0

Hi,
I have some hijacking virus that I can't get rid of. I've tried Malwarebytes, tdsskiller, Skybot, AdAware and Superantispyware, cleaned some things, but it persists. Can anyone help? Below is the hijackthis log. Many thanks for any input.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:00:16 PM, on 4/29/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\iCamSource\iCamSource.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Paul\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e777553c-7dd3-41e4-b64e-57ba2f7c0d42&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e777553c-7dd3-41e4-b64e-57ba2f7c0d42&searchtype=ds&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e777553c-7dd3-41e4-b64e-57ba2f7c0d42&searchtype=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e777553c-7dd3-41e4-b64e-57ba2f7c0d42&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e777553c-7dd3-41e4-b64e-57ba2f7c0d42&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: InfoAtoms - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files\InfoAtoms\IE32\InfoAtomsClientIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0809 -f video -m logitech -d 13.51.823.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0809 -f video -m logitech -d 13.51.823.0 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340400771796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340400763250
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE9E0D08-A833-44F5-A4E5-A1AC56088EF1}: Domain = vpn.gatech.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE9E0D08-A833-44F5-A4E5-A1AC56088EF1}: NameServer = 128.61.244.254,130.207.244.244
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vpn.gatech.edu,hsd1.ga.comcast.net.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vpn.gatech.edu,hsd1.ga.comcast.net.
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
O23 - Service: webcamXP Service (wxpSvc) - Unknown owner - C:\Program Files\wLite\wService.exe

--
End of file - 18866 bytes

Edited by Reverend Jim: wrong forum

9
Contributors
26
Replies
174
Views
4 Years
Discussion Span
Last Post by coroneshotel2
0

try a simple thing first , run hijackthis and check off to remove these lines,reboot and see what happens .

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e777553c-7dd3-41e4-b64e-57ba2f7c0d42&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e777553c-7dd3-41e4-b64e-57ba2f7c0d42&searchtype=ds&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e777553c-7dd3-41e4-b64e-57ba2f7c0d42&searchtype=hp 
0

and you could speed up the computer by stopping most of there programs from running on startup

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin
O4 - HKUS\S-1-5-18..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0809 -f video -m logitech -d 13.51.823.0 (User 'SYSTEM')
O4 - HKUS.DEFAULT..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0809 -f video -m logitech -d 13.51.823.0 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

0

Thanks for the tips above. I did what was suggested, but I still have this thing. It likes to reroute to gaming sites, and today, some Chinese dating site. Here is my latest hijackthis, any further advice is much appreciated!

`Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:24 PM, on 5/7/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\FastStone Image Viewer\FSViewer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\crusty.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: InfoAtoms - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files\InfoAtoms\IE32\InfoAtomsClientIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0809 -f video -m logitech -d 13.51.823.0 (User 'SYSTEM')
O4 - HKUS.DEFAULT..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0809 -f video -m logitech -d 13.51.823.0 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340400771796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340400763250
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip..{EE9E0D08-A833-44F5-A4E5-A1AC56088EF1}: Domain = vpn.gatech.edu
O17 - HKLM\System\CCS\Services\Tcpip..{EE9E0D08-A833-44F5-A4E5-A1AC56088EF1}: NameServer = 128.61.244.254,130.207.244.244
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vpn.gatech.edu,hsd1.ga.comcast.net.,ga.comcast.net.,comcast.net.,net.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vpn.gatech.edu,hsd1.ga.comcast.net.,ga.comcast.net.,comcast.net.,net.
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: webcamXP Service (wxpSvc) - Moonware Studios - C:\Program Files\wLite\wService.exe

--
End of file - 13797 bytes
`

0

Hi. Hijackthis really is not a great tool to be running; the view of your system is very limited. A far better scan can be found here:
==Download OTL from http://oldtimer.geekstogo.com/OTL.exe to your Desktop.

  • Double click on the icon to start the application.
  • Press Scan All Users, Minimal Output, Standard Registry ALL, check both LOP and Purity boxes, leave other sections as they are.
  • Press Run Scan.
    The scan will take maybe 5 minutes; 2 notepads will present [saved to the place from where you ran OTL.exe] - please post both.
    By the way, which browser is affected?
0

Thanks for the offer of help, gerbil. Here are the two notepads:

OTL Extras logfile created on: 5/9/2013 6:56:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Paul\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 54.13% Memory free
4.19 Gb Paging File | 2.93 Gb Available in Paging File | 69.92% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.87 Gb Total Space | 3.90 Gb Free Space | 2.69% Space Free | Partition Type: NTFS

Computer Name: GNAT | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = jsfile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [QCD.add] -- "c:\program files\quintessential player\qcdplayer.exe" /ddeexec (Quinnware)
Directory [QCD.load] -- "c:\program files\quintessential player\qcdplayer.exe" /ddeexec (Quinnware)
Directory [QCD.play] -- "c:\program files\quintessential player\qcdplayer.exe" /ddeexec (Quinnware)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"9779:TCP" = 9779:TCP:*:Enabled:Services
"9780:TCP" = 9780:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"17361:TCP" = 17361:TCP:*:Enabled:BitComet 17361 TCP
"17361:UDP" = 17361:UDP:*:Enabled:BitComet 17361 UDP
"59999:TCP" = 59999:TCP:*:Enabled:BitComet 59999 TCP
"59999:UDP" = 59999:UDP:*:Enabled:BitComet 59999 UDP
"8080:TCP" = 8080:TCP:*:Enabled:Windows Media Format SDK (wmenc.exe)
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"9779:TCP" = 9779:TCP:*:Enabled:Services
"9780:TCP" = 9780:TCP:*:Enabled:Services

