1.1000

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Default Manager

Microsoft DirectX 9.0 SDK Update (December 2004)

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office Live Small Business Image Uploader

Microsoft Search Enhancement Pack

Microsoft UI Engine

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual J# .NET Redistributable Package 1.1

Mozilla Firefox 10.0.2 (x86 en-US)

MP3 Rocket

MSN Toolbar

MSN Toolbar Platform

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

muvee autoProducer 6.1 Seagate Edition

MyFax® Print-to-Fax Assistant

Network

NTI Backup NOW! 3

NTI DriveBackup! 3

NTI DVD-Maker

NTI DVD-Maker Gold

NTI DVD Player

OpenOffice.org Installer 1.0

QuickBooks

QuickBooks Product Listing Service

QuickBooks Simple Start 2009

QuickTime

Realtek AC'97 Audio

Realtek Fast Ethernet Adapter Driver

Registry Patrol

RoboForm 7-3-2 (All Users)

Safari

Scan

Seagate Manager Installer

Search Protection

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Shop for HP Supplies

SmartWebPrinting

SMSC IrCC V5.1.3600.3 SP1

SolutionCenter

Spelling Dictionaries Support For Adobe Reader 9

Status

SupportSoft Assisted Service

Toolbox

TOSHIBA Software Modem

TouchPad On/Off Utility

TrayApp

TuneUp Companion 2.2.4

UB-04's HCFA-1500 Software

Uninstall AOL Emergency Connect Utility 1.0

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB972636)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB942763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VoiceOver Kit

WebEx

WebFldrs XP

WebReg

Windows Defender

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live ID Sign-in Assistant

Windows Media Format 11 runtime

Windows Media Player 11

Windows PowerShell 1.0

Windows XP Service Pack 3

Yahoo! Install Manager

Yahoo! Toolbar

Yontoo Layers Client 1.10.01

.

==== Event Viewer Messages From Past Week ========

.

3/9/2012 9:10:34 AM, error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

3/16/2012 9:31:23 AM, error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.

3/16/2012 10:06:41 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.121.1660.0).

3/15/2012 9:58:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips intelppm SrvcTPIOMngr

3/15/2012 9:58:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/15/2012 9:57:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

3/15/2012 9:19:09 PM, error: Service Control Manager [7024] - The HitmanPro 3.6 Crusader (Boot) service terminated with service-specific error 0 (0x0).

3/15/2012 9:06:00 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

3/15/2012 8:55:02 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

3/15/2012 6:55:25 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

3/14/2012 8:45:44 PM, error: Service Control Manager [7034] - The Updater Service for StartNow Toolbar service terminated unexpectedly. It has done this 1 time(s).

3/13/2012 9:31:22 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.121.1421.0).

3/13/2012 9:24:54 AM, error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The system cannot find the path specified.

3/13/2012 9:24:54 AM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.

3/12/2012 7:01:40 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).

3/12/2012 10:17:41 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.121.1200.0).

.

==== End Of File ===========================

[Maniac]

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

[tkpro72]

Hi. I just ran ComboFix and the results were as follows:

ComboFix 12-03-16.05 - Toshiba 03/17/2012 9:45.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.639.222 [GMT -4:00]

Running from: c:\documents and settings\Toshiba\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico

c:\documents and settings\LocalService\Application Data\alot

c:\documents and settings\Toshiba\Application Data\Mozilla\Firefox\Profiles\a0v7ilao.default\searchplugins\bing-zugo.xml

c:\documents and settings\Toshiba\Application Data\PriceGong

c:\documents and settings\Toshiba\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Toshiba\Desktop\Windows Restore.lnk

c:\documents and settings\Toshiba\g2mdlhlpx.exe

c:\program files\StartNow Toolbar

c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe

c:\windows\system32\dllcache\wmpvis.dll

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\SET57.tmp

c:\windows\system32\SET5B.tmp

c:\windows\system32\SET63.tmp

c:\windows\Tab16d20.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MYWEBSEARCHSERVICE

-------\Legacy_Updater_Service_for_StartNow_Toolbar

-------\Legacy_Updater_Service_for_StartNow_Toolbar

-------\Service_Updater Service for StartNow Toolbar

-------\Service_Updater Service for StartNow Toolbar

.

.

((((((((((((((((((((((((( Files Created from 2012-02-17 to 2012-03-17 )))))))))))))))))))))))))))))))

.

.

2012-03-16 18:56 . 2012-03-16 18:56 -------- d--h--w- c:\windows\PIF

2012-03-16 14:23 . 2012-03-16 14:23 -------- d-----w- c:\documents and settings\Toshiba\Application Data\simppulltoolbar

2012-03-16 13:33 . 2012-03-16 13:33 4752 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-03-16 03:11 . 2012-03-16 03:11 -------- d-----w- c:\windows\system32\wbem\Repository

2012-03-15 23:53 . 2012-03-16 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro

2012-02-23 04:02 . 2012-02-23 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate

2012-02-23 04:02 . 2012-02-23 04:02 -------- d-----w- c:\program files\Carbonite

2012-02-23 04:02 . 2012-02-23 04:02 -------- d-sh--w- c:\windows\ftpcache

2012-02-23 03:55 . 2012-02-23 04:02 -------- d-----w- c:\program files\Seagate

2012-02-23 03:55 . 2012-02-23 03:56 -------- d-----w- c:\program files\Common Files\muvee Technologies

2012-02-23 03:53 . 2012-02-23 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-23 13:18 . 2010-12-22 17:40 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-22 15:07 . 2011-05-16 12:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-03 09:22 . 2003-03-31 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-15 22:55 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2008-06-13 21:59 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-18 15:34 . 2012-02-07 04:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DEE1F01A-E6A8-4740-B420-3C521F234F74}]

2009-06-24 18:38 107816 ----a-w- c:\program files\Common Files\Search Protection\sp.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 88363]

"HostManager"="c:\program files\Common Files\AOL\1215722999\ee\AOLSoftware.exe" [2008-06-24 41824]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-02 30192]

"LMPDPSRV"="c:\windows\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE" [2002-09-05 45056]

"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]

.

c:\documents and settings\Toshiba\Start Menu\Programs\Startup\

AOL Desktop.lnk - c:\program files\Common Files\aol\Launch\aollaunch.exe [2008-6-24 41824]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-01-04 03:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2004-04-22 01:10 335872 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]

2009-08-04 07:49 318096 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]

2011-08-23 20:03 50592 ----a-w- c:\documents and settings\Toshiba\Application Data\mjusbsp\cdloader2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2011-05-10 06:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]

2009-12-22 13:47 1092872 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]

2003-09-26 19:43 184320 ------w- c:\program files\ltmoh\ltmoh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]

2009-12-18 16:24 197928 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]

2009-07-17 16:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]

2002-02-05 02:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]

2011-06-07 16:07 107000 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]

2004-03-15 00:17 53248 ----a-w- c:\program files\TOSHIBA\TouchPad\TPTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\aol\\1215722999\\ee\\aolsoftware.exe"=

"c:\\Program Files\\AOL 9.1\\waol.exe"=

"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=

"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Common Files\\aol\\1215722999\\ee\\AOLDesktop.exe"=

"c:\\Program Files\\AOL 9.1\\aol.exe"=

"c:\\Program Files\\FinePixViewer\\FinePixViewer.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\LMpdpsrv.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=

"c:\\Program Files\\Adobe\\Acrobat.com\\Acrobat.com.exe"=

"c:\\Program Files\\ltmoh\\ltmoh.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\MP3 Rocket\\MP3Rocket.exe"=

"c:\\Documents and Settings\\Toshiba\\Application Data\\mjusbsp\\magicJack.exe"=

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/10/2011 12:34 PM 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/8/2009 1:50 PM 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/8/2009 1:50 PM 20568]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 12:25 PM 189736]

R2 SPHost;SPHost;c:\program files\Common Files\Search Protection\spHost.exe [6/24/2009 2:38 PM 107816]

S0 lartgkrs;lartgkrs;c:\windows\system32\drivers\eilagbqh.sys --> c:\windows\system32\drivers\eilagbqh.sys [?]

S2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" --> c:\program files\Windows Defender\MsMpEng.exe [?]

S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [2/10/2011 12:41 AM 25728]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/30/2008 10:48 PM 30192]

S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys [2/10/2011 12:41 AM 100864]

S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [2/10/2011 12:41 AM 108032]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2008-11-25 c:\windows\Tasks\Disk Cleanup.job

- c:\windows\system32\cleanmgr.exe [2003-03-31 00:12]

.

2012-03-17 c:\windows\Tasks\User_Feed_Synchronization-{1E0B23CA-3E0F-49CE-828C-D6692F5E7FE5}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a

uStart Page = hxxp://search.bearshare.com

uInternet Settings,ProxyOverride = *.local

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {{B1C5B118-8240-47a6-AE84-103B05FB5AEF} - c:\program files\Common Files\Search Protection\spControl.exe

IE: {{C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - c:\program files\Crawler\Radio\CRadio.exe

Trusted Zone: magicjack.com\data

Trusted Zone: magicjack.com\my

Trusted Zone: talk4free.com\reg

TCP: DhcpNameServer = 205.152.37.23 205.152.132.23

DPF: {58444091-851A-46BC-BA63-904886070C0D} - hxxps://live.edirectglass.com/edg/Shop/Attachments/dbpix/dbpix20.ocx

FF - ProfilePath - c:\documents and settings\Toshiba\Application Data\Mozilla\Firefox\Profiles\a0v7ilao.default\

FF - prefs.js: browser.search.selectedEngine - Search Results

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=2&sr=0&q=

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{C4B8BAB4-1667-11DF-A242-BA9455D89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll

BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)

MSConfigStartUp-IdentityPatrol - c:\progra~1\IDENTI~1\IdentityPatrol.exe

MSConfigStartUp-InstallIQUpdater - c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe

MSConfigStartUp-StartNowToolbarHelper - c:\program files\StartNow Toolbar\ToolbarHelper.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe

MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe

AddRemove-ActiveTouchMeetingClient - c:\progra~1\MOZILL~1\plugins\atcliun.exe

AddRemove-AOL Toolbar 5.0 - c:\program files\AOL\AOL Toolbar 5.0\uninstall.exe

AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe

AddRemove-{DC5BBA90-FCBE-439F-B3DE-0EE50593687B}_is1 - c:\program files\UB-04 Software

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-17 10:25

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1624)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\bgsvcgen.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\AGRSMMSG.exe

c:\program files\Common Files\aol\1215722999\ee\AOLDesktop.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2012-03-17 10:40:49 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-17 14:40

.

Pre-Run: 42,030,489,600 bytes free

Post-Run: 49,587,249,152 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

.

