Error messages as soon as PC starts; no programs will open

[lemonlime]

I'm in safe mode with networking now, the only way I can access internet.  I do not have the start button, only icons, so I can't do step 1.  Should I start with Step 2?

When windows opens, I get a series of error messages like Anyprogram.exe referenced memory at 14opfk- memory could not be "read". 

Is it safe to stay in safe mode indefinitely?  It automatically turned off MacAfee security and did not give me an option to restore it.

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please try to run MBAM in Safe Mode. If successful, try running it in Normal Mode.

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*********************************************************

• Please download Unhide by Grinler from here and save it to your desktop.
  
• Double click unhide.exe to run the tool.
  
• It will take some time to go through all your files, so please be patient.
• If this tool doesn´t fix the problem, please let me know.

[lemonlime]

Hi Dave, thanx for the quick reply! I found the Start button and I did Step 1.  A lot of games were on there, but no obvious malware.  Should I do step 2, or go ahead with MBAM?

[SuperDave]

Please run MBAM again and post the log as well as these logs.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
***************************************************
Download Combofix from any of the links below, and save it to your DESKTOP. 

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[lemonlime]

Still can only access internet in safe mode; would not allow me to run MBAM or disable Norton and McAfee; looks like it may have done it automatically.
Here are the logs:

ComboFix 12-08-15.01 - Administrator 08/15/2012  19:32:39.1.1 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.958.715 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Norton Internet Security 2006 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Norton Internet Security 2006 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\fiosejgfse.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\Compaq_Administrator\GoToAssistDownloadHelper.exe
c:\documents and settings\Compaq_Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\program files\Internet Explorer\SET12E.tmp
c:\program files\Internet Explorer\SET133.tmp
c:\program files\Internet Explorer\SET163.tmp
c:\program files\Internet Explorer\SET168.tmp
c:\program files\Internet Explorer\SET182.tmp
c:\program files\Internet Explorer\SET187.tmp
c:\program files\Internet Explorer\SET1D5.tmp
c:\program files\Internet Explorer\SET1D6.tmp
c:\program files\Internet Explorer\SET218.tmp
c:\program files\Internet Explorer\SET21D.tmp
c:\program files\Internet Explorer\SET29D.tmp
c:\program files\Internet Explorer\SET2A2.tmp
c:\program files\Internet Explorer\SETA83.tmp
c:\program files\Internet Explorer\SETA88.tmp
c:\program files\Internet Explorer\SETAF5.tmp
c:\program files\Internet Explorer\SETAF6.tmp
c:\program files\Internet Explorer\SETBC.tmp
c:\program files\Internet Explorer\SETC1.tmp
c:\program files\Internet Explorer\SETD7.tmp
c:\program files\Internet Explorer\SETDC.tmp
c:\program files\Mozilla Firefox\components\AskHPRFF.js
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
D:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2012-07-15 to 2012-08-15  )))))))))))))))))))))))))))))))
.
.
2012-08-15 03:35 . 2012-08-15 03:35   --------   d-----w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-08-15 03:35 . 2012-08-15 03:35   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-08-15 03:35 . 2012-08-15 03:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-08-10 13:01 . 2012-08-15 01:00   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\DoNotTrackPlus
2012-08-06 01:12 . 2012-08-06 01:49   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2012-07-23 00:00 . 2012-07-23 00:00   --------   d-sh--w-   c:\documents and settings\NetworkService\PrivacIE
2012-07-23 00:00 . 2012-08-13 04:12   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:19 . 2004-08-10 04:00   1866112   ----a-w-   c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2011-04-27 17:51   1372672   ----a-w-   c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-10 04:00   1172480   ----a-w-   c:\windows\system32\msxml3.dll
2012-06-04 21:35 . 2010-05-29 15:23   222448   ----a-w-   c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2004-08-10 04:00   152576   ----a-w-   c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2009-08-07 02:24   22040   ----a-w-   c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2009-08-07 02:24   15384   ----a-w-   c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2004-08-10 04:00   329240   ----a-w-   c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2004-08-10 04:00   219160   ----a-w-   c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2004-08-10 04:00   210968   ----a-w-   c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2009-08-07 02:24   45080   ----a-w-   c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-07 02:24   15384   ----a-w-   c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2004-08-10 04:00   97304   ----a-w-   c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2004-08-10 04:00   53784   ----a-w-   c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2004-08-10 04:00   35864   ----a-w-   c:\windows\system32\wups.dll
2012-06-02 19:19 . 2009-08-07 02:24   17944   ----a-w-   c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2004-08-10 04:00   577048   ----a-w-   c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2004-08-10 04:00   1933848   ----a-w-   c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2010-05-29 15:23   275696   ----a-w-   c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2010-05-29 15:23   17136   ----a-w-   c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-10 04:00   599040   ----a-w-   c:\windows\system32\crypt32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 15:28   1307928   ----a-w-   c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-11 53096]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe" [2011-07-01 240288]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-5 27136]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-5-5 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/11/2010 9:06 AM 84072]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/11/2010 9:05 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [10/11/2010 9:06 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/11/2010 9:06 AM 141792]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [10/11/2010 9:06 AM 313288]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2/10/2012 11:28 AM 193816]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/25/2011 4:02 AM 136176]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/6/2010 8:06 AM 203280]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [10/11/2010 9:05 AM 271480]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [8/8/2010 9:48 PM 793048]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2/10/2012 11:28 AM 240408]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [10/11/2010 9:06 AM 55840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/25/2011 4:02 AM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [10/11/2010 9:06 AM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/11/2010 9:06 AM 84264]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - PXHELP20
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper   REG_MULTI_SZ      getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-25 08:00]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-25 08:00]
.
2012-08-11 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-12-31 16:13]
.
2012-08-10 c:\windows\Tasks\Norton Security Scan for Compaq_Administrator.job
- c:\progra~1\NORTON~3\Engine\301~1.8\Nss.exe [2011-01-18 06:45]
.
2012-08-15 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe [2009-07-29 18:10]
.
2012-08-15 c:\windows\Tasks\RegPowerClean.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2009-07-29 18:48]
.
2012-08-11 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2012-01-21 03:24]
.
2012-08-13 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2012-01-21 03:24]
.
2010-04-19 c:\windows\Tasks\RPCReminder.job
- c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [2009-07-29 18:34]
.
2012-08-15 c:\windows\Tasks\User_Feed_Synchronization-{8CD641F2-643E-439F-A5D7-45F4A6558B5B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-PCDrProfiler - (no file)
HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
HKLM-Run-Intel - c:\documents and settings\Compaq_Administrator\Application Data\Intel\Intel.exe
HKLM-Explorer_Run-5516 - c:\docume~1\ALLUSE~1\LOCALS~1\Temp\mswauao.scr
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 19:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,88,42,bd,e4,ca,7e,4c,ad,19,58,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,88,42,bd,e4,ca,7e,4c,ad,19,58,\
.
[HKEY_USERS\S-1-5-21-3642355760-1211948261-21286445-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,0f,e8,01,fd,43,af,4d,ab,4a,9b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,0f,e8,01,fd,43,af,4d,ab,4a,9b,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-08-15  19:43:51
ComboFix-quarantined-files.txt  2012-08-15 23:43
.
Pre-Run: 166,210,342,912 bytes free
Post-Run: 169,809,567,744 bytes free
.
- - End Of File - - 8A5745B0991D237C62BF7F44EDB0BD24