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Google\Picasa3\Picasa3.exe" = C:\Program Files\Google\Picasa3\Picasa3.exe:*:Enabled:Picasa -- (Google Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\WinMX\WinMX.exe" = C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application -- (Frontcode Technologies)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\wLite\wLite.exe" = C:\Program Files\wLite\wLite.exe:*:Enabled:webcamXP -- (Moonware Studios)
"C:\Program Files\wLite\wService.exe" = C:\Program Files\wLite\wService.exe:*:Enabled:webcamXP Service -- (Moonware Studios)
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\iCamSource\iCamSource.exe" = C:\Program Files\iCamSource\iCamSource.exe:*:Enabled:iCamSource -- ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\Paul\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Paul\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{064BA90A-C58A-498F-950F-370A3471C1B9}" = iCamSource
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A76507B-063D-44E7-9008-249E88238C0E}" = AVG 2011
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{183B7569-90FB-4C56-9761-0EEB002CAB83}" = Adobe Camera Raw 4.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D181764-DCD0-41B8-AA7B-0A599F027A72}" = Adobe Photoshop Elements 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{23170F69-40C1-2701-0921-000001000000}" = 7-Zip 9.21
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2BCED072-9E78-456F-B8D6-AF6DA5A5EECC}" = H&R Block Georgia 2009
"{2D1EC4DD-5EE8-4CA0-A4DE-3BA029C55DFA}" = H&R Block Basic + Efile 2011
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CC29C1A-B5FE-457B-8F22-32A2557A92C7}}_is1" = Windows Movie Maker 6.1
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}" = Adobe Version Cue CS3 Client
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{48227AEB-DC8E-4A90-A274-0B4A39D699B1}" = Client Security Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A423411-E28A-4A13-BDB0-8E8BC42FFA29}" = HTC Sync
"{4B3AF51F-830F-409F-AE05-FB67040C90B6}" = Cisco AnyConnect Secure Mobility Client
"{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}" = Adobe ExtendScript Toolkit 2
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{52592821-F0CA-4131-8958-BCAE6E50B523}" = Pure Networks Platform
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56504C77-8B9F-4EB2-B33B-C5B9F50B5D64}" = AVG 2011
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{663E217E-FC26-4249-9E8E-F190CD63E737}" = TaxCut Premium + State 2007
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}" = Adobe Bridge CS3
"{68D04E15-1F15-485F-B8CA-914444618EEF}" = TaxCut Georgia 2007
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{690E8A51-CD15-45A5-A3C4-76DD4012333A}" = Eudora
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{733D84D6-AAFD-4368-A1D0-F2734F6B9082}" = Adobe Help Viewer CS3
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{76ADF6B8-FB83-4358-8502-9FCDFD3C7AA0}" = H&R Block Georgia 2011
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7726CF62-7B45-4E6D-9266-615346816BCA}" = Rescue and Recovery
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F3A2319-79CF-4701-95FB-034E99281808}" = Adobe Bridge Start Meeting
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89D20029-0578-4D8D-979A-695C8D868868}" = H&R Block Basic + Efile 2012
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}" = Adobe Asset Services CS3
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{92A0792A-E771-4C4A-9A4A-C2917AA19EEA}" = H&R Block Basic + Efile 2009
"{935B40F5-6994-4868-9155-F9FB77A5048F}" = Microsoft Expression Encoder 4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{952DCCD8-4039-46C8-BC8B-5C1EB6C8E130}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{9576C428-7258-4B59-961C-439925E6AF8F}" = Cisco Network Magic
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}" = Readiris 7.5
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9D22599D-E1F4-4934-8B4D-2BBA46662251}" = System Migration Assistant
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.5.128
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers
"{B03B98E3-2795-48F6-BA33-793BBF5DF685}" = SMI USB Grabber
"{B0DE7025-6319-4FCD-8364-095B8774BC33}" = H&R Block Georgia 2010
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CA42DB1B-CA81-48FC-B625-DAF2FAF7ECB0}" = SP2200 EnhancedMatte Premium ICC Profiles
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}" = Adobe Update Manager CS3
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}" = Elements 11 Organizer
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkCentre
"{D81FBA6E-5492-4C46-BAE3-3A9242C27210}" = TaxCut Basic + Efile 2008
"{DA320635-F48C-4613-8325-D75A933C549E}" = ThinkVantage System Update Toolbar Button for IE
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E518C80C-C549-40E1-844C-669ED64195D3}" = FTP Surfer
"{E6A64398-84A0-4499-B44B-2DBD3D1E9E7E}" = TaxCut Georgia 2008
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F803F9E2-2BC5-435C-A3FE-0875C6DDF160}" = SmarterMail
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FD2B3CFD-AFBD-4944-A79D-407CB3C24110}" = H&R Block Basic + Efile 2010
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe Photoshop Elements 11" = Adobe Photoshop Elements 11
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Audacity_is1" = Audacity 1.2.6
"AVG" = AVG 2011
"AviSynth" = AviSynth 2.5
"AwayTask" = ThinkVantage Away Manager
"Belarc Advisor" = Belarc Advisor 7.2
"BitComet" = BitComet 1.31
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVD Flick_is1" = DVD Flick 1.3.0.7
"Encoder_4.0.1651.0" = Microsoft Expression Encoder 4
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"FileZilla Client" = FileZilla Client 3.2.3.1
"Flash Slideshow Maker Pro" = Flash Slideshow Maker Pro 4.61
"Free RAR Extract Frog" = Free RAR Extract Frog
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"HTC_WModemDriver" = WModem Driver Installer
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"ImTOO Download YouTube Video" = ImTOO Download YouTube Video
"InfoAtoms" = InfoAtoms
"InstallShield_{F803F9E2-2BC5-435C-A3FE-0875C6DDF160}" = SmarterMail
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.5.5 (Full)
"Linksys Wireless Manager" = Linksys Wireless Manager
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Miro" = Miro
"MouseSuite98" = Mouse Suite
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"nanoPEG-Editor 2.6.0 for WinTV_is1" = nanoPEG-Editor 2.6.0 for WinTV
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"Quintessential Player" = Quintessential Player
"RealPlayer 6.0" = RealPlayer
"Remove Multimedia Center" = Remove Multimedia Center
"Switch" = Switch Sound File Converter
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Video Capture v5.09.1202.00" = Video Capture v5.09.1202.00
"Videora iPod Converter" = Videora iPod Converter 5.03
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"YouTube Downloader App" = YouTube Downloader App 2.03
"YTdetect" = Yahoo! Detect

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-2621160978-2338274801-3040308891-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Spotify" = Spotify
"Winamp Detect" = Winamp Detector Plug-in

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 3/19/2013 9:44:47 PM | Computer Name = GNAT | Source = nview_info | ID = 11141121
Description = 

Error - 3/19/2013 9:44:48 PM | Computer Name = GNAT | Source = nview_info | ID = 11141121
Description = 

Error - 3/19/2013 9:44:50 PM | Computer Name = GNAT | Source = nview_info | ID = 11141121
Description = 

Error - 3/26/2013 10:05:09 PM | Computer Name = GNAT | Source = Application Error | ID = 1000
Description = Faulting application mstsc.exe, version 6.0.6001.18589, faulting module
 hpzui054.dll, version 60.54.45.0, fault address 0x0014c8ff.

Error - 4/1/2013 9:13:40 PM | Computer Name = GNAT | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 tswpfwrp.exe, P2 3.0.6920.1109, P3 470bc7c1,
 P4 windowsbase, P5 3.0.0.0, P6 4f7e7096, P7 e34, P8 30, P9 system.io.fileformatexception,
 P10 NIL.

Error - 4/23/2013 4:15:28 PM | Computer Name = GNAT | Source = Application Error | ID = 1000
Description = Faulting application vprot.exe, version 14.2.0.1, faulting module 
vprot.exe, version 14.2.0.1, fault address 0x0009263b.

Error - 4/25/2013 5:25:00 PM | Computer Name = GNAT | Source = Application Error | ID = 1000
Description = Faulting application MachineIdCreator.exe, version 14.0.0.6, faulting
 module avguidx.dll, version 2012.0.0.1, fault address 0x0002714a.

Error - 5/5/2013 10:28:24 PM | Computer Name = GNAT | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
 module unknown, version 0.0.0.0, fault address 0x676c8062.

Error - 5/5/2013 10:28:34 PM | Computer Name = GNAT | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
 dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 5/6/2013 1:22:37 AM | Computer Name = GNAT | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 20.0.1.4847, faulting
 module mozalloc.dll, version 20.0.1.4847, fault address 0x0000199f.

