full page ads

[mailliw]

I use Firefox and Ad-ware, yet lately when I try going to a website it goes to a full page ad. I can go back and try again and get the right page, it does this on FaceBook also. How can I stop this, is it some kind of virus or what? Thank You

 

[johnb35]

Since you are using Firefox, just install Adblock plus.

https://addons.mozilla.org/en-us/firefox/addon/adblock-plus/

And a word of advice here.

Get rid of adaware and download and install malwarebytes. And you might as well do the following to scan your system.
1.

Please download AdwCleaner by Xplode onto your Desktop.

•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with OK
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.


2.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Vista and Windows 7 users must right click on the hijackthis icon and click on run as. If the run as option doesn't appear then press and hold the shift key while right clicking on the icon to get it to appear.


Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

 

[mailliw]

I have Adblock-plus instead of ad-ware. I ran the programs you asked and here are tre log files.
# AdwCleaner v2.302 - Logfile created 06/08/2013 at 12:58:13
# Updated 06/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Compaq_Administrator - JERRIESCOMPUTER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Compaq_Administrator.JERRIESCOMPUTER\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : WebCake Desktop Updater

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Updater By SweetPacks
File Deleted : C:\Documents and Settings\All Users\Desktop\eBay.lnk
File Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\eBay.lnk
File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
Folder Deleted : C:\Documents and Settings\All Users\Application Data\GamesBar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\GamesBar
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DefaultTab
Folder Deleted : C:\Program Files\GamesBar
Folder Deleted : C:\Program Files\GamingWonderland
Folder Deleted : C:\Program Files\registry mechanic
Folder Deleted : C:\Program Files\Supreme Savings
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\WebCake
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Deleted : C:\WINDOWS\system32\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\59558fdab435e440
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
Key Deleted : HKLM\Software\iWon
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CouponAlert_2pbar Uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vid-Saver
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\WNLT
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WebCake Desktop]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={2AC8A65F-CF9F-11E2-BF99-000EA6F6B9F0} --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={2AC8A65F-CF9F-11E2-BF99-000EA6F6B9F0} --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (en-US)

-\\ Google Chrome v27.0.1453.110

*************************

AdwCleaner[R1].txt - [17841 octets] - [08/06/2013 12:48:06]
AdwCleaner[S1].txt - [17598 octets] - [08/06/2013 12:58:13]

########## EOF - C:\AdwCleaner[S1].txt - [17659 octets] ##########
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.08.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Compaq_Administrator :: JERRIESCOMPUTER [administrator]

6/8/2013 1:09:40 PM
mbam-log-2013-06-08 (13-09-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260660
Time elapsed: 28 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:27 PM, on 6/8/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\QuickTime\qttask.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\LTCM Client\ltcmScheduler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: Unit - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Documents and Settings\Compaq_Administrator.JERRIESCOMPUTER\Local Settings\Application Data\UnitLayers\temp.dat
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Updater By SweetPacks Helper - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll (file missing)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SearchEngineProtection] C:\Program Files\Gamesbar\SearchEngineProtection.exe
O4 - HKCU\..\Run: [ltcmScheduler] C:\Program Files\LTCM Client\ltcmScheduler.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 845"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1367132703562
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: EPSON V3 Service4(05) (EPSON_PM_RPCV4_05) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\RpcAgentSrv.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: Updater By SweetPacks - Unknown owner - C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11566 bytes
Maybe this will help you help me. Thank You.

 

[mailliw]

I have ran all the spyware, adware and virus I have and still the same problem. When I click to go to any site it goes to a site wanting me to complete a survey or offers to get a big gift card. I click back and it just reloads the same page. Only way to get out is close the window. HELP

 

[johnb35]

Sorry but I forgot to post on this when I got home last night. Can you run tdsskiller and combofix and post the logs for me. Can't give you download links as I'm on my phone at work.

 

[Punk]

Here you go:


Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.

After trying to clean them it will pop up with the results of the scan and its actions.

Please reboot the system if asked to do so.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

Please open the log and copy and paste it back here.


Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  Combofix
  
  
• When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
• Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
  
  
  
• We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
  
  
• Close all open Windows including this one.
  
• Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
  Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  
• Please click on I agree on the disclaimer window.
• ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
  
  
  
  
  
• ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
  
  
  
  
  
• Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
  
  
  
  
  
• At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  
• Please click on yes in the next window to continue scanning for malware.
  
• ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  
• ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  
• While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
  
  
  
  
  
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  
• When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  
• Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
  

In your next reply please post:

• The ComboFix log
• TDSSKiller log
• An update on how your computer is running

 

[mailliw]