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/15/2012 at 01:38 AM

Application Version : 5.5.1012

Core Rules Database Version : 9059
Trace Rules Database Version: 6871

Scan type       : Complete Scan
Total Scan Time : 01:55:03

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 342
Memory threats detected   : 0
Registry items scanned    : 33540
Registry threats detected : 839
File items scanned        : 262358
File threats detected     : 580

PUP.MyWebSearch
   HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
   HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
   HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
   HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
   HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
   HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
   HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
   HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
   HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
   HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
   HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
   HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
   HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
   HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
   [My Web Search Bar Search Scope Monitor] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\M3SRCHMN.EXE
   C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\M3SRCHMN.EXE
   [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
   C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
   HKLM\System\ControlSet001\Services\MYWEBSEARCHSERVICE
   C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSSVC.EXE
   HKLM\System\ControlSet001\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Local Settings\Temporary Internet Files\Content.IE5\I5GVUF2B\submitdiagnosticfile[8].php [ cache:mywebsearch.com ]
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Local Settings\Temporary Internet Files\Content.IE5\UZEFYD4F\submitdiagnosticfile[1].php [ cache:mywebsearch.com ]
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Local Settings\Temporary Internet Files\Content.IE5\OJYH0X8D\submitdiagnosticfile[7].php [ cache:mywebsearch.com ]
   HKLM\System\ControlSet002\Services\MYWEBSEARCHSERVICE
   HKLM\System\ControlSet002\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
   HKLM\Software\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
   HKCR\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
   HKCR\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
   HKCR\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}\InprocServer32
   HKCR\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}\InprocServer32#ThreadingModel
   HKCR\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}\Programmable
   HKCR\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}\TypeLib
   HKCR\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
   HKCR\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\1.0
   HKCR\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\1.0\0
   HKCR\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\1.0\0\win32
   HKCR\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\1.0\FLAGS
   HKCR\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\1.0\HELPDIR
   HKLM\Software\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
   HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
   HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
   HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
   HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
   HKLM\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
   HKLM\Software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
   HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
   HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
   HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
   HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
   HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
   HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
   HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
   HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
   HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
   HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
   HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
   HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
   HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
   C:\WINDOWS\Prefetch\M3SRCHMN.EXE-214A5037.pf
   C:\WINDOWS\Prefetch\MWSOEMON.EXE-22AAA5A1.pf
   HKCR\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
   HKCR\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}\ProxyStubClsid
   HKCR\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}\ProxyStubClsid32
   HKCR\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}\TypeLib
   HKCR\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}\TypeLib#Version