- - End Of File - - ED315ADF96BBF20A715B7ED4EA8A2912

[Maniac]

How are things now?

[tkpro72]

Unfortunately the annoying redirect still rears its ugly head at random. Where do I go from here?

[Maniac]

Step 1

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

Step 2

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

In your next reply, post the following log files:

• aswMBR log
  
• MBRCheck log

[tkpro72]

The results of aswMBR was as follows:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-03-18 11:24:35

-----------------------------

11:24:35.468 OS Version: Windows 5.1.2600 Service Pack 3

11:24:35.468 Number of processors: 2 586 0x401

11:24:35.468 ComputerName: TOSHIBA-ZASS3K4 UserName: Toshiba

11:24:37.234 Initialize success

11:24:38.421 AVAST engine defs: 12031800

11:24:52.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

11:24:52.062 Disk 0 Vendor: IC25N080ATMR04-0 MO4OAD4A Size: 76319MB BusType: 3

11:24:52.093 Disk 0 MBR read successfully

11:24:52.093 Disk 0 MBR scan

11:24:52.203 Disk 0 Windows XP default MBR code

11:24:52.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63

11:24:52.218 Disk 0 scanning sectors +156296385

11:24:52.328 Disk 0 scanning C:\WINDOWS\system32\drivers

11:25:22.765 Service scanning

11:25:57.703 Modules scanning

11:26:08.250 Disk 0 trace - called modules:

11:26:08.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

11:26:08.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83346ab8]

11:26:08.343 3 CLASSPNP.SYS[f8a62fd7] -> nt!IofCallDriver -> \Device\0000007a[0x8338e3b8]

11:26:08.359 5 ACPI.sys[f89d9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8337a030]

11:26:09.687 AVAST engine scan C:\WINDOWS

11:26:41.921 AVAST engine scan C:\WINDOWS\system32

11:30:51.656 AVAST engine scan C:\WINDOWS\system32\drivers

11:31:16.187 AVAST engine scan C:\Documents and Settings\Toshiba

11:51:53.781 AVAST engine scan C:\Documents and Settings\All Users

12:26:39.062 Scan finished successfully

12:32:19.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Toshiba\Desktop\MBR.dat"

12:32:19.187 The log file has been saved successfully to "C:\Documents and Settings\Toshiba\Desktop\aswMBR.txt"

The results of MBRcheck was as follows:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000000c

Kernel Drivers (total 133):

0x804D7000 \WINDOWS\system32\ntoskrnl.exe

0x80700000 \WINDOWS\system32\hal.dll

0xF8F22000 \WINDOWS\system32\KDCOM.DLL

0xF8E32000 \WINDOWS\system32\BOOTVID.dll

0xF89D3000 ACPI.sys

0xF8F24000 \WINDOWS\System32\DRIVERS\WMILIB.SYS

0xF89C2000 pci.sys

0xF8A22000 isapnp.sys

0xF8E36000 compbatt.sys

0xF8E3A000 \WINDOWS\System32\DRIVERS\BATTC.SYS

0xF8FEA000 pciide.sys

0xF8CA2000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

0xF89A4000 pcmcia.sys

0xF8A32000 MountMgr.sys

0xF8985000 ftdisk.sys

0xF8E3E000 ACPIEC.sys

0xF8FEB000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS

0xF8CAA000 PartMgr.sys

0xF8A42000 VolSnap.sys

0xF896D000 atapi.sys

0xF8A52000 disk.sys

0xF8A62000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

0xF894D000 fltmgr.sys

0xF893B000 sr.sys

0xF8924000 KSecDD.sys

0xF8911000 WudfPf.sys

0xF8884000 Ntfs.sys

0xF8857000 NDIS.sys

0xF8A72000 ohci1394.sys

0xF8A82000 \WINDOWS\system32\DRIVERS\1394BUS.SYS

0xF883D000 Mup.sys

0xF8E42000 atisgkaf.sys

0xF8B42000 \SystemRoot\System32\DRIVERS\intelppm.sys

0xF7846000 \SystemRoot\System32\DRIVERS\ati2mtag.sys

0xF7832000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS

0xF8CBA000 \SystemRoot\System32\DRIVERS\usbohci.sys

0xF780E000 \SystemRoot\System32\DRIVERS\USBPORT.SYS

0xF8CDA000 \SystemRoot\System32\DRIVERS\usbehci.sys

0xF8B62000 \SystemRoot\System32\DRIVERS\imapi.sys

0xF8B72000 \SystemRoot\System32\DRIVERS\cdrom.sys

0xF8B82000 \SystemRoot\System32\DRIVERS\redbook.sys

0xF77EB000 \SystemRoot\System32\DRIVERS\ks.sys

0xF8F6E000 \SystemRoot\System32\DRIVERS\NTIDrvr.sys

0xF8CE2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0xF8B92000 \SystemRoot\System32\DRIVERS\i8042prt.sys

0xF8CEA000 \SystemRoot\System32\DRIVERS\kbdclass.sys

0xF8CF2000 \SystemRoot\System32\DRIVERS\mouclass.sys

0xF77D7000 \SystemRoot\System32\DRIVERS\parport.sys

0xF87F9000 \SystemRoot\System32\DRIVERS\CmBatt.sys

0xF7776000 \SystemRoot\System32\DRIVERS\ar5211.sys

0xF8BA2000 \SystemRoot\System32\DRIVERS\Rtlnic51.sys

0xF76DF000 \SystemRoot\system32\drivers\ALCXWDM.SYS

0xF76BB000 \SystemRoot\system32\drivers\portcls.sys

0xF8BB2000 \SystemRoot\system32\drivers\drmk.sys

0xF7659000 \SystemRoot\system32\drivers\ALCXSENS.SYS

0xF7524000 \SystemRoot\System32\DRIVERS\AGRSM.sys

0xF8CFA000 \SystemRoot\System32\Drivers\Modem.SYS

0xF9153000 \SystemRoot\System32\DRIVERS\audstub.sys

0xF8D02000 \SystemRoot\System32\DRIVERS\rasirda.sys

0xF8D0A000 \SystemRoot\System32\DRIVERS\TDI.SYS

0xF8BC2000 \SystemRoot\System32\DRIVERS\rasl2tp.sys

0xF8270000 \SystemRoot\System32\DRIVERS\ndistapi.sys

0xF750D000 \SystemRoot\System32\DRIVERS\ndiswan.sys

0xF8BD2000 \SystemRoot\System32\DRIVERS\raspppoe.sys

0xF8BE2000 \SystemRoot\System32\DRIVERS\raspptp.sys

0xF74FC000 \SystemRoot\System32\DRIVERS\psched.sys

0xF8BF2000 \SystemRoot\System32\DRIVERS\msgpc.sys

0xF8D12000 \SystemRoot\System32\DRIVERS\ptilink.sys

0xF8D1A000 \SystemRoot\System32\DRIVERS\raspti.sys

0xF8D22000 \SystemRoot\system32\DRIVERS\wanatw4.sys

0xF8C02000 \SystemRoot\System32\DRIVERS\termdd.sys

0xF8F7C000 \SystemRoot\System32\DRIVERS\swenum.sys

0xF749E000 \SystemRoot\System32\DRIVERS\update.sys

0xF8268000 \SystemRoot\System32\DRIVERS\mssmbios.sys

0xF8C22000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF8C62000 \SystemRoot\System32\DRIVERS\usbhub.sys

0xF8F84000 \SystemRoot\System32\DRIVERS\USBD.SYS

0xF8F8E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF9177000 \SystemRoot\System32\Drivers\Null.SYS

0xF8F90000 \SystemRoot\System32\Drivers\Beep.SYS

0xF8D4A000 \SystemRoot\System32\drivers\vga.sys

0xF8F92000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF8F94000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF8D52000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF8D5A000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF8EF6000 \SystemRoot\System32\DRIVERS\rasacd.sys

0xED423000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xED3CA000 \SystemRoot\System32\DRIVERS\tcpip.sys

0xED3A4000 \SystemRoot\System32\DRIVERS\ipnat.sys

0xF8C82000 \SystemRoot\System32\Drivers\aswTdi.SYS

0xF8C92000 \SystemRoot\System32\DRIVERS\wanarp.sys

0xED37C000 \SystemRoot\System32\DRIVERS\netbt.sys

0xF8D62000 \SystemRoot\System32\Drivers\aswRdr.SYS

0xF8F16000 \SystemRoot\System32\drivers\ws2ifsl.sys

0xF8D6A000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xED35A000 \SystemRoot\System32\drivers\afd.sys

0xF8AB2000 \SystemRoot\System32\DRIVERS\netbios.sys

0xF8F98000 \SystemRoot\System32\Drivers\TPIoMngr.sys

0xED28F000 \SystemRoot\System32\DRIVERS\rdbss.sys

0xED21F000 \SystemRoot\System32\DRIVERS\mrxsmb.sys

0xF8AD2000 \SystemRoot\System32\Drivers\Fips.SYS

0xF8F1E000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xF8AE2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xF8D72000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xF8819000 \SystemRoot\System32\DRIVERS\mouhid.sys

0xED1AC000 \SystemRoot\System32\Drivers\aswSP.SYS

0xED13F000 \SystemRoot\System32\Drivers\aswSnx.SYS

0xF8D92000 \SystemRoot\System32\Drivers\Aavmker4.SYS

0xF7953000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xED0FF000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF8F96000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xED20B000 \SystemRoot\System32\drivers\Dxapi.sys

0xF8E02000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF9110000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\ati2dvag.dll

0xBF049000 \SystemRoot\System32\ati2cqag.dll

0xBF083000 \SystemRoot\System32\ati3d2ag.dll

0xBF186000 \SystemRoot\System32\ATMFD.DLL

0xED203000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0xECF31000 \SystemRoot\system32\DRIVERS\irda.sys

0xECFC7000 \SystemRoot\System32\DRIVERS\ndisuio.sys

0xECD37000 \SystemRoot\System32\Drivers\aswMon2.SYS

0xEC5F2000 \SystemRoot\system32\drivers\wdmaud.sys

0xEC737000 \SystemRoot\system32\drivers\sysaudio.sys

0xEC3DF000 \SystemRoot\System32\DRIVERS\mrxdav.sys

0xF8FD4000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xEC247000 \SystemRoot\System32\DRIVERS\srv.sys

0xEBD2E000 \SystemRoot\System32\Drivers\HTTP.sys

0xEBBBE000 \??\C:\DOCUME~1\Toshiba\LOCALS~1\Temp\aswMBR.sys

0xEB84D000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 52):

