1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trying to clean computer!

Discussion in 'Virus & Other Malware Removal' started by harkley, Nov 15, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. harkley

    harkley Thread Starter

    Joined:
    Nov 9, 2011
    Messages:
    43
    I have enclosed a hijack this log, dds logs, and GMER log. I am not 100 percent sure I posted these logs correctly as I just copied and pasted them. I have been having some troubles with getting rid of some problems on this computer. Everytime I run a superantispyware scan, about 32 tracking cookies come up and every so often a trojan comes up. I think the trojans are coming from my brothers facebooking and online gaming. The trojans are not always there but the adware tracking cookies are. Also, we had a family friend come and help us and he must have put 10 different free registry cleaner programs on the computer and 4 or 5 antivirus programs. Everytime I turn on the computer about 4 different windows pop up claiming that there has been registry errors or malware detected and that I should purchase the program to fix the problem. I am looking for help in getting rid of these programs and cleaning the computer up.


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/10/2008 2:04:00 PM
    System Uptime: 11/14/2011 7:47:32 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0RY206
    Processor: AMD Sempron(tm) Processor LE-1300 | Socket AM2 | 2310/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 101.247 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP482: 8/16/2011 12:04:33 PM - System Checkpoint
    RP483: 8/16/2011 9:51:57 PM - Software Distribution Service 3.0
    RP484: 8/17/2011 10:32:04 PM - System Checkpoint
    RP485: 8/18/2011 10:43:10 PM - Software Distribution Service 3.0
    RP486: 8/20/2011 11:57:39 AM - Software Distribution Service 3.0
    RP487: 8/21/2011 2:28:54 AM - Software Distribution Service 3.0
    RP488: 8/21/2011 11:53:27 AM - Software Distribution Service 3.0
    RP489: 8/22/2011 12:59:11 PM - System Checkpoint
    RP490: 8/22/2011 6:25:27 PM - Software Distribution Service 3.0
    RP491: 8/23/2011 7:23:09 PM - System Checkpoint
    RP492: 8/24/2011 9:48:20 AM - Software Distribution Service 3.0
    RP493: 8/24/2011 4:00:40 PM - Software Distribution Service 3.0
    RP494: 8/25/2011 7:58:35 PM - Software Distribution Service 3.0
    RP495: 8/27/2011 8:45:47 AM - Software Distribution Service 3.0
    RP496: 8/28/2011 1:56:29 AM - Software Distribution Service 3.0
    RP497: 8/29/2011 2:54:06 AM - System Checkpoint
    RP498: 8/29/2011 10:56:04 AM - Software Distribution Service 3.0
    RP499: 8/30/2011 1:42:10 PM - Software Distribution Service 3.0
    RP500: 8/31/2011 2:02:38 PM - Software Distribution Service 3.0
    RP501: 9/1/2011 2:44:39 PM - System Checkpoint
    RP502: 9/2/2011 10:18:04 AM - Software Distribution Service 3.0
    RP503: 9/3/2011 10:40:22 AM - System Checkpoint
    RP504: 9/4/2011 10:10:08 PM - Software Distribution Service 3.0
    RP505: 9/5/2011 10:45:24 PM - System Checkpoint
    RP506: 9/7/2011 7:06:54 AM - Software Distribution Service 3.0
    RP507: 9/7/2011 4:00:14 PM - Software Distribution Service 3.0
    RP508: 9/8/2011 2:12:29 PM - Software Distribution Service 3.0
    RP509: 9/9/2011 8:35:20 PM - Software Distribution Service 3.0
    RP510: 9/14/2011 9:28:24 AM - Software Distribution Service 3.0
    RP511: 9/15/2011 10:37:33 AM - Software Distribution Service 3.0
    RP512: 9/15/2011 4:00:16 PM - Software Distribution Service 3.0
    RP513: 9/16/2011 11:32:58 AM - Software Distribution Service 3.0
    RP514: 9/17/2011 12:34:46 PM - Software Distribution Service 3.0
    RP515: 9/19/2011 8:33:12 AM - Software Distribution Service 3.0
    RP516: 9/20/2011 11:44:58 AM - Software Distribution Service 3.0
    RP517: 9/21/2011 11:51:48 AM - System Checkpoint
    RP518: 9/21/2011 10:03:03 PM - Software Distribution Service 3.0
    RP519: 9/23/2011 11:14:33 AM - Software Distribution Service 3.0
    RP520: 9/24/2011 3:39:43 PM - Software Distribution Service 3.0
    RP521: 9/26/2011 12:02:21 PM - Software Distribution Service 3.0
    RP522: 9/27/2011 12:18:47 PM - System Checkpoint
    RP523: 9/28/2011 10:39:10 AM - Software Distribution Service 3.0
    RP524: 9/28/2011 4:00:28 PM - Software Distribution Service 3.0
    RP525: 9/29/2011 5:29:44 PM - Software Distribution Service 3.0
    RP526: 9/30/2011 7:09:31 PM - Software Distribution Service 3.0
    RP527: 10/1/2011 10:50:14 PM - Software Distribution Service 3.0
    RP528: 10/3/2011 9:42:39 AM - Software Distribution Service 3.0
    RP529: 10/4/2011 11:34:23 AM - Software Distribution Service 3.0
    RP530: 10/5/2011 11:49:13 AM - System Checkpoint
    RP531: 10/6/2011 10:33:20 AM - Software Distribution Service 3.0
    RP532: 10/7/2011 12:18:27 PM - Software Distribution Service 3.0
    RP533: 10/8/2011 1:32:10 PM - System Checkpoint
    RP534: 10/8/2011 7:10:34 PM - Software Distribution Service 3.0
    RP535: 10/20/2011 2:07:45 PM - Software Distribution Service 3.0
    RP536: 10/20/2011 3:23:48 PM - Software Distribution Service 3.0
    RP537: 10/21/2011 4:50:12 PM - Software Distribution Service 3.0
    RP538: 10/22/2011 5:54:23 PM - System Checkpoint
    RP539: 10/24/2011 11:05:48 AM - Software Distribution Service 3.0
    RP540: 10/25/2011 10:25:25 PM - Software Distribution Service 3.0
    RP541: 10/28/2011 6:12:07 PM - Software Distribution Service 3.0
    RP542: 10/29/2011 10:27:49 PM - Software Distribution Service 3.0
    RP543: 10/31/2011 9:08:40 PM - Software Distribution Service 3.0
    RP544: 11/3/2011 9:35:48 PM - Software Distribution Service 3.0
    RP545: 11/5/2011 1:14:49 PM - Software Distribution Service 3.0
    RP546: 11/6/2011 9:38:03 PM - Software Distribution Service 3.0
    RP547: 11/8/2011 8:08:05 PM - Software Distribution Service 3.0
    RP548: 11/9/2011 4:00:13 PM - Software Distribution Service 3.0
    RP549: 11/10/2011 4:00:13 PM - Software Distribution Service 3.0
    RP550: 11/10/2011 6:20:28 PM - Software Distribution Service 3.0
    RP551: 11/10/2011 6:36:29 PM - Installed HiJackThis
    RP552: 11/11/2011 7:24:21 PM - Software Distribution Service 3.0
    RP553: 11/12/2011 7:19:06 PM - Software Distribution Service 3.0
    RP554: 11/13/2011 1:52:00 AM - Software Distribution Service 3.0
    RP555: 11/13/2011 7:18:47 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 8.3.0
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    Browser Address Error Redirector
    CCleaner
    Compatibility Pack for the 2007 Office system
    Conexant D850 56K V.9x DFVc Modem
    Costco Photo Organizer
    Dell Support Center
    Documentation & Support Launcher
    EarthLink Setup Files
    Eusing Free Registry Cleaner
    Free Registry Defrag
    Free Window Registry Repair
    Games, Music, & Photos Launcher
    Google Desktop
    Google Update Helper
    High Definition Audio Driver Package - KB835221
    HiJackThis
    honestech VHS to DVD 3.0 Deluxe
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    HP Photo and Imaging 2.0 - hp psc 1200 series
    hp psc 1200 series
    Info Center 1.0.0.5
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Master of Orion II
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    MobileMe Control Panel
    Modem Diagnostic Tool
    Morrowind
    Mozilla Firefox 8.0 (x86 en-US)
    Need for Speed(TM) Hot Pursuit
    Need for Speed™ Most Wanted
    NetWaiting
    Norton Internet Security
    Norton Security Scan
    NVIDIA Drivers
    PowerDVD
    QuickTime
    RealPlayer Basic
    Realtek High Definition Audio Driver
    Registry Mechanic 10.0
    RegZooka v2.7
    Security Task Manager 1.8c
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SpeedingUpMyPC v2.2
    SUPERAntiSpyware
    System Requirements Lab CYRI
    TES Construction Set
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    USB2.0 VIDBOX NW03
    Viewpoint Media Player
    WebFldrs XP
    Windows Driver Package - eMPIA Technology (USB28xxBGA) Media (06/22/2007 6.22.0116.0)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Player Firefox Plugin
    Windows XP Service Pack 3
    Wise PC Engineer 6.3.6
    Yahoo! Internet Mail
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/8/2011 7:57:50 PM, error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the path specified.
    11/10/2011 4:02:13 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1506.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    11/10/2011 3:57:12 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1506.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    .
    ==== End Of File ===========================