ComboFix 13-06-08.02 - Compaq_Administrator 06/09/2013 17:27:57.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.257 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator.JERRIESCOMPUTER\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Compaq_Administrator.JERRIESCOMPUTER\Local Settings\Application Data\UnitLayers\teMP.dat
.
.
((((((((((((((((((((((((( Files Created from 2013-05-09 to 2013-06-09 )))))))))))))))))))))))))))))))
.
.
2013-06-08 12:31 . 2013-06-08 12:31 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-06-07 19:35 . 2013-06-07 19:38 -------- d-----w- c:\documents and settings\Compaq_Administrator.JERRIESCOMPUTER\.gimp-2.6
2013-06-07 18:24 . 2013-06-07 18:25 -------- d-----w- c:\documents and settings\Compaq_Administrator.JERRIESCOMPUTER\Application Data\WebCake
2013-06-07 18:23 . 2013-06-09 22:41 -------- d-----w- c:\documents and settings\Compaq_Administrator.JERRIESCOMPUTER\Local Settings\Application Data\UnitLayers
2013-06-07 18:23 . 2013-06-08 18:05 -------- d-----w- c:\program files\Updater By SweetPacks
2013-06-07 18:22 . 2013-02-05 07:25 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-06-07 18:22 . 2013-02-05 07:25 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-06-07 18:22 . 2013-02-05 07:25 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-06-07 06:42 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{CEB8621A-262E-4470-9575-2124A9F786E5}\mpengine.dll
2013-05-24 12:52 . 2013-05-24 12:52 -------- d-----w- c:\documents and settings\Compaq_Administrator.JERRIESCOMPUTER\Local Settings\Application Data\AdaptivePlayer
2013-05-24 12:52 . 2013-05-31 22:33 -------- d-----w- c:\documents and settings\Compaq_Administrator.JERRIESCOMPUTER\Local Settings\Application Data\BlockbusterOnDemand_cache
2013-05-24 12:50 . 2013-05-24 12:51 -------- d-----w- c:\documents and settings\Compaq_Administrator.JERRIESCOMPUTER\Local Settings\Application Data\Blockbuster On Demand
2013-05-19 10:30 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-05-19 10:30 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2013-05-11 15:50 . 2013-05-12 14:07 1409 ----a-w- c:\windows\QTFont.for
2013-05-11 08:03 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-11 08:03 . 2013-05-11 08:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 21:51 . 2012-10-28 02:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-14 21:51 . 2011-09-26 18:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-13 06:19 . 2010-09-04 02:28 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-05-09 08:59 . 2013-03-03 07:11 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-03-03 07:11 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2011-09-26 19:24 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2011-09-26 19:24 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2011-09-26 19:24 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-03-03 07:11 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2011-09-26 19:24 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2011-09-26 19:24 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2011-09-26 19:24 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-09-26 19:24 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-02 08:32 . 2006-12-29 06:57 1131008 ----a-w- c:\windows\system32\drivers\bcmwl6.sys
2013-05-02 07:06 . 2011-07-13 13:36 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-16 22:17 . 2004-08-10 04:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2004-08-10 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2004-08-10 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2004-08-10 04:00 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2011-04-15 14:28 1876352 ----a-w- c:\windows\system32\win32k.sys
2012-07-27 01:52 . 2012-07-27 01:52 774144 ----a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"ltcmScheduler"="c:\program files\LTCM Client\ltcmScheduler.exe" [2011-04-07 99072]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"EPLTarget\P0000000000000000"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE" [2013-01-16 220800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2011-04-07 2756864]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-11 77824]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-01-12 295072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1033 /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Compaq_Administrator.JERRIESCOMPUTER\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\WINDOWS\\twain_32\\escndv\\escndv.exe"=
"c:\\WINDOWS\\twain_32\\escndv\\escfg.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2013.SP1\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2013.SP1\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\eGames\\Mahjongg Master 5\\Game\\mjm5.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [3/3/2013 2:11 AM 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [3/3/2013 2:11 AM 174664]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [9/3/2012 1:11 PM 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/26/2011 2:24 PM 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/26/2011 2:24 PM 368944]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [4/28/2009 11:33 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/26/2011 2:24 PM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3/3/2013 2:11 AM 66336]
R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [1/16/2013 3:40 PM 130944]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\EpsonCustomerParticipation\EPCP.exe [6/9/2011 1:01 PM 521600]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [11/29/2012 9:31 PM 38608]
R2 Updater By SweetPacks;Updater By SweetPacks;c:\program files\Updater By SweetPacks\ExtensionUpdaterService.exe [6/7/2013 1:23 PM 188760]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [4/8/2011 2:23 AM 20160]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 12:59 PM 206072]
S3 GLCKIO;GLCKIO;\??\c:\documents and settings\Compaq_Administrator.JERRIESCOMPUTER\My Documents\Downloads\verifier\ASUS SATA Verifier 1.00.04\b06fc778-761f-45dd-a325-72477445b572.sys --> c:\documents and settings\Compaq_Administrator.JERRIESCOMPUTER\My Documents\Downloads\verifier\ASUS SATA Verifier 1.00.04\b06fc778-761f-45dd-a325-72477445b572.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [6/8/2013 7:31 AM 35144]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [11/25/2010 6:59 AM 606056]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\RpcAgentSrv.exe [1/31/2013 9:55 AM 68760]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [9/5/2006 3:16 AM 217600]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 00398867
*Deregistered* - 00398867
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 18:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 00:21 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-28 21:51]
.
2013-06-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-12 08:58]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 22:44]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 22:44]
.
2013-06-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
2013-06-09 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4189007328-1251059364-2754837423-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]
.
2013-05-28 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4189007328-1251059364-2754837423-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\Compaq_Administrator.JERRIESCOMPUTER\Application Data\Mozilla\Firefox\Profiles\o1xiyo53.default-1370021333502\
FF - prefs.js: browser.startup.homepage - hxxp://hsrd.yahoo.com/_ylt=Av0TWBAYY1ofv72jyYfjiD6bvZx4/RV=1/RE=1371863626/RH=aHNyZC55YWhvby5jb20-/RO=2/RU=aHR0cDovL3d3dy55YWhvby5jb20v/RS=%5EADAm3TpV2THvjJTezNuR.9l2x5yldQ-
FF - ExtSQL: 2013-05-13 07:17; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-05-31 13:05; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Compaq_Administrator.JERRIESCOMPUTER\Application Data\Mozilla\Firefox\Profiles\o1xiyo53.default-1370021333502\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-06-06 23:00; [email protected]; c:\documents and settings\Compaq_Administrator.JERRIESCOMPUTER\Application Data\Mozilla\Firefox\Profiles\o1xiyo53.default-1370021333502\extensions\[email protected]
FF - ExtSQL: 2013-06-07 13:23; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\documents and settings\Compaq_Administrator.JERRIESCOMPUTER\Application Data\Mozilla\Firefox\Profiles\o1xiyo53.default-1370021333502\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF - ExtSQL: 2013-06-07 13:24; [email protected]; c:\documents and settings\Compaq_Administrator.JERRIESCOMPUTER\Application Data\Mozilla\Firefox\Profiles\o1xiyo53.default-1370021333502\extensions\[email protected]
FF - user.js: extentions.webcake.installId - bcf6847b-9d34-4f7c-9333-a341683dcdd3
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - c:\program files\Updater By SweetPacks\Extension32.dll
HKCU-Run-SearchEngineProtection - c:\program files\Gamesbar\SearchEngineProtection.exe
AddRemove-GamesBar - c:\program files\GamesBar\uninst.exe
AddRemove-{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1 - c:\program files\Updater By SweetPacks\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-09 17:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2013-06-09 17:46:55
ComboFix-quarantined-files.txt 2013-06-09 22:46
ComboFix2.txt 2013-03-23 10:40
.
Pre-Run: 49,631,809,536 bytes free
Post-Run: 49,838,043,136 bytes free
.
- - End Of File - - F01619862721B0ED6829573F31443638
D11C727E03BB7318DCDA069B06E652F0

 

[mailliw]