0 System Idle Process

4 System

592 C:\WINDOWS\system32\smss.exe

640 csrss.exe

664 C:\WINDOWS\system32\winlogon.exe

708 C:\WINDOWS\system32\services.exe

720 C:\WINDOWS\system32\lsass.exe

880 C:\WINDOWS\system32\ati2evxx.exe

896 C:\WINDOWS\system32\svchost.exe

948 svchost.exe

988 C:\WINDOWS\system32\svchost.exe

1028 C:\WINDOWS\system32\svchost.exe

1100 svchost.exe

1144 svchost.exe

1492 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

1640 C:\WINDOWS\explorer.exe

1816 C:\WINDOWS\agrsmmsg.exe

1824 C:\Program Files\Common Files\aol\1215722999\ee\aolsoftware.exe

1832 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

1840 C:\WINDOWS\system32\spool\drivers\w32x86\3\LMpdpsrv.exe

1848 C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe

2036 C:\Program Files\Common Files\aol\1215722999\ee\AOLDesktop.exe

784 C:\Program Files\Common Files\aol\acs\AOLacsd.exe

2064 C:\WINDOWS\system32\spoolsv.exe

2608 svchost.exe

2660 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

2680 C:\WINDOWS\system32\bgsvcgen.exe

2708 C:\Program Files\Bonjour\mDNSResponder.exe

2748 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

2876 C:\WINDOWS\system32\svchost.exe

2960 C:\WINDOWS\system32\svchost.exe

2988 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

3020 C:\Program Files\Java\jre6\bin\jqs.exe

3124 C:\Program Files\Common Files\Motive\McciCMService.exe

3224 C:\WINDOWS\system32\svchost.exe

3256 C:\WINDOWS\system32\svchost.exe

3276 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

3604 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

3652 C:\Program Files\Common Files\Search Protection\spHost.exe

3704 C:\WINDOWS\system32\svchost.exe

3752 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2188 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2304 alg.exe

2492 C:\WINDOWS\system32\wscntfy.exe

1004 C:\WINDOWS\system32\wuauclt.exe

3164 C:\Program Files\Internet Explorer\iexplore.exe

496 C:\Program Files\Internet Explorer\iexplore.exe

3008 C:\WINDOWS\system32\ctfmon.exe

3900 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

2500 C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

632 C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

3252 C:\Documents and Settings\Toshiba\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: IC25N080ATMR04-0, Rev: MO4OAD4A

Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

[Maniac]

Looks good. To which website redirects you?

[tkpro72]

At the moment everything seems to be working fine. I hope it stays that way. Everything seemed okay at first after running combofix but then out of nowhere the redirect happened again. We'll see what happens. Thank you guys so much for all your help.

[Maniac]

Please monitor your system and come back tomorrow if you can to tell me how are things. Then I have some last steps for you.

[tkpro72]

Sorry I am late to reply but my internet was down for 3 days because our modem was damaged in a thunderstorm and we had to order a new one. It just arrived today. So far everything still seems to be okay. Thanks again for all the help.

[Maniac]

Glad I could help you!

Please uninstall ComboFix:

www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, manually delete DDS, TDSSKiller, MBRCheck and aswMBR.

Some preventions for you:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing!

[tkpro72]

Hello again. The redirect has reared its ugly head again. I did a google search for Kleenlab and one of the links lead me to this:

http://click.get-answers-fast.com/ads-clicktrack/click/jump2.do?affiliate=46938&subid=97510&terms=kleenlab

I also did a search for squalane reviews, clicked on an amazon link and was redirected to this:

http://63.209.69.107/search/web/squalane+reviews/a36/46938-97510/v5

It does not redirect everytime, just often enough to be a pain. What else is there to do?

[Maniac]

Step 1

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

• Flush DNS
  
• Report IE Proxy Settings
  
• Reset IE Proxy Settings
  
• Report FF Proxy Settings
  
• Reset FF Proxy Settings
  
• List content of Hosts
  
• List IP configuration
  
• List Winsock Entries
  
• List last 10 Event Viewer log
  
• List Installed Programs
  
• List Devices
  
• List Users, Partitions and Memory size.
  
• List Minidump Files
  

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Step 2

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

• MiniToolBox log
  
• aswMBR log

[tkpro72]

The results of the mini tool box scan was as follows:

MiniToolBox by Farbar Version: 18-01-2012

Ran by Toshiba (administrator) on 23-03-2012 at 22:40:45

Microsoft Windows XP Home Edition Service Pack 3 (X86)

Boot Mode: Normal

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR5004G Wireless Network Adapter = china2 (Connected)

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Media disconnected)

# ----------------------------------

# Interface IP Configuration

# ----------------------------------

pushd interface ip

# Interface IP Configuration for "china2"

set address name="china2" source=dhcp

set dns name="china2" source=dhcp register=PRIMARY

set wins name="china2" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp

set dns name="Local Area Connection" source=dhcp register=PRIMARY

set wins name="Local Area Connection" source=dhcp

popd

# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : toshiba-zass3k4

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter china2:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Atheros AR5004G Wireless Network Adapter

Physical Address. . . . . . . . . : 00-11-F5-35-3C-F0

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.0.4

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.0.0.1

DHCP Server . . . . . . . . . . . : 10.0.0.1

DNS Servers . . . . . . . . . . . : 205.152.37.23

205.152.132.23

Lease Obtained. . . . . . . . . . : Friday, March 23, 2012 9:31:45 PM

Lease Expires . . . . . . . . . . : Saturday, March 24, 2012 9:31:45 PM

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-0F-B0-3C-24-F5

Server: dns.asm.bellsouth.net

Address: 205.152.37.23

Name: google.com

Addresses: 74.125.65.139, 74.125.65.100, 74.125.65.101, 74.125.65.102

74.125.65.113, 74.125.65.138

Pinging google.com [74.125.47.139] with 32 bytes of data:

Reply from 74.125.47.139: bytes=32 time=45ms TTL=45

Reply from 74.125.47.139: bytes=32 time=45ms TTL=46

Ping statistics for 74.125.47.139:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 45ms, Maximum = 45ms, Average = 45ms

Server: dns.asm.bellsouth.net

Address: 205.152.37.23

Name: yahoo.com

Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=62ms TTL=43

Reply from 209.191.122.70: bytes=32 time=62ms TTL=43

Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 62ms, Maximum = 62ms, Average = 62ms

Server: dns.asm.bellsouth.net

Address: 205.152.37.23

Name: bleepingcomputer.com

Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x2 ...00 11 f5 35 3c f0 ...... Atheros AR5004G Wireless Network Adapter - Packet Scheduler Miniport

0x3 ...00 0f b0 3c 24 f5 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport

===========================================================================

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.4 20

10.0.0.0 255.255.255.0 10.0.0.4 10.0.0.4 20

10.0.0.4 255.255.255.255 127.0.0.1 127.0.0.1 20

10.255.255.255 255.255.255.255 10.0.0.4 10.0.0.4 20

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

169.254.0.0 255.255.0.0 10.0.0.4 10.0.0.4 20

224.0.0.0 240.0.0.0 10.0.0.4 10.0.0.4 20

255.255.255.255 255.255.255.255 10.0.0.4 3 1

255.255.255.255 255.255.255.255 10.0.0.4 10.0.0.4 1

Default Gateway: 10.0.0.1

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)

Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)

Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:

==================

Error: (03/23/2012 02:20:00 PM) (Source: Application Error) (User: )

Description: Faulting application qbw32.exe, version 19.0.4011.705, faulting module ole32.dll, version 5.1.2600.6168, fault address 0x0002cf35.

Processing media-specific event for [qbw32.exe!ws!]

Error: (03/23/2012 01:38:32 PM) (Source: QuickBooks) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

Error: (03/23/2012 01:38:32 PM) (Source: QuickBooks) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

Error: (03/23/2012 01:38:32 PM) (Source: QuickBooks) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

Error: (03/23/2012 01:38:32 PM) (Source: QuickBooks) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

Error: (03/19/2012 10:22:17 PM) (Source: Application Error) (User: )

Description: Faulting application firefox.exe, version 11.0.0.4454, faulting module mozjs.dll, version 0.0.0.0, fault address 0x0006d807.

Processing media-specific event for [firefox.exe!ws!]

Error: (03/19/2012 07:00:55 PM) (Source: NativeWrapper) (User: )

Description: visualstudio7x80updatemsiexec.exe1.0.1701.5039kb26563531033663finstallx865.1.2600.2.3.0.7680

Error: (03/16/2012 10:33:16 AM) (Source: Application Error) (User: )

Description: Faulting application ToolbarUpdaterService.exe, version 0.0.0.0, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x0000984e.

Processing media-specific event for [ToolbarUpdaterService.exe!ws!]

Error: (03/16/2012 09:45:56 AM) (Source: NativeWrapper) (User: )

Description: visualstudio7x80updatemsiexec.exe1.0.1701.5039kb26563531033663finstallx865.1.2600.2.3.0.7680

Error: (03/16/2012 09:41:43 AM) (Source: Application Error) (User: )

Description: Faulting application hpwucli.exe, version 5.0.14.0, faulting module rulesengine2.dll, version 2.0.8.1, fault address 0x0000d080.

Processing media-specific event for [hpwucli.exe!ws!]

System errors:

=============

Error: (03/23/2012 08:40:28 PM) (Source: 0) (User: )

Description: \Device\Harddisk0\D

Error: (03/23/2012 08:39:23 PM) (Source: 0) (User: )

Description: \Device\Harddisk0\D

Error: (03/23/2012 08:38:22 PM) (Source: 0) (User: )

Description: \Device\Harddisk0\D

Error: (03/23/2012 08:37:08 PM) (Source: 0) (User: )

Description: \Device\Harddisk0\D

Error: (03/23/2012 08:36:06 PM) (Source: 0) (User: )

Description: \Device\Harddisk0\D

Error: (03/23/2012 08:35:01 PM) (Source: 0) (User: )

Description: \Device\Harddisk0\D

Error: (03/23/2012 08:33:58 PM) (Source: 0) (User: )

Description: \Device\Harddisk0\D

Error: (03/23/2012 08:32:53 PM) (Source: 0) (User: )

Description: \Device\Harddisk0\D

Error: (03/23/2012 08:31:51 PM) (Source: 0) (User: )

Description: \Device\Harddisk0\D

Error: (03/23/2012 08:30:45 PM) (Source: 0) (User: )

Description: \Device\Harddisk0\D

Microsoft Office Sessions:

=========================

Error: (03/23/2012 02:20:00 PM) (Source: Application Error)(User: )

Description: qbw32.exe19.0.4011.705ole32.dll5.1.2600.61680002cf35

Error: (03/23/2012 01:38:32 PM) (Source: QuickBooks)(User: )

Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (03/23/2012 01:38:32 PM) (Source: QuickBooks)(User: )

Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (03/23/2012 01:38:32 PM) (Source: QuickBooks)(User: )

Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (03/23/2012 01:38:32 PM) (Source: QuickBooks)(User: )

Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (03/19/2012 10:22:17 PM) (Source: Application Error)(User: )

Description: firefox.exe11.0.0.4454mozjs.dll0.0.0.00006d807

Error: (03/19/2012 07:00:55 PM) (Source: NativeWrapper)(User: )

Description: visualstudio7x80updatemsiexec.exe1.0.1701.5039kb26563531033663finstallx865.1.2600.2.3.0.7680

Error: (03/16/2012 10:33:16 AM) (Source: Application Error)(User: )

Description: ToolbarUpdaterService.exe0.0.0.0kernel32.dll5.1.2600.57810000984e

Error: (03/16/2012 09:45:56 AM) (Source: NativeWrapper)(User: )

Description: visualstudio7x80updatemsiexec.exe1.0.1701.5039kb26563531033663finstallx865.1.2600.2.3.0.7680

Error: (03/16/2012 09:41:43 AM) (Source: Application Error)(User: )

Description: hpwucli.exe5.0.14.0rulesengine2.dll2.0.8.10000d080

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)

Acrobat.com (Version: 0.0.0)

Acrobat.com (Version: 1.1.377)

Adobe AIR (Version: 1.0.4990)

Adobe AIR (Version: 1.0.8.4990)

Adobe Flash Player 11 ActiveX (Version: 11.1.102.63)

Adobe Flash Player 11 Plugin (Version: 11.1.102.62)

Adobe Reader 9.5.0 (Version: 9.5.0)

Adobe Shockwave Player 11.5 (Version: 11.5.9.620)

AOL Registration

AOL Toolbar for Firefox (Version: 5.13.6.2)

AOL Toolbar for Internet Explorer (Version: 5.13.4.1)

AOL Uninstaller (Choose which Products to Remove)

Apple Application Support (Version: 1.5.2)

Apple Mobile Device Support (Version: 3.4.1.2)

Apple Software Update (Version: 2.1.1.116)

Atheros Wireless LAN MiniPCI card Driver

ATI - Software Uninstall Utility (Version: 6.14.10.1008)

ATI Control Panel (Version: 6.14.10.5103)

ATI Display Driver (Version: 8.01-040421a-015460C-Toshiba)

ATT-HSI

avast! Free Antivirus (Version: 6.0.1367.0)

Banner Maker Pro Version 7

Bonjour (Version: 2.0.5.0)

BufferChm (Version: 140.0.212.000)

Canon MP470 series

Carbonite Online Backup Setup (Version: 3.8.0)

Cisco WebEx Meeting Center for Firefox or Chrome (Version: 8.23.2500)

CoffeeCup Web Form Builder

Copy (Version: 140.0.212.000)

Coupon Printer for Windows (Version: 5.0.0.0)

Crawler Radio & MP3 Player (Version: 1.0.5.76)

Critical Update for Windows Media Player 11 (KB959772)

Destinations (Version: 140.0.77.000)

DeviceDiscovery (Version: 140.0.212.000)

DirectX for Managed Code Update (December 2004) (Version: 9.03.91)

DJ_AIO_06_F4500_SW_MIN (Version: 140.0.690.000)

Download Updater (AOL LLC)

Easy Thumbnails (Remove only) (Version: 3.0)

F4500 (Version: 140.0.690.000)

FileZilla Client 3.5.0 (Version: 3.5.0)

FinePix Studio

FinePixViewer Resource (Version: 1.2)

FinePixViewer Ver.5.3 (Version: 5.3)

FoxTab PDF Converter

Free InuYasha Screensaver 1.0

Free Realms Installer (Version: 1.0.3.67)

FUJIFILM USB Driver

Garmin WebUpdater (Version: 2.4.1.1)

Google Desktop (Version: 5.9.1005.12335)

GoToMeeting 4.0.0.320

GPBaseService2 (Version: 140.0.211.000)

HP Customer Participation Program 14.0 (Version: 14.0)

HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6 (Version: 14.0)

HP Imaging Device Functions 14.0 (Version: 14.0)

HP Photo Creations (Version: 1.0.0.2024)

HP Smart Web Printing 4.60 (Version: 4.60)

HP Solution Center 14.0 (Version: 14.0)

HP Update (Version: 5.003.001.001)

HPDiagnosticAlert (Version: 1.00.0000)

HPProductAssistant (Version: 140.0.212.000)

HPSSupply (Version: 140.0.211.000)

ImageMixer VCD2 LE for FinePix (Version: 2.5.3)

Inspyder Sitemap Creator (Version: 2.0.13)

InstallIQ Updater (Version: 1.4.1.0)

InterVideo Register Manager (Version: 1.0.4.0)

InterVideo WinDVD (Version: 5.0-B11.1151)

iTunes (Version: 10.3.1.55)

Java 6 Update 18 (Version: 6.0.180)

Java 6 Update 7 (Version: 1.6.0.70)

Java SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)

Lexmark X125

magicJack (Version: 2.0.6073.4252)

Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)

MarketResearch (Version: 140.0.212.000)

Microsoft .NET Framework 1.1 (Version: 1.1.4322)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)

Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)

Microsoft Default Manager (Version: 2.1.54.0)

Microsoft DirectX 9.0 SDK Update (December 2004) (Version: 9.03.91)

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office Live Small Business Image Uploader (Version: 2.0.0.0)

Microsoft Search Enhancement Pack (Version: 2.0.264.0)

Microsoft UI Engine (Version: 4.0.0318.1)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft VC9 runtime libraries (Version: 1.0.0)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)

Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)

MP3 Rocket

MSN Toolbar (Version: 4.0.0379.0)

MSN Toolbar Platform (Version: 4.0.0379.0)

MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)

muvee autoProducer 6.1 Seagate Edition (Version: 6.10.050)

MyFax® Print-to-Fax Assistant (Version: 2.1)

Network (Version: 140.0.215.000)

NTI Backup NOW! 3 (Version: 3.0.53)

NTI DriveBackup! 3 (Version: 3.0.46)

NTI DVD-Maker (Version: 6)

NTI DVD-Maker Gold (Version: 6)

NTI DVD Player

OpenOffice.org Installer 1.0 (Version: 1.0.9221)

QuickBooks (Version: 19.0.4011.705)

QuickBooks Product Listing Service (Version: 2.0.148)

QuickBooks Simple Start 2009 (Version: 19.0.4011.705)

QuickTime (Version: 7.69.80.9)

Realtek AC'97 Audio

Realtek Fast Ethernet Adapter Driver (Version: 5.00)

Registry Patrol

RoboForm 7-3-2 (All Users) (Version: 7-3-2)

Safari (Version: 5.33.17.8)

Scan (Version: 140.0.80.000)

Seagate Manager Installer (Version: 2.01.0700)

Search Protection

Shop for HP Supplies (Version: 14.0)

SmartWebPrinting (Version: 140.0.186.000)

SMSC IrCC V5.1.3600.3 SP1 (Version: r1.14)

SolutionCenter (Version: 140.0.213.000)

Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)

Status (Version: 140.0.212.000)

SupportSoft Assisted Service (Version: 15)

Toolbox (Version: 140.0.428.000)

TOSHIBA Software Modem (Version: 2.1.38 (SM2138ALD04))

TouchPad On/Off Utility (Version: 1.23.0.2)

TrayApp (Version: 140.0.212.000)

TuneUp Companion 2.2.4 (Version: 2.2.4)

Uninstall AOL Emergency Connect Utility 1.0

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Windows Internet Explorer 8 (KB972636) (Version: 1)

Update for Windows Internet Explorer 8 (KB976662) (Version: 1)

Update for Windows Internet Explorer 8 (KB976749) (Version: 1)

Update for Windows Internet Explorer 8 (KB980182) (Version: 1)

Update for Windows XP (KB2141007) (Version: 1)

Update for Windows XP (KB2345886) (Version: 1)

Update for Windows XP (KB2467659) (Version: 1)

Update for Windows XP (KB2541763) (Version: 1)

Update for Windows XP (KB2607712) (Version: 1)

Update for Windows XP (KB2616676-v2) (Version: 2)

Update for Windows XP (KB2641690) (Version: 1)

Update for Windows XP (KB942763) (Version: 1)

Update for Windows XP (KB951072-v2) (Version: 2)

Update for Windows XP (KB951978) (Version: 1)

Update for Windows XP (KB955759) (Version: 1)

Update for Windows XP (KB955839) (Version: 1)

Update for Windows XP (KB967715) (Version: 1)

Update for Windows XP (KB968389) (Version: 1)

Update for Windows XP (KB971029) (Version: 1)

Update for Windows XP (KB971737) (Version: 1)

Update for Windows XP (KB973687) (Version: 1)

Update for Windows XP (KB973815) (Version: 1)

VoiceOver Kit (Version: 1.30.128.0)

WebFldrs XP (Version: 9.50.6513)

WebReg (Version: 140.0.212.017)

Windows Defender (Version: 1.1.1593.21)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)

Windows Internet Explorer 7 (Version: 20070813.185237)

Windows Internet Explorer 8 (Version: 20090308.140743)

Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)

Windows Media Format 11 runtime

Windows PowerShell 1.0 (Version: 2)

Windows XP Service Pack 3 (Version: 20080414.031525)

Yahoo! Install Manager

Yahoo! Toolbar

========================= Devices: ================================

Name:

Description:

Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet F4500,10.0.0.8

Description: Deskjet F4500 series

Class Guid: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}

Manufacturer: HP

Service: StillCam

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet F4500 series

Description: Deskjet F4500 series

Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

========================= Memory info: ===================================

Percentage of memory in use: 51%

Total physical RAM: 638.98 MB

Available physical RAM: 308.65 MB

Total Pagefile: 1165.49 MB

Available Pagefile: 676.93 MB

Total Virtual: 2047.88 MB

Available Virtual: 1970.93 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.53 GB) (Free:45.13 GB) NTFS

========================= Users: ========================================

User accounts for \\TOSHIBA-ZASS3K4

Administrator ASPNET Guest

HelpAssistant SUPPORT_388945a0 Toshiba

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini032211-01.dmp

C:\WINDOWS\Minidump\Mini060611-01.dmp

**** End of log ****

The results of the aswMBR scan was as follows:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-03-18 11:24:35