    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by Lori at 19:55:57 on 2011-11-14
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1387 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Bvmrfgwrfeypui\kjduznoe.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Bvmrfgwrfeypui\kjduznoe.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\SpeedingUpMyPC\SPMTray.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424
    uSearch Bar =
    mDefault_Page_URL = hxxp://www.yahoo.com
    mStart Page = hxxp://www.startsearcher.com
    mSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
    BHO: {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - No File
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [SPMTray] c:\program files\speedingupmypc\SPMTray.exe
    uRun: [pxswo] c:\program files\bvmrfgwrfeypui\kjduznoe.exe kj
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [pxswo] c:\program files\bvmrfgwrfeypui\kjduznoe.exe kj
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Info Center] c:\program files\pcpitstop\info center\InfoCenter.exe
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{C0ED9003-CD25-43F5-B3E2-5BB804A76EF9} : DhcpNameServer = 192.168.1.1 192.168.1.1
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\lori\application data\mozilla\firefox\profiles\mj0ythcw.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-5-2 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-5-2 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20111014.001\BHDrvx86.sys [2011-10-14 818808]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
    R1 MpKsl04123d34;MpKsl04123d34;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d73adac-88e3-458b-bdf4-badee417a9a7}\MpKsl04123d34.sys [2011-11-14 28752]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-5-2 136312]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-3-24 632792]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-27 105592]
    S1 MpKsl0f0c3e1c;MpKsl0f0c3e1c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{07eb4650-5f22-4e63-bc55-7a2a92e24f23}\mpksl0f0c3e1c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{07eb4650-5f22-4e63-bc55-7a2a92e24f23}\MpKsl0f0c3e1c.sys [?]
    S1 MpKsl30d8cb02;MpKsl30d8cb02;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{232f7192-3def-4499-801f-7ebb8b0b6405}\mpksl30d8cb02.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{232f7192-3def-4499-801f-7ebb8b0b6405}\MpKsl30d8cb02.sys [?]
    S1 MpKsl48b9934e;MpKsl48b9934e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1eb93fd3-242f-482e-b0fd-7078350786e3}\mpksl48b9934e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1eb93fd3-242f-482e-b0fd-7078350786e3}\MpKsl48b9934e.sys [?]
    S1 MpKsl672bbe59;MpKsl672bbe59;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3b523723-8764-46f1-9dcb-93729018f814}\mpksl672bbe59.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3b523723-8764-46f1-9dcb-93729018f814}\MpKsl672bbe59.sys [?]
    S1 MpKsl86ddbffd;MpKsl86ddbffd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{82445786-5392-4623-9e9f-516030f5bb2b}\mpksl86ddbffd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{82445786-5392-4623-9e9f-516030f5bb2b}\MpKsl86ddbffd.sys [?]
    S1 MpKsl8e7fd320;MpKsl8e7fd320;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b974220-eaea-4f1e-8285-dbdd4ac176cb}\mpksl8e7fd320.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b974220-eaea-4f1e-8285-dbdd4ac176cb}\MpKsl8e7fd320.sys [?]
    S1 MpKslb07c79e2;MpKslb07c79e2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f7a9094-aa07-4bbc-83f0-0d0f0b450137}\mpkslb07c79e2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f7a9094-aa07-4bbc-83f0-0d0f0b450137}\MpKslb07c79e2.sys [?]
    S1 MpKslbaa5ee26;MpKslbaa5ee26;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dc4f6741-d26f-4199-bad0-c46b77adfe9a}\mpkslbaa5ee26.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dc4f6741-d26f-4199-bad0-c46b77adfe9a}\MpKslbaa5ee26.sys [?]
    S1 MpKslc71cf596;MpKslc71cf596;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{26c16028-a7c5-4931-9c5e-600e81434195}\mpkslc71cf596.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{26c16028-a7c5-4931-9c5e-600e81434195}\MpKslc71cf596.sys [?]
    S1 MpKsld5e08379;MpKsld5e08379;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{464fba59-2470-466b-a6e8-947eabf8e3b8}\mpksld5e08379.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{464fba59-2470-466b-a6e8-947eabf8e3b8}\MpKsld5e08379.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
    S3 dfg;dfg;c:\windows\system32\drivers\dfg.sys [2011-3-24 23552]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-23 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
    S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20111021.030\IDSXpx86.sys [2011-10-21 356280]
    S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20111021.034\NAVENG.SYS [2011-10-22 86136]
    S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20111021.034\NAVEX15.SYS [2011-10-22 1576312]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\wpro_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-11-15 02:48:06 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d73adac-88e3-458b-bdf4-badee417a9a7}\MpKsl04123d34.sys
    2011-11-15 02:48:03 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d73adac-88e3-458b-bdf4-badee417a9a7}\offreg.dll
    2011-11-14 02:18:49 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d73adac-88e3-458b-bdf4-badee417a9a7}\mpengine.dll
    2011-11-11 01:36:31 388096 ----a-r- c:\documents and settings\lori\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-11-11 01:36:30 -------- d-----w- c:\program files\Trend Micro
    .
    ==================== Find3M ====================
    .
    2011-11-11 01:22:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 17:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
    2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    ============= FINISH: 19:56:41.08 ===============


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:54:35 PM, on 11/14/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\SpeedingUpMyPC\SPMTray.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    O2 - BHO: BHO Project - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - (no file)
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [SPMTray] C:\Program Files\SpeedingUpMyPC\SPMTray.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} (Wizard101GameLauncher) - https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google Inc. - (no file)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 8940 bytes