[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 5/8/2013 12:45:33 PM | Computer Name = GNAT | Source = acvpnagent | ID = 67110872
Description = Failed Route change:  Action: AddRoute  Destination: 192.168.1.255  Netmask:
 255.255.255.255  Gateway: 143.215.20.133  Interface: 143.215.20.134  Metric: 1

Error - 5/8/2013 12:45:33 PM | Computer Name = GNAT | Source = acvpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
 223 Invoked Function: AddRouteChange Return Code: -33095667 (0xFE07000D) Description:
 ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED 

Error - 5/8/2013 1:47:50 PM | Computer Name = GNAT | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelProtocolDpdMgr::OnTimerExpired File: .\TunnelProtocolDpdMgr.cpp
Line:
 277 Invoked Function: CTunnelProtocolDpdMgr::handleExpiredDPD Return Code: -25952246
 (0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure 
gateway failed to respond to Dead Peer Detection packets. DTLS/CDTP

Error - 5/8/2013 1:47:50 PM | Computer Name = GNAT | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelStateMgr::OnTunnelStatusChange File: .\TunnelStateMgr.cpp
Line:
 1309 Invoked Function: Tunnel status change callback status Return Code: -25952246
 (0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure 
gateway failed to respond to Dead Peer Detection packets. DTLS

Error - 5/9/2013 3:11:38 AM | Computer Name = GNAT | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelProtocolDpdMgr::OnTimerExpired File: .\TunnelProtocolDpdMgr.cpp
Line:
 277 Invoked Function: CTunnelProtocolDpdMgr::handleExpiredDPD Return Code: -25952246
 (0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure 
gateway failed to respond to Dead Peer Detection packets. DTLS/CDTP

Error - 5/9/2013 3:11:38 AM | Computer Name = GNAT | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelStateMgr::OnTunnelStatusChange File: .\TunnelStateMgr.cpp
Line:
 1309 Invoked Function: Tunnel status change callback status Return Code: -25952246
 (0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure 
gateway failed to respond to Dead Peer Detection packets. DTLS

Error - 5/9/2013 5:43:23 AM | Computer Name = GNAT | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelProtocolDpdMgr::OnTimerExpired File: .\TunnelProtocolDpdMgr.cpp
Line:
 277 Invoked Function: CTunnelProtocolDpdMgr::handleExpiredDPD Return Code: -25952246
 (0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure 
gateway failed to respond to Dead Peer Detection packets. DTLS/CDTP

Error - 5/9/2013 5:43:23 AM | Computer Name = GNAT | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelStateMgr::OnTunnelStatusChange File: .\TunnelStateMgr.cpp
Line:
 1309 Invoked Function: Tunnel status change callback status Return Code: -25952246
 (0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure 
gateway failed to respond to Dead Peer Detection packets. DTLS

Error - 5/9/2013 2:58:04 PM | Computer Name = GNAT | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelProtocolDpdMgr::OnTimerExpired File: .\TunnelProtocolDpdMgr.cpp
Line:
 277 Invoked Function: CTunnelProtocolDpdMgr::handleExpiredDPD Return Code: -25952246
 (0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure 
gateway failed to respond to Dead Peer Detection packets. DTLS/CDTP

Error - 5/9/2013 2:58:04 PM | Computer Name = GNAT | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelStateMgr::OnTunnelStatusChange File: .\TunnelStateMgr.cpp
Line:
 1309 Invoked Function: Tunnel status change callback status Return Code: -25952246
 (0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure 
gateway failed to respond to Dead Peer Detection packets. DTLS

[ System Events ]
Error - 5/5/2013 7:41:07 PM | Computer Name = GNAT | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error:   %%2

Error - 5/5/2013 7:41:07 PM | Computer Name = GNAT | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
 9 service to connect.

Error - 5/5/2013 7:41:07 PM | Computer Name = GNAT | Source = Service Control Manager | ID = 7023
Description = The Remote Procedure Call (CQTPM) service terminated with the following
 error:   %%126

Error - 5/5/2013 10:42:54 PM | Computer Name = GNAT | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error:   %%2

Error - 5/5/2013 10:42:54 PM | Computer Name = GNAT | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
 9 service to connect.

Error - 5/5/2013 10:42:54 PM | Computer Name = GNAT | Source = Service Control Manager | ID = 7023
Description = The Remote Procedure Call (CQTPM) service terminated with the following
 error:   %%126

Error - 5/8/2013 12:12:02 AM | Computer Name = GNAT | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error:   %%2

Error - 5/8/2013 12:12:02 AM | Computer Name = GNAT | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
 9 service to connect.

Error - 5/8/2013 12:12:02 AM | Computer Name = GNAT | Source = Service Control Manager | ID = 7023
Description = The Remote Procedure Call (CQTPM) service terminated with the following
 error:   %%126

Error - 5/8/2013 12:45:19 PM | Computer Name = GNAT | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
 address 001617F92368 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).

 < End of report >



OTL logfile created on: 5/9/2013 6:56:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Paul\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 54.13% Memory free
4.19 Gb Paging File | 2.93 Gb Available in Paging File | 69.92% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.87 Gb Total Space | 3.90 Gb Free Space | 2.69% Space Free | Partition Type: NTFS

Computer Name: GNAT | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Documents and Settings\Paul\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe ()
PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\pdf995mon.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\nvapi.dll ()
MOD - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe ()
MOD - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\crm\xmlparse.dll ()


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - (RPCQT) -- C:\WINDOWS\system32\Rpcqt.dll File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AdobeActiveFileMonitor11.0) -- C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (SMWebSvr) -- C:\Program Files\SmarterTools\SmarterMail\Web Server\SMWebSvr.exe (SmarterTools Inc)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (wxpSvc) -- C:\Program Files\wLite\wService.exe (Moonware Studios)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe ( )
SRV - (PsaSrv) -- C:\WINDOWS\system32\psasrv.exe ()
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe ()
SRV - (tvtnetwk) -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (WDICA) --  File not found
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (PID_PEPI) -- system32\DRIVERS\LV302V32.SYS File not found
DRV - (pepifilter) -- system32\DRIVERS\lv302af.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (NPF) -- system32\drivers\NPF.sys File not found
DRV - (LVUSBSta) -- system32\drivers\LVUSBSta.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (FilterService) -- system32\DRIVERS\lvuvcflt.sys File not found
DRV - (Changer) --  File not found
DRV - (Adfudilslu) --  File not found
DRV - (adfs) --  File not found
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo)
DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (acsmux) -- C:\WINDOWS\system32\drivers\acsmux.sys (Cisco Systems, Inc.)
DRV - (acsint) -- C:\WINDOWS\system32\drivers\acsint.sys (Cisco Systems, Inc.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (SMIUSBAVCALL) -- C:\WINDOWS\system32\drivers\SmiUsbGrabber3F.sys (Windows (R) Win 7 DDK provider)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (htcnprot) -- C:\WINDOWS\system32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (BANTExt) -- C:\WINDOWS\system32\drivers\BANTExt.sys ()
DRV - (hcw18bda) -- C:\WINDOWS\system32\drivers\hcw18bda.sys (Hauppauge Computer Works, Inc)
DRV - (APLMp50) -- C:\WINDOWS\system32\drivers\APLMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (PrivateDisk) -- C:\Program Files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys (Utimaco Safeware AG)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (pelusblf) -- C:\WINDOWS\system32\drivers\pelusblf.sys (Primax Electronics Ltd.)
DRV - (pelmouse) -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.)
DRV - (Icam4USB) -- C:\WINDOWS\system32\drivers\Icam4USB.sys (Microsoft Corporation)
DRV - (G400) -- C:\WINDOWS\system32\drivers\G400m.sys (Matrox Graphics Inc.)