-----------------------------

11:24:35.468 OS Version: Windows 5.1.2600 Service Pack 3

11:24:35.468 Number of processors: 2 586 0x401

11:24:35.468 ComputerName: TOSHIBA-ZASS3K4 UserName: Toshiba

11:24:37.234 Initialize success

11:24:38.421 AVAST engine defs: 12031800

11:24:52.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

11:24:52.062 Disk 0 Vendor: IC25N080ATMR04-0 MO4OAD4A Size: 76319MB BusType: 3

11:24:52.093 Disk 0 MBR read successfully

11:24:52.093 Disk 0 MBR scan

11:24:52.203 Disk 0 Windows XP default MBR code

11:24:52.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63

11:24:52.218 Disk 0 scanning sectors +156296385

11:24:52.328 Disk 0 scanning C:\WINDOWS\system32\drivers

11:25:22.765 Service scanning

11:25:57.703 Modules scanning

11:26:08.250 Disk 0 trace - called modules:

11:26:08.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

11:26:08.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83346ab8]

11:26:08.343 3 CLASSPNP.SYS[f8a62fd7] -> nt!IofCallDriver -> \Device\0000007a[0x8338e3b8]

11:26:08.359 5 ACPI.sys[f89d9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8337a030]

11:26:09.687 AVAST engine scan C:\WINDOWS

11:26:41.921 AVAST engine scan C:\WINDOWS\system32

11:30:51.656 AVAST engine scan C:\WINDOWS\system32\drivers

11:31:16.187 AVAST engine scan C:\Documents and Settings\Toshiba

11:51:53.781 AVAST engine scan C:\Documents and Settings\All Users

12:26:39.062 Scan finished successfully

12:32:19.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Toshiba\Desktop\MBR.dat"

12:32:19.187 The log file has been saved successfully to "C:\Documents and Settings\Toshiba\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-03-24 11:00:12

-----------------------------

11:00:12.031 OS Version: Windows 5.1.2600 Service Pack 3

11:00:12.031 Number of processors: 2 586 0x401

11:00:12.031 ComputerName: TOSHIBA-ZASS3K4 UserName: Toshiba

11:00:41.671 Initialize success

11:00:42.140 AVAST engine defs: 12032400

11:00:48.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

11:00:48.984 Disk 0 Vendor: IC25N080ATMR04-0 MO4OAD4A Size: 76319MB BusType: 3

11:00:49.312 Disk 0 MBR read successfully

11:00:49.312 Disk 0 MBR scan

11:00:49.390 Disk 0 Windows XP default MBR code

11:00:49.437 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63

11:00:49.921 Disk 0 scanning sectors +156296385

11:00:50.843 Disk 0 scanning C:\WINDOWS\system32\drivers

11:02:09.453 Service scanning

11:03:31.796 Modules scanning

11:03:40.343 Disk 0 trace - called modules:

11:03:40.359 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

11:03:40.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83346ab8]

11:03:40.359 3 CLASSPNP.SYS[f8a62fd7] -> nt!IofCallDriver -> \Device\0000007a[0x8338e3b8]

11:03:40.359 5 ACPI.sys[f89d9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8337a030]

11:03:40.828 AVAST engine scan C:\WINDOWS

11:04:29.031 AVAST engine scan C:\WINDOWS\system32

11:09:01.515 AVAST engine scan C:\WINDOWS\system32\drivers

11:09:23.687 AVAST engine scan C:\Documents and Settings\Toshiba

11:34:58.265 AVAST engine scan C:\Documents and Settings\All Users

12:02:47.750 Scan finished successfully

12:09:16.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Toshiba\Desktop\MBR.dat"

12:09:16.281 The log file has been saved successfully to "C:\Documents and Settings\Toshiba\Desktop\aswMBR.txt"

[Maniac]

Any progress?

[tkpro72]

Hi. Its still there. I did a google search for vanity and clicked on a wikipedia link but I was redirected to this page:

http://www.happili.com/bc_rus3/innerxy.php?q=vanity&xy=10539

I wish I knew where this thing came from so I could avoid it in the future. Is there anything else I can try?

[Maniac]

Download the latest version of TDSSKiller from here and save it to your Desktop.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
   
6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
   
   
7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

[tkpro72]

There was no option to cure. I chose skip and the resutls were as follows:

11:08:15.0134 0292 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00

11:08:15.0540 0292 ============================================================

11:08:15.0540 0292 Current date / time: 2012/03/25 11:08:15.0540

11:08:15.0540 0292 SystemInfo:

11:08:15.0540 0292

11:08:15.0540 0292 OS Version: 5.1.2600 ServicePack: 3.0

11:08:15.0540 0292 Product type: Workstation

11:08:15.0540 0292 ComputerName: TOSHIBA-ZASS3K4

11:08:15.0540 0292 UserName: Toshiba

11:08:15.0540 0292 Windows directory: C:\WINDOWS

11:08:15.0540 0292 System windows directory: C:\WINDOWS

11:08:15.0540 0292 Processor architecture: Intel x86

11:08:15.0540 0292 Number of processors: 2

11:08:15.0540 0292 Page size: 0x1000

11:08:15.0540 0292 Boot type: Normal boot

11:08:15.0540 0292 ============================================================

11:08:18.0946 0292 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

11:08:19.0212 0292 \Device\Harddisk0\DR0:

11:08:19.0212 0292 MBR used

11:08:19.0212 0292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482

11:08:19.0274 0292 Initialize success

11:08:19.0274 0292 ============================================================

11:08:29.0868 4088 ============================================================

11:08:29.0868 4088 Scan started

11:08:29.0868 4088 Mode: Manual; SigCheck; TDLFS;

11:08:29.0868 4088 ============================================================

11:08:30.0259 4088 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys

11:08:30.0556 4088 Aavmker4 - ok

11:08:30.0571 4088 Abiosdsk - ok

11:08:30.0587 4088 abp480n5 - ok

11:08:30.0665 4088 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

11:08:33.0056 4088 ACPI - ok

11:08:33.0274 4088 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

11:08:33.0587 4088 ACPIEC - ok

11:08:33.0603 4088 adpu160m - ok

11:08:33.0665 4088 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

11:08:33.0884 4088 aec - ok

11:08:33.0946 4088 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

11:08:34.0009 4088 AFD - ok

11:08:34.0165 4088 AgereSoftModem (052343cd49c8da20c48958cfe73c7d44) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

11:08:34.0368 4088 AgereSoftModem - ok

11:08:34.0556 4088 Aha154x - ok

11:08:34.0571 4088 aic78u2 - ok

11:08:34.0603 4088 aic78xx - ok

11:08:34.0681 4088 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

11:08:34.0868 4088 ALCXSENS - ok

11:08:34.0962 4088 ALCXWDM (5ff6f7e58c798f1474c0bbffc23cb78d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

11:08:35.0134 4088 ALCXWDM - ok

11:08:35.0196 4088 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

11:08:35.0384 4088 Alerter - ok

11:08:35.0571 4088 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

11:08:35.0790 4088 ALG - ok

11:08:35.0821 4088 AliIde - ok

11:08:35.0853 4088 amsint - ok

11:08:35.0915 4088 androidusb (e94e2ea7faaa05c776a711edb198b9fd) C:\WINDOWS\system32\Drivers\smhwadb.sys

11:08:36.0009 4088 androidusb - ok

11:08:36.0134 4088 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

11:08:36.0149 4088 AOL ACS - ok

11:08:36.0259 4088 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

11:08:36.0274 4088 Apple Mobile Device - ok

11:08:36.0290 4088 AppMgmt - ok

11:08:36.0384 4088 AR5211 (37e1a3630872b3ccaa45e2468f437df0) C:\WINDOWS\system32\DRIVERS\ar5211.sys

11:08:36.0509 4088 AR5211 - ok

11:08:36.0696 4088 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

11:08:36.0884 4088 Arp1394 - ok

11:08:36.0899 4088 asc - ok

11:08:36.0931 4088 asc3350p - ok

11:08:36.0946 4088 asc3550 - ok

11:08:37.0149 4088 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

11:08:37.0228 4088 aspnet_state - ok

11:08:37.0274 4088 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys

11:08:37.0306 4088 aswFsBlk - ok

11:08:37.0353 4088 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys

11:08:37.0368 4088 aswMon2 - ok

11:08:37.0415 4088 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys

11:08:37.0431 4088 aswRdr - ok

11:08:37.0509 4088 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys

11:08:37.0868 4088 aswSnx - ok

11:08:38.0056 4088 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys

11:08:38.0087 4088 aswSP - ok

11:08:38.0118 4088 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys

11:08:38.0134 4088 aswTdi - ok

11:08:38.0181 4088 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

11:08:38.0353 4088 AsyncMac - ok

11:08:38.0384 4088 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

11:08:38.0603 4088 atapi - ok

11:08:38.0634 4088 Atdisk - ok

11:08:38.0728 4088 Ati HotKey Poller (174c7ee63011017ca12e31ced195581d) C:\WINDOWS\System32\Ati2evxx.exe

11:08:38.0837 4088 Ati HotKey Poller - ok

11:08:38.0931 4088 ati2mtag (4938ad74de9088f70922fabf86912eee) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

11:08:38.0978 4088 ati2mtag - ok

11:08:39.0212 4088 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

11:08:39.0384 4088 Atmarpc - ok

11:08:39.0431 4088 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

11:08:39.0681 4088 AudioSrv - ok

11:08:39.0821 4088 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

11:08:40.0009 4088 audstub - ok

11:08:40.0228 4088 avast! Antivirus (996e6d052438e8d8dfd501f31560b2e0) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

11:08:40.0243 4088 avast! Antivirus - ok

11:08:40.0306 4088 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

11:08:40.0587 4088 Beep - ok

11:08:40.0868 4088 bgsvcgen (71489fa2c4a238f178e30ae6e4449013) C:\WINDOWS\system32\bgsvcgen.exe

11:08:40.0884 4088 bgsvcgen ( UnsignedFile.Multi.Generic ) - warning

11:08:40.0899 4088 bgsvcgen - detected UnsignedFile.Multi.Generic (1)

11:08:40.0978 4088 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

11:08:41.0228 4088 BITS - ok

11:08:41.0399 4088 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe

11:08:41.0431 4088 Bonjour Service - ok

11:08:41.0618 4088 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

11:08:41.0806 4088 Browser - ok

11:08:41.0946 4088 caboagp (10d5fb74ee18ea49c30daaa203c0e0ec) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys

11:08:41.0993 4088 caboagp - ok

11:08:42.0009 4088 catchme - ok

11:08:42.0056 4088 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

11:08:42.0259 4088 cbidf2k - ok

11:08:42.0274 4088 cd20xrnt - ok

11:08:42.0337 4088 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

11:08:42.0556 4088 Cdaudio - ok

11:08:42.0603 4088 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

11:08:42.0806 4088 Cdfs - ok

11:08:42.0884 4088 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

11:08:43.0040 4088 Cdrom - ok

11:08:43.0196 4088 Changer - ok

11:08:43.0353 4088 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

11:08:43.0728 4088 CiSvc - ok

11:08:43.0759 4088 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

11:08:43.0931 4088 ClipSrv - ok

11:08:44.0103 4088 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:08:44.0181 4088 clr_optimization_v2.0.50727_32 - ok