    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-15 13:23:49
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 SAMSUNG_HD161HJ rev.JF100-22
    Running: i6v8lwfy.exe; Driver: C:\DOCUME~1\Lori\LOCALS~1\Temp\uwldypob.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8A27FAA8 ZwAlertResumeThread
    SSDT 8A280E10 ZwAlertThread
    SSDT 8A091220 ZwAllocateVirtualMemory
    SSDT 8A1E7F80 ZwAssignProcessToJobObject
    SSDT 89AC96F0 ZwConnectPort
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB5E4D710]
    SSDT 8A2552F8 ZwCreateMutant
    SSDT 8A1736A0 ZwCreateSymbolicLinkObject
    SSDT 8A1195B8 ZwCreateThread
    SSDT 8A22F5F8 ZwDebugActiveProcess
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB5E4D990]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB5E4DEF0]
    SSDT 88F1D4A8 ZwDuplicateObject
    SSDT 8A1919A0 ZwFreeVirtualMemory
    SSDT 8A295840 ZwImpersonateAnonymousToken
    SSDT 8A288E90 ZwImpersonateThread
    SSDT 8A125AC0 ZwLoadDriver
    SSDT 8A118F10 ZwMapViewOfSection
    SSDT 8A26D550 ZwOpenEvent
    SSDT 8A17A2B8 ZwOpenProcess
    SSDT 8A4F8548 ZwOpenProcessToken
    SSDT 8A2493E8 ZwOpenSection
    SSDT 8A17AFC0 ZwOpenThread
    SSDT 8A080758 ZwProtectVirtualMemory
    SSDT 8A272438 ZwResumeThread
    SSDT 8A507CE8 ZwSetContextThread
    SSDT 8A1D4AB8 ZwSetInformationProcess
    SSDT 8A241800 ZwSetSystemInformation
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB5E4E140]
    SSDT 8A2768E8 ZwSuspendProcess
    SSDT 8A395240 ZwSuspendThread
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB5DB1640]
    SSDT 8A4A5E20 ZwTerminateThread
    SSDT 8A417788 ZwUnmapViewOfSection
    SSDT 8A136C50 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2578 80501DB0 4 Bytes [E8, 93, 24, 8A]
    .text ntkrnlpa.exe!ZwCallbackReturn + 26D8 80501F10 4 Bytes [E8, 7C, 50, 8A]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2778 80501FB0 8 Bytes CALL C0DA471D
    ? SYMDS.SYS The system cannot find the file specified. !
    ? SYMEFA.SYS The system cannot find the file specified. !
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9318380, 0x300577, 0xE8000020]
    ? C:\DOCUME~1\Lori\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\Explorer.EXE[156] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01A90350 C:\WINDOWS\system32\msnunperp.dll
    .text C:\WINDOWS\Explorer.EXE[156] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01A90A30 C:\WINDOWS\system32\msnunperp.dll
    .text C:\WINDOWS\Explorer.EXE[156] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 01A90490 C:\WINDOWS\system32\msnunperp.dll
    .text C:\WINDOWS\Explorer.EXE[156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01A82B70 C:\WINDOWS\system32\msnunperp.dll
    .text C:\WINDOWS\Explorer.EXE[156] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01A82E50 C:\WINDOWS\system32\msnunperp.dll
    .text C:\WINDOWS\Explorer.EXE[156] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 01A902D0 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2164] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 10010350 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2164] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 10010A30 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2164] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 10010490 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2164] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10002B70 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2164] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10002E50 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2164] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 100102D0 C:\WINDOWS\system32\msnunperp.dll
    .text C:\WINDOWS\system32\ctfmon.exe[2188] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 10010350 C:\WINDOWS\system32\msnunperp.dll
    .text C:\WINDOWS\system32\ctfmon.exe[2188] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 10010A30 C:\WINDOWS\system32\msnunperp.dll
    .text C:\WINDOWS\system32\ctfmon.exe[2188] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 10010490 C:\WINDOWS\system32\msnunperp.dll
    .text C:\WINDOWS\system32\ctfmon.exe[2188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10002B70 C:\WINDOWS\system32\msnunperp.dll
    .text C:\WINDOWS\system32\ctfmon.exe[2188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10002E50 C:\WINDOWS\system32\msnunperp.dll
    .text C:\WINDOWS\system32\ctfmon.exe[2188] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 100102D0 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe[2260] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 10010350 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe[2260] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 10010A30 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe[2260] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 10010490 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe[2260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10002B70 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe[2260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10002E50 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe[2260] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 100102D0 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2688] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 04A50350 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2688] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 04A50A30 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2688] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 04A50490 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 04A42B70 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 04A42E50 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2688] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 04A502D0 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Documents and Settings\Lori\Desktop\i6v8lwfy.exe[3472] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 10010350 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Documents and Settings\Lori\Desktop\i6v8lwfy.exe[3472] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 10010A30 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Documents and Settings\Lori\Desktop\i6v8lwfy.exe[3472] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 10010490 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Documents and Settings\Lori\Desktop\i6v8lwfy.exe[3472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10002B70 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Documents and Settings\Lori\Desktop\i6v8lwfy.exe[3472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10002E50 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Documents and Settings\Lori\Desktop\i6v8lwfy.exe[3472] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 100102D0 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3688] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00AF0350 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3688] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00AF0A30 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3688] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00AF0490 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AE2B70 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AE2E50 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3688] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 00AF02D0 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3856] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 10010350 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3856] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 10010A30 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3856] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 10010490 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10002B70 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10002E50 C:\WINDOWS\system32\msnunperp.dll
    .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3856] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 100102D0 C:\WINDOWS\system32\msnunperp.dll

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device B37F3D20
    Device B3803428

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    ---- Processes - GMER 1.0.15 ----

    Library C:\WINDOWS\system32\msnunperp.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [156] 0x01A80000

    Process C:\Program Files\Bvmrfgwrfeypui\kjduznoe.exe (*** hidden *** ) 1692
    Library C:\WINDOWS\system32\msnunperp.dll (*** hidden *** ) @ C:\Program Files\Bvmrfgwrfeypui\kjduznoe.exe [1692] 0x10000000

    Process C:\Program Files\Bvmrfgwrfeypui\kjduznoe.exe (*** hidden *** ) 1864
    Library C:\WINDOWS\system32\msnunperp.dll (*** hidden *** ) @ C:\Program Files\Bvmrfgwrfeypui\kjduznoe.exe [1864] 0x10000000
    Library C:\WINDOWS\system32\msnunperp.dll (*** hidden *** ) @ C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2164] 0x10000000
    Library C:\WINDOWS\system32\msnunperp.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [2188] 0x10000000
    Library C:\WINDOWS\system32\msnunperp.dll (*** hidden *** ) @ C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2260] 0x10000000
    Library C:\WINDOWS\system32\msnunperp.dll (*** hidden *** ) @ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2688] 0x04A40000
    Library C:\WINDOWS\system32\msnunperp.dll (*** hidden *** ) @ C:\Documents and Settings\Lori\Desktop\i6v8lwfy.exe [3472] 0x10000000
    Library C:\WINDOWS\system32\msnunperp.dll (*** hidden *** ) @ C:\Program Files\Microsoft Security Client\msseces.exe [3688] 0x00AE0000
    Library C:\WINDOWS\system32\msnunperp.dll (*** hidden *** ) @ C:\Program Files\Common Files\Java\Java Update\jucheck.exe [3856] 0x10000000

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] C:\Program Files\Bvmrfgwrfeypui\kjduznoe.exe kj
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\[email protected] C:\Program Files\Bvmrfgwrfeypui\kjduznoe.exe kj

    ---- Files - GMER 1.0.15 ----

    File C:\Program Files\Bvmrfgwrfeypui 0 bytes
    File C:\Program Files\Bvmrfgwrfeypui\kjduznoe.exe 2289172 bytes executable
    File C:\Program Files\Bvmrfgwrfeypui\Log 0 bytes
    File C:\Program Files\Bvmrfgwrfeypui\Log\Audio 0 bytes
    File C:\Program Files\Bvmrfgwrfeypui\Log\Text 0 bytes
    File C:\Program Files\Bvmrfgwrfeypui\Log\Text\aiotxt.dat 228731 bytes
    File C:\Program Files\Bvmrfgwrfeypui\Log\Visual 0 bytes
    File C:\Program Files\Bvmrfgwrfeypui\Log\Visual\05112011.dat 53390547 bytes
    File C:\Program Files\Bvmrfgwrfeypui\Log\Visual\05122011.dat 9797675 bytes
    File C:\Program Files\Bvmrfgwrfeypui\Log\Visual\05132011.dat 27950246 bytes
    File C:\Program Files\Bvmrfgwrfeypui\Log\Visual\05142011.dat 504169770 bytes
    File C:\Program Files\Bvmrfgwrfeypui\Log\Visual\05152011.dat 775478026 bytes
    File C:\Program Files\Bvmrfgwrfeypui\Log\Visual\05162011.dat 6818439 bytes
    File C:\Program Files\Bvmrfgwrfeypui\Log\Visual\05172011.dat 319412736 bytes
    File C:\Program Files\Bvmrfgwrfeypui\unins000.dat 18194 bytes
    File C:\Program Files\Bvmrfgwrfeypui\unins000.exe 708211 bytes
    File C:\WINDOWS\system32\msnunperp.dll 155648 bytes executable

    ---- EOF - GMER 1.0.15 ----
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome to TSG!

    All those installed registry cleaners and multiple antivirus programs was a bad idea.
    You will only need one antivirus program. And registry "cleaners" are pretty useless and dangerous to a system.

    We will need to uninstall those.

    For the antivirus, do you want to keep Microsoft Security Essentials or Norton? Personally I would keep the Microsoft one.

    Please do this next...

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Remember to re-enable the protection again afterwards before connecting to the Internet.
    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
     
  3. harkley

    harkley Thread Starter

    Joined:
    Nov 9, 2011
    Messages:
    43
    OK, I think we will keep MS Security Essentials as that one appears to be free. Norton has ran out and it costs money to renew. I got a bit confused on how to save to the desktop but I got a Combofix shortcut icon and installed the recovery console and ran the scan. I copied and pasted from the notepad. Is that sufficient?