17:58:46.0414 5160 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:58:46.0961 5160 ============================================================
17:58:46.0961 5160 Current date / time: 2013/06/09 17:58:46.0961
17:58:46.0961 5160 SystemInfo:
17:58:46.0961 5160
17:58:46.0961 5160 OS Version: 5.1.2600 ServicePack: 3.0
17:58:46.0961 5160 Product type: Workstation
17:58:46.0961 5160 ComputerName: JERRIESCOMPUTER
17:58:46.0977 5160 UserName: Compaq_Administrator
17:58:46.0977 5160 Windows directory: C:\WINDOWS
17:58:46.0977 5160 System windows directory: C:\WINDOWS
17:58:46.0977 5160 Processor architecture: Intel x86
17:58:46.0977 5160 Number of processors: 1
17:58:46.0977 5160 Page size: 0x1000
17:58:46.0977 5160 Boot type: Normal boot
17:58:46.0977 5160 ============================================================
17:58:47.0258 5160 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:58:47.0258 5160 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
17:58:47.0258 5160 ============================================================
17:58:47.0258 5160 \Device\Harddisk0\DR0:
17:58:47.0258 5160 MBR partitions:
17:58:47.0258 5160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCF2AE13
17:58:47.0258 5160 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0xCF2ED13, BlocksNum 0x1064AAE
17:58:47.0258 5160 \Device\Harddisk1\DR1:
17:58:47.0258 5160 MBR partitions:
17:58:47.0258 5160 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1192AB71
17:58:47.0258 5160 \Device\Harddisk1\DR1\Partition2: MBR, Type 0xC, StartLBA 0x1192E6C0, BlocksNum 0x10EA050
17:58:47.0258 5160 ============================================================
17:58:47.0289 5160 C: <-> \Device\Harddisk0\DR0\Partition1
17:58:47.0305 5160 D: <-> \Device\Harddisk0\DR0\Partition2
17:58:47.0305 5160 G: <-> \Device\Harddisk1\DR1\Partition1
17:58:47.0320 5160 H: <-> \Device\Harddisk1\DR1\Partition2
17:58:47.0320 5160 ============================================================
17:58:47.0320 5160 Initialize success
17:58:47.0320 5160 ============================================================
17:59:36.0758 7568 ============================================================
17:59:36.0758 7568 Scan started
17:59:36.0758 7568 Mode: Manual;
17:59:36.0758 7568 ============================================================
17:59:37.0914 7568 ================ Scan system memory ========================
17:59:37.0914 7568 System memory - ok
17:59:37.0930 7568 ================ Scan services =============================
17:59:38.0117 7568 Abiosdsk - ok
17:59:38.0133 7568 abp480n5 - ok
17:59:38.0195 7568 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:59:38.0195 7568 ACPI - ok
17:59:38.0242 7568 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:59:38.0242 7568 ACPIEC - ok
17:59:38.0289 7568 [ B05F2367F62552A2DE7E3C352B7B9885 ] ADM8511 C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
17:59:38.0305 7568 ADM8511 - ok
17:59:38.0398 7568 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:59:38.0398 7568 AdobeFlashPlayerUpdateSvc - ok
17:59:38.0414 7568 adpu160m - ok
17:59:38.0477 7568 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:59:38.0477 7568 aec - ok
17:59:38.0539 7568 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:59:38.0539 7568 AFD - ok
17:59:38.0570 7568 Aha154x - ok
17:59:38.0586 7568 aic78u2 - ok
17:59:38.0602 7568 aic78xx - ok
17:59:38.0648 7568 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:59:38.0648 7568 Alerter - ok
17:59:38.0680 7568 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:59:38.0695 7568 ALG - ok
17:59:38.0711 7568 AliIde - ok
17:59:38.0758 7568 [ 59301936898AE62245A6F09C0ABA9475 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:59:38.0758 7568 AmdK8 - ok
17:59:38.0773 7568 amsint - ok
17:59:38.0836 7568 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:59:38.0836 7568 AppMgmt - ok
17:59:38.0883 7568 [ 00523019E3579C8F8A94457FE25F0F24 ] aracpi C:\WINDOWS\system32\DRIVERS\aracpi.sys
17:59:38.0883 7568 aracpi - ok
17:59:38.0945 7568 [ 9FEDAA46EB1A572AC4D9EE6B5F123CF2 ] arhidfltr C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
17:59:38.0945 7568 arhidfltr - ok
17:59:38.0961 7568 [ 82969576093CD983DD559F5A86F382B4 ] arkbcfltr C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
17:59:38.0977 7568 arkbcfltr - ok
17:59:38.0992 7568 [ 9B21791D8A78FAECE999FADBEBDA6C22 ] armoucfltr C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
17:59:38.0992 7568 armoucfltr - ok
17:59:39.0039 7568 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:59:39.0039 7568 Arp1394 - ok
17:59:39.0070 7568 [ 7A2DA7C7B0C524EF26A79F17A5C69FDE ] ARPolicy C:\WINDOWS\system32\DRIVERS\arpolicy.sys
17:59:39.0070 7568 ARPolicy - ok
17:59:39.0117 7568 [ 9A0D9B2E263BEDE80FB79DDBAD240EC1 ] ARSVC C:\WINDOWS\arservice.exe
17:59:39.0133 7568 ARSVC - ok
17:59:39.0148 7568 asc - ok
17:59:39.0180 7568 asc3350p - ok
17:59:39.0195 7568 asc3550 - ok
17:59:39.0336 7568 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:59:39.0336 7568 aspnet_state - ok
17:59:39.0383 7568 [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:59:39.0383 7568 aswFsBlk - ok
17:59:39.0430 7568 [ 31E0D16EB06D09A248AFF20C76F9091B ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
17:59:39.0430 7568 aswKbd - ok
17:59:39.0492 7568 [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
17:59:39.0492 7568 aswMonFlt - ok
17:59:39.0539 7568 [ 7B43265F92257A21CBFD88E7A651044C ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
17:59:39.0539 7568 aswRdr - ok
17:59:39.0602 7568 [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
17:59:39.0602 7568 aswRvrt - ok
17:59:39.0664 7568 [ 6CAB0A5991C5C0FC63F5E66593E71D7E ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
17:59:39.0695 7568 aswSnx - ok
17:59:39.0758 7568 [ 99102F60F344BEBAF4F6114514FD28D3 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
17:59:39.0773 7568 aswSP - ok
17:59:39.0805 7568 [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
17:59:39.0805 7568 aswTdi - ok
17:59:39.0867 7568 [ 16B8E3CD50A460EC32CA680C8210A0A9 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
17:59:39.0867 7568 aswVmm - ok
17:59:39.0914 7568 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:59:39.0930 7568 AsyncMac - ok
17:59:39.0977 7568 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:59:39.0977 7568 atapi - ok
17:59:39.0992 7568 Atdisk - ok
17:59:40.0070 7568 [ FDE5FAE31394A586F9CCC7300B6AD681 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
17:59:40.0102 7568 Ati HotKey Poller - ok
17:59:40.0383 7568 [ 23F1A61AE7553D086EF264C72AFC4E6A ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:59:40.0602 7568 ati2mtag - ok
17:59:40.0664 7568 [ DC6957811FF95F2DD3004361B20D8D3F ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
17:59:40.0680 7568 AtiHdmiService - ok
17:59:40.0727 7568 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:59:40.0727 7568 Atmarpc - ok
17:59:40.0773 7568 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:59:40.0789 7568 AudioSrv - ok
17:59:40.0820 7568 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:59:40.0820 7568 audstub - ok
17:59:40.0930 7568 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:59:40.0930 7568 avast! Antivirus - ok
17:59:40.0977 7568 [ 7270D070173B20AC9487EA16BB08B45F ] bb-run C:\WINDOWS\system32\DRIVERS\bb-run.sys
17:59:40.0977 7568 bb-run - ok
17:59:41.0070 7568 [ EB7C2DADF52F50F69F198C14C3556DC1 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl6.sys
17:59:41.0117 7568 BCM43XX - ok
17:59:41.0164 7568 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:59:41.0164 7568 Beep - ok
17:59:41.0211 7568 [ 71489FA2C4A238F178E30AE6E4449013 ] bgsvcgen C:\WINDOWS\system32\bgsvcgen.exe
17:59:41.0211 7568 bgsvcgen - ok
17:59:41.0273 7568 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:59:41.0305 7568 BITS - ok
17:59:41.0352 7568 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
17:59:41.0352 7568 Browser - ok
17:59:41.0508 7568 catchme - ok
17:59:41.0539 7568 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:59:41.0555 7568 cbidf2k - ok
17:59:41.0570 7568 cd20xrnt - ok
17:59:41.0586 7568 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:59:41.0586 7568 Cdaudio - ok
17:59:41.0648 7568 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:59:41.0648 7568 Cdfs - ok
17:59:41.0695 7568 [ 248349293CA42EE5DB61DC1FD85A2F49 ] cdrbsdrv C:\WINDOWS\system32\drivers\cdrbsdrv.sys
17:59:41.0695 7568 cdrbsdrv - ok
17:59:41.0727 7568 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:59:41.0742 7568 Cdrom - ok
17:59:41.0758 7568 Changer - ok
17:59:41.0805 7568 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:59:41.0805 7568 CiSvc - ok
17:59:41.0836 7568 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:59:41.0852 7568 ClipSrv - ok
17:59:41.0898 7568 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:59:41.0914 7568 clr_optimization_v4.0.30319_32 - ok
17:59:41.0945 7568 CmdIde - ok
17:59:41.0961 7568 COMSysApp - ok
17:59:41.0992 7568 Cpqarray - ok
17:59:42.0039 7568 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:59:42.0039 7568 CryptSvc - ok
17:59:42.0070 7568 dac2w2k - ok
17:59:42.0086 7568 dac960nt - ok
17:59:42.0164 7568 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:59:42.0180 7568 DcomLaunch - ok
17:59:42.0242 7568 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:59:42.0258 7568 Dhcp - ok
17:59:42.0305 7568 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:59:42.0305 7568 Disk - ok
17:59:42.0320 7568 dmadmin - ok
17:59:42.0398 7568 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:59:42.0445 7568 dmboot - ok
17:59:42.0492 7568 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:59:42.0492 7568 dmio - ok
17:59:42.0555 7568 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:59:42.0555 7568 dmload - ok
17:59:42.0602 7568 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:59:42.0602 7568 dmserver - ok
17:59:42.0633 7568 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:59:42.0633 7568 DMusic - ok
17:59:42.0695 7568 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:59:42.0695 7568 Dnscache - ok
17:59:42.0742 7568 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:59:42.0758 7568 Dot3svc - ok
17:59:42.0773 7568 dpti2o - ok
17:59:42.0820 7568 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:59:42.0820 7568 drmkaud - ok
17:59:42.0867 7568 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:59:42.0883 7568 EapHost - ok
17:59:42.0977 7568 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
17:59:42.0992 7568 ehRecvr - ok
17:59:43.0023 7568 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
17:59:43.0023 7568 ehSched - ok
17:59:43.0133 7568 [ B78436CA173FF723A1EACE5CD4900375 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
17:59:43.0148 7568 EpsonCustomerParticipation - ok
17:59:43.0258 7568 [ CEF06A8DF4BA42673F3297759FD62E80 ] EPSON_PM_RPCV4_05 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
17:59:43.0258 7568 EPSON_PM_RPCV4_05 - ok
17:59:43.0305 7568 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:59:43.0305 7568 ERSvc - ok
17:59:43.0352 7568 esgiguard - ok
17:59:43.0414 7568 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:59:43.0430 7568 Eventlog - ok
17:59:43.0492 7568 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
17:59:43.0508 7568 EventSystem - ok
17:59:43.0555 7568 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:59:43.0570 7568 Fastfat - ok
17:59:43.0617 7568 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:59:43.0633 7568 FastUserSwitchingCompatibility - ok
17:59:43.0695 7568 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
17:59:43.0727 7568 Fax - ok
17:59:43.0742 7568 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
17:59:43.0742 7568 Fdc - ok
17:59:43.0805 7568 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:59:43.0805 7568 Fips - ok
17:59:43.0836 7568 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
17:59:43.0836 7568 Flpydisk - ok
17:59:43.0883 7568 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:59:43.0898 7568 FltMgr - ok
17:59:43.0945 7568 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:59:43.0945 7568 Fs_Rec - ok
17:59:43.0977 7568 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:59:43.0992 7568 Ftdisk - ok
17:59:44.0039 7568 [ 22399D3CE5840C6082844679CCA5D2FC ] ftsata2 C:\WINDOWS\system32\DRIVERS\ftsata2.sys
17:59:44.0055 7568 ftsata2 - ok
17:59:44.0148 7568 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
17:59:44.0164 7568 GamesAppService - ok
17:59:44.0305 7568 GLCKIO - ok
17:59:44.0352 7568 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:59:44.0352 7568 Gpc - ok
17:59:44.0477 7568 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:59:44.0477 7568 gupdate - ok
17:59:44.0508 7568 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:59:44.0508 7568 gupdatem - ok
17:59:44.0570 7568 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:59:44.0570 7568 HDAudBus - ok
17:59:44.0695 7568 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:59:44.0711 7568 helpsvc - ok
17:59:44.0758 7568 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:59:44.0773 7568 HidServ - ok
17:59:44.0820 7568 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:59:44.0820 7568 HidUsb - ok
17:59:44.0867 7568 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:59:44.0867 7568 hkmsvc - ok
17:59:44.0883 7568 hpn - ok
17:59:44.0930 7568 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:59:44.0930 7568 HPZid412 - ok
17:59:44.0961 7568 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:59:44.0961 7568 HPZipr12 - ok
17:59:45.0008 7568 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:59:45.0008 7568 HPZius12 - ok
17:59:45.0070 7568 [ 1F5C64B0C6B2E2F48735A77AE714CCB8 ] HSXHWBS2 C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
17:59:45.0070 7568 HSXHWBS2 - ok
17:59:45.0117 7568 [ A7F8C9228898A1E871D2AE7082F50AC3 ] HSX_DP C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
17:59:45.0148 7568 HSX_DP - ok
17:59:45.0211 7568 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:59:45.0227 7568 HTTP - ok
17:59:45.0273 7568 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:59:45.0289 7568 HTTPFilter - ok
17:59:45.0305 7568 i2omgmt - ok
17:59:45.0320 7568 i2omp - ok
17:59:45.0367 7568 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:59:45.0383 7568 i8042prt - ok
17:59:45.0445 7568 [ 9A65E42664D1534B68512CAAD0EFE963 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
17:59:45.0477 7568 iaStor - ok
17:59:45.0555 7568 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:59:45.0555 7568 IDriverT - ok
17:59:45.0602 7568 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:59:45.0602 7568 Imapi - ok
17:59:45.0664 7568 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:59:45.0664 7568 ImapiService - ok
17:59:45.0695 7568 ini910u - ok
17:59:45.0898 7568 [ 64BE56B8858CA0153C725C720FFD194F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:59:46.0055 7568 IntcAzAudAddService - ok
17:59:46.0195 7568 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
17:59:46.0195 7568 IntelIde - ok
17:59:46.0258 7568 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:59:46.0258 7568 intelppm - ok
17:59:46.0289 7568 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:59:46.0289 7568 Ip6Fw - ok
17:59:46.0336 7568 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:59:46.0336 7568 IpFilterDriver - ok
17:59:46.0398 7568 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:59:46.0398 7568 IpInIp - ok
17:59:46.0445 7568 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:59:46.0461 7568 IpNat - ok
17:59:46.0508 7568 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:59:46.0508 7568 IPSec - ok
17:59:46.0570 7568 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:59:46.0570 7568 IRENUM - ok
17:59:46.0633 7568 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:59:46.0633 7568 isapnp - ok
17:59:46.0695 7568 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:59:46.0695 7568 Kbdclass - ok
17:59:46.0742 7568 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:59:46.0758 7568 kmixer - ok
17:59:46.0820 7568 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:59:46.0820 7568 KSecDD - ok
17:59:46.0867 7568 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:59:46.0883 7568 lanmanserver - ok
17:59:46.0930 7568 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:59:46.0945 7568 lanmanworkstation - ok
17:59:46.0961 7568 lbrtfdc - ok
17:59:47.0055 7568 [ C34411A244029F1C08687F7C752C4563 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:59:47.0055 7568 LightScribeService - ok
17:59:47.0102 7568 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:59:47.0102 7568 LmHosts - ok
17:59:47.0148 7568 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
17:59:47.0148 7568 mbamchameleon - ok
17:59:47.0195 7568 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
17:59:47.0211 7568 McrdSvc - ok
17:59:47.0305 7568 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:59:47.0320 7568 MDM - ok
17:59:47.0383 7568 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:59:47.0383 7568 mdmxsdk - ok
17:59:47.0430 7568 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:59:47.0461 7568 Messenger - ok
17:59:47.0508 7568 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
17:59:47.0523 7568 MHN - ok
17:59:47.0570 7568 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
17:59:47.0570 7568 MHNDRV - ok
17:59:47.0602 7568 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:59:47.0633 7568 mnmdd - ok
17:59:47.0680 7568 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:59:47.0695 7568 mnmsrvc - ok
17:59:47.0742 7568 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:59:47.0742 7568 Modem - ok
17:59:47.0773 7568 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:59:47.0789 7568 Mouclass - ok
17:59:47.0836 7568 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:59:47.0836 7568 mouhid - ok
17:59:47.0883 7568 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:59:47.0898 7568 MountMgr - ok
17:59:47.0945 7568 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:59:47.0961 7568 MozillaMaintenance - ok
17:59:47.0977 7568 mraid35x - ok
17:59:48.0023 7568 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:59:48.0039 7568 MRxDAV - ok
17:59:48.0102 7568 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:59:48.0148 7568 MRxSmb - ok
17:59:48.0211 7568 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:59:48.0227 7568 Msfs - ok
17:59:48.0242 7568 MSIServer - ok
17:59:48.0273 7568 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:59:48.0289 7568 MSKSSRV - ok
17:59:48.0320 7568 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:59:48.0336 7568 MSPCLOCK - ok
17:59:48.0367 7568 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:59:48.0383 7568 MSPQM - ok
17:59:48.0430 7568 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:59:48.0430 7568 mssmbios - ok
17:59:48.0492 7568 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:59:48.0492 7568 Mup - ok
17:59:48.0523 7568 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:59:48.0555 7568 napagent - ok
17:59:48.0617 7568 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:59:48.0617 7568 NDIS - ok
17:59:48.0680 7568 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:59:48.0680 7568 NdisTapi - ok
17:59:48.0727 7568 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:59:48.0727 7568 Ndisuio - ok
17:59:48.0789 7568 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:59:48.0805 7568 NdisWan - ok
17:59:48.0852 7568 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:59:48.0867 7568 NDProxy - ok
17:59:48.0914 7568 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:59:48.0914 7568 NetBIOS - ok
17:59:48.0945 7568 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:59:48.0961 7568 NetBT - ok
17:59:48.0992 7568 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:59:49.0008 7568 NetDDE - ok
17:59:49.0023 7568 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:59:49.0039 7568 NetDDEdsdm - ok
17:59:49.0070 7568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:59:49.0086 7568 Netlogon - ok
17:59:49.0164 7568 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:59:49.0180 7568 Netman - ok
17:59:49.0227 7568 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:59:49.0227 7568 NIC1394 - ok
17:59:49.0273 7568 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:59:49.0289 7568 Nla - ok
17:59:49.0352 7568 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:59:49.0352 7568 Npfs - ok
17:59:49.0383 7568 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:59:49.0398 7568 Ntfs - ok
17:59:49.0430 7568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:59:49.0430 7568 NtLmSsp - ok
17:59:49.0492 7568 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:59:49.0523 7568 NtmsSvc - ok
17:59:49.0586 7568 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:59:49.0586 7568 Null - ok
17:59:49.0742 7568 [ CE58F42B11BE20A47C3D8D2F38DA254E ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:59:49.0867 7568 nv - ok
17:59:49.0930 7568 [ 22EEDB34C4D7613A25B10C347C6C4C21 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
17:59:49.0930 7568 NVENETFD - ok
17:59:49.0945 7568 [ 5E3F6AD5CAD0F12D3CCCD06FD964087A ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
17:59:49.0961 7568 nvnetbus - ok
17:59:50.0008 7568 [ 95CAEC95D6777CE7D6B7091BC4D91CEB ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
17:59:50.0023 7568 NVSvc - ok
17:59:50.0070 7568 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:59:50.0086 7568 NwlnkFlt - ok
17:59:50.0117 7568 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:59:50.0117 7568 NwlnkFwd - ok
17:59:50.0148 7568 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:59:50.0148 7568 ohci1394 - ok
17:59:50.0195 7568 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:59:50.0195 7568 ose - ok
17:59:50.0242 7568 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:59:50.0258 7568 Parport - ok
17:59:50.0305 7568 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:59:50.0305 7568 PartMgr - ok
17:59:50.0367 7568 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:59:50.0367 7568 ParVdm - ok
17:59:50.0430 7568 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:59:50.0430 7568 PCI - ok
17:59:50.0445 7568 PCIDump - ok
17:59:50.0492 7568 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:59:50.0508 7568 PCIIde - ok
17:59:50.0539 7568 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:59:50.0555 7568 Pcmcia - ok
17:59:50.0570 7568 PDCOMP - ok
17:59:50.0586 7568 PDFRAME - ok
17:59:50.0602 7568 PDRELI - ok
17:59:50.0617 7568 PDRFRAME - ok
17:59:50.0633 7568 perc2 - ok
17:59:50.0648 7568 perc2hib - ok
17:59:50.0711 7568 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:59:50.0711 7568 PlugPlay - ok
17:59:50.0742 7568 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
17:59:50.0742 7568 Pml Driver HPZ12 - ok
17:59:50.0758 7568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:59:50.0773 7568 PolicyAgent - ok
17:59:50.0820 7568 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:59:50.0836 7568 PptpMiniport - ok
17:59:50.0867 7568 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
17:59:50.0867 7568 Processor - ok
17:59:50.0914 7568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:59:50.0914 7568 ProtectedStorage - ok
17:59:50.0945 7568 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:59:50.0961 7568 PSched - ok
17:59:50.0977 7568 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:59:50.0977 7568 Ptilink - ok
17:59:51.0023 7568 [ 0457E25BB122B854E267CF552DCDC370 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:59:51.0023 7568 PxHelp20 - ok
17:59:51.0039 7568 ql1080 - ok
17:59:51.0055 7568 Ql10wnt - ok
17:59:51.0070 7568 ql12160 - ok
17:59:51.0086 7568 ql1240 - ok
17:59:51.0102 7568 ql1280 - ok
17:59:51.0164 7568 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:59:51.0164 7568 RasAcd - ok
17:59:51.0211 7568 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:59:51.0227 7568 RasAuto - ok
17:59:51.0273 7568 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:59:51.0273 7568 Rasl2tp - ok
17:59:51.0336 7568 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:59:51.0336 7568 RasMan - ok
17:59:51.0367 7568 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:59:51.0383 7568 RasPppoe - ok
17:59:51.0414 7568 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:59:51.0414 7568 Raspti - ok
17:59:51.0477 7568 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:59:51.0477 7568 Rdbss - ok
17:59:51.0523 7568 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:59:51.0539 7568 RDPCDD - ok
17:59:51.0586 7568 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:59:51.0602 7568 rdpdr - ok
17:59:51.0648 7568 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:59:51.0664 7568 RDPWD - ok
17:59:51.0695 7568 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:59:51.0711 7568 RDSessMgr - ok
17:59:51.0789 7568 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
17:59:51.0789 7568 RealNetworks Downloader Resolver Service - ok
17:59:51.0852 7568 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:59:51.0867 7568 redbook - ok
17:59:51.0898 7568 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:59:51.0914 7568 RemoteAccess - ok
17:59:51.0961 7568 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:59:51.0977 7568 RemoteRegistry - ok
17:59:52.0023 7568 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:59:52.0039 7568 RpcLocator - ok
17:59:52.0086 7568 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
17:59:52.0102 7568 RpcSs - ok
17:59:52.0148 7568 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:59:52.0164 7568 RSVP - ok
17:59:52.0195 7568 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:59:52.0195 7568 rtl8139 - ok
17:59:52.0258 7568 [ BA11D5F61A74E156BF6F33DDDD1AD1CE ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
17:59:52.0289 7568 RTL8192su - ok
17:59:52.0320 7568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:59:52.0320 7568 SamSs - ok
17:59:52.0430 7568 [ 230FD3749904CA045EA5EC0AA14006E9 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\WNt500x86\Sandra.sys
17:59:52.0430 7568 SANDRA - ok
17:59:52.0445 7568 [ D5C3BE660BA6DB061C7D05BAFC1C4242 ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\RpcAgentSrv.exe
17:59:52.0461 7568 SandraAgentSrv - ok
17:59:52.0539 7568 [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:59:52.0539 7568 SASDIFSV - ok
17:59:52.0586 7568 [ 61DB0D0756A99506207FD724E3692B25 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:59:52.0602 7568 SASKUTIL - ok
17:59:52.0648 7568 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:59:52.0680 7568 SCardSvr - ok
17:59:52.0727 7568 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:59:52.0758 7568 Schedule - ok
17:59:52.0805 7568 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:59:52.0805 7568 Secdrv - ok
17:59:52.0852 7568 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:59:52.0867 7568 seclogon - ok
17:59:52.0914 7568 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:59:52.0930 7568 SENS - ok
17:59:52.0977 7568 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
17:59:52.0977 7568 Serial - ok
17:59:53.0055 7568 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:59:53.0070 7568 Sfloppy - ok
17:59:53.0133 7568 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:59:53.0148 7568 SharedAccess - ok
17:59:53.0180 7568 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:59:53.0195 7568 ShellHWDetection - ok
17:59:53.0211 7568 Simbad - ok
17:59:53.0273 7568 [ D937333F5A42ED8FC550A70AD06642E3 ] SIS163u C:\WINDOWS\system32\DRIVERS\sis163u.sys
17:59:53.0289 7568 SIS163u - ok
17:59:53.0367 7568 [ E2892F92C40807CF20B4F0132C8E0AEF ] SiSWLSvc C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
17:59:53.0367 7568 SiSWLSvc - ok
17:59:53.0398 7568 Sparrow - ok
17:59:53.0461 7568 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:59:53.0461 7568 splitter - ok
17:59:53.0508 7568 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:59:53.0523 7568 Spooler - ok
17:59:53.0586 7568 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:59:53.0586 7568 sr - ok
17:59:53.0648 7568 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:59:53.0664 7568 srservice - ok
17:59:53.0727 7568 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:59:53.0727 7568 Srv - ok
17:59:53.0789 7568 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:59:53.0805 7568 SSDPSRV - ok
17:59:53.0867 7568 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:59:53.0898 7568 stisvc - ok
17:59:53.0945 7568 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:59:53.0961 7568 swenum - ok
17:59:53.0992 7568 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:59:53.0992 7568 swmidi - ok
17:59:54.0008 7568 SwPrv - ok
17:59:54.0039 7568 symc810 - ok
17:59:54.0055 7568 symc8xx - ok
17:59:54.0070 7568 sym_hi - ok
17:59:54.0086 7568 sym_u3 - ok
17:59:54.0133 7568 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:59:54.0148 7568 sysaudio - ok
17:59:54.0195 7568 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:59:54.0211 7568 SysmonLog - ok
17:59:54.0242 7568 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:59:54.0258 7568 TapiSrv - ok
17:59:54.0320 7568 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:59:54.0336 7568 Tcpip - ok
17:59:54.0383 7568 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:59:54.0398 7568 TDPIPE - ok
17:59:54.0430 7568 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:59:54.0445 7568 TDTCP - ok
17:59:54.0492 7568 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:59:54.0492 7568 TermDD - ok
17:59:54.0555 7568 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:59:54.0570 7568 TermService - ok
17:59:54.0602 7568 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:59:54.0602 7568 Themes - ok
17:59:54.0664 7568 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:59:54.0680 7568 TlntSvr - ok
17:59:54.0695 7568 TosIde - ok
17:59:54.0742 7568 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:59:54.0758 7568 TrkWks - ok
17:59:54.0789 7568 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:59:54.0789 7568 Udfs - ok
17:59:54.0805 7568 ultra - ok
17:59:54.0852 7568 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:59:54.0867 7568 Update - ok
17:59:54.0945 7568 [ 4F887D2C0362E1B4183139A5EB926A50 ] Updater By SweetPacks C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
17:59:54.0945 7568 Updater By SweetPacks - ok
17:59:55.0008 7568 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:59:55.0023 7568 upnphost - ok
17:59:55.0070 7568 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:59:55.0086 7568 UPS - ok
17:59:55.0133 7568 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
17:59:55.0133 7568 usbaudio - ok
17:59:55.0180 7568 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:59:55.0180 7568 usbccgp - ok
17:59:55.0211 7568 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:59:55.0227 7568 usbehci - ok
17:59:55.0273 7568 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:59:55.0273 7568 usbhub - ok
17:59:55.0289 7568 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:59:55.0305 7568 usbohci - ok
17:59:55.0352 7568 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:59:55.0352 7568 usbprint - ok
17:59:55.0414 7568 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:59:55.0430 7568 usbscan - ok
17:59:55.0523 7568 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:59:55.0523 7568 usbstor - ok
17:59:55.0570 7568 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:59:55.0570 7568 usbuhci - ok
17:59:55.0617 7568 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:59:55.0617 7568 VgaSave - ok
17:59:55.0664 7568 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
17:59:55.0664 7568 ViaIde - ok
17:59:55.0758 7568 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:59:55.0758 7568 VolSnap - ok
17:59:55.0805 7568 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:59:55.0820 7568 VSS - ok
17:59:55.0883 7568 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
17:59:55.0898 7568 W32Time - ok
17:59:55.0945 7568 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:59:55.0961 7568 Wanarp - ok
17:59:55.0977 7568 WDICA - ok
17:59:56.0023 7568 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:59:56.0023 7568 wdmaud - ok
17:59:56.0086 7568 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:59:56.0102 7568 WebClient - ok
17:59:56.0164 7568 [ 11EC1AFCEB5C917CE73D3C301FF4291E ] winachsx C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
17:59:56.0180 7568 winachsx - ok
17:59:56.0273 7568 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
17:59:56.0273 7568 WinDefend - ok
17:59:56.0383 7568 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:59:56.0383 7568 winmgmt - ok
17:59:56.0461 7568 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:59:56.0477 7568 WmdmPmSN - ok
17:59:56.0555 7568 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:59:56.0586 7568 Wmi - ok
17:59:56.0633 7568 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:59:56.0633 7568 WmiApSrv - ok
17:59:56.0727 7568 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:59:56.0773 7568 WMPNetworkSvc - ok
17:59:56.0820 7568 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:59:56.0836 7568 WpdUsb - ok
17:59:57.0023 7568 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:59:57.0070 7568 WPFFontCache_v0400 - ok
17:59:57.0117 7568 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:59:57.0117 7568 WS2IFSL - ok
17:59:57.0164 7568 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:59:57.0195 7568 wscsvc - ok
17:59:57.0258 7568 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:59:57.0273 7568 wuauserv - ok
17:59:57.0336 7568 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:59:57.0336 7568 WudfPf - ok
17:59:57.0398 7568 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:59:57.0398 7568 WudfRd - ok
17:59:57.0461 7568 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:59:57.0477 7568 WudfSvc - ok
17:59:57.0555 7568 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:59:57.0602 7568 WZCSVC - ok
17:59:57.0648 7568 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:59:57.0664 7568 xmlprov - ok
17:59:57.0742 7568 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:59:57.0773 7568 YahooAUService - ok
17:59:57.0852 7568 ================ Scan global ===============================
17:59:57.0898 7568 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:59:57.0961 7568 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
17:59:58.0023 7568 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
17:59:58.0055 7568 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:59:58.0070 7568 [Global] - ok
17:59:58.0086 7568 ================ Scan MBR ==================================
17:59:58.0102 7568 [ D11C727E03BB7318DCDA069B06E652F0 ] \Device\Harddisk0\DR0
17:59:58.0305 7568 \Device\Harddisk0\DR0 - ok
17:59:58.0320 7568 [ ED18B096BC416BFB306882A7C2EBA877 ] \Device\Harddisk1\DR1
17:59:58.0727 7568 \Device\Harddisk1\DR1 - ok
17:59:58.0742 7568 ================ Scan VBR ==================================
17:59:58.0742 7568 [ 73D13424B9A8859671C4C6BE71630BBF ] \Device\Harddisk0\DR0\Partition1
17:59:58.0742 7568 \Device\Harddisk0\DR0\Partition1 - ok
17:59:58.0789 7568 [ 0E7DA7333A8E403CBA7D967C1DB6D5A9 ] \Device\Harddisk0\DR0\Partition2
17:59:58.0789 7568 \Device\Harddisk0\DR0\Partition2 - ok
17:59:58.0805 7568 [ 2981C43B671F4C851B2D265519F37BF2 ] \Device\Harddisk1\DR1\Partition1
17:59:58.0805 7568 \Device\Harddisk1\DR1\Partition1 - ok
17:59:58.0820 7568 [ A2E9312FDEF2962FB057D676D8BD8F29 ] \Device\Harddisk1\DR1\Partition2
17:59:58.0836 7568 \Device\Harddisk1\DR1\Partition2 - ok
17:59:58.0836 7568 ============================================================
17:59:58.0836 7568 Scan finished
17:59:58.0836 7568 ============================================================
17:59:58.0867 7760 Detected object count: 0
17:59:58.0867 7760 Actual detected object count: 0

 

[johnb35]

Are you still getting the ads? I would like to see your uninstall list.

Navigate to C:\Qoobox and in that folder will be a file named add-remove programs.txt. Open that file and copy and paste the contents back here.

 

[mailliw]

Yes I am still getting those ads.

123 Free Solitaire 2011 v8.0
1300
1300_Help
1300Tour
1300Trb
802.11 USB Wireless LAN Adapter
802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
AiO_Scan
AiOSoftware
Aiseesoft PDF to Word Converter
Angry Birds
avast! Free Antivirus
Blockbuster On Demand
BufferChm
CCleaner
Compaq Connections (remove only)
Copy
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CPUID CPU-Z 1.64.0
CreativeProjects
CreativeProjectsTemplates
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Defraggler
Destinations
DeviceManagementQFolder
Director
DocProc
DocumentViewer
Download Navigator
DVD Decrypter (Remove Only)
Easy Internet Sign-up
Epson Connect
Epson Connect Printer Setup
Epson Customer Participation
Epson E-Web Print
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Printer Finder
EPSON Scan
EPSON WorkForce 845 Series Printer Uninstall
EpsonNet Print
Fax
Flvto Converter
FreeOCR v4.2
FullDPAppQFolder
GamesBar 2.0.1.82
GIMP 2.6.10
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Diagnostic Assistant
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP PSC & OfficeJet 4.2
HP Rhapsody
HP Support Overview
HP Update
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
HPSystemDiagnostics
ImageMixer VCD/DVD2 for OLYMPUS
InstantShare
InstantShareAlert
InstantShareDevices
JPEG to PDF 1.0
LightScribe System Software
LTCM Client
Mahjongg Master 5
Malwarebytes Anti-Malware version 1.75.0.1300
Max Uninstaller version 2.0
Media Center Solitaire
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Away Mode
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Standard Edition 2003
Microsoft Picture It! Photo 2001
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Netscape Browser (remove only)
NVIDIA Drivers
OLYMPUS Digital Camera Updater
OLYMPUS Master
OpenOffice.org 3.4.1
OptionalContentQFolder
Otto
Overland
PhotoGallery
PrintScreen
ProductContext
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickProjects
QuickTime
RandMap
Readme
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Shockwave
SiSoftware Sandra Lite 2013.SP1
SkinsHP1
SlideShow
SlideShowMusic
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Speccy
SpywareBlaster 4.6
Super TextTwist
TrayApp
Unit Layers
Unload
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Installer for WildTangent Games App
Update Rollup 2 for Windows XP Media Center Edition 2005
Updater By SweetPacks 2.0.0.586
VisualBee for Microsoft PowerPoint
Web Games Player Plugin
WebFldrs XP
WebReg
WildTangent Games App (HP Games)
Windows Defender
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Software Update
Yahoo! Toolbar

 

[johnb35]

There a few programs listed that I have no clue what they are. However, I do know that this program needs to be uninstalled.

GamesBar 2.0.1.82

Can you post a fresh hijackthis log for me please.

Also check your firefox addons for one called webcake and uninstall it.

 

[mailliw]

When I first tried to go to reply to thread it sent me to an ad site again. Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:56 PM, on 6/10/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\QuickTime\qttask.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\LTCM Client\ltcmScheduler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ltcmScheduler] C:\Program Files\LTCM Client\ltcmScheduler.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 845"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1367132703562
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: EPSON V3 Service4(05) (EPSON_PM_RPCV4_05) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\RpcAgentSrv.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11547 bytes

 

[mailliw]

Looks like I may have to do a full recovery back to factory settings. Will try a few more things first, sure hate to do it, the ad ware, virus or whatever it is might be in some of the info I save.

 

[johnb35]

As I said before, you have some programs installed that I'm not familiar with. It's very possible that a program is causing this. Also check your firefox addons to see what is listed.

 

[mailliw]

I think I may have fixed the problem. After trying about everything and getting ready to do a complete system recovery I tried one more thing. I completely removed Firefox then reinstalled it. So far, so good. Thank you.

 

[Punk]

I think I may have fixed the problem. After trying about everything and getting ready to do a complete system recovery I tried one more thing. I completely removed Firefox then reinstalled it. So far, so good. Thank you.

It's probably a toolbar you had kept then. Come back if you have further problems