11:08:44.0243 4088 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

11:08:44.0415 4088 CmBatt - ok

11:08:44.0431 4088 CmdIde - ok

11:08:44.0462 4088 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

11:08:44.0665 4088 Compbatt - ok

11:08:44.0806 4088 COMSysApp - ok

11:08:44.0837 4088 Cpqarray - ok

11:08:44.0899 4088 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

11:08:45.0071 4088 CryptSvc - ok

11:08:45.0087 4088 dac2w2k - ok

11:08:45.0103 4088 dac960nt - ok

11:08:45.0181 4088 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

11:08:45.0337 4088 DcomLaunch - ok

11:08:45.0368 4088 DgiVecp - ok

11:08:45.0399 4088 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

11:08:45.0587 4088 Dhcp - ok

11:08:45.0603 4088 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

11:08:45.0821 4088 Disk - ok

11:08:45.0837 4088 dmadmin - ok

11:08:45.0946 4088 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

11:08:46.0165 4088 dmboot - ok

11:08:46.0415 4088 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

11:08:46.0603 4088 dmio - ok

11:08:46.0681 4088 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

11:08:46.0868 4088 dmload - ok

11:08:46.0978 4088 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

11:08:47.0149 4088 dmserver - ok

11:08:47.0196 4088 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

11:08:47.0384 4088 DMusic - ok

11:08:47.0446 4088 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

11:08:47.0556 4088 Dnscache - ok

11:08:47.0618 4088 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

11:08:47.0806 4088 Dot3svc - ok

11:08:48.0040 4088 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

11:08:48.0196 4088 dot4 - ok

11:08:48.0321 4088 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

11:08:48.0493 4088 Dot4Print - ok

11:08:48.0509 4088 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys

11:08:48.0712 4088 Dot4Scan - ok

11:08:48.0774 4088 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

11:08:49.0181 4088 dot4usb - ok

11:08:49.0196 4088 dpti2o - ok

11:08:49.0243 4088 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

11:08:49.0415 4088 drmkaud - ok

11:08:49.0446 4088 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

11:08:49.0603 4088 EapHost - ok

11:08:49.0696 4088 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

11:08:49.0853 4088 ERSvc - ok

11:08:49.0915 4088 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

11:08:49.0962 4088 Eventlog - ok

11:08:50.0165 4088 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll

11:08:50.0212 4088 EventSystem - ok

11:08:50.0321 4088 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

11:08:50.0493 4088 Fastfat - ok

11:08:50.0587 4088 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

11:08:50.0665 4088 FastUserSwitchingCompatibility - ok

11:08:50.0712 4088 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

11:08:50.0884 4088 Fdc - ok

11:08:50.0978 4088 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

11:08:51.0165 4088 Fips - ok

11:08:51.0181 4088 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

11:08:51.0415 4088 Flpydisk - ok

11:08:51.0649 4088 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

11:08:51.0821 4088 FltMgr - ok

11:08:51.0978 4088 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

11:08:52.0009 4088 FontCache3.0.0.0 - ok

11:08:52.0149 4088 FreeAgentGoNext Service (81b4a2c6c9bd17ffb6031a0a61c09764) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

11:08:52.0165 4088 FreeAgentGoNext Service - ok

11:08:52.0212 4088 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

11:08:52.0399 4088 Fs_Rec - ok

11:08:52.0431 4088 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

11:08:52.0712 4088 Ftdisk - ok

11:08:52.0915 4088 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

11:08:52.0931 4088 GEARAspiWDM - ok

11:08:53.0040 4088 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

11:08:53.0056 4088 GoogleDesktopManager-051210-111108 - ok

11:08:53.0103 4088 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

11:08:53.0290 4088 Gpc - ok

11:08:53.0353 4088 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys

11:08:53.0384 4088 grmnusb ( UnsignedFile.Multi.Generic ) - warning

11:08:53.0384 4088 grmnusb - detected UnsignedFile.Multi.Generic (1)

11:08:53.0478 4088 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

11:08:53.0649 4088 helpsvc - ok

11:08:53.0790 4088 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

11:08:53.0946 4088 HidServ - ok

11:08:54.0009 4088 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

11:08:54.0181 4088 HidUsb - ok

11:08:54.0462 4088 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

11:08:54.0618 4088 hkmsvc - ok

11:08:54.0774 4088 hpn - ok

11:08:55.0181 4088 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

11:08:55.0196 4088 hpqcxs08 - ok

11:08:55.0228 4088 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

11:08:55.0243 4088 hpqddsvc - ok

11:08:55.0337 4088 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL

11:08:55.0399 4088 HPSLPSVC - ok

11:08:55.0696 4088 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

11:08:55.0759 4088 HTTP - ok

11:08:55.0821 4088 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

11:08:56.0009 4088 HTTPFilter - ok

11:08:56.0024 4088 i2omgmt - ok

11:08:56.0040 4088 i2omp - ok

11:08:56.0134 4088 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

11:08:56.0321 4088 i8042prt - ok

11:08:56.0493 4088 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

11:08:56.0556 4088 idsvc - ok

11:08:56.0728 4088 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

11:08:56.0899 4088 Imapi - ok

11:08:56.0946 4088 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

11:08:57.0118 4088 ImapiService - ok

11:08:57.0134 4088 ini910u - ok

11:08:57.0165 4088 IntelIde - ok

11:08:57.0243 4088 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

11:08:57.0399 4088 intelppm - ok

11:08:57.0446 4088 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

11:08:57.0618 4088 ip6fw - ok

11:08:57.0681 4088 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

11:08:57.0868 4088 IpFilterDriver - ok

11:08:57.0978 4088 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

11:08:58.0149 4088 IpInIp - ok

11:08:58.0259 4088 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

11:08:58.0462 4088 IpNat - ok

11:08:58.0618 4088 iPod Service (b84a28b3984185eda8867541af14cddb) C:\Program Files\iPod\bin\iPodService.exe

11:08:58.0665 4088 iPod Service - ok

11:08:58.0853 4088 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

11:08:59.0024 4088 IPSec - ok

11:08:59.0087 4088 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

11:08:59.0259 4088 irda - ok

11:08:59.0399 4088 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

11:08:59.0618 4088 IRENUM - ok

11:08:59.0649 4088 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll

11:08:59.0821 4088 Irmon - ok

11:08:59.0884 4088 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

11:09:00.0040 4088 isapnp - ok

11:09:00.0212 4088 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

11:09:00.0228 4088 IviRegMgr - ok

11:09:00.0478 4088 JavaQuickStarterService (77ac10db097dfd0cd3071465b644d0ab) C:\Program Files\Java\jre6\bin\jqs.exe

11:09:00.0696 4088 JavaQuickStarterService - ok

11:09:00.0899 4088 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

11:09:01.0071 4088 Kbdclass - ok

11:09:01.0196 4088 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

11:09:01.0556 4088 kmixer - ok

11:09:01.0759 4088 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

11:09:01.0884 4088 KSecDD - ok

11:09:02.0040 4088 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

11:09:02.0181 4088 lanmanserver - ok

11:09:02.0259 4088 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

11:09:02.0399 4088 lanmanworkstation - ok

11:09:02.0540 4088 lartgkrs - ok

11:09:02.0587 4088 lbrtfdc - ok

11:09:02.0681 4088 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

11:09:02.0899 4088 LmHosts - ok

11:09:03.0071 4088 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe

11:09:03.0103 4088 McciCMService ( UnsignedFile.Multi.Generic ) - warning

11:09:03.0103 4088 McciCMService - detected UnsignedFile.Multi.Generic (1)

11:09:03.0321 4088 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

11:09:03.0509 4088 Messenger - ok

11:09:03.0603 4088 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

11:09:03.0774 4088 mnmdd - ok

11:09:03.0868 4088 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe

11:09:04.0024 4088 mnmsrvc - ok

11:09:04.0087 4088 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

11:09:04.0243 4088 Modem - ok

11:09:04.0353 4088 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

11:09:04.0540 4088 Mouclass - ok

11:09:04.0665 4088 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

11:09:04.0868 4088 mouhid - ok

11:09:04.0946 4088 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

11:09:05.0118 4088 MountMgr - ok

11:09:05.0274 4088 mraid35x - ok

11:09:05.0446 4088 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

11:09:05.0478 4088 MREMP50 ( UnsignedFile.Multi.Generic ) - warning

11:09:05.0478 4088 MREMP50 - detected UnsignedFile.Multi.Generic (1)

11:09:05.0478 4088 MREMP50a64 - ok

11:09:05.0493 4088 MREMPR5 - ok

11:09:05.0509 4088 MRENDIS5 - ok

11:09:05.0540 4088 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

11:09:05.0571 4088 MRESP50 ( UnsignedFile.Multi.Generic ) - warning

11:09:05.0571 4088 MRESP50 - detected UnsignedFile.Multi.Generic (1)

11:09:05.0571 4088 MRESP50a64 - ok

11:09:05.0634 4088 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

11:09:05.0821 4088 MRxDAV - ok

11:09:05.0915 4088 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

11:09:06.0462 4088 MRxSmb - ok

11:09:06.0634 4088 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe

11:09:06.0806 4088 MSDTC - ok

11:09:06.0853 4088 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

11:09:07.0024 4088 Msfs - ok

11:09:07.0040 4088 MSIServer - ok

11:09:07.0103 4088 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

11:09:07.0274 4088 MSKSSRV - ok

11:09:07.0290 4088 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

11:09:07.0478 4088 MSPCLOCK - ok

11:09:07.0524 4088 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

11:09:07.0681 4088 MSPQM - ok

11:09:07.0728 4088 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

11:09:07.0915 4088 mssmbios - ok

11:09:07.0978 4088 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

11:09:08.0024 4088 Mup - ok

11:09:08.0087 4088 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

11:09:08.0274 4088 napagent - ok

11:09:08.0618 4088 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

11:09:08.0790 4088 NDIS - ok

11:09:08.0837 4088 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

11:09:08.0915 4088 NdisTapi - ok

11:09:08.0946 4088 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

11:09:09.0118 4088 Ndisuio - ok

11:09:09.0149 4088 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

11:09:09.0306 4088 NdisWan - ok

11:09:09.0353 4088 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

11:09:09.0415 4088 NDProxy - ok

11:09:09.0478 4088 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll

11:09:09.0509 4088 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

11:09:09.0509 4088 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

11:09:09.0556 4088 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

11:09:09.0728 4088 NetBIOS - ok

11:09:09.0915 4088 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

11:09:10.0071 4088 NetBT - ok

11:09:10.0118 4088 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

11:09:10.0274 4088 NetDDE - ok

11:09:10.0290 4088 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

11:09:10.0462 4088 NetDDEdsdm - ok

11:09:10.0571 4088 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

11:09:10.0743 4088 Netlogon - ok

11:09:10.0837 4088 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

11:09:10.0993 4088 Netman - ok

11:09:11.0134 4088 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

11:09:11.0149 4088 NetTcpPortSharing - ok

11:09:11.0181 4088 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

11:09:11.0368 4088 NIC1394 - ok

11:09:11.0446 4088 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

11:09:11.0493 4088 Nla - ok

11:09:11.0696 4088 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

11:09:12.0056 4088 Npfs - ok

11:09:12.0134 4088 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

11:09:12.0368 4088 Ntfs - ok

11:09:12.0415 4088 NTIDrvr (15a72d5b8f0b6a718207f14bd5ebb8ff) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys

11:09:12.0446 4088 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning

11:09:12.0446 4088 NTIDrvr - detected UnsignedFile.Multi.Generic (1)

11:09:12.0509 4088 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe

11:09:12.0665 4088 NtLmSsp - ok

11:09:12.0743 4088 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

11:09:12.0931 4088 NtmsSvc - ok

11:09:13.0056 4088 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

11:09:13.0243 4088 Null - ok

11:09:13.0540 4088 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

11:09:13.0759 4088 NwlnkFlt - ok

11:09:13.0853 4088 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

11:09:14.0056 4088 NwlnkFwd - ok

11:09:14.0149 4088 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

11:09:14.0321 4088 ohci1394 - ok

11:09:14.0384 4088 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

11:09:14.0540 4088 Parport - ok

11:09:14.0556 4088 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

11:09:14.0759 4088 PartMgr - ok

11:09:14.0821 4088 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

11:09:14.0993 4088 ParVdm - ok

11:09:15.0009 4088 PCASp50 - ok

11:09:15.0040 4088 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

11:09:15.0212 4088 PCI - ok

11:09:15.0306 4088 PCIDump - ok

11:09:15.0337 4088 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

11:09:15.0524 4088 PCIIde - ok

11:09:15.0712 4088 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

11:09:15.0868 4088 Pcmcia - ok

11:09:15.0884 4088 PDCOMP - ok

11:09:15.0915 4088 PDFRAME - ok

11:09:15.0931 4088 PDRELI - ok

11:09:15.0962 4088 PDRFRAME - ok

11:09:15.0978 4088 perc2 - ok

11:09:16.0009 4088 perc2hib - ok

11:09:16.0103 4088 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

11:09:16.0134 4088 PlugPlay - ok

11:09:16.0196 4088 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll

11:09:16.0228 4088 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

11:09:16.0228 4088 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

11:09:16.0274 4088 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

11:09:16.0431 4088 PolicyAgent - ok

11:09:16.0524 4088 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

11:09:16.0696 4088 PptpMiniport - ok

11:09:16.0759 4088 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

11:09:16.0915 4088 Processor - ok

11:09:16.0931 4088 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

11:09:17.0071 4088 ProtectedStorage - ok

11:09:17.0103 4088 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

11:09:17.0259 4088 PSched - ok

11:09:17.0306 4088 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

11:09:17.0634 4088 Ptilink - ok

11:09:17.0821 4088 QBCFMonitorService (681177830d9c62c43f664f313d116821) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

11:09:17.0853 4088 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning

11:09:17.0853 4088 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)

11:09:17.0946 4088 QBFCService (2241eaf40e472c471cb80cf6b97cca11) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

11:09:17.0978 4088 QBFCService ( UnsignedFile.Multi.Generic ) - warning

11:09:17.0978 4088 QBFCService - detected UnsignedFile.Multi.Generic (1)

11:09:18.0134 4088 ql1080 - ok

11:09:18.0149 4088 Ql10wnt - ok

11:09:18.0181 4088 ql12160 - ok

11:09:18.0196 4088 ql1240 - ok

11:09:18.0228 4088 ql1280 - ok

11:09:18.0274 4088 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

11:09:18.0509 4088 RasAcd - ok

11:09:18.0571 4088 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

11:09:18.0743 4088 RasAuto - ok

11:09:18.0790 4088 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

11:09:18.0868 4088 Rasirda - ok

11:09:18.0915 4088 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

11:09:19.0071 4088 Rasl2tp - ok

11:09:19.0134 4088 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

11:09:19.0290 4088 RasMan - ok

11:09:19.0321 4088 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

11:09:19.0478 4088 RasPppoe - ok

11:09:19.0556 4088 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

11:09:19.0743 4088 Raspti - ok

11:09:19.0790 4088 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

11:09:19.0978 4088 Rdbss - ok

11:09:20.0165 4088 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

11:09:20.0368 4088 RDPCDD - ok

11:09:20.0493 4088 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

11:09:20.0587 4088 RDPWD - ok

11:09:20.0649 4088 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

11:09:20.0821 4088 RDSessMgr - ok

11:09:20.0899 4088 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

11:09:21.0040 4088 redbook - ok

11:09:21.0118 4088 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

11:09:21.0306 4088 RemoteAccess - ok

11:09:21.0556 4088 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe

11:09:21.0712 4088 RpcLocator - ok

11:09:21.0774 4088 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

11:09:21.0868 4088 RpcSs - ok

11:09:21.0931 4088 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe

11:09:22.0149 4088 RSVP - ok

11:09:22.0243 4088 RTL8023 (29f9879a1fd386f7251ae9fdadb2cbf1) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys

11:09:22.0353 4088 RTL8023 - ok

11:09:22.0415 4088 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

11:09:22.0556 4088 rtl8139 - ok

11:09:22.0743 4088 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

11:09:22.0899 4088 SamSs - ok

11:09:22.0946 4088 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

11:09:23.0368 4088 SCardSvr - ok

11:09:23.0415 4088 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

11:09:23.0603 4088 Schedule - ok

11:09:23.0665 4088 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

11:09:23.0821 4088 sdbus - ok

11:09:23.0993 4088 SeaPort (ca7e42e0b8d117165ed553a7d681352a) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

11:09:24.0009 4088 SeaPort - ok

11:09:24.0103 4088 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

11:09:24.0243 4088 Secdrv - ok

11:09:24.0446 4088 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

11:09:24.0634 4088 seclogon - ok

11:09:24.0665 4088 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

11:09:24.0837 4088 SENS - ok

11:09:24.0899 4088 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

11:09:25.0056 4088 Serial - ok

11:09:25.0118 4088 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

11:09:25.0306 4088 Sfloppy - ok

11:09:25.0399 4088 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

11:09:25.0618 4088 SharedAccess - ok

11:09:25.0681 4088 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

11:09:25.0728 4088 ShellHWDetection - ok

11:09:25.0899 4088 Simbad - ok

11:09:25.0962 4088 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys

11:09:26.0056 4088 SMCIRDA - ok

11:09:26.0103 4088 smhwdev (2a0bde6dd58ac2935a80f984b3af0b0e) C:\WINDOWS\system32\DRIVERS\smhwdev.sys

11:09:26.0181 4088 smhwdev - ok

11:09:26.0212 4088 smhwser (54b5dd15eef72aee8d1c765ab2235610) C:\WINDOWS\system32\DRIVERS\smhwser.sys

11:09:26.0321 4088 smhwser - ok

11:09:26.0353 4088 Sparrow - ok

11:09:26.0540 4088 SPHost (4458ccb437b38aa99459f8f3dc6e8405) C:\Program Files\Common Files\Search Protection\spHost.exe

11:09:26.0556 4088 SPHost - ok

11:09:26.0603 4088 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

11:09:26.0774 4088 splitter - ok

11:09:26.0962 4088 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

11:09:27.0040 4088 Spooler - ok

11:09:27.0103 4088 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

11:09:27.0259 4088 sr - ok

11:09:27.0353 4088 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

11:09:27.0509 4088 srservice - ok

11:09:27.0587 4088 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

11:09:27.0696 4088 Srv - ok

11:09:27.0743 4088 SrvcTPIOMngr (cbc0be9758bace83fc9ac25f4cca20e7) C:\WINDOWS\system32\Drivers\TPIoMngr.sys

11:09:27.0743 4088 SrvcTPIOMngr ( UnsignedFile.Multi.Generic ) - warning

11:09:27.0743 4088 SrvcTPIOMngr - detected UnsignedFile.Multi.Generic (1)