    ComboFix 11-11-16.02 - Lori 11/16/2011 19:16:09.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1402 [GMT -7:00]
    Running from: c:\documents and settings\Lori\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\8927A071.TMP
    c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
    c:\documents and settings\Guest\Application Data\PCFix
    c:\documents and settings\Guest\Application Data\PCFix\log.dat
    c:\documents and settings\Guest\Application Data\PCFix\unresolvederrors.dat
    c:\documents and settings\Lori\Application Data\EurekaLog
    c:\documents and settings\Lori\Application Data\PCFix
    c:\documents and settings\Lori\Application Data\PCFix\log.dat
    c:\documents and settings\Lori\Application Data\PCFix\unresolvederrors.dat
    c:\program files\Object
    c:\program files\Object\config.ini
    c:\windows\system32\drivers\dfg.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_dfg
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-17 02:22 . 2011-11-17 02:22 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
    2011-11-17 02:22 . 2011-11-17 02:22 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
    2011-11-17 02:22 . 2011-11-17 02:22 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
    2011-11-17 02:22 . 2011-11-17 02:22 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
    2011-11-17 02:22 . 2011-11-17 02:22 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
    2011-11-17 02:22 . 2011-11-17 02:22 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
    2011-11-17 02:22 . 2011-11-17 02:22 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
    2011-11-17 02:22 . 2011-11-17 02:22 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
    2011-11-17 02:22 . 2011-11-17 02:22 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
    2011-11-17 02:22 . 2011-11-17 02:22 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
    2011-11-17 02:22 . 2011-11-17 02:22 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
    2011-11-17 02:22 . 2011-11-17 02:22 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
    2011-11-17 02:21 . 2011-11-17 02:21 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
    2011-11-17 02:21 . 2011-11-17 02:21 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
    2011-11-17 02:21 . 2011-11-17 02:21 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
    2011-11-17 02:21 . 2011-11-17 02:21 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
    2011-11-17 02:21 . 2011-11-17 02:21 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
    2011-11-17 02:21 . 2011-11-17 02:21 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5F2B0EA-75BC-498C-B5F4-3D447AB3664C}\offreg.dll
    2011-11-15 02:59 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5F2B0EA-75BC-498C-B5F4-3D447AB3664C}\mpengine.dll
    2011-11-11 01:36 . 2011-11-11 01:36 388096 ----a-r- c:\documents and settings\Lori\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-11 01:36 . 2011-11-11 01:36 -------- d-----w- c:\program files\Trend Micro
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-11 01:22 . 2011-05-27 01:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22 . 2004-08-10 18:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-07 03:48 . 2011-09-05 04:10 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-09-28 07:06 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 17:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 17:41 . 2004-08-10 17:51 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 17:41 . 2004-08-10 17:51 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-16 17:22 . 2011-05-03 18:52 664 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\d3d9caps.tmp
    2011-09-06 13:20 . 2004-08-10 17:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-22 23:48 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-11 01:22 . 2011-05-07 06:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-10 4615552]
    "SPMTray"="c:\program files\SpeedingUpMyPC\SPMTray.exe" [2010-12-09 539408]
    "pxswo"="c:\program files\Bvmrfgwrfeypui\kjduznoe.exe" [2006-09-05 2289172]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16859648]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-07 8466432]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "pxswo"="c:\program files\Bvmrfgwrfeypui\kjduznoe.exe" [2006-09-05 2289172]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2011-04-22 24216]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2004-6-16 147456]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-09 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
    "c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\NFS11.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\symds.sys [5/2/2011 4:15 PM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\symefa.sys [5/2/2011 4:15 PM 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111014.001\BHDrvx86.sys [10/14/2011 4:10 PM 818808]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 11:25 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67664]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\ironx86.sys [5/2/2011 4:15 PM 136312]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 10:48 AM 116608]
    R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [5/2/2011 4:12 PM 130008]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [3/24/2011 10:04 AM 632792]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/27/2011 4:25 PM 105592]
    S1 MpKsl0f0c3e1c;MpKsl0f0c3e1c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{07EB4650-5F22-4E63-BC55-7A2A92E24F23}\MpKsl0f0c3e1c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{07EB4650-5F22-4E63-BC55-7A2A92E24F23}\MpKsl0f0c3e1c.sys [?]
    S1 MpKsl30d8cb02;MpKsl30d8cb02;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{232F7192-3DEF-4499-801F-7EBB8B0B6405}\MpKsl30d8cb02.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{232F7192-3DEF-4499-801F-7EBB8B0B6405}\MpKsl30d8cb02.sys [?]
    S1 MpKsl48b9934e;MpKsl48b9934e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1EB93FD3-242F-482E-B0FD-7078350786E3}\MpKsl48b9934e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1EB93FD3-242F-482E-B0FD-7078350786E3}\MpKsl48b9934e.sys [?]
    S1 MpKsl635c5017;MpKsl635c5017;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5F2B0EA-75BC-498C-B5F4-3D447AB3664C}\MpKsl635c5017.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5F2B0EA-75BC-498C-B5F4-3D447AB3664C}\MpKsl635c5017.sys [?]
    S1 MpKsl672bbe59;MpKsl672bbe59;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3B523723-8764-46F1-9DCB-93729018F814}\MpKsl672bbe59.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3B523723-8764-46F1-9DCB-93729018F814}\MpKsl672bbe59.sys [?]
    S1 MpKsl86ddbffd;MpKsl86ddbffd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82445786-5392-4623-9E9F-516030F5BB2B}\MpKsl86ddbffd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82445786-5392-4623-9E9F-516030F5BB2B}\MpKsl86ddbffd.sys [?]
    S1 MpKsl8e7fd320;MpKsl8e7fd320;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B974220-EAEA-4F1E-8285-DBDD4AC176CB}\MpKsl8e7fd320.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B974220-EAEA-4F1E-8285-DBDD4AC176CB}\MpKsl8e7fd320.sys [?]
    S1 MpKslb07c79e2;MpKslb07c79e2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F7A9094-AA07-4BBC-83F0-0D0F0B450137}\MpKslb07c79e2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F7A9094-AA07-4BBC-83F0-0D0F0B450137}\MpKslb07c79e2.sys [?]
    S1 MpKslbaa5ee26;MpKslbaa5ee26;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC4F6741-D26F-4199-BAD0-C46B77ADFE9A}\MpKslbaa5ee26.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC4F6741-D26F-4199-BAD0-C46B77ADFE9A}\MpKslbaa5ee26.sys [?]
    S1 MpKslc71cf596;MpKslc71cf596;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{26C16028-A7C5-4931-9C5E-600E81434195}\MpKslc71cf596.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{26C16028-A7C5-4931-9C5E-600E81434195}\MpKslc71cf596.sys [?]
    S1 MpKsld5e08379;MpKsld5e08379;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{464FBA59-2470-466B-A6E8-947EABF8E3B8}\MpKsld5e08379.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{464FBA59-2470-466B-A6E8-947EABF8E3B8}\MpKsld5e08379.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 4:17 PM 135664]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/23/2008 9:20 PM 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 4:17 PM 135664]
    S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111021.030\IDSXpx86.sys [10/21/2011 5:06 PM 356280]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34]
    .
    2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 23:17]
    .
    2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 23:17]
    .
    2011-11-17 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 21:39]
    .
    2011-10-20 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
    .
    2011-11-16 c:\windows\Tasks\RegCure Program Check.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
    .
    2011-11-13 c:\windows\Tasks\RegCure.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
    .
    2011-11-16 c:\windows\Tasks\RMSchedule.job
    - c:\program files\Registry Mechanic\RegMech.exe [2011-03-24 19:11]
    .
    2011-11-17 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
    .
    2011-11-17 c:\windows\Tasks\User_Feed_Synchronization-{4F00B7CA-663E-4860-8CD1-EA2CC7565F86}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
    .
    2011-11-17 c:\windows\Tasks\User_Feed_Synchronization-{56102F00-5FC7-4B76-A4A5-9FAADFD73A8E}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com
    mStart Page = hxxp://www.startsearcher.com
    mSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
    FF - ProfilePath - c:\documents and settings\Lori\Application Data\Mozilla\Firefox\Profiles\mj0ythcw.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-16 19:22
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(668)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(2500)
    c:\windows\system32\WININET.dll
    c:\windows\system32\msnunperp.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    c:\windows\system32\HPZipm12.exe
    c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-16 19:26:53 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-17 02:26
    .
    Pre-Run: 108,596,752,384 bytes free
    Post-Run: 109,686,722,560 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 6DFB802DA8143180A0DE0A0E43676143
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Yes, that's good.

    The following programs should be uninstalled then. This can be done via Control Panel > Add or Remove Programs:

    Eusing Free Registry Cleaner
    Free Registry Defrag
    Free Window Registry Repair
    Norton Internet Security
    Norton Security Scan
    Registry Mechanic 10.0
    RegZooka v2.7
    SpeedingUpMyPC v2.2



    Then proceed to the next step:

    Please run the following:

    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


      [​IMG]

    • If an infected file is detected, the default action will be Cure, click on Continue.


      [​IMG]

    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      [​IMG]

    • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


    Then proceed to this step:

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
     
  5. harkley

    harkley Thread Starter

    Joined:
    Nov 9, 2011
    Messages:
    43
    I just ran tdss killer and I was able to get a report and I highlighted the report but I can not get to copy by right click. Is there another way to copy?
     
  6. harkley

    harkley Thread Starter

    Joined:
    Nov 9, 2011
    Messages:
    43
    Oh! I just realized how late it is, and it is obviously much later in NY, so I will quit for tonight and check tomorrow for your response. I am not sure why I can't copy that report. I am able to highlight it from top to bottom but when I right click nothing happens.
     
  7. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Good morning!

    Are you able to copy it by pressing Ctrl+C?

    Then paste with Ctrl+V
     
  8. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,962
    First Name:
    Frank
    It's unknown how much file and registry damage may have been done to Windows XP and to some of your programs by using all these registry cleaner/booster/optimizer/tuneup utilities.