[color=#E56717]========== Standard Registry (All) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkcentre [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4B CD 95 18 E7 9B 91 45 94 E3 A2 5F 5B A7 1A 5C  [binary data]
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkcentre [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4B CD 95 18 E7 9B 91 45 94 E3 A2 5F 5B A7 1A 5C  [binary data]
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4B CD 95 18 E7 9B 91 45 94 E3 A2 5F 5B A7 1A 5C  [binary data]
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4B CD 95 18 E7 9B 91 45 94 E3 A2 5F 5B A7 1A 5C  [binary data]
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-2621160978-2338274801-3040308891-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2621160978-2338274801-3040308891-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2621160978-2338274801-3040308891-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2621160978-2338274801-3040308891-1006\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4B CD 95 18 E7 9B 91 45 94 E3 A2 5F 5B A7 1A 5C  [binary data]
IE - HKU\S-1-5-21-2621160978-2338274801-3040308891-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-2621160978-2338274801-3040308891-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-2621160978-2338274801-3040308891-1006\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2621160978-2338274801-3040308891-1006\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2621160978-2338274801-3040308891-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2621160978-2338274801-3040308891-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2621160978-2338274801-3040308891-1006\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/?d=4d5df77f&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKU\S-1-5-21-2621160978-2338274801-3040308891-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2621160978-2338274801-3040308891-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7B35379F86-8CCB-4724-AE33-4278DE266C70%7D:1.0.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Paul\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/08 03:02:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 09:19:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\infoatoms@infoatoms.com: C:\Program Files\Mozilla Firefox\extensions\infoatoms@infoatoms.com [2013/04/11 18:49:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/11 18:50:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/11 18:49:43 | 000,000,000 | ---D | M]

[2010/06/09 21:37:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Extensions
[2010/06/09 21:37:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/04/30 23:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/03/31 19:59:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Extensions\home2@tomtom.com
[2013/05/08 21:49:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions
[2010/09/12 22:53:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/29 23:39:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2013/05/04 09:18:20 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/07/17 16:04:30 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\{93b9143a-7ab7-48da-8c8b-e64b2284c497}
[2011/12/24 00:40:44 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2012/05/16 21:39:22 | 000,000,000 | ---D | M] (Bcool) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\4fb3d29ee05ac@4fb3d29ee05e5.info
[2013/04/07 22:44:20 | 000,000,000 | ---D | M] (GetSavin) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\getsavin@jetpack
[2012/10/29 23:32:26 | 000,000,000 | ---D | M] (Yahoo! Axis for Firefox) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\jid1-vfCLiWMJHrGCNw@jetpack(2)
[2013/04/07 14:55:14 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/10/27 20:15:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\staged(2)
[2012/04/23 23:24:47 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\toolbar@alot.com
[2012/11/08 21:00:47 | 000,053,130 | ---- | M] () (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\remotexulmanager@xulforge.com.xpi
[2013/01/29 00:25:51 | 000,095,463 | ---- | M] () (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06}.xpi
[2013/05/08 21:49:32 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/03/03 11:17:54 | 000,269,007 | ---- | M] () (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/10/27 20:15:04 | 000,053,130 | ---- | M] () (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\staged(2)\remotexulmanager@xulforge.com.xpi
[2013/04/11 18:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/11 18:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/11 18:50:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/04/11 18:49:39 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files\Mozilla Firefox\extensions\infoatoms@infoatoms.com
[2013/04/07 22:44:19 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
[2013/04/11 18:50:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2011/11/03 02:59:20 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2006/05/16 04:50:00 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\NPJinit13126.dll
[2006/10/27 00:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2013/02/15 18:04:52 | 000,208,448 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/02/26 02:10:43 | 000,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2012/03/23 10:48:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2012/03/23 10:48:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2012/03/23 10:48:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2012/03/23 10:48:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2012/03/23 10:48:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2012/03/23 10:48:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2012/03/23 10:48:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/02/26 02:10:49 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/02/26 02:10:40 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2011/12/09 13:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/11/08 21:04:20 | 000,001,607 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012/11/08 21:04:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/01/10 21:02:32 | 000,001,453 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2013/01/10 21:02:32 | 000,002,669 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2013/02/20 21:14:57 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/11/08 21:04:20 | 000,001,391 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/11/08 21:04:20 | 000,001,309 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

[color=#E56717]========== Chrome  ==========[/color]

CHR - homepage: http://www.google.com
CHR - homepage: http://search.yahoo.com?type=937811&fr=spigot-yhp-ch
CHR - Extension: No name found = C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0\

O1 HOSTS File: ([2011/07/21 21:34:04 | 000,436,064 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 15010 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2621160978-2338274801-3040308891-1006\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TaskTray]  File not found
O4 - HKU\S-1-5-21-2621160978-2338274801-3040308891-1006..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe ()
O4 - HKU\S-1-5-18..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2621160978-2338274801-3040308891-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340400771796 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340400763250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FB27489-A5D1-4D3A-B9CE-1AADF79BF789}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE9E0D08-A833-44F5-A4E5-A1AC56088EF1}: Domain = vpn.gatech.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE9E0D08-A833-44F5-A4E5-A1AC56088EF1}: NameServer = 128.61.244.254,130.207.244.244
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AwayNotify: DllName - (C:\Program Files\Lenovo\AwayTask\AwayNotify.dll) - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\WINDOWS\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\WINDOWS\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 01:36:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{88ae1452-7bb7-11e1-b791-00059a3c7a00}\Shell - "" = AutoRun
O33 - MountPoints2\{88ae1452-7bb7-11e1-b791-00059a3c7a00}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{88ae1452-7bb7-11e1-b791-00059a3c7a00}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{abd1487a-b83d-11e0-b759-001617f92368}\Shell - "" = AutoRun
O33 - MountPoints2\{abd1487a-b83d-11e0-b759-001617f92368}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{abd1487a-b83d-11e0-b759-001617f92368}\Shell\AutoRun\command - "" = G:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/05/05 17:14:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Paul\Recent
[2013/04/30 23:32:47 | 000,000,000 | ---D | C] -- C:\bin
[2013/04/11 18:49:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Paul\*.tmp files -> C:\Documents and Settings\Paul\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/05/09 18:35:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2013/05/09 18:21:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/09 17:04:27 | 119,711,070 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2013/05/09 12:48:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/05/09 12:21:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/08 23:35:47 | 000,001,876 | -H-- | M] () -- C:\Documents and Settings\Paul\My Documents\Default.rdp
[2013/05/08 08:23:08 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft 
0

Which Web Browser are you using? Would you know how to charge your Home Page in your Browser settings? Also have a look at what extensions are running in your Browser.

Install Superantispyware and run a full sweep. Superantispyware, although from a different Vendor, works hand-in-hand with Malwarebytes

0

Hi guys,
Thanks for the help. I didn't think to try the virus removal from my antivirus. Duh.

I'm using Firefox. I know how to change the home page, and look at extensions. I will try Superantispyware again, although I've run it before.

0

This... "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop ... is a concern. I'm busy right now, but will get back to you.

0

Start OTL. Under the Custom Scans/Fixes paste in the following, then click Run Fix button at top.

:OTL
SRV - (RPCQT) -- C:\WINDOWS\system32\Rpcqt.dll File not found
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (PID_PEPI) -- system32\DRIVERS\LV302V32.SYS File not found
DRV - (pepifilter) -- system32\DRIVERS\lv302af.sys File not found
DRV - (LVUSBSta) -- system32\drivers\LVUSBSta.sys File not found
DRV - (FilterService) -- system32\DRIVERS\lvuvcflt.sys File not found
DRV - (Adfudilslu) --  File not found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4B CD 95 18 E7 9B 91 45 94 E3 A2 5F 5B A7 1A 5C  [binary data]
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4B CD 95 18 E7 9B 91 45 94 E3 A2 5F 5B A7 1A 5C  [binary data]
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4B CD 95 18 E7 9B 91 45 94 E3 A2 5F 5B A7 1A 5C  [binary data]
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2621160978-2338274801-3040308891-1006\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4B CD 95 18 E7 9B 91 45 94 E3 A2 5F 5B A7 1A 5C  [binary data]
IE - HKU\S-1-5-21-2621160978-2338274801-3040308891-1006\..\SearchScopes,DefaultScope = 

FF - prefs.js..extensions.enabledAddons: %7B35379F86-8CCB-4724-AE33-4278DE266C70%7D:1.0.8
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
[2012/04/23 23:24:47 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\toolbar@alot.com
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [TaskTray]  File not found

:REG
[HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-

[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-

[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-


[HKU\S-1-5-21-2621160978-2338274801-3040308891-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-

:Files
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[CREATERESTOREPOINT]
[Reboot]

Next,remove all versions of Java other than Vsn 1.7. Update Java.
Please download and run HAMeb_check.exe from http://noahdfear.net/downloads/HAMeb_check.exe
Post the log from OTL and from HAMeb_check.

Edited by gerbil

0

Thanks so much for the help, gerbil. The OTL log is below. I did as you posted above, although when I attempted to go the noadfear page, I received this message and did not proceed:

Reported Attack Page!

      This web page at www.ifighi.net has been reported as an attack page and has been blocked based on your security preferences.

     Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.



All processes killed
========== OTL ==========
Service RPCQT stopped successfully!
Service RPCQT deleted successfully!
File  C:\WINDOWS\system32\Rpcqt.dll File not found not found.
Service RimUsb stopped successfully!
Service RimUsb deleted successfully!
File  System32\Drivers\RimUsb.sys File not found not found.
Service PID_PEPI stopped successfully!
Service PID_PEPI deleted successfully!
File  system32\DRIVERS\LV302V32.SYS File not found not found.
Service pepifilter stopped successfully!
Service pepifilter deleted successfully!
File  system32\DRIVERS\lv302af.sys File not found not found.
Service LVUSBSta stopped successfully!
Service LVUSBSta deleted successfully!
File  system32\drivers\LVUSBSta.sys File not found not found.
Service FilterService stopped successfully!
Service FilterService deleted successfully!
File  system32\DRIVERS\lvuvcflt.sys File not found not found.
Error: No service named Adfudilslu was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Adfudilslu deleted successfully.
File  File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-2621160978-2338274801-3040308891-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKEY_USERS\S-1-5-21-2621160978-2338274801-3040308891-1006\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: %7B35379F86-8CCB-4724-AE33-4278DE266C70%7D:1.0.8 removed from extensions.enabledAddons
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\toolbar@alot.com\META-INF folder moved successfully.
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\toolbar@alot.com\gen folder moved successfully.
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\toolbar@alot.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\toolbar@alot.com\defaults folder moved successfully.
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\toolbar@alot.com\components folder moved successfully.
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\toolbar@alot.com\chrome folder moved successfully.
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tvrwenaa.default\extensions\toolbar@alot.com folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TaskTray deleted successfully.
File U\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main] not found.
File U\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main] not found.
File U\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main] not found.
File U\S-1-5-21-2621160978-2338274801-3040308891-1006\SOFTWARE\Microsoft\Internet Explorer\Main] not found.
File PTYTEMP] not found.
File EATERESTOREPOINT] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 05112013_200528

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
0

Hmm... you must have been redirected. The link I posted is to this site, http://noahdfear.net, which is VERY safe. ifighi.net I do not know, but Google also does have it as a "damaging" site. Load this URL, http://noahdfear.net/downloads/HAMeb_check.exe into an unaffected computer, download the file and copy it into your sys via UFD [usb key]. I am trying to find why this port is open :"3389:TCP" = 3389:TCP::Enabled:Remote Desktop ... in any event, leaving that port open puts you at risk of automated net scans which search for that port on systems, and download malware into it. Naturally, some malwares like to force it open, eg MBR rootkits. We're checking for them.

Part of that fix did not run; I have put the offending part in a plain text block below - please copy it into OTL's Custom Scans/Fixes as before and then press Run Fix.
Post OTL and HAMeb_check logs.

:Reg
[HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-

[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-

[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-

[HKU\S-1-5-21-2621160978-2338274801-3040308891-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-

:Files
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[CREATERESTOREPOINT]

Edited by gerbil

0

Thanks again for the help. Btw, I use the Remote Desktop Connection to connect to my computer at work, not sure if that helps. Here are the two logs below:

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 36398 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 916008 bytes

User: Owner

User: Paul
->Temp folder emptied: 21897711 bytes
->Temporary Internet Files folder emptied: 237863612 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 551132755 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 66544 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 109681 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33356 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 653019058 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 130715 bytes
RecycleBin emptied: 50176 bytes

Total Files Cleaned = 1,397.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 05122013_100818

Files\Folders moved on Reboot...
C:\Documents and Settings\Paul\Local Settings\Temp\JavaDeployReg.log moved successfully.
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\~DFD047.tmp not found!
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\~DFD10A.tmp not found!
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\~DFD1D7.tmp not found!
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\~DFD1E7.tmp not found!
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\~DFD2D0.tmp not found!
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\~DFD2DC.tmp not found!
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\UR0LJYN4\men-footwear-clogs,default,sc[1].html moved successfully.
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\3JNBYN4Y\GothaRouLig[1].eot moved successfully.
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\3JNBYN4Y\museosansrounded-300-webfont[1].eot moved successfully.
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\3JNBYN4Y\museosansrounded-700-webfont[1].eot moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...





Account active               No
Local Group Memberships      

 ~~ Checking profile list ~~

No HelpAssistant profile in registry

 ~~ Checking for HelpAssistant directories ~~

none found

 ~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
kernel: MBR read successfully
user & kernel MBR OK 
copy of MBR has been found in sector 0x012A18AC1 
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !

 ~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
   ServiceDll   REG_EXPAND_SZ   %SystemRoot%\System32\termsrv.dll

 ~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
   "3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
   "65533:TCP"=65533:TCP:*:Enabled:Services
   "52344:TCP"=52344:TCP:*:Enabled:Services
   "9779:TCP"=9779:TCP:*:Enabled:Services
   "9780:TCP"=9780:TCP:*:Enabled:Services

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
   "3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
   "65533:TCP"=65533:TCP:*:Enabled:Services
   "52344:TCP"=52344:TCP:*:Enabled:Services
   "9779:TCP"=9779:TCP:*:Enabled:Services
   "9780:TCP"=9780:TCP:*:Enabled:Services


 ~~ EOF ~~
0

When you ran the first OTL fix it appeared as if some leading characters in lower lines were missing, starting at :Reg.
The second time, it appears as it the command :Reg was missing, so the registry fixes were ignored [the first command picked up was :Files]. :Reg is a necessary command, to be included!
Please run this code in OTL [it will be v quick]:

:Reg
 [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
 "XMLHTTP_UUID_Default"=-

[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
 "XMLHTTP_UUID_Default"=-

[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
 "XMLHTTP_UUID_Default"=-

[HKU\S-1-5-21-2621160978-2338274801-3040308891-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
 "XMLHTTP_UUID_Default"=-

The other check showed no problems. Are you experiencing any redirections now? You could check with that noahdfear.net link above.