PUP.MyWebSearch/FunWebProducts
   HKLM\SOFTWARE\Fun Web Products
   HKLM\SOFTWARE\Fun Web Products#JpegConversionLib
   HKLM\SOFTWARE\Fun Web Products#CacheDir
   HKLM\SOFTWARE\Fun Web Products\MSNMessenger
   HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLFile
   HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLDir
   HKLM\SOFTWARE\Fun Web Products\ScreenSaver
   HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir
   HKLM\SOFTWARE\Fun Web Products\ScreenSaver#PM
   HKLM\SOFTWARE\Fun Web Products\Settings
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8
   HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn
   HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted
   HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL
   HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision
   HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag
   HKU\.DEFAULT\SOFTWARE\MyWebSearch
   HKU\S-1-5-18\SOFTWARE\MyWebSearch
   HKLM\SOFTWARE\MyWebSearch
   HKLM\SOFTWARE\MyWebSearch\bar
   HKLM\SOFTWARE\MyWebSearch\bar#Maximized
   HKLM\SOFTWARE\MyWebSearch\bar#Visible
   HKLM\SOFTWARE\MyWebSearch\bar#UseFWB
   HKLM\SOFTWARE\MyWebSearch\bar#pid
   HKLM\SOFTWARE\MyWebSearch\bar#fwp
   HKLM\SOFTWARE\MyWebSearch\bar#psid
   HKLM\SOFTWARE\MyWebSearch\bar#un
   HKLM\SOFTWARE\MyWebSearch\bar#tiec
   HKLM\SOFTWARE\MyWebSearch\bar#Dir
   HKLM\SOFTWARE\MyWebSearch\bar#UninstallString
   HKLM\SOFTWARE\MyWebSearch\bar#PluginPath
   HKLM\SOFTWARE\MyWebSearch\bar#RegHookPath
   HKLM\SOFTWARE\MyWebSearch\bar#Id
   HKLM\SOFTWARE\MyWebSearch\bar#CurInstall
   HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir
   HKLM\SOFTWARE\MyWebSearch\bar#sr
   HKLM\SOFTWARE\MyWebSearch\bar#pl
   HKLM\SOFTWARE\MyWebSearch\bar#CacheDir
   HKLM\SOFTWARE\MyWebSearch\bar#NextConfigRequest
   HKLM\SOFTWARE\MyWebSearch\bar#LastConfigRequest
   HKLM\SOFTWARE\MyWebSearch\bar#ConfigRevision
   HKLM\SOFTWARE\MyWebSearch\bar#ConfigRevisionURL
   HKLM\SOFTWARE\MyWebSearch\bar#ConfigDateStamp
   HKLM\SOFTWARE\MyWebSearch\bar#HTMLMenuRevision
   HKLM\SOFTWARE\MyWebSearch\bar#AlertCount
   HKLM\SOFTWARE\MyWebSearch\bar#AlertPeriod
   HKLM\SOFTWARE\MyWebSearch\bar#AlertPausePeriod
   HKLM\SOFTWARE\MyWebSearch\bar#NoThrottleAlert
   HKLM\SOFTWARE\MyWebSearch\bar#sscSet
   HKLM\SOFTWARE\MyWebSearch\bar#sscLabel
   HKLM\SOFTWARE\MyWebSearch\bar#sscURL
   HKLM\SOFTWARE\MyWebSearch\bar#Flags
   HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir
   HKLM\SOFTWARE\MyWebSearch\bar#AutocompleteURL
   HKLM\SOFTWARE\MyWebSearch\bar#PostEvents
   HKLM\SOFTWARE\MyWebSearch\bar#NextEventsPost
   HKLM\SOFTWARE\MyWebSearch\bar#LastEventsPost
   HKLM\SOFTWARE\MyWebSearch\MWSOEMON
   HKLM\SOFTWARE\MyWebSearch\MWSOEMON#Version
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#Version
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#Path
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#StandardSmileyDir.AIM
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.numActive2
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.0
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.1
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.2
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.3
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.4
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.5
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.6
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.7
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.8
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.9
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.numActive
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.numActive2
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.0.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.1.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.2.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.3.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.4.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.5.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.6.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.7.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.8.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.9.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.10.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.11.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.12.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.13.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.numActive
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.numActive2
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.0.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.1.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.2.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.3.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.4.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.5.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.6.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.7.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.8
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.9
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.10
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.numActive2
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.0
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.1
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.2
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.3
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.4
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.5
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.6
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.7
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.8
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.9
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.10
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.11
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.numActive2
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.0
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.1
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.2
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.3
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.4
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.5
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.6
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.7
   HKLM\SOFTWARE\MyWebSearch\OEHosts
   HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows12
   HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows2
   HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows3
   HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows4
   HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows5
   HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows6
   HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows7
   HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows8
   HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows9
   HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows10
   HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows11
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#psid
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#LastRequest
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#NextRequest
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ABS
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#DES
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ie8h
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fs
   HKLM\SOFTWARE\MyWebSearch\SkinTools
   HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath
   HKCR\FunWebProducts.DataControl
   HKCR\FunWebProducts.DataControl\CLSID
   HKCR\FunWebProducts.DataControl\CurVer
   HKCR\FunWebProducts.DataControl.1
   HKCR\FunWebProducts.DataControl.1\CLSID
   HKCR\FunWebProducts.HistoryKillerScheduler
   HKCR\FunWebProducts.HistoryKillerScheduler\CLSID
   HKCR\FunWebProducts.HistoryKillerScheduler\CurVer
   HKCR\FunWebProducts.HistoryKillerScheduler.1
   HKCR\FunWebProducts.HistoryKillerScheduler.1\CLSID
   HKCR\FunWebProducts.HistorySwatterControlBar
   HKCR\FunWebProducts.HistorySwatterControlBar\CLSID
   HKCR\FunWebProducts.HistorySwatterControlBar\CurVer
   HKCR\FunWebProducts.HistorySwatterControlBar.1
   HKCR\FunWebProducts.HistorySwatterControlBar.1\CLSID
   HKCR\FunWebProducts.HTMLMenu
   HKCR\FunWebProducts.HTMLMenu\CLSID
   HKCR\FunWebProducts.HTMLMenu\CurVer
   HKCR\FunWebProducts.HTMLMenu.1
   HKCR\FunWebProducts.HTMLMenu.1\CLSID
   HKCR\FunWebProducts.HTMLMenu.2
   HKCR\FunWebProducts.HTMLMenu.2\CLSID
   HKCR\FunWebProducts.IECookiesManager
   HKCR\FunWebProducts.IECookiesManager\CLSID
   HKCR\FunWebProducts.IECookiesManager\CurVer
   HKCR\FunWebProducts.IECookiesManager.1
   HKCR\FunWebProducts.IECookiesManager.1\CLSID
   HKCR\FunWebProducts.KillerObjManager
   HKCR\FunWebProducts.KillerObjManager\CLSID
   HKCR\FunWebProducts.KillerObjManager\CurVer
   HKCR\FunWebProducts.KillerObjManager.1
   HKCR\FunWebProducts.KillerObjManager.1\CLSID
   HKCR\FunWebProducts.PopSwatterBarButton
   HKCR\FunWebProducts.PopSwatterBarButton\CLSID
   HKCR\FunWebProducts.PopSwatterBarButton\CurVer
   HKCR\FunWebProducts.PopSwatterBarButton.1
   HKCR\FunWebProducts.PopSwatterBarButton.1\CLSID
   HKCR\FunWebProducts.PopSwatterSettingsControl
   HKCR\FunWebProducts.PopSwatterSettingsControl\CLSID
   HKCR\FunWebProducts.PopSwatterSettingsControl\CurVer
   HKCR\FunWebProducts.PopSwatterSettingsControl.1
   HKCR\FunWebProducts.PopSwatterSettingsControl.1\CLSID
   HKCR\MyWebSearch.ChatSessionPlugin
   HKCR\MyWebSearch.ChatSessionPlugin\CLSID
   HKCR\MyWebSearch.ChatSessionPlugin\CurVer
   HKCR\MyWebSearch.ChatSessionPlugin.1
   HKCR\MyWebSearch.ChatSessionPlugin.1\CLSID
   HKCR\MyWebSearch.HTMLPanel
   HKCR\MyWebSearch.HTMLPanel\CLSID
   HKCR\MyWebSearch.HTMLPanel\CurVer
   HKCR\MyWebSearch.HTMLPanel.1
   HKCR\MyWebSearch.HTMLPanel.1\CLSID
   HKCR\MyWebSearch.OutlookAddin
   HKCR\MyWebSearch.OutlookAddin\CLSID
   HKCR\MyWebSearch.OutlookAddin\CurVer
   HKCR\MyWebSearch.OutlookAddin.1
   HKCR\MyWebSearch.OutlookAddin.1\CLSID
   HKCR\MyWebSearch.PseudoTransparentPlugin
   HKCR\MyWebSearch.PseudoTransparentPlugin\CLSID
   HKCR\MyWebSearch.PseudoTransparentPlugin\CurVer
   HKCR\MyWebSearch.PseudoTransparentPlugin.1
   HKCR\MyWebSearch.PseudoTransparentPlugin.1\CLSID
   HKCR\MyWebSearchToolBar.SettingsPlugin
   HKCR\MyWebSearchToolBar.SettingsPlugin\CLSID
   HKCR\MyWebSearchToolBar.SettingsPlugin\CurVer
   HKCR\MyWebSearchToolBar.SettingsPlugin.1
   HKCR\MyWebSearchToolBar.SettingsPlugin.1\CLSID
   HKCR\MyWebSearchToolBar.ToolbarPlugin
   HKCR\MyWebSearchToolBar.ToolbarPlugin\CLSID
   HKCR\MyWebSearchToolBar.ToolbarPlugin\CurVer
   HKCR\MyWebSearchToolBar.ToolbarPlugin.1
   HKCR\MyWebSearchToolBar.ToolbarPlugin.1\CLSID
   HKCR\ScreenSaverControl.ScreenSaverInstaller
   HKCR\ScreenSaverControl.ScreenSaverInstaller\CLSID
   HKCR\ScreenSaverControl.ScreenSaverInstaller\CurVer
   HKCR\ScreenSaverControl.ScreenSaverInstaller.1
   HKCR\ScreenSaverControl.ScreenSaverInstaller.1\CLSID
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Control
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus\1
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Programmable
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\TypeLib
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Version
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID
   HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
   HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32
   HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32#ThreadingModel
   HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\ProgID
   HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\Programmable
   HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\TypeLib
   HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\VersionIndependentProgID
   HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
   HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32#ThreadingModel
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance#CLSID
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag#url
   HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
   HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Control
   HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32
   HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32#ThreadingModel
   HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus
   HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus\1
   HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\ProgID
   HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Programmable
   HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\TypeLib
   HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Version
   HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\VersionIndependentProgID
   HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
   HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32
   HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32#ThreadingModel
   HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\ProgID
   HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\VersionIndependentProgID
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Control
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32#ThreadingModel
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus\1
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\ProgID
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Programmable
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\TypeLib
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Version
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\VersionIndependentProgID
   HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
   HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32
   HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32#ThreadingModel
   HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID
   HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\Programmable
   HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\TypeLib
   HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID
   HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
   HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32
   HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32#ThreadingModel
   HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\ProgID
   HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\Programmable
   HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
   HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\VersionIndependentProgID
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
   HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
   HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32
   HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32#ThreadingModel
   HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
   HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32
   HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32#ThreadingModel
   HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\ProgID
   HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\Programmable
   HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\TypeLib
   HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\VersionIndependentProgID
   HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
   HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32
   HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32#ThreadingModel
   HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
   HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32
   HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32#ThreadingModel
   HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\ProgID
   HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\VersionIndependentProgID
   HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
   HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32
   HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32#ThreadingModel
   HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus
   HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus\1
   HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\ProgID
   HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\Programmable
   HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\TypeLib
   HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\Version
   HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\VersionIndependentProgID
   HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
   HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs
   HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
   HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32
   HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32#ThreadingModel
   HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\Programmable
   HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\TypeLib
   HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
   HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32
   HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32#ThreadingModel
   HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID
   HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\Programmable
   HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID
   HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
   HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32
   HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32#ThreadingModel
   HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus
   HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus\1
   HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\ProgID
   HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Programmable
   HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\TypeLib
   HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Version
   HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\VersionIndependentProgID
   HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
   HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32
   HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32#ThreadingModel
   HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus
   HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus\1
   HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\ProgID
   HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Programmable
   HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\TypeLib
   HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Version
   HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\VersionIndependentProgID
   HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
   HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32
   HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32#ThreadingModel
   HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\ProgID
   HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\Programmable
   HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\TypeLib
   HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\VersionIndependentProgID
   HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
   HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32
   HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32#ThreadingModel
   HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\Programmable
   HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\TypeLib
   HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}
   HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Control
   HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32
   HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32#ThreadingModel
   HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\MiscStatus
   HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\MiscStatus\1
   HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ProgID
   HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Programmable
   HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\TypeLib
   HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Version
   HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\VersionIndependentProgID
   HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
   HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0
   HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0
   HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0\win32
   HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\FLAGS
   HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\HELPDIR
   HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
   HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0
   HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0
   HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0\win32
   HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\FLAGS
   HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\HELPDIR
   HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
   HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0
   HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0
   HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0\win32
   HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\FLAGS
   HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\HELPDIR
   HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
   HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0
   HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0
   HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0\win32
   HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\FLAGS
   HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\HELPDIR
   HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
   HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0
   HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0
   HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0\win32
   HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\FLAGS
   HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\HELPDIR
   HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
   HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0
   HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0
   HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0\win32
   HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\FLAGS
   HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\HELPDIR
   HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
   HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0
   HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0
   HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0\win32
   HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\FLAGS
   HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\HELPDIR
   HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
   HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0
   HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0
   HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0\win32
   HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\FLAGS
   HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\HELPDIR
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR
   HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
   HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0
   HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0
   HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0\win32
   HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\FLAGS
   HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\HELPDIR
   HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
   HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0
   HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0
   HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0\win32
   HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\FLAGS
   HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\HELPDIR
   HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
   HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0
   HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0
   HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0\win32
   HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\FLAGS
   HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\HELPDIR
   HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
   HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
   HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
   HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib
   HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
   HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
   HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
   HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
   HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
   HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
   HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
   HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid
   HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32
   HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib
   HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib#Version
   HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
   HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid
   HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
   HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
   HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
   HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
   HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid
   HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32
   HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib
   HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib#Version
   HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
   HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid
   HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
   HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
   HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
   HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
   HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid
   HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
   HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
   HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
   HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
   HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
   HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
   HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
   HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
   HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
   HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid
   HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32
   HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib
   HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib#Version
   HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
   HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid
   HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
   HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
   HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
   HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
   HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
   HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
   HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib
   HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib#Version
   HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
   HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
   HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
   HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
   HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
   HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
   HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
   HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
   HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
   HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
   HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
   HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
   HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
   HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
   HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
   HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
   HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid
   HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32
   HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib
   HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib#Version
   HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
   HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid
   HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32
   HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib
   HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
   HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
   HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
   HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
   HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
   HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
   HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
   HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
   HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
   HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
   HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
   HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
   HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
   HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
   HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
   HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
   HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
   HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
   HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
   HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
   HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
   HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
   HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid
   HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
   HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
   HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
   HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
   HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid
   HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
   HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
   HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
   HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
   HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid
   HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
   HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
   HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
   HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
   HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid
   HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
   HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
   HKCR\Interface\{BBABDC90-F3D5-4801-863A