    I'm going to wait until Cheeseball81 is finished with you.

    Your best option may be to do a hard drive format and clean reinstall of Windows XP and get a fresh start.

    CCleaner

    Eusing Free Registry Cleaner

    Free Registry Defrag

    Free Windows Registry Repair

    Registry Mechanic

    RegZooka

    SpeedingUpMyPC

    Wise PC Engineer

    ---------------------------------------------------
     
  9. harkley

    harkley Thread Starter

    Joined:
    Nov 9, 2011
    Messages:
    43
    I cannot copy that tdss report. I tried ctrl+c and nothing happens. I noticed that gmer, dds, and hijack this automatically provided notepad pages with the log report on that so it was easy to copy and paste. I have spent a considerable amount of time today looking for that report elsewhere. My computer skills are limited. The dds, attach, hijack this, ark, logs are all in my documents, but I am not seeing the tdss report anywhere. I have closed the report window now. What do you recommend?
     
  10. harkley

    harkley Thread Starter

    Joined:
    Nov 9, 2011
    Messages:
    43
    Ok I found that tdss text document and I will copy and paste it in just a moment. I am going to go check your directions and see if I need to run MBAM now. Sorry that took so long.
     
  11. harkley

    harkley Thread Starter

    Joined:
    Nov 9, 2011
    Messages:
    43
    22:41:21.0383 0932 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
    22:41:21.0834 0932 ============================================================
    22:41:21.0834 0932 Current date / time: 2011/11/16 22:41:21.0834
    22:41:21.0834 0932 SystemInfo:
    22:41:21.0834 0932
    22:41:21.0834 0932 OS Version: 5.1.2600 ServicePack: 3.0
    22:41:21.0834 0932 Product type: Workstation
    22:41:21.0834 0932 ComputerName: WINDOWSXP
    22:41:21.0834 0932 UserName: Lori
    22:41:21.0834 0932 Windows directory: C:\WINDOWS
    22:41:21.0834 0932 System windows directory: C:\WINDOWS
    22:41:21.0834 0932 Processor architecture: Intel x86
    22:41:21.0834 0932 Number of processors: 1
    22:41:21.0834 0932 Page size: 0x1000
    22:41:21.0834 0932 Boot type: Normal boot
    22:41:21.0834 0932 ============================================================
    22:41:22.0795 0932 Initialize success
    22:44:36.0614 2132 ============================================================
    22:44:36.0614 2132 Scan started
    22:44:36.0614 2132 Mode: Manual;
    22:44:36.0614 2132 ============================================================
    22:44:37.0285 2132 Abiosdsk - ok
    22:44:37.0335 2132 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    22:44:37.0335 2132 abp480n5 - ok
    22:44:37.0385 2132 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    22:44:37.0385 2132 ACPI - ok
    22:44:37.0435 2132 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    22:44:37.0435 2132 ACPIEC - ok
    22:44:37.0455 2132 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    22:44:37.0465 2132 adpu160m - ok
    22:44:37.0495 2132 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    22:44:37.0495 2132 aec - ok
    22:44:37.0545 2132 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    22:44:37.0545 2132 AFD - ok
    22:44:37.0575 2132 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    22:44:37.0585 2132 agp440 - ok
    22:44:37.0605 2132 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    22:44:37.0605 2132 agpCPQ - ok
    22:44:37.0615 2132 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    22:44:37.0615 2132 Aha154x - ok
    22:44:37.0665 2132 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    22:44:37.0675 2132 aic78u2 - ok
    22:44:37.0695 2132 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    22:44:37.0695 2132 aic78xx - ok
    22:44:37.0725 2132 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    22:44:37.0725 2132 AliIde - ok
    22:44:37.0746 2132 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    22:44:37.0746 2132 alim1541 - ok
    22:44:37.0766 2132 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    22:44:37.0766 2132 amdagp - ok
    22:44:37.0786 2132 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    22:44:37.0786 2132 amsint - ok
    22:44:37.0816 2132 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    22:44:37.0816 2132 asc - ok
    22:44:37.0836 2132 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    22:44:37.0836 2132 asc3350p - ok
    22:44:37.0856 2132 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    22:44:37.0856 2132 asc3550 - ok
    22:44:37.0896 2132 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
    22:44:37.0896 2132 ASCTRM - ok
    22:44:37.0956 2132 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    22:44:37.0956 2132 AsyncMac - ok
    22:44:37.0996 2132 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    22:44:37.0996 2132 atapi - ok
    22:44:38.0006 2132 Atdisk - ok
    22:44:38.0036 2132 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    22:44:38.0056 2132 Atmarpc - ok
    22:44:38.0126 2132 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    22:44:38.0126 2132 audstub - ok
    22:44:38.0146 2132 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    22:44:38.0146 2132 Beep - ok
    22:44:38.0166 2132 catchme - ok
    22:44:38.0206 2132 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    22:44:38.0206 2132 cbidf - ok
    22:44:38.0216 2132 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    22:44:38.0216 2132 cbidf2k - ok
    22:44:38.0266 2132 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    22:44:38.0266 2132 CCDECODE - ok
    22:44:38.0286 2132 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    22:44:38.0286 2132 cd20xrnt - ok
    22:44:38.0306 2132 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    22:44:38.0306 2132 Cdaudio - ok
    22:44:38.0316 2132 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    22:44:38.0316 2132 Cdfs - ok
    22:44:38.0346 2132 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    22:44:38.0346 2132 Cdrom - ok
    22:44:38.0356 2132 Changer - ok
    22:44:38.0386 2132 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    22:44:38.0386 2132 CmdIde - ok
    22:44:38.0437 2132 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    22:44:38.0437 2132 Cpqarray - ok
    22:44:38.0477 2132 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    22:44:38.0477 2132 dac2w2k - ok
    22:44:38.0507 2132 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    22:44:38.0507 2132 dac960nt - ok
    22:44:38.0517 2132 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    22:44:38.0527 2132 Disk - ok
    22:44:38.0567 2132 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    22:44:38.0577 2132 dmboot - ok
    22:44:38.0597 2132 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    22:44:38.0597 2132 dmio - ok
    22:44:38.0617 2132 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    22:44:38.0617 2132 dmload - ok
    22:44:38.0657 2132 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    22:44:38.0657 2132 DMusic - ok
    22:44:38.0697 2132 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    22:44:38.0697 2132 dpti2o - ok
    22:44:38.0707 2132 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    22:44:38.0707 2132 drmkaud - ok
    22:44:38.0727 2132 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    22:44:38.0727 2132 E100B - ok
    22:44:38.0737 2132 EagleNT - ok
    22:44:38.0787 2132 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    22:44:38.0787 2132 Fastfat - ok
    22:44:38.0817 2132 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    22:44:38.0817 2132 Fdc - ok
    22:44:38.0857 2132 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    22:44:38.0857 2132 Fips - ok
    22:44:38.0887 2132 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    22:44:38.0887 2132 Flpydisk - ok
    22:44:38.0917 2132 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    22:44:38.0927 2132 FltMgr - ok
    22:44:38.0947 2132 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    22:44:38.0947 2132 Fs_Rec - ok
    22:44:38.0957 2132 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    22:44:38.0967 2132 Ftdisk - ok
    22:44:39.0007 2132 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    22:44:39.0007 2132 GEARAspiWDM - ok
    22:44:39.0057 2132 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    22:44:39.0057 2132 Gpc - ok
    22:44:39.0087 2132 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    22:44:39.0087 2132 HDAudBus - ok