0

Thanks again for all of your time. Sorry if I screwed up the OTL before. I am still getting some hijackings. Here's the lastest log.

========== REGISTRY ==========
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\XMLHTTP_UUID_Default not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\XMLHTTP_UUID_Default not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\XMLHTTP_UUID_Default not found.
Registry value HKEY_USERS\S-1-5-21-2621160978-2338274801-3040308891-1006\SOFTWARE\Microsoft\Internet Explorer\Main\XMLHTTP_UUID_Default not found.

OTL by OldTimer - Version 3.2.69.0 log created on 05122013_223018

0

Ha. Okay, it must have worked at some stage, but did not report.
Re hijacks, I'll run through the original OTL again, later.

Edited by gerbil

0

Hi gerbil,
I appreciate your prior help. I was really busy for a couple of weeks and had to let it go. I'm ready to tackle my problem again. Below is the TDSSKiller log. I tried running ASWMBR and GMER, but they both hung up and neither would complete. I'm still getting a lot of redirection. Typically, any link I click on goes to the site I clicked on, but also opens up another window with some unwanted wwebsite. Thanks again for your help.

2013/05/28 21:35:13.0132    TDSS rootkit removing tool 2.4.10.0 Nov 28 2010 18:35:56
2013/05/28 21:35:13.0132    ================================================================================
2013/05/28 21:35:13.0132    SystemInfo:
2013/05/28 21:35:13.0132    
2013/05/28 21:35:13.0132    OS Version: 5.1.2600 ServicePack: 3.0
2013/05/28 21:35:13.0132    Product type: Workstation
2013/05/28 21:35:13.0132    ComputerName: GNAT
2013/05/28 21:35:13.0132    UserName: Paul
2013/05/28 21:35:13.0132    Windows directory: C:\WINDOWS
2013/05/28 21:35:13.0132    System windows directory: C:\WINDOWS
2013/05/28 21:35:13.0132    Processor architecture: Intel x86
2013/05/28 21:35:13.0132    Number of processors: 2
2013/05/28 21:35:13.0132    Page size: 0x1000
2013/05/28 21:35:13.0132    Boot type: Normal boot
2013/05/28 21:35:13.0132    ================================================================================
2013/05/28 21:35:14.0242    Initialize success
2013/05/28 21:35:17.0414    ================================================================================
2013/05/28 21:35:17.0414    Scan started
2013/05/28 21:35:17.0414    Mode: Manual; 
2013/05/28 21:35:17.0414    ================================================================================
2013/05/28 21:35:21.0304    abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2013/05/28 21:35:21.0882    ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2013/05/28 21:35:22.0523    ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2013/05/28 21:35:22.0976    acsint          (d2523d28674b03976afc1ab6ef712f27) C:\WINDOWS\system32\DRIVERS\acsint.sys
2013/05/28 21:35:23.0445    acsmux          (9a7d29dae24a01dcd33d8f563559b3ab) C:\WINDOWS\system32\DRIVERS\acsmux.sys
2013/05/28 21:35:24.0304    ADIHdAudAddService (71f6893a36ae4c8c23c9d1c1d8746318) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2013/05/28 21:35:24.0851    adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2013/05/28 21:35:25.0398    AEAudio         (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
2013/05/28 21:35:25.0820    aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2013/05/28 21:35:26.0351    AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
2013/05/28 21:35:26.0726    agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2013/05/28 21:35:27.0117    agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2013/05/28 21:35:27.0710    Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2013/05/28 21:35:28.0273    aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2013/05/28 21:35:28.0726    aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2013/05/28 21:35:29.0101    AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2013/05/28 21:35:29.0617    alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2013/05/28 21:35:30.0164    amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2013/05/28 21:35:30.0664    AmdK8           (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2013/05/28 21:35:31.0085    amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2013/05/28 21:35:31.0570    Andbus          (3e59df4984fbd6800d6621480b38a34e) C:\WINDOWS\system32\DRIVERS\lgandbus.sys
2013/05/28 21:35:32.0179    AndDiag         (8e0bf6f3b2c9c292bc7ce0de727cdd56) C:\WINDOWS\system32\DRIVERS\lganddiag.sys
2013/05/28 21:35:32.0695    AndGps          (1d2c90e25483363d54b652898bbc8f2a) C:\WINDOWS\system32\DRIVERS\lgandgps.sys
2013/05/28 21:35:33.0148    ANDModem        (b1b06a95da2cac7fa19832c60c348c85) C:\WINDOWS\system32\DRIVERS\lgandmodem.sys
2013/05/28 21:35:33.0632    APLMp50         (1bf91f352d746ad7469fa71783b5fae8) C:\WINDOWS\system32\Drivers\APLMp50.sys
2013/05/28 21:35:34.0226    asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2013/05/28 21:35:34.0804    asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2013/05/28 21:35:35.0148    asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2013/05/28 21:35:35.0679    AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2013/05/28 21:35:36.0195    atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2013/05/28 21:35:36.0804    Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2013/05/28 21:35:37.0148    audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2013/05/28 21:35:37.0398    AVGIDSDriver    (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2013/05/28 21:35:37.0757    AVGIDSEH        (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2013/05/28 21:35:38.0054    AVGIDSFilter    (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2013/05/28 21:35:38.0414    AVGIDSShim      (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2013/05/28 21:35:38.0835    Avgldx86        (901eb73f900d8dd1e8862c40427b83ae) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2013/05/28 21:35:39.0273    Avgmfx86        (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2013/05/28 21:35:39.0523    Avgrkx86        (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2013/05/28 21:35:39.0820    Avgtdix         (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2013/05/28 21:35:40.0101    avgtp           (cae7b6e4d7eb17829c526153d19b9c95) C:\WINDOWS\system32\drivers\avgtpx86.sys
2013/05/28 21:35:40.0335    b57w2k          (452649bd89ce0775cf3e25ec2a5b348d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2013/05/28 21:35:40.0632    BANTExt         (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2013/05/28 21:35:40.0867    Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2013/05/28 21:35:41.0070    cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2013/05/28 21:35:41.0242    cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2013/05/28 21:35:41.0585    CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2013/05/28 21:35:41.0929    cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2013/05/28 21:35:42.0242    Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2013/05/28 21:35:42.0539    Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2013/05/28 21:35:42.0882    Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2013/05/28 21:35:43.0273    CmdIde          (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2013/05/28 21:35:43.0648    Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2013/05/28 21:35:43.0898    dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2013/05/28 21:35:44.0132    dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2013/05/28 21:35:44.0351    Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2013/05/28 21:35:44.0757    DLABOIOM        (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2013/05/28 21:35:45.0023    DLACDBHM        (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2013/05/28 21:35:45.0242    DLADResN        (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS
2013/05/28 21:35:45.0476    DLAIFS_M        (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2013/05/28 21:35:45.0804    DLAOPIOM        (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2013/05/28 21:35:46.0101    DLAPoolM        (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2013/05/28 21:35:46.0398    DLARTL_N        (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2013/05/28 21:35:46.0632    DLAUDFAM        (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2013/05/28 21:35:46.0976    DLAUDF_M        (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2013/05/28 21:35:47.0414    dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2013/05/28 21:35:48.0023    dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2013/05/28 21:35:48.0289    dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2013/05/28 21:35:48.0570    DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2013/05/28 21:35:48.0914    dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2013/05/28 21:35:49.0117    drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2013/05/28 21:35:49.0398    DRVMCDB         (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2013/05/28 21:35:49.0835    DRVNDDM         (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2013/05/28 21:35:50.0179    E100B           (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2013/05/28 21:35:50.0554    EGATHDRV        (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
2013/05/28 21:35:50.0851    Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2013/05/28 21:35:51.0242    Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2013/05/28 21:35:51.0460    Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2013/05/28 21:35:51.0742    Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2013/05/28 21:35:52.0023    FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2013/05/28 21:35:52.0335    Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2013/05/28 21:35:52.0601    Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2013/05/28 21:35:52.0929    G400            (36feb2ddce5f84128c2a8dbc60538dad) C:\WINDOWS\system32\DRIVERS\G400m.sys
2013/05/28 21:35:53.0257    GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2013/05/28 21:35:53.0585    Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2013/05/28 21:35:54.0023    hcw18bda        (e5b3eb916ef245075a243821ff7320d5) C:\WINDOWS\system32\drivers\hcw18bda.sys
2013/05/28 21:35:54.0539    HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
2013/05/28 21:35:54.0851    HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2013/05/28 21:35:55.0148    HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2013/05/28 21:35:55.0460    hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2013/05/28 21:35:55.0773    HPZid412        (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2013/05/28 21:35:55.0976    HPZipr12        (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2013/05/28 21:35:56.0164    HPZius12        (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2013/05/28 21:35:56.0398    HTCAND32        (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
2013/05/28 21:35:56.0710    htcnprot        (04e3b3554076b8192a668efe88a682a1) C:\WINDOWS\system32\DRIVERS\htcnprot.sys
2013/05/28 21:35:57.0085    HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2013/05/28 21:35:57.0367    i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2013/05/28 21:35:58.0023    i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2013/05/28 21:35:58.0304    i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2013/05/28 21:35:58.0804    iaStor          (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2013/05/28 21:35:59.0367    Icam4USB        (222f74130a2e3a2ed655226d97f03812) C:\WINDOWS\system32\Drivers\Icam4USB.sys