11:09:27.0790 4088 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

11:09:27.0962 4088 SSDPSRV - ok

11:09:28.0165 4088 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

11:09:28.0384 4088 StillCam - ok

11:09:28.0462 4088 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

11:09:28.0665 4088 stisvc - ok

11:09:28.0696 4088 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

11:09:29.0009 4088 swenum - ok

11:09:29.0040 4088 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

11:09:29.0196 4088 swmidi - ok

11:09:29.0212 4088 SwPrv - ok

11:09:29.0243 4088 symc810 - ok

11:09:29.0259 4088 symc8xx - ok

11:09:29.0290 4088 sym_hi - ok

11:09:29.0321 4088 sym_u3 - ok

11:09:29.0368 4088 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

11:09:29.0540 4088 sysaudio - ok

11:09:29.0587 4088 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

11:09:29.0759 4088 SysmonLog - ok

11:09:29.0962 4088 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

11:09:30.0134 4088 TapiSrv - ok

11:09:30.0243 4088 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

11:09:30.0321 4088 Tcpip - ok

11:09:30.0415 4088 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

11:09:30.0571 4088 TDPIPE - ok

11:09:30.0634 4088 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

11:09:30.0790 4088 TDTCP - ok

11:09:30.0837 4088 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

11:09:30.0993 4088 TermDD - ok

11:09:31.0056 4088 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

11:09:31.0243 4088 TermService - ok

11:09:31.0649 4088 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

11:09:31.0681 4088 Themes - ok

11:09:31.0806 4088 TosIde - ok

11:09:31.0915 4088 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

11:09:32.0087 4088 TrkWks - ok

11:09:32.0728 4088 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

11:09:32.0931 4088 Udfs - ok

11:09:33.0040 4088 ultra - ok

11:09:33.0165 4088 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

11:09:33.0384 4088 Update - ok

11:09:33.0446 4088 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

11:09:33.0634 4088 upnphost - ok

11:09:33.0665 4088 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

11:09:33.0821 4088 UPS - ok

11:09:33.0884 4088 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

11:09:33.0915 4088 USBAAPL - ok

11:09:33.0978 4088 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

11:09:34.0149 4088 usbaudio - ok

11:09:34.0290 4088 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

11:09:34.0696 4088 usbccgp - ok

11:09:34.0806 4088 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

11:09:34.0978 4088 usbehci - ok

11:09:35.0024 4088 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

11:09:35.0196 4088 usbhub - ok

11:09:35.0228 4088 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

11:09:35.0399 4088 usbohci - ok

11:09:35.0462 4088 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

11:09:35.0618 4088 usbprint - ok

11:09:35.0681 4088 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

11:09:35.0853 4088 usbscan - ok

11:09:35.0899 4088 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

11:09:36.0056 4088 USBSTOR - ok

11:09:36.0196 4088 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

11:09:36.0368 4088 VgaSave - ok

11:09:36.0446 4088 ViaIde - ok

11:09:36.0493 4088 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

11:09:36.0665 4088 VolSnap - ok

11:09:36.0743 4088 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

11:09:36.0899 4088 VSS - ok

11:09:36.0946 4088 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

11:09:37.0134 4088 W32Time - ok

11:09:37.0181 4088 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

11:09:37.0353 4088 Wanarp - ok

11:09:37.0399 4088 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

11:09:37.0462 4088 wanatw - ok

11:09:37.0540 4088 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

11:09:37.0571 4088 Wdf01000 - ok

11:09:37.0728 4088 WDICA - ok

11:09:37.0790 4088 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

11:09:37.0946 4088 wdmaud - ok

11:09:37.0993 4088 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

11:09:38.0149 4088 WebClient - ok

11:09:38.0196 4088 WinDefend - ok

11:09:38.0259 4088 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

11:09:38.0446 4088 winmgmt - ok

11:09:38.0649 4088 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

11:09:38.0728 4088 wlidsvc - ok

11:09:38.0915 4088 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

11:09:38.0962 4088 WmdmPmSN - ok

11:09:39.0087 4088 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe

11:09:39.0243 4088 WmiApSrv - ok

11:09:39.0415 4088 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

11:09:39.0509 4088 WMPNetworkSvc - ok

11:09:39.0681 4088 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

11:09:39.0728 4088 WpdUsb - ok

11:09:39.0774 4088 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

11:09:39.0978 4088 WS2IFSL - ok

11:09:40.0071 4088 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

11:09:40.0478 4088 wscsvc - ok

11:09:40.0509 4088 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

11:09:40.0696 4088 wuauserv - ok

11:09:40.0774 4088 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

11:09:40.0853 4088 WudfPf - ok

11:09:40.0899 4088 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

11:09:40.0931 4088 WudfRd - ok

11:09:41.0103 4088 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

11:09:41.0165 4088 WudfSvc - ok

11:09:41.0243 4088 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

11:09:41.0462 4088 WZCSVC - ok

11:09:41.0524 4088 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

11:09:41.0696 4088 xmlprov - ok

11:09:41.0759 4088 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

11:09:41.0978 4088 \Device\Harddisk0\DR0 - ok

11:09:41.0978 4088 Boot (0x1200) (fef2d246c79aadafefa79110069d95b9) \Device\Harddisk0\DR0\Partition0

11:09:41.0978 4088 \Device\Harddisk0\DR0\Partition0 - ok

11:09:41.0993 4088 ============================================================

11:09:41.0993 4088 Scan finished

11:09:41.0993 4088 ============================================================

11:09:42.0149 3272 Detected object count: 11

11:09:42.0149 3272 Actual detected object count: 11

11:09:48.0649 3272 bgsvcgen ( UnsignedFile.Multi.Generic ) - skipped by user

11:09:48.0649 3272 bgsvcgen ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:09:48.0649 3272 grmnusb ( UnsignedFile.Multi.Generic ) - skipped by user

11:09:48.0649 3272 grmnusb ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:09:48.0665 3272 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user

11:09:48.0665 3272 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:09:48.0665 3272 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user

11:09:48.0665 3272 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:09:48.0681 3272 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user

11:09:48.0681 3272 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:09:48.0681 3272 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

11:09:48.0681 3272 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:09:48.0681 3272 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user

11:09:48.0681 3272 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:09:48.0696 3272 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

11:09:48.0696 3272 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:09:48.0696 3272 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user

11:09:48.0696 3272 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:09:48.0712 3272 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user

11:09:48.0712 3272 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:09:48.0712 3272 SrvcTPIOMngr ( UnsignedFile.Multi.Generic ) - skipped by user

11:09:48.0712 3272 SrvcTPIOMngr ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:11:13.0899 0340 Deinitialize success

[Maniac]

Please manually delete ComboFix, download a new fresh copy and re-run it. Post it in your next reply.

[tkpro72]

Hi. I reran ComboFix but the problem persists. It only seems to affect firefox. I did some searches on IE with no problem. The problem is I have to use Firefox for my work. We are not allowed to use IE because the platform will not work with IE. This virus is affecting my ability to work. The results of ComboFix were as follows:

ComboFix 12-03-26.02 - Toshiba 03/26/2012 11:19:23.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.639.209 [GMT -4:00]

Running from: c:\documents and settings\Toshiba\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\etc\hosts.ics

.

.

((((((((((((((((((((((((( Files Created from 2012-02-26 to 2012-03-26 )))))))))))))))))))))))))))))))

.

.

2012-03-22 17:58 . 2012-03-22 18:04 -------- d-----w- c:\documents and settings\Toshiba\Application Data\Motive

2012-03-22 17:58 . 2012-03-22 17:58 -------- d-----w- c:\program files\ATT-HSI

2012-03-18 15:05 . 2012-03-18 15:05 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2012-03-18 15:05 . 2012-03-18 15:05 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

2012-03-16 18:56 . 2012-03-16 18:56 -------- d--h--w- c:\windows\PIF

2012-03-16 14:23 . 2012-03-16 14:23 -------- d-----w- c:\documents and settings\Toshiba\Application Data\simppulltoolbar

2012-03-16 13:33 . 2012-03-16 13:33 4752 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-03-16 03:11 . 2012-03-16 03:11 -------- d-----w- c:\windows\system32\wbem\Repository

2012-03-15 23:53 . 2012-03-16 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-23 13:40 . 2011-05-16 12:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-23 13:18 . 2010-12-22 17:40 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-03 09:22 . 2003-03-31 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-15 22:55 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2008-06-13 21:59 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-18 15:05 . 2012-02-07 04:39 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DEE1F01A-E6A8-4740-B420-3C521F234F74}]

2009-06-24 18:38 107816 ----a-w- c:\program files\Common Files\Search Protection\sp.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 88363]

"HostManager"="c:\program files\Common Files\AOL\1215722999\ee\AOLSoftware.exe" [2008-06-24 41824]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-02 30192]

"LMPDPSRV"="c:\windows\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE" [2002-09-05 45056]

"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]

.

c:\documents and settings\Toshiba\Start Menu\Programs\Startup\

AOL Desktop.lnk - c:\program files\Common Files\aol\Launch\aollaunch.exe [2008-6-24 41824]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-01-04 03:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2004-04-22 01:10 335872 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]

2009-08-04 07:49 318096 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]

2011-08-23 20:03 50592 ----a-w- c:\documents and settings\Toshiba\Application Data\mjusbsp\cdloader2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2011-05-10 06:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]

2009-12-22 13:47 1092872 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]

2003-09-26 19:43 184320 ------w- c:\program files\ltmoh\ltmoh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]

2009-12-18 16:24 197928 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]

2009-07-17 16:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]

2002-02-05 02:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]

2011-06-07 16:07 107000 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]

2004-03-15 00:17 53248 ----a-w- c:\program files\TOSHIBA\TouchPad\TPTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\aol\\1215722999\\ee\\aolsoftware.exe"=

"c:\\Program Files\\AOL 9.1\\waol.exe"=

"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=

"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Common Files\\aol\\1215722999\\ee\\AOLDesktop.exe"=

"c:\\Program Files\\AOL 9.1\\aol.exe"=

"c:\\Program Files\\FinePixViewer\\FinePixViewer.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\LMpdpsrv.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=

"c:\\Program Files\\Adobe\\Acrobat.com\\Acrobat.com.exe"=

"c:\\Program Files\\ltmoh\\ltmoh.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\MP3 Rocket\\MP3Rocket.exe"=

"c:\\Documents and Settings\\Toshiba\\Application Data\\mjusbsp\\magicJack.exe"=

"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=

.

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 12:25 PM 189736]

S0 lartgkrs;lartgkrs;c:\windows\system32\drivers\eilagbqh.sys --> c:\windows\system32\drivers\eilagbqh.sys [?]

S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [2/10/2011 12:41 AM 25728]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/30/2008 10:48 PM 30192]

S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys [2/10/2011 12:41 AM 100864]

S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [2/10/2011 12:41 AM 108032]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2008-11-25 c:\windows\Tasks\Disk Cleanup.job

- c:\windows\system32\cleanmgr.exe [2003-03-31 00:12]

.

2012-03-26 c:\windows\Tasks\User_Feed_Synchronization-{1E0B23CA-3E0F-49CE-828C-D6692F5E7FE5}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {{B1C5B118-8240-47a6-AE84-103B05FB5AEF} - c:\program files\Common Files\Search Protection\spControl.exe

IE: {{C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - c:\program files\Crawler\Radio\CRadio.exe

Trusted Zone: magicjack.com\data

Trusted Zone: magicjack.com\my

Trusted Zone: talk4free.com\reg

TCP: DhcpNameServer = 205.152.37.23 205.152.132.23

DPF: {58444091-851A-46BC-BA63-904886070C0D} - hxxps://live.edirectglass.com/edg/Shop/Attachments/dbpix/dbpix20.ocx

FF - ProfilePath - c:\documents and settings\Toshiba\Application Data\Mozilla\Firefox\Profiles\a0v7ilao.default\

FF - prefs.js: browser.search.selectedEngine - Search Results

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=2&sr=0&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-26 11:42

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-03-26 11:49:43

ComboFix-quarantined-files.txt 2012-03-26 15:49

.

Pre-Run: 53,684,453,376 bytes free

Post-Run: 54,016,139,264 bytes free

.

- - End Of File - - DE7BB5800771040B1C2F4CA510C70AF1

Is there anything else I can do?

[Maniac]

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\eilagbqh.sys
c:\windows\system32\drivers\lartgkrs.sys

Folder::
c:\documents and settings\Toshiba\Application Data\simppulltoolbar

Driver::
lartgkrs
eilagbqh

FireFox::
FF - ProfilePath - c:\documents and settings\Toshiba\Application Data\Mozilla\Firefox\Profiles\a0v7ilao.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=2&sr=0&q=

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[tkpro72]

Hi. I did some research online and determined that since the redirect only affects firefox that an infected addon may be the culprit. I went into addons under extensions and disabled performance cache 1.0. Now the redirects appear to be gone. I hope it stays that way. I'll keep you posted.