    22:44:39.0107 2132 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    22:44:39.0107 2132 HidUsb - ok
    22:44:39.0148 2132 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    22:44:39.0148 2132 hpn - ok
    22:44:39.0188 2132 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    22:44:39.0188 2132 HPZid412 - ok
    22:44:39.0208 2132 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    22:44:39.0208 2132 HPZipr12 - ok
    22:44:39.0238 2132 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    22:44:39.0238 2132 HPZius12 - ok
    22:44:39.0288 2132 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    22:44:39.0288 2132 HSFHWBS2 - ok
    22:44:39.0328 2132 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    22:44:39.0338 2132 HSF_DP - ok
    22:44:39.0388 2132 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    22:44:39.0398 2132 HTTP - ok
    22:44:39.0408 2132 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    22:44:39.0418 2132 i2omgmt - ok
    22:44:39.0428 2132 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    22:44:39.0438 2132 i2omp - ok
    22:44:39.0438 2132 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    22:44:39.0448 2132 i8042prt - ok
    22:44:39.0488 2132 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    22:44:39.0488 2132 Imapi - ok
    22:44:39.0528 2132 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    22:44:39.0528 2132 ini910u - ok
    22:44:39.0698 2132 IntcAzAudAddService (dbc702fbc70dc58d9122ce56eadbd659) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    22:44:39.0728 2132 IntcAzAudAddService - ok
    22:44:39.0788 2132 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    22:44:39.0788 2132 IntelIde - ok
    22:44:39.0808 2132 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    22:44:39.0818 2132 intelppm - ok
    22:44:39.0829 2132 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    22:44:39.0829 2132 Ip6Fw - ok
    22:44:39.0839 2132 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    22:44:39.0839 2132 IpFilterDriver - ok
    22:44:39.0859 2132 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    22:44:39.0859 2132 IpInIp - ok
    22:44:39.0899 2132 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    22:44:39.0899 2132 IpNat - ok
    22:44:39.0919 2132 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    22:44:39.0919 2132 IPSec - ok
    22:44:39.0949 2132 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    22:44:39.0949 2132 IRENUM - ok
    22:44:39.0989 2132 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    22:44:39.0989 2132 isapnp - ok
    22:44:40.0009 2132 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    22:44:40.0009 2132 Kbdclass - ok
    22:44:40.0029 2132 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    22:44:40.0029 2132 kbdhid - ok
    22:44:40.0059 2132 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    22:44:40.0059 2132 kmixer - ok
    22:44:40.0089 2132 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    22:44:40.0089 2132 KSecDD - ok
    22:44:40.0099 2132 lbrtfdc - ok
    22:44:40.0159 2132 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    22:44:40.0159 2132 mdmxsdk - ok
    22:44:40.0179 2132 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    22:44:40.0179 2132 mnmdd - ok
    22:44:40.0209 2132 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    22:44:40.0209 2132 Modem - ok
    22:44:40.0239 2132 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    22:44:40.0239 2132 MODEMCSA - ok
    22:44:40.0249 2132 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    22:44:40.0249 2132 Mouclass - ok
    22:44:40.0279 2132 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    22:44:40.0279 2132 mouhid - ok
    22:44:40.0289 2132 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    22:44:40.0299 2132 MountMgr - ok
    22:44:40.0319 2132 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
    22:44:40.0329 2132 MPE - ok
    22:44:40.0379 2132 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    22:44:40.0379 2132 MpFilter - ok
    22:44:40.0489 2132 MpKsl0f0c3e1c - ok
    22:44:40.0499 2132 MpKsl30d8cb02 - ok
    22:44:40.0509 2132 MpKsl48b9934e - ok
    22:44:40.0509 2132 MpKsl635c5017 - ok
    22:44:40.0519 2132 MpKsl672bbe59 - ok
    22:44:40.0530 2132 MpKsl86ddbffd - ok
    22:44:40.0540 2132 MpKsl8e7fd320 - ok
    22:44:40.0590 2132 MpKslab499619 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C678AFEB-6A8E-4A51-9999-BA26EA8336DF}\MpKslab499619.sys
    22:44:40.0590 2132 MpKslab499619 - ok
    22:44:40.0600 2132 MpKslb07c79e2 - ok
    22:44:40.0600 2132 MpKslbaa5ee26 - ok
    22:44:40.0610 2132 MpKslc71cf596 - ok
    22:44:40.0620 2132 MpKsld5e08379 - ok
    22:44:40.0680 2132 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    22:44:40.0680 2132 mraid35x - ok
    22:44:40.0700 2132 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    22:44:40.0700 2132 MRxDAV - ok
    22:44:40.0760 2132 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    22:44:40.0760 2132 MRxSmb - ok
    22:44:40.0780 2132 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    22:44:40.0780 2132 Msfs - ok
    22:44:40.0820 2132 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    22:44:40.0820 2132 MSKSSRV - ok
    22:44:40.0840 2132 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    22:44:40.0840 2132 MSPCLOCK - ok
    22:44:40.0850 2132 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    22:44:40.0850 2132 MSPQM - ok
    22:44:40.0880 2132 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    22:44:40.0880 2132 mssmbios - ok
    22:44:40.0920 2132 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    22:44:40.0920 2132 MSTEE - ok
    22:44:40.0950 2132 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    22:44:40.0950 2132 Mup - ok
    22:44:40.0980 2132 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    22:44:40.0990 2132 NABTSFEC - ok
    22:44:41.0020 2132 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    22:44:41.0020 2132 NDIS - ok
    22:44:41.0060 2132 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    22:44:41.0060 2132 NdisIP - ok
    22:44:41.0100 2132 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    22:44:41.0100 2132 NdisTapi - ok
    22:44:41.0130 2132 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    22:44:41.0130 2132 Ndisuio - ok
    22:44:41.0140 2132 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    22:44:41.0140 2132 NdisWan - ok
    22:44:41.0170 2132 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    22:44:41.0170 2132 NDProxy - ok
    22:44:41.0180 2132 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    22:44:41.0180 2132 NetBIOS - ok
    22:44:41.0221 2132 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    22:44:41.0221 2132 NetBT - ok
    22:44:41.0271 2132 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    22:44:41.0281 2132 Npfs - ok
    22:44:41.0321 2132 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    22:44:41.0331 2132 Ntfs - ok
    22:44:41.0371 2132 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    22:44:41.0371 2132 Null - ok
    22:44:41.0591 2132 nv (cce4877e45f5300fffbb4a6bc5e7fda7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    22:44:41.0741 2132 nv - ok
    22:44:41.0891 2132 NVENETFD (1492c7738f68625805f5f53c8bad24c6) C:\WINDOWS\system32\drivers\NVENETFD.sys
    22:44:41.0891 2132 NVENETFD - ok
    22:44:41.0911 2132 nvnetbus (ae73e61f07ddc84255bece6b02f18390) C:\WINDOWS\system32\drivers\nvnetbus.sys
    22:44:41.0911 2132 nvnetbus - ok
    22:44:41.0962 2132 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    22:44:41.0962 2132 NwlnkFlt - ok
    22:44:41.0982 2132 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    22:44:41.0982 2132 NwlnkFwd - ok
    22:44:42.0022 2132 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    22:44:42.0022 2132 Parport - ok
    22:44:42.0062 2132 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    22:44:42.0062 2132 PartMgr - ok
    22:44:42.0092 2132 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    22:44:42.0092 2132 ParVdm - ok
    22:44:42.0112 2132 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    22:44:42.0112 2132 PCI - ok
    22:44:42.0122 2132 PCIDump - ok
    22:44:42.0132 2132 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    22:44:42.0132 2132 PCIIde - ok
    22:44:42.0162 2132 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    22:44:42.0162 2132 Pcmcia - ok
    22:44:42.0172 2132 PDCOMP - ok
    22:44:42.0182 2132 PDFRAME - ok
    22:44:42.0202 2132 PDRELI - ok