2013/05/28 21:35:59.0632    Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2013/05/28 21:35:59.0835    ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2013/05/28 21:36:00.0054    IntelIde        (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2013/05/28 21:36:00.0257    Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2013/05/28 21:36:00.0460    IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2013/05/28 21:36:00.0664    IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2013/05/28 21:36:00.0976    IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2013/05/28 21:36:01.0414    IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2013/05/28 21:36:01.0695    IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2013/05/28 21:36:01.0898    isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2013/05/28 21:36:02.0117    Iviaspi         (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2013/05/28 21:36:02.0414    Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2013/05/28 21:36:02.0804    kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2013/05/28 21:36:03.0101    KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2013/05/28 21:36:03.0726    LVRS            (ba1347822d01b2d29c14cf09663a6457) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2013/05/28 21:36:05.0117    LVUVC           (e2c99d3b692ba2173114c9df79313b70) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2013/05/28 21:36:06.0570    mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2013/05/28 21:36:06.0804    Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2013/05/28 21:36:07.0054    Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2013/05/28 21:36:07.0257    mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2013/05/28 21:36:07.0492    MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2013/05/28 21:36:07.0695    MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2013/05/28 21:36:08.0085    mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2013/05/28 21:36:08.0460    MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2013/05/28 21:36:08.0945    MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2013/05/28 21:36:09.0304    Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2013/05/28 21:36:09.0601    MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2013/05/28 21:36:09.0914    MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2013/05/28 21:36:10.0257    MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2013/05/28 21:36:10.0554    mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2013/05/28 21:36:10.0773    MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2013/05/28 21:36:11.0007    Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2013/05/28 21:36:11.0257    NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2013/05/28 21:36:11.0664    NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2013/05/28 21:36:12.0039    NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2013/05/28 21:36:12.0304    NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2013/05/28 21:36:12.0523    Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2013/05/28 21:36:12.0742    NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2013/05/28 21:36:13.0007    NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2013/05/28 21:36:13.0273    NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2013/05/28 21:36:13.0601    NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2013/05/28 21:36:13.0882    nm              (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2013/05/28 21:36:14.0257    Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2013/05/28 21:36:14.0601    Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2013/05/28 21:36:14.0929    Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2013/05/28 21:36:16.0070    nv              (c82f94077e2497e6685da208e2f75b43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2013/05/28 21:36:17.0226    NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2013/05/28 21:36:17.0429    NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2013/05/28 21:36:17.0695    Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2013/05/28 21:36:17.0929    PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2013/05/28 21:36:18.0117    ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2013/05/28 21:36:18.0382    PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2013/05/28 21:36:18.0742    PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2013/05/28 21:36:18.0976    Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2013/05/28 21:36:20.0195    pelmouse        (e541a80cdffd6077c761b4578efc0450) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
2013/05/28 21:36:20.0554    pelusblf        (6432858a4493e906a7d61b9b17a0672a) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
2013/05/28 21:36:20.0820    perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2013/05/28 21:36:21.0148    perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2013/05/28 21:36:21.0476    pmem            (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
2013/05/28 21:36:21.0835    pnarp           (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys
2013/05/28 21:36:22.0117    PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2013/05/28 21:36:22.0335    PrivateDisk     (ebe579425ccb8377bfc7c0b50c05eb56) C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
2013/05/28 21:36:22.0710    PROCDD          (6f9e6e874fd74ee6dd0bbecde9d3f795) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
2013/05/28 21:36:23.0039    Processor       (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2013/05/28 21:36:23.0398    psadd           (7c1371d4704923316f7cd291049932df) C:\WINDOWS\system32\Drivers\psadd.sys
2013/05/28 21:36:23.0726    PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2013/05/28 21:36:24.0039    Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2013/05/28 21:36:24.0304    purendis        (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys
2013/05/28 21:36:24.0570    PxHelp20        (b6a1692fc131f1fe5162513d78a9b6fc) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2013/05/28 21:36:24.0882    ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2013/05/28 21:36:25.0101    Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2013/05/28 21:36:25.0367    ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2013/05/28 21:36:25.0617    ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2013/05/28 21:36:25.0867    ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2013/05/28 21:36:26.0070    RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2013/05/28 21:36:26.0304    Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2013/05/28 21:36:26.0539    RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2013/05/28 21:36:26.0773    Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2013/05/28 21:36:27.0023    Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2013/05/28 21:36:27.0242    RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2013/05/28 21:36:27.0554    rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2013/05/28 21:36:27.0960    RDPWD           (43af5212bd8fb5ba6eed9754358bd8f7) C:\WINDOWS\system32\drivers\RDPWD.sys
2013/05/28 21:36:28.0257    redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2013/05/28 21:36:28.0523    RimVSerPort     (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2013/05/28 21:36:28.0757    ROOTMODEM       (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2013/05/28 21:36:29.0210    rt2870          (84beaf4a13a36cb9bb0663df9089cea2) C:\WINDOWS\system32\DRIVERS\rt2870.sys
2013/05/28 21:36:29.0507    SASDIFSV        (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2013/05/28 21:36:29.0570    SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2013/05/28 21:36:29.0945    SCDEmu          (c23dbd9bfba8b1170706e0896b3cf7da) C:\WINDOWS\system32\drivers\SCDEmu.sys
2013/05/28 21:36:30.0304    Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2013/05/28 21:36:30.0679    SenFiltService  (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
2013/05/28 21:36:31.0023    serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2013/05/28 21:36:31.0242    Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2013/05/28 21:36:31.0460    Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2013/05/28 21:36:31.0851    sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2013/05/28 21:36:32.0085    SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2013/05/28 21:36:32.0195    smi2            (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Program Files\SMI2\smi2.sys
2013/05/28 21:36:32.0585    SMIUSBAVCALL    (244fc35647663027870ccd0f73ec21b7) C:\WINDOWS\system32\Drivers\SmiUsbGrabber3F.sys
2013/05/28 21:36:32.0992    Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2013/05/28 21:36:33.0257    splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2013/05/28 21:36:33.0476    sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2013/05/28 21:36:33.0851    Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2013/05/28 21:36:34.0273    streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2013/05/28 21:36:34.0554    swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2013/05/28 21:36:34.0898    swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2013/05/28 21:36:35.0242    symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2013/05/28 21:36:35.0539    symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2013/05/28 21:36:35.0851    sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2013/05/28 21:36:36.0179    sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2013/05/28 21:36:36.0460    sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2013/05/28 21:36:36.0773    tbhsd           (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
2013/05/28 21:36:37.0226    Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2013/05/28 21:36:37.0585    TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2013/05/28 21:36:37.0820    TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2013/05/28 21:36:38.0023    TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2013/05/28 21:36:38.0257    TosIde          (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2013/05/28 21:36:38.0539    tvtfilter       (034e58ba89731b5d1634e85b4e37ee0b) C:\WINDOWS\system32\drivers\tvtfilter.sys
2013/05/28 21:36:38.0867    TVTPktFilter    (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
2013/05/28 21:36:39.0226    Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2013/05/28 21:36:39.0539    ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2013/05/28 21:36:39.0851    Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2013/05/28 21:36:40.0164    USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
2013/05/28 21:36:40.0398    usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2013/05/28 21:36:40.0617    usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2013/05/28 21:36:40.0835    usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2013/05/28 21:36:41.0070    usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2013/05/28 21:36:41.0289    usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2013/05/28 21:36:41.0507    usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2013/05/28 21:36:41.0757    usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2013/05/28 21:36:42.0023    USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2013/05/28 21:36:42.0382    usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2013/05/28 21:36:42.0726    usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2013/05/28 21:36:42.0992    VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2013/05/28 21:36:43.0289    viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2013/05/28 21:36:43.0632    ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2013/05/28 21:36:43.0960    VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2013/05/28 21:36:44.0195    vpnva           (fddafa1c89b0b07494af5879f7ece857) C:\WINDOWS\system32\DRIVERS\vpnva.sys
2013/05/28 21:36:44.0429    Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2013/05/28 21:36:44.0757    Wdf01000        (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\Drivers\wdf01000.sys
2013/05/28 21:36:45.0242    wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2013/05/28 21:36:45.0523    WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2013/05/28 21:36:45.0601    ================================================================================
2013/05/28 21:36:45.0601    Scan finished
2013/05/28 21:36:45.0601    ================================================================================
0