[SuperDave]

It would appear from that log that you're running two AV's on your computer; McAfee Anti-Virus and Anti-Spyware and Norton Internet Security 2006 which is a no-no. One will have to be disabled/removed. It looks like Norton is out-of-date. Try to uninstall it. If you have trouble doing that, please let me know and I'll give you a tool to remove it.

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
Winferno and Registry Mechanic
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
**************************************************
•Please download Dial-A-Fix from one of the following mirrors:

Primary mirror
Secondary mirror

•Extract the zip file to your desktop.

•Double click Dial-a-Fix.exe to start the program. Dial-A-Fix might give you a lot errors, just ignore them and Click
to continue.

•Press the green double checkmark box (Looks like this:


UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:





•Click on Go

•Wait for Dial-A-Fix to finish (All the checks marks will be all gone)

•Close Dial-A-Fix
Please let me know if you can now access the internet.

[lemonlime]

Internet connection is working now, although it was awfully slow and I still get about a dozen error messages when Windows opens.  Dial a Fix did not let me check the group of blocks under MSI.

I never installed any registry cleaners so maybe they are part of a Windows update.  A few months ago "PC Tools" started showing up every time windows opens and it wants to run a clean registry program.  It started an automatic scan just now; had to cancel it.
I'm fine with uninstalling any of these, just show me how.

Windows also wants to update and restart.  Should I let it?

Should I try to run MBAM or CCleaner now?

[SuperDave]

although it was awfully slow and I still get about a dozen error messages when Windows opens. 

Such as?

I never installed any registry cleaners so maybe they are part of a Windows update. A few months ago "PC Tools" started showing up every time windows opens and it wants to run a clean registry program.  It started an automatic scan just now; had to cancel it.
I'm fine with uninstalling any of these, just show me how.

MS doesn't recommend Registry Cleaners. It probably came from PC Tools. I'll get you to run a program to see what's installed and then I will recommend how to remove it.

Please download: HiJackThis to your Desktop.

• Double Click the HijackThis icon, located on your Desktop.
  
• By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
• Accept the license agreement.
• Click the Open the Misc Tools section button.
  •Click on the Open Uninstall Manager button.
  •Click on the Save list... button and specify where you would like to save this file. When you press Save button a Notepad will open with the contents of that file. Save the file to your desktop.
  Copy and paste this file in your next reply.
  

*************************************************

Windows also wants to update and restart.  Should I let it?

Yes, by all means.

Should I try to run MBAM or CCleaner now?

Yes, please try to run them.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[lemonlime]

Windows updated, then Norton said a low risk program was trying to access and recommended access.  It was called A.exe and I OKd it.

Hijack This would not open. Explorer said it could not connect.

MBAM still getting error message Run time "0"

Sys Prot said my security settings would not allow it to run.

[SuperDave]

Please download MiniToolBox to Desktop and run it.



Checkmark the following boxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• List content of Hosts
• List IP Configuration
• Lst Last 10 Event Viewer Errors
• List Users, Partitions and Memory Size
[/b]

Click Go and copy/paste the log (Result.txt) into your next post.

[lemonlime]

"Your security settings do not allow this file to be downloaded."  I uninstalled Norton (kept McAfee, which is giving me PC at risk warnings.)
Still get the same message.

[lemonlime]

I went back to safe mode and was able to run Hijack and Mini

Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5
Adobe Shockwave Player 11.6
Agere Systems PCI-SV92PP Soft Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Bing Bar
Bonjour
Compaq Connections (remove only)
Customer Experience Enhancement
DISCover
Do Not Track Plus Add-on 2.2.0.705
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Rhapsody
HP Software Update
HP Support Overview
HP Web Helper
iTunes
J2SE Runtime Environment 5.0 Update 5
Java(TM) 6 Update 20
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
McAfee Internet Security
McAfee Security Scan Plus
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Money 2006
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft UI Engine
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netscape Browser (remove only)
Norton Security Scan
NVIDIA Drivers
OpenOffice.org 3.2
Otto
PC Tools Registry Mechanic 11.0
PC-Doctor 5 for Windows
Quicken 2006
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SUPERAntiSpyware
swMSM
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vz In Home Agent
Windows Live ID Sign-in Assistant
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3

MiniToolBox by Farbar  Version: 23-07-2012
Ran by Administrator (administrator) on 17-08-2012 at 23:29:46
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : your-4dacd0ea75

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Hybrid

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : home



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : home

        Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

        Physical Address. . . . . . . . . : 00-17-31-9D-DA-12

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.2

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 192.168.1.1

        Lease Obtained. . . . . . . . . . : Friday, August 17, 2012 11:07:37 PM

        Lease Expires . . . . . . . . . . : Saturday, August 18, 2012 11:07:37 PM

Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1

Name:    google.com
Addresses:  74.125.228.69, 74.125.228.65, 74.125.228.66, 74.125.228.67
     74.125.228.70, 74.125.228.73, 74.125.228.68, 74.125.228.64, 74.125.228.71
     74.125.228.72, 74.125.228.78



Pinging google.com [74.125.228.65] with 32 bytes of data:



Reply from 74.125.228.65: bytes=32 time=17ms TTL=252

Reply from 74.125.228.65: bytes=32 time=16ms TTL=252



Ping statistics for 74.125.228.65:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 16ms, Maximum = 17ms, Average = 16ms

Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.138.253.109, 98.139.183.24, 72.30.38.140



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=67ms TTL=50

Reply from 98.139.183.24: bytes=32 time=63ms TTL=49



Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 63ms, Maximum = 67ms, Average = 65ms

Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1

Name:    bleepingcomputer.com
Address:  208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 17 31 9d da 12 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.2     20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1     1
      192.168.1.0    255.255.255.0      192.168.1.2     192.168.1.2     20
      192.168.1.2  255.255.255.255        127.0.0.1       127.0.0.1     20
    192.168.1.255  255.255.255.255      192.168.1.2     192.168.1.2     20
        224.0.0.0        240.0.0.0      192.168.1.2     192.168.1.2     20
  255.255.255.255  255.255.255.255      192.168.1.2     192.168.1.2     1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/15/2012 08:18:33 PM) (Source: Application Error) (User: )
Description: Faulting application itunes.exe, version 10.6.1.7, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x000381cd.
Processing media-specific event for [itunes.exe!ws!]

Error: (08/14/2012 10:46:42 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: Exception in McShield.Exe!

Exception details follow :

VSCORE.14.2.0.794
Exception Code       : 0XC0000005
Exception Address    : 0X0052004F
Exception Parameters : 2
 Param 1 = 0X00000001
 Param 2 = 00000000

More information :

Error: (08/14/2012 09:01:17 PM) (Source: Application Error) (User: )
Description: Faulting application DNTPService.exe, version 2.2.0.705, faulting module DNTPButton.dll, version 0.0.0.0, fault address 0x00002ed6.
Processing media-specific event for [DNTPService.exe!ws!]

Error: (08/13/2012 09:07:23 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/13/2012 09:07:23 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/12/2012 09:01:43 PM) (Source: Application Error) (User: )
Description: Faulting application DNTPService.exe, version 2.2.0.705, faulting module DNTPButton.dll, version 0.0.0.0, fault address 0x00002ed6.
Processing media-specific event for [DNTPService.exe!ws!]

Error: (08/11/2012 09:24:53 AM) (Source: Application Error) (User: )
Description: Faulting application iPodService.exe, version 10.6.1.7, faulting module unknown, version 0.0.0.0, fault address 0xffcd26db.
Error in creating result PEAP-TLV in response to received PEAP-TLV (iPodService.exe!ld!)

Error: (08/10/2012 11:29:53 PM) (Source: Application Error) (User: )
Description: Faulting application LuComServer_3_0.EXE, version 3.0.1.6, faulting module unknown, version 0.0.0.0, fault address 0xffcc26db.
Processing media-specific event for [LuComServer_3_0.EXE!ws!]

Error: (08/10/2012 11:25:06 PM) (Source: Application Error) (User: )
Description: Faulting application LuComServer_3_0.EXE, version 3.0.1.6, faulting module unknown, version 0.0.0.0, fault address 0xffcc26db.
Processing media-specific event for [LuComServer_3_0.EXE!ws!]

Error: (08/10/2012 11:23:13 PM) (Source: Application Error) (User: )
Description: Faulting application LuComServer_3_0.EXE, version 3.0.1.6, faulting module unknown, version 0.0.0.0, fault address 0xffcc26db.
Processing media-specific event for [LuComServer_3_0.EXE!ws!]


System errors:
=============
Error: (08/17/2012 11:09:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (08/17/2012 11:09:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (08/17/2012 11:09:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (08/17/2012 11:09:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (08/17/2012 11:09:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (08/17/2012 11:09:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (08/17/2012 11:09:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (08/17/2012 11:09:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (08/17/2012 11:09:13 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AmdK8
eeCtrl
Fips
SASDIFSV
SASKUTIL

Error: (08/17/2012 11:09:06 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (08/15/2012 08:18:33 PM) (Source: Application Error)(User: )
Description: itunes.exe10.6.1.7msvcrt.dll7.0.2600.55 12000381cd

Error: (08/14/2012 10:46:42 PM) (Source: McLogEvent)(User: NT AUTHORITY)NT AUTHORITY
Description: VSCORE.14.2.0.794
Exception Code       : 0XC0000005
Exception Address    : 0X0052004F
Exception Parameters : 2
 Param 1 = 0X00000001
 Param 2 = 00000000

More information :

Error: (08/14/2012 09:01:17 PM) (Source: Application Error)(User: )
Description: DNTPService.exe2.2.0.705DNTPButton.dll0 .0.0.000002ed6

Error: (08/13/2012 09:07:23 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/13/2012 09:07:23 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/12/2012 09:01:43 PM) (Source: Application Error)(User: )
Description: DNTPService.exe2.2.0.705DNTPButton.dll0 .0.0.000002ed6

Error: (08/11/2012 09:24:53 AM) (Source: Application Error)(User: )
Description: iPodService.exe10.6.1.7unknown0.0.0.0ff cd26db

Error: (08/10/2012 11:29:53 PM) (Source: Application Error)(User: )
Description: LuComServer_3_0.EXE3.0.1.6unknown0.0.0. 0ffcc26db

Error: (08/10/2012 11:25:06 PM) (Source: Application Error)(User: )
Description: LuComServer_3_0.EXE3.0.1.6unknown0.0.0. 0ffcc26db

Error: (08/10/2012 11:23:13 PM) (Source: Application Error)(User: )
Description: LuComServer_3_0.EXE3.0.1.6unknown0.0.0. 0ffcc26db


========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 958.48 MB
Available physical RAM: 637.82 MB
Total Pagefile: 2313.31 MB
Available Pagefile: 2066.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.33 MB

========================= Partitions: =====================================

1 Drive c: (PRESARIO) (Fixed) (Total:224.68 GB) (Free:158.1 GB) NTFS
2 Drive d: (PRESARIO_RP) (Fixed) (Total:8.18 GB) (Free:0.5 GB) FAT32

========================= Users: ========================================

User accounts for \\YOUR-4DACD0EA75

Administrator            Compaq_Administrator     Guest                   
HelpAssistant            SUPPORT_388945a0         SUPPORT_fddfa904         


**** End of log ****

[lemonlime]

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: YOUR-4DACD0EA75.HOME:1258
Remote Address: IAD23S05-IN-F2.1E100.NET:HTTP
Type: TCP
Process: 1868 (PID)
State: ESTABLISHED

Local Address: YOUR-4DACD0EA75.HOME:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: YOUR-4DACD0EA75:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: YOUR-4DACD0EA75:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: 912 (PID)
State: LISTENING

Local Address: YOUR-4DACD0EA75.HOME:138
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA

Local Address: YOUR-4DACD0EA75.HOME:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA

Local Address: YOUR-4DACD0EA75:1083
Remote Address: NA
Type: UDP
Process: 1868 (PID)
State: NA

Local Address: YOUR-4DACD0EA75:1030
Remote Address: NA
Type: UDP
Process: 1188 (PID)
State: NA

Local Address: YOUR-4DACD0EA75:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA

******************************************************************************************
******************************************************************************************
No hidden files/folders found

[SuperDave]

Please try this Norton Removal Tool.

Norton/Symantec Removal Tool - Norton Removal Tool
*****************************************************

"Your security settings do not allow this file to be downloaded." 

Where and when do you see this warning?

******************************************************
Delete An Uninstall Entry

•Start HijackThis

•Click on the Open the Misc Tools section

•Click on the Open Uninstall Manager button.

•Highlight the entry you want to remove.
•Click Delete these entries
Ask Toolbar
PC Tools Registry Mechanic 11.0
****************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
***********************************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[lemonlime]

The error messages when PC turns on are:
C/Documents - Windows cannot find C/Documents. Make sure you type name corretly and try again.

Destop - Could not load or run C/Desktop specified in the registry. Make sure the file exists on you computer or remove the reference to it in the registry

and - Windows cannot find and...
Setting /Compaq Administrator App - Windows cannot find...
Data Intel.exe - Windows cannot find
McAfee cannot update your software.  Please check your internet connection
Microsoft Visual C++Runtime Library - Runtime Error

Also, in today's history are websites I never accessed such as otraffixeng.com, eutimes.com, tubesplay.com

I had to reset my Internet security options to default in order to install the latest JAVA.  Should I leave it there?

Here is the ESET log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d7157de55da5a64bb34fd423f26791cc
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-19 03:27:23
# local_time=2012-08-18 11:27:23 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777190 100 75 52027989 61572661 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=207345
# found=15
# cleaned=0
# scan_time=7823
C:\Documents and Settings\Compaq_Administrator\Application Data\12F.exe.gonewiththewings   a variant of Win32/Kryptik.AKCT trojan (unable to clean)   00000000000000000000000000000000   I
C:\Documents and Settings\Compaq_Administrator\Application Data\35D.exe.gonewiththewings   a variant of Win32/Kryptik.AKCT trojan (unable to clean)   00000000000000000000000000000000   I
C:\Documents and Settings\Compaq_Administrator\Application Data\Cxvgvi.scr   a variant of Win32/Kryptik.AKCT trojan (unable to clean)   00000000000000000000000000000000   I
C:\Documents and Settings\Compaq_Administrator\Application Data\Iyvgvo.scr   Win32/Dorkbot.B worm (unable to clean)   00000000000000000000000000000000   I
C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\44\64de802c-7cb8453e   Java/Exploit.CVE-2012-0507.DM trojan (unable to clean)   00000000000000000000000000000000   I
C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\54\17266536-73c5444a   Java/Exploit.Agent.NCI trojan (unable to clean)   00000000000000000000000000000000   I
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\153F.tmp   a variant of Win32/Agent.TVG trojan (unable to clean)   00000000000000000000000000000000   I
C:\Documents and Settings\Compaq_Administrator\My Documents\My Music\iLividSetupV1.exe   Win32/Toolbar.SearchSuite application (unable to clean)   00000000000000000000000000000000   I
C:\Documents and Settings\Compaq_Administrator\My Documents\My Music\iTunes\ac3filter_app_1200.exe   a variant of Win32/InstallIQ application (unable to clean)   00000000000000000000000000000000   I
C:\Program Files\Winferno\PC Confidential\PCCBHO.dll   Win32/Adware.PCConfidential application (unable to clean)   00000000000000000000000000000000   I
C:\Program Files\Winferno\PC Confidential\PCConfidential.exe   Win32/Adware.PCConfidential application (unable to clean)   00000000000000000000000000000000   I
C:\Program Files\Winferno\PC Confidential\PCCST.exe   Win32/Adware.PCConfidential application (unable to clean)   00000000000000000000000000000000   I
C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe   a variant of Win32/XrayMyPC application (unable to clean)   00000000000000000000000000000000   I
D:\I386\APPS\APP18921\src\CompaqPresario_Spring06.exe   a variant of Win32/Toolbar.MyWebSearch application (unable to clean)   00000000000000000000000000000000   I
D:\I386\APPS\APP18921\src\HPPavillion_Spring06.exe   a variant of Win32/Toolbar.MyWebSearch application (unable to clean)   00000000000000000000000000000000   I




Here is the ESET log:

[lemonlime]

I updated MBAM which was already installed.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.19.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Compaq_Administrator :: YOUR-4DACD0EA75 [administrator]

Protection: Enabled

8/19/2012 12:45:48 AM
mbam-log-2012-08-19 (00-45-48).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 349559
Time elapsed: 2 hour(s), 28 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 17
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 10
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: ©Ž±#¥aI¶»
äG\Ê -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000345&p=ZLxdm378YYUS&si=2459-FT&a=qx7hFEhKI4J_p3.Eb23CXQ&n=2011111209 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: Explorer.exe,C:\Documents and Settings\Compaq_Administrator\Application Data\Intel\Intel.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Intel (Trojan.Agent) -> Data: C:\Documents and Settings\Compaq_Administrator\Application Data\Intel\Intel.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin (PUP.MyWebSearch) -> Data: C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|5516 (Trojan.Agent) -> Data: C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\mswauao.scr -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Documents and Settings\Compaq_Administrator\My Documents\My Music\iTunes\ac3filter_app_1200.exe (PUP.BundleOffers.IIQ) -> No action taken.
c:\documents and settings\compaq_administrator\application data\iyvgvo.scr (Worm.DorkBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\12F.exe.gonewiththewings (Trojan.Obfuscated) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\35D.exe.gonewiththewings (Trojan.Obfuscated) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_administrator\application data\cxvgvi.scr (Trojan.Ircbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\5.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

[SuperDave]

I had to reset my Internet security options to default in order to install the latest JAVA.  Should I leave it there?

Set it back to where it was.

Please run MBAM again. There was one infection not dealt with.
Files Detected: 6
C:\Documents and Settings\Compaq_Administrator\My Documents\My Music\iTunes\ac3filter_app_1200.exe (PUP.BundleOffers.IIQ) -> No action taken.

Please uninstall Winferno.

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.
************************************************************
Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  
• Double click the setup file to run it.
• Click Next to continue.
• Accept the License agreement and click on next.
• It will, by default, install it to your desktop folder. Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.
• Hidden Startup Objects
  
• System Memory
  
• Disk Boot Sectors.
  