    22:44:42.0212 2132 PDRFRAME - ok
    22:44:42.0242 2132 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    22:44:42.0242 2132 perc2 - ok
    22:44:42.0262 2132 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    22:44:42.0262 2132 perc2hib - ok
    22:44:42.0322 2132 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    22:44:42.0322 2132 PptpMiniport - ok
    22:44:42.0342 2132 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    22:44:42.0342 2132 Processor - ok
    22:44:42.0362 2132 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    22:44:42.0362 2132 PSched - ok
    22:44:42.0372 2132 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    22:44:42.0372 2132 Ptilink - ok
    22:44:42.0402 2132 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    22:44:42.0402 2132 ql1080 - ok
    22:44:42.0422 2132 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    22:44:42.0422 2132 Ql10wnt - ok
    22:44:42.0442 2132 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    22:44:42.0452 2132 ql12160 - ok
    22:44:42.0472 2132 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    22:44:42.0472 2132 ql1240 - ok
    22:44:42.0492 2132 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    22:44:42.0492 2132 ql1280 - ok
    22:44:42.0522 2132 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    22:44:42.0522 2132 RasAcd - ok
    22:44:42.0552 2132 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    22:44:42.0552 2132 Rasl2tp - ok
    22:44:42.0562 2132 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    22:44:42.0562 2132 RasPppoe - ok
    22:44:42.0582 2132 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    22:44:42.0582 2132 Raspti - ok
    22:44:42.0602 2132 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    22:44:42.0613 2132 Rdbss - ok
    22:44:42.0623 2132 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    22:44:42.0623 2132 RDPCDD - ok
    22:44:42.0653 2132 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    22:44:42.0663 2132 rdpdr - ok
    22:44:42.0713 2132 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    22:44:42.0723 2132 RDPWD - ok
    22:44:42.0753 2132 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    22:44:42.0753 2132 redbook - ok
    22:44:42.0903 2132 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    22:44:42.0903 2132 SASDIFSV - ok
    22:44:42.0913 2132 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    22:44:42.0913 2132 SASKUTIL - ok
    22:44:42.0973 2132 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    22:44:42.0973 2132 Secdrv - ok
    22:44:43.0003 2132 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    22:44:43.0003 2132 serenum - ok
    22:44:43.0043 2132 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    22:44:43.0043 2132 Serial - ok
    22:44:43.0073 2132 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    22:44:43.0073 2132 Sfloppy - ok
    22:44:43.0093 2132 Simbad - ok
    22:44:43.0123 2132 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    22:44:43.0123 2132 sisagp - ok
    22:44:43.0143 2132 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    22:44:43.0143 2132 SLIP - ok
    22:44:43.0163 2132 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    22:44:43.0163 2132 Sparrow - ok
    22:44:43.0203 2132 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    22:44:43.0203 2132 splitter - ok
    22:44:43.0233 2132 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    22:44:43.0243 2132 sr - ok
    22:44:43.0293 2132 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    22:44:43.0303 2132 Srv - ok
    22:44:43.0344 2132 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    22:44:43.0344 2132 streamip - ok
    22:44:43.0374 2132 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    22:44:43.0384 2132 swenum - ok
    22:44:43.0394 2132 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    22:44:43.0394 2132 swmidi - ok
    22:44:43.0434 2132 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    22:44:43.0434 2132 symc810 - ok
    22:44:43.0454 2132 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    22:44:43.0464 2132 symc8xx - ok
    22:44:43.0484 2132 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    22:44:43.0484 2132 sym_hi - ok
    22:44:43.0494 2132 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    22:44:43.0494 2132 sym_u3 - ok
    22:44:43.0524 2132 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    22:44:43.0524 2132 sysaudio - ok
    22:44:43.0594 2132 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    22:44:43.0594 2132 Tcpip - ok
    22:44:43.0624 2132 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    22:44:43.0634 2132 TDPIPE - ok
    22:44:43.0654 2132 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    22:44:43.0654 2132 TDTCP - ok
    22:44:43.0664 2132 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    22:44:43.0664 2132 TermDD - ok
    22:44:43.0694 2132 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    22:44:43.0694 2132 TosIde - ok
    22:44:43.0734 2132 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    22:44:43.0734 2132 Udfs - ok
    22:44:43.0754 2132 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    22:44:43.0754 2132 ultra - ok
    22:44:43.0794 2132 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    22:44:43.0804 2132 Update - ok
    22:44:43.0864 2132 USB28xxBGA (01f43ddc94653cd68d2794ec4500debc) C:\WINDOWS\system32\DRIVERS\emBDA.sys
    22:44:43.0864 2132 USB28xxBGA - ok
    22:44:43.0894 2132 USB28xxOEM (f887c3eee7abacd594b5f73b862c45fc) C:\WINDOWS\system32\DRIVERS\emOEM.sys
    22:44:43.0894 2132 USB28xxOEM - ok
    22:44:43.0934 2132 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
    22:44:43.0954 2132 USBAAPL - ok
    22:44:43.0974 2132 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    22:44:43.0974 2132 usbaudio - ok
    22:44:43.0994 2132 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    22:44:44.0005 2132 usbccgp - ok
    22:44:44.0035 2132 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    22:44:44.0035 2132 usbehci - ok
    22:44:44.0045 2132 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    22:44:44.0045 2132 usbhub - ok
    22:44:44.0055 2132 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    22:44:44.0065 2132 usbohci - ok
    22:44:44.0095 2132 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    22:44:44.0095 2132 usbprint - ok
    22:44:44.0125 2132 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    22:44:44.0125 2132 usbscan - ok
    22:44:44.0145 2132 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    22:44:44.0145 2132 USBSTOR - ok
    22:44:44.0175 2132 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    22:44:44.0175 2132 usbuhci - ok
    22:44:44.0215 2132 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    22:44:44.0215 2132 VgaSave - ok
    22:44:44.0245 2132 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    22:44:44.0245 2132 viaagp - ok
    22:44:44.0265 2132 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    22:44:44.0265 2132 ViaIde - ok
    22:44:44.0295 2132 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    22:44:44.0305 2132 VolSnap - ok
    22:44:44.0335 2132 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    22:44:44.0335 2132 Wanarp - ok
    22:44:44.0375 2132 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    22:44:44.0375 2132 wanatw - ok
    22:44:44.0385 2132 WDICA - ok
    22:44:44.0425 2132 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    22:44:44.0425 2132 wdmaud - ok
    22:44:44.0465 2132 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    22:44:44.0475 2132 winachsf - ok
    22:44:44.0515 2132 WPRO_40_1340 - ok
    22:44:44.0555 2132 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    22:44:44.0555 2132 WSTCODEC - ok
    22:44:44.0605 2132 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    22:44:44.0605 2132 WudfPf - ok
    22:44:44.0645 2132 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    22:44:44.0786 2132 \Device\Harddisk0\DR0 - ok
    22:44:44.0786 2132 Boot (0x1200) (8ee0cea72446d42a76d0b7ce026b0954) \Device\Harddisk0\DR0\Partition0
    22:44:44.0786 2132 \Device\Harddisk0\DR0\Partition0 - ok
    22:44:44.0796 2132 ============================================================
    22:44:44.0796 2132 Scan finished
    22:44:44.0796 2132 ============================================================
    22:44:44.0806 2360 Detected object count: 0
    22:44:44.0806 2360 Actual detected object count: 0
    18:07:40.0045 3156 Deinitialize success
     