That's a pretty old version of TDSSKiller that you ran. Would you download a fresh version from this site... http://support.kaspersky.com/downloads/utils/tdsskiller.exe ....and run that; post the log.
Get ADWCleaner from http://www.bleepingcomputer.com/download/adwcleaner/
Get Roguekiller from http://www.bleepingcomputer.com/download/roguekiller/
- Scan with ADWCleaner, post that log before deleting objects.
- Start Roguekiller, wait for the pre-scan to complete, accept the agreement that pops [the DRV block in top right of main window should be green] and then press Scan. When finished, a RK log icon will appear on your desktop [else press Report]; post that log.

0

and check for any tiny partition on your hard drive that should not be there
sometimes things hide in there that if not removed will keep on reloading each time your pc is booted up
Typical Sign of MBR Virus Infection – You still encounter virus activity (e.g. redirected webpages etc) even after you ‘successfully’ removed all viruses (and multiple full virus scans with different antivirus programs found no more viruses).

This happens because the MBR virus is hidden outside of Windows so standard antivirus programs cannot find it – as fast as you clean up Windows, the MBR virus reinfects it the next time you restart. For this reason it is really important that after you have removed all viruses from within Windows you check the MBR is virus free - even if you plan to format and reinstall Windows again from scratch.

Warning: checking and fixing MBR code is for Advanced users – you should always have a full backup of your important data before trying any MBR fix as there is potential to corrupt partition tables, preventing Windows from loading and possibly losing all data stored on the hard drive!

If you suspect a MBR virus you should run several specific MBR checks:

  1. Avast’s Detector – Download Avast’s MBR infection detector aswMBR.exe from here. Follow the instructions on the download page to run it and scan for any infections. If the MBR scan report says ‘Windows XP/Vista/7 default MBR code’ as shown in the bottom line of example below you have standard Windows MBR code i.e. no MBR virus.

aswMBR

Note that non-standard MBR code is not necessarily a result of virus infection – it may contain code written by your computer’s manufacturer that would be used to let you restore your computer back to factory settings (i.e. as it was when you first bought it).

MBR infections may be fixed by Avast’s FixMBR option to replace with Windows default MBR code – you will need to restart your computer after fixing then rerun the tool again to check that no further MBR infection is found (hopefully this time it will find ‘Windows XP/Vista/7 default MBR code’.

Warning: Fixing the MBR involves erasing it and recreating with a standard default set of MBR code for your version of Windows i.e. you would no longer be able to use the manufacturer’s factory restore method to reinstall Windows!

  1. GMER’s Detector – Download GMER’s MBR Rootkit Detector mbr.exe – halfway down the page here. Run it and the program quickly creates a file called ‘mbr.log’ in the directory where you saved the mbr.exe program.

Open the mbr.log text file and see if it indicates that your MBR is legitimate – the user and kernel MBR should give the following report if the MBR is clean:

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

If the MBR code is not legitimate you can use one of the other 3 methods to fix it (my personal favorite is Avast’s utility in method 1 above).

  1. MBRCheck.exe detector – Download from geekstogo website here and run the program to check for a non-standard or infected MBR – the example below shows MBR that is standard i.e. ‘Windows XP’ code (not infected)

MBRCheck1

If non-standard or infected MBR is found, you will need to follow the menu options carefully to ‘Restore the MBR with a standard boot code’ then choose the physical disk number to fix (usually disk 0 zero) and select the MBR code for your version of Windows e.g. XP, Vista or Windows 7. Finally, confirm you wish to change the code.

  1. Use A Windows Recovery CD/DVD To Fix MBR – You can use a Windows installation disk to repair a corrupted or virus infected MBR by replacing it with standard Windows MBR code – this is especially useful if you attempted a fix using one of the first 3 methods and it left your computer unable to start up:

XP

Boot using an XP Installation disk to the Recovery Console
After logging into the Administrator account (usually with a blank password), at the Command Prompt, type in the command
fixmbr
Press Enter to replace the MBR and then restart your computer.

Vista & Windows 7

Boot using a Recovery CD or Vista/7 Installation DVD to the Recovery Environment
At the System Recovery Options menu choose ‘Command Prompt’
At the command prompt type in the command:
bootrec /fixmbr
Press Enter to replace the MBR and then restart your computer.

Conclusion

It is not advisable to replace the MBR unless you have good reason (e.g. it is infected with a virus) – if it goes wrong a corrupted MBR can result in Windows not starting or even cause loss of all data stored on the hard drive. Replacing the MBR with standard Windows code may also result in the loss of the manufacturer’s factory restore options.

However, if a MBR is infected by a virus there is little choice other than to replace the MBR code with a known good default alternative and this should be done even if you intend to format and reinstall Windows.

hope this helps

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.