• My Computer.
  
• Also any other drives (Removable that you may have)
  

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

[lemonlime]

Ran MBAM again and removed the PUP file.

Still getting those 5 or 6 error messages.

Cannot remove Winferno.  It deleted from Desktop, but it is still there in programs. When I tried the Hijack Uninstall tool, it does not show up as an option to remove.  I also saw it there during the scans.

mrt.exe said 4201 files were infected, however only one was on the report: Rogue:Win32/Fake Cog

The Kapersky tool must have changed; there was no option to check anything under Automatic Scan.  The scan did not find anything.

[SuperDave]

Cannot remove Winferno.  It deleted from Desktop, but it is still there in programs. When I tried the Hijack Uninstall tool, it does not show up as an option to remove.  I also saw it there during the scans.

Please try removing it with UnLocker or Revo Uninstaller.

You can download and install Unlocker .

Download Revo Uninstaller
* Open Revo and let the list populate (can take several seconds to finish).
* Right click what you want to uninstall and choose Uninstall
* Next choose Advanced then click Next
* This will (try to) launch the programs built in uninstaller and go through the normal uninstall process.
* If the uninstaller fails just continue on with the Revo instructions.
* Once complete: In Revo Uninstaller click Next and Revo will scan the registry for leftovers.
* This scan can take several seconds.
* Once the results are shown look at each one to ensure they are all related to the program that was uninstalled.
* Choose Select All then click Delete
* Click Next and Revo will scan for any files or folders that were not removed.
* If any files/folders are found choose Select all > Delete
********************************************************

The Kapersky tool must have changed; there was no option to check anything under Automatic Scan.

That's very possible.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply .

[lemonlime]

Unlocker or Revo did not find the file.

I think I made a mistake, though, because I could not get into Unlocker at first. After I ran Revo and did not see Winferno I went to All Programs.  It was there again and I deleted it.  There was no uninstall option. It deleted too fast for it to be a real delete; I think it just disappeared off the visible list of programs. So Unlocker did not find it either. 

Still a lot of websites in today's history that I did not go to.


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-20 22:51:03
-----------------------------
22:51:03.593    OS Version: Windows 5.1.2600 Service Pack 3
22:51:03.593    Number of processors: 1 586 0x2F02
22:51:03.593    ComputerName: YOUR-4DACD0EA75  UserName:
22:51:05.031    Initialize success
22:51:26.812    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
22:51:26.812    Disk 0 Vendor: WDC_WD2500JS-60NCB1 10.02E02 Size: 238475MB BusType: 3
22:51:26.859    Disk 0 MBR read successfully
22:51:26.859    Disk 0 MBR scan
22:51:26.859    Disk 0 unknown MBR code
22:51:26.859    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       230071 MB offset 63
22:51:26.890    Disk 0 Partition 2 00     0C    FAT32 LBA RECOVERY     8393 MB offset 471202515
22:51:26.890    Disk 0 scanning sectors +488392065
22:51:26.937    Disk 0 scanning C:\WINDOWS\system32\drivers
22:51:48.953    Service scanning
22:52:07.218    Modules scanning
22:52:18.500    Disk 0 trace - called modules:
22:52:18.531    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:52:18.531    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862b2ab8]
22:52:19.031    3 CLASSPNP.SYS[f7610fd7] -> nt!IofCallDriver -> \Device\00000078[0x86339f18]
22:52:19.031    5 ACPI.sys[f7487620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8632e940]
22:52:19.031    Scan finished successfully
22:52:42.078    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat"
22:52:42.265    The log file has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.txt"

[SuperDave]

We need to fix the infection found with aswMBR now

• Double click aswMBR.exe to run it like before
  
• Once the scan finishes click Fix to remove the infection as illustrated below
  

• Once the scan finishes click Save log to save the log to your Desktop
  
  
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  

[lemonlime]

Ran it again, scanned, but Fix was not clickable.

[SuperDave]

• Download RogueKiller on the desktop
  
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  
• Otherwise just double-click on RogueKiller.exe
  
• Pre-scan will start. Let it finish.
• Click on SCAN button.
  
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
  

**********************************************************
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

[lemonlime]

RogueKiller prompted me to delete what was checked. You didn't say to do this, so I didn't.

RogueKiller V7.6.6 [08/10/2012]  by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Compaq_Administrator [Admin rights]
Mode: Scan -- Date: 08/22/2012 21:35:41

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] arpwrmsg.exe -- C:\WINDOWS\ARPWRMSG.EXE -> KILLED [TermProc]

¤¤¤ Registry Entries: 9 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Intel (C:\Documents and Settings\Compaq_Administrator\Application Data\Intel\Intel.exe) -> FOUND
[SUSP PATH] HKCU\[...]\Run : Iyvgvo (C:\Documents and Settings\Compaq_Administrator\Application Data\Iyvgvo.scr) -> FOUND
[SUSP PATH] HKCU\[...]\Run : Cxvgvi (C:\Documents and Settings\Compaq_Administrator\Application Data\Cxvgvi.scr) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3642355760-1211948261-21286445-1008[...]\Run : Intel (C:\Documents and Settings\Compaq_Administrator\Application Data\Intel\Intel.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3642355760-1211948261-21286445-1008[...]\Run : Iyvgvo (C:\Documents and Settings\Compaq_Administrator\Application Data\Iyvgvo.scr) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3642355760-1211948261-21286445-1008[...]\Run : Cxvgvi (C:\Documents and Settings\Compaq_Administrator\Application Data\Cxvgvi.scr) -> FOUND
[SUSP PATH] HKCU\[...]\Windows : load (C:\Documents and Settings\Compaq_Administrator\Application Data\Intel\Intel.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3642355760-1211948261-21286445-1008[...]\Windows : load (C:\Documents and Settings\Compaq_Administrator\Application Data\Intel\Intel.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500JS-60NCB1 +++++
--- User ---
[MBR] 660fd9b99918e0b5a3661b8c69037b40
[BSP] 05e3161cf4ce79602881f99911e8893d : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 230071 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 471202515 | Size: 8393 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt





MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:         
Windows Version:      Windows XP Professional
Windows Information:      Service Pack 3 (build 2600)
Logical Drives Mask:      0x000001ec

Kernel Drivers (total 136):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806E5000 \WINDOWS\system32\hal.dll
  0xF7A70000 \WINDOWS\system32\KDCOM.DLL
  0xF7980000 \WINDOWS\system32\BOOTVID.dll
  0xF7441000 ACPI.sys
  0xF7A72000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xF7430000 pci.sys
  0xF7570000 isapnp.sys
  0xF7580000 ohci1394.sys
  0xF7590000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xF7B38000 pciide.sys
  0xF77F0000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xF7A74000 viaide.sys
  0xF7A76000 intelide.sys
  0xF75A0000 MountMgr.sys
  0xF7411000 ftdisk.sys
  0xF7A78000 dmload.sys
  0xF73EB000 dmio.sys
  0xF77F8000 PartMgr.sys
  0xF75B0000 VolSnap.sys
  0xF7316000 iaStor.sys
  0xF72FE000 atapi.sys
  0xF72BB000 ftsata2.sys
  0xF72A3000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
  0xF75C0000 disk.sys
  0xF75D0000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF7283000 fltmgr.sys
  0xF7271000 sr.sys
  0xF7202000 mfehidk.sys
  0xF75E0000 bb-run.sys
  0xF75F0000 PxHelp20.sys
  0xF71EB000 KSecDD.sys
  0xF715E000 Ntfs.sys
  0xF7131000 NDIS.sys
  0xF7117000 Mup.sys
  0xF7620000 \SystemRoot\system32\DRIVERS\nic1394.sys
  0xF7720000 \SystemRoot\system32\DRIVERS\AmdK8.sys
  0xF7950000 \SystemRoot\system32\DRIVERS\aracpi.sys
  0xF6387000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xF6373000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF7958000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0xF634F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF7960000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF6236000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0xF6213000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF7AB2000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF7968000 \SystemRoot\System32\Drivers\Modem.SYS
  0xF61EB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xF70D3000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
  0xF61A0000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
  0xF6169000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
  0xF7730000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xF7970000 \SystemRoot\system32\DRIVERS\PS2.sys
  0xF7978000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF7AB4000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys
  0xF70CF000 \SystemRoot\system32\DRIVERS\arpolicy.sys
  0xF7BD0000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF7740000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF7A08000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF6152000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF7750000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF7760000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF7800000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xF6141000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF7770000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF6116000 \SystemRoot\system32\drivers\mfeavfk.sys
  0xF609C000 \SystemRoot\system32\drivers\mfefirek.sys
  0xF7840000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF7848000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF606C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xF7780000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF7850000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF7AB6000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF600E000 \SystemRoot\system32\DRIVERS\update.sys
  0xF7A24000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF7790000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF77A0000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF77B0000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
  0xF35FF000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xF35DB000 \SystemRoot\system32\drivers\portcls.sys
  0xF77C0000 \SystemRoot\system32\drivers\drmk.sys
  0xF7ABA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF7BAD000 \SystemRoot\System32\Drivers\Null.SYS
  0xF7ABC000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF7878000 \SystemRoot\System32\drivers\vga.sys
  0xF7ABE000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF7AC0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF7880000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF7888000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF6106000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xF3558000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xF34FF000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xF34EA000 \SystemRoot\system32\drivers\mfetdi2k.sys
  0xF34C4000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xF349C000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xF60F2000 \SystemRoot\System32\drivers\ws2ifsl.sys
  0xF347A000 \SystemRoot\System32\drivers\afd.sys
  0xF6A23000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xF3458000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
  0xF7890000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
  0xF342D000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xF33BD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xF69E3000 \SystemRoot\System32\Drivers\Fips.SYS
  0xF69D3000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xF69C3000 \SystemRoot\system32\DRIVERS\arp1394.sys
  0xF5FFE000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xF69B3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xF7898000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF78A0000 \SystemRoot\system32\DRIVERS\arhidfltr.sys
  0xF78A8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xF5FFA000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xF7AC2000 \SystemRoot\system32\DRIVERS\armoucfltr.sys
  0xF30D1000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
  0xF30AD000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xF3095000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF7AC8000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xF35C7000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF78B8000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF7BF8000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\nv4_disp.dll
  0xBA5D4000 \??\C:\WINDOWS\system32\drivers\mbam.sys
  0xBA584000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xB922B000 \SystemRoot\system32\drivers\wdmaud.sys
  0xBA528000 \SystemRoot\system32\drivers\sysaudio.sys
  0xB9110000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xB8FB7000 \SystemRoot\System32\Drivers\HTTP.sys
  0xB8E6F000 \SystemRoot\system32\DRIVERS\srv.sys
  0xB8C17000 \SystemRoot\system32\drivers\cfwids.sys
  0xB8F27000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
  0xB7B1B000 \SystemRoot\system32\drivers\mfeapfk.sys
  0xB7BE7000 \SystemRoot\system32\drivers\mfebopk.sys
  0xB7AF0000 \SystemRoot\system32\drivers\kmixer.sys
  0xBA448000 \??\c:\windows\system32\drivers\TrueSight.sys
  0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 65):
       0 System Idle Process
       4 System
     740 C:\WINDOWS\system32\smss.exe
     816 csrss.exe
     840 C:\WINDOWS\system32\winlogon.exe
     884 C:\WINDOWS\system32\services.exe
     896 C:\WINDOWS\system32\lsass.exe
    1084 C:\WINDOWS\system32\svchost.exe
    1136 svchost.exe
    1228 C:\WINDOWS\system32\svchost.exe
    1272 svchost.exe
    1604 C:\WINDOWS\system32\spoolsv.exe
    1768 C:\WINDOWS\explorer.exe
     164 svchost.exe
     288 C:\Program Files\SUPERAntiSpyware\SASCore.exe
     296 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
     316 C:\WINDOWS\arservice.exe
     356 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
     416 C:\Program Files\Bonjour\mDNSResponder.exe
     540 C:\WINDOWS\ehome\ehrecvr.exe
     660 C:\WINDOWS\ehome\ehSched.exe
    1200 C:\Program Files\Java\jre7\bin\jqs.exe
    1256 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1292 C:\Program Files\Google\Update\GoogleUpdate.exe
    1300 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    1396 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    1488 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    1512 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    1704 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    1812 C:\WINDOWS\system32\mfevtps.exe
    1924 C:\WINDOWS\system32\nvsvc32.exe
    1952 svchost.exe
    1764 svchost.exe
     260 C:\WINDOWS\system32\svchost.exe
     568 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2320 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    2372 mcrdsvc.exe
    2412 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3420 alg.exe
    3012 C:\WINDOWS\system32\svchost.exe
    3964 C:\Program Files\McAfee.com\Agent\mcagent.exe
    4092 C:\WINDOWS\system32\ctfmon.exe
    1364 C:\WINDOWS\ehome\ehtray.exe
    2748 C:\WINDOWS\RTHDCPL.EXE
    2852 C:\Program Files\DISC\DISCUpdMgr.exe
    2092 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    2868 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    2916 C:\Program Files\iTunes\iTunesHelper.exe
    2944 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    2952 C:\Program Files\Unlocker\UnlockerAssistant.exe
    2972 C:\Program Files\Messenger\msmsgs.exe
    2996 C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
    2884 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    3308 C:\Program Files\OpenOffice.org 3\program\soffice.exe
    3372 C:\Program Files\OpenOffice.org 3\program\soffice.bin
     900 C:\Program Files\iPod\bin\iPodService.exe
    1108 C:\hp\KBD\kbd.exe
    3772 C:\WINDOWS\system\hpsysdrv.exe
    2688 C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    3492 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    2404 C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
    3000 RogueKiller.exe
    2196 C:\WINDOWS\system32\notepad.exe
    3208 C:\Program Files\Internet Explorer\iexplore.exe
    3716 C:\Documents and Settings\Compaq_Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`2bf5a600  (FAT32)

PhysicalDrive0 Model Number: WDCWD2500JS-60NCB1, Rev: 10.02E02

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: 3FA1BAC1D7FD18071BE2B53E6001CD7DFE278CE B


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice:

Done!

[SuperDave]

Reboot your machine and when the Boot Menu flashes up - select "Microsoft Windows Recovery Console"
(you need to be very fast with the arrow key as you only have a couple of seconds before it defaults to the windows XP bootup)





When you get to the above screen, take note of the number that references your operating system.

If it's '1' like the picture above, type 1 and press Enter



Next type FIXMBR

If it ask if you're sure you want