  12. harkley

    harkley Thread Starter

    Joined:
    Nov 9, 2011
    Messages:
    43
    Here is the MBAM log.



    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8184

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/17/2011 7:02:02 PM
    mbam-log-2011-11-17 (19-02-02).txt

    Scan type: Quick scan
    Objects scanned: 240873
    Time elapsed: 21 minute(s), 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  13. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Open Notepad and copy and paste the text in the quote box below into it:





    Save the file to you desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
     
  14. harkley

    harkley Thread Starter

    Joined:
    Nov 9, 2011
    Messages:
    43
    Here is new combofix log


    ComboFix 11-11-17.03 - Lori 11/17/2011 21:36:03.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1361 [GMT -7:00]
    Running from: c:\documents and settings\Lori\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Lori\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Bvmrfgwrfeypui
    c:\program files\Bvmrfgwrfeypui\kjduznoe.exe
    c:\program files\Bvmrfgwrfeypui\Log\Text\aiotxt.dat
    c:\program files\Bvmrfgwrfeypui\Log\Visual\05112011.dat
    c:\program files\Bvmrfgwrfeypui\Log\Visual\05122011.dat
    c:\program files\Bvmrfgwrfeypui\Log\Visual\05132011.dat
    c:\program files\Bvmrfgwrfeypui\Log\Visual\05142011.dat
    c:\program files\Bvmrfgwrfeypui\Log\Visual\05152011.dat
    c:\program files\Bvmrfgwrfeypui\Log\Visual\05162011.dat
    c:\program files\Bvmrfgwrfeypui\Log\Visual\05172011.dat
    c:\program files\Bvmrfgwrfeypui\unins000.dat
    c:\program files\Bvmrfgwrfeypui\unins000.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-18 01:32 . 2011-11-18 01:32 -------- d-----w- c:\documents and settings\Lori\Application Data\Malwarebytes
    2011-11-18 01:32 . 2011-11-18 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-11-18 01:32 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-18 01:32 . 2011-11-18 01:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-17 05:20 . 2011-11-17 05:20 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
    2011-11-17 05:20 . 2011-11-17 05:20 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
    2011-11-17 05:20 . 2011-11-17 05:20 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
    2011-11-17 05:20 . 2011-11-17 05:20 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
    2011-11-17 05:20 . 2011-11-17 05:20 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
    2011-11-17 05:20 . 2011-11-17 05:20 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
    2011-11-17 05:20 . 2011-11-17 05:20 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
    2011-11-17 05:20 . 2011-11-17 05:20 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
    2011-11-17 05:20 . 2011-11-17 05:20 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
    2011-11-17 05:20 . 2011-11-17 05:20 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
    2011-11-17 05:20 . 2011-11-17 05:20 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
    2011-11-17 05:20 . 2011-11-17 05:20 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
    2011-11-17 05:19 . 2011-11-17 05:19 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
    2011-11-17 05:19 . 2011-11-17 05:19 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
    2011-11-17 05:19 . 2011-11-17 05:19 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
    2011-11-17 05:19 . 2011-11-17 05:19 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
    2011-11-17 05:19 . 2011-11-17 05:19 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
    2011-11-17 05:19 . 2011-11-17 05:19 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C678AFEB-6A8E-4A51-9999-BA26EA8336DF}\MpKslab499619.sys
    2011-11-17 05:19 . 2011-11-17 05:19 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C678AFEB-6A8E-4A51-9999-BA26EA8336DF}\offreg.dll
    2011-11-17 02:33 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C678AFEB-6A8E-4A51-9999-BA26EA8336DF}\mpengine.dll
    2011-11-11 01:36 . 2011-11-11 01:36 388096 ----a-r- c:\documents and settings\Lori\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-11 01:36 . 2011-11-11 01:36 -------- d-----w- c:\program files\Trend Micro
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-11 01:22 . 2011-05-27 01:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22 . 2004-08-10 18:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-07 03:48 . 2011-09-05 04:10 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-09-28 07:06 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 17:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 17:41 . 2004-08-10 17:51 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 17:41 . 2004-08-10 17:51 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-16 17:22 . 2011-05-03 18:52 664 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\d3d9caps.tmp
    2011-09-06 13:20 . 2004-08-10 17:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-22 23:48 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-11 01:22 . 2011-05-07 06:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( [email protected]_02.22.20 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-11-17 05:19 . 2011-11-17 05:19 16384 c:\windows\Temp\Perflib_Perfdata_218.dat
    + 2010-01-22 05:18 . 2010-01-22 05:18 9847 c:\windows\system32\mswdnwoxe.dll
    - 2011-03-15 02:20 . 2011-03-15 02:20 9847 c:\windows\system32\mswdnwoxe.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-10 4615552]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16859648]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-07 8466432]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2011-04-22 24216]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2004-6-16 147456]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-09 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
    "c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\NFS11.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R1 MpKslab499619;MpKslab499619;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C678AFEB-6A8E-4A51-9999-BA26EA8336DF}\MpKslab499619.sys [11/16/2011 10:19 PM 28752]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 11:25 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 10:48 AM 116608]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/17/2011 6:32 PM 366152]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/17/2011 6:32 PM 22216]
    S1 MpKsl0f0c3e1c;MpKsl0f0c3e1c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{07EB4650-5F22-4E63-BC55-7A2A92E24F23}\MpKsl0f0c3e1c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{07EB4650-5F22-4E63-BC55-7A2A92E24F23}\MpKsl0f0c3e1c.sys [?]
    S1 MpKsl30d8cb02;MpKsl30d8cb02;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{232F7192-3DEF-4499-801F-7EBB8B0B6405}\MpKsl30d8cb02.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{232F7192-3DEF-4499-801F-7EBB8B0B6405}\MpKsl30d8cb02.sys [?]
    S1 MpKsl48b9934e;MpKsl48b9934e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1EB93FD3-242F-482E-B0FD-7078350786E3}\MpKsl48b9934e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1EB93FD3-242F-482E-B0FD-7078350786E3}\MpKsl48b9934e.sys [?]
    S1 MpKsl635c5017;MpKsl635c5017;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5F2B0EA-75BC-498C-B5F4-3D447AB3664C}\MpKsl635c5017.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5F2B0EA-75BC-498C-B5F4-3D447AB3664C}\MpKsl635c5017.sys [?]
    S1 MpKsl672bbe59;MpKsl672bbe59;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3B523723-8764-46F1-9DCB-93729018F814}\MpKsl672bbe59.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3B523723-8764-46F1-9DCB-93729018F814}\MpKsl672bbe59.sys [?]
    S1 MpKsl86ddbffd;MpKsl86ddbffd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82445786-5392-4623-9E9F-516030F5BB2B}\MpKsl86ddbffd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82445786-5392-4623-9E9F-516030F5BB2B}\MpKsl86ddbffd.sys [?]
    S1 MpKsl8e7fd320;MpKsl8e7fd320;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B974220-EAEA-4F1E-8285-DBDD4AC176CB}\MpKsl8e7fd320.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B974220-EAEA-4F1E-8285-DBDD4AC176CB}\MpKsl8e7fd320.sys [?]
    S1 MpKslb07c79e2;MpKslb07c79e2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F7A9094-AA07-4BBC-83F0-0D0F0B450137}\MpKslb07c79e2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F7A9094-AA07-4BBC-83F0-0D0F0B450137}\MpKslb07c79e2.sys [?]
    S1 MpKslbaa5ee26;MpKslbaa5ee26;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC4F6741-D26F-4199-BAD0-C46B77ADFE9A}\MpKslbaa5ee26.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC4F6741-D26F-4199-BAD0-C46B77ADFE9A}\MpKslbaa5ee26.sys [?]
    S1 MpKslc71cf596;MpKslc71cf596;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{26C16028-A7C5-4931-9C5E-600E81434195}\MpKslc71cf596.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{26C16028-A7C5-4931-9C5E-600E81434195}\MpKslc71cf596.sys [?]
    S1 MpKsld5e08379;MpKsld5e08379;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{464FBA59-2470-466B-A6E8-947EABF8E3B8}\MpKsld5e08379.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{464FBA59-2470-466B-A6E8-947EABF8E3B8}\MpKsld5e08379.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 4:17 PM 135664]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/23/2008 9:20 PM 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 4:17 PM 135664]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 16181778
    *NewlyCreated* - IPFILTERDRIVER
    *NewlyCreated* - MBAMPROTECTOR
    *NewlyCreated* - MBAMSERVICE
    *NewlyCreated* - MBAMSWISSARMY
    *NewlyCreated* - MPKSLAB499619
    *Deregistered* - 16181778
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34]
    .
    2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 23:17]
    .
    2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 23:17]
    .
    2011-11-17 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 21:39]
    .
    2011-10-20 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
    .
    2011-11-16 c:\windows\Tasks\RegCure Program Check.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
    .
    2011-11-13 c:\windows\Tasks\RegCure.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
    .
    2011-11-17 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
    .
    2011-11-18 c:\windows\Tasks\User_Feed_Synchronization-{4F00B7CA-663E-4860-8CD1-EA2CC7565F86}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
    .
    2011-11-18 c:\windows\Tasks\User_Feed_Synchronization-{56102F00-5FC7-4B76-A4A5-9FAADFD73A8E}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com
    mStart Page = hxxp://www.startsearcher.com
    mSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
    FF - ProfilePath - c:\documents and settings\Lori\Application Data\Mozilla\Firefox\Profiles\mj0ythcw.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-pxswo - c:\program files\Bvmrfgwrfeypui\kjduznoe.exe
    HKLM-Run-pxswo - c:\program files\Bvmrfgwrfeypui\kjduznoe.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-17 21:40
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(648)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'winlogon.exe'(228)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'winlogon.exe'(1080)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    Completion time: 2011-11-17 21:42:19
    ComboFix-quarantined-files.txt 2011-11-18 04:42
    ComboFix2.txt 2011-11-17 02:26
    .
    Pre-Run: 110,557,417,472 bytes free
    Post-Run: 110,542,905,344 bytes free
    .
    - - End Of File - - D3E782BA619A8A7178436E7BB8B1C5B5



    Here is new Hijack This log




    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:43:49 PM, on 11/17/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Info Center] C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-21-2538872288-1507887129-2878820428-1007\..\Run: [UniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 (User 'Jacob')
    O4 - HKUS\S-1-5-21-2538872288-1507887129-2878820428-1007\..\Run: [pxswo] C:\Program Files\Bvmrfgwrfeypui\kjduznoe.exe kj (User 'Jacob')
    O4 - HKUS\S-1-5-21-2538872288-1507887129-2878820428-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Guest')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} (Wizard101GameLauncher) - https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google Inc. - (no file)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 8524 bytes
     
  15. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Rescan with HijackThis.
    Close all browser windows except HijackThis.
    Put a check mark beside these entries and click "Fix Checked".

    O4 - HKUS\S-1-5-21-2538872288-1507887129-2878820428-1007\..\Run: [UniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 (User 'Jacob')

    O4 - HKUS\S-1-5-21-2538872288-1507887129-2878820428-1007\..\Run: [pxswo] C:\Program Files\Bvmrfgwrfeypui\kjduznoe.exe kj (User 'Jacob')



    Close HijackThis and restart the computer.




    [​IMG]
    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
    • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
    • Scroll down to where it says "Java SE Runtime Environment (JRE) - JRE 6 Update 29 -"
    • Click the "Download" button to the right.
    • Select the Windows platform from the dropdown menu.
    • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u29 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u29-windows-i586-p.exe to install the newest version.
    • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
      • On the General tab, under Temporary Internet Files, click the Settings button.
      • Next, click on the Delete Files button
      • There are two options in the window to clear the cache - Leave BOTH Checked
        • Applications and Applets
          Trace and Log Files
      • Click OK on Delete Temporary Files Window
        Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
      • Click OK to leave the Temporary Files Window
      • Click OK to leave the Java Control Panel.

    To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml
    When all is well, you should see Java Version: 1.6.0_29 from Sun Microsystems Inc.



    Please post a new HIjackThis log and also another Uninstall Manager log.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Trying clean computer
  1. Scudstorm
    Replies:
    13
    Views:
    889
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1027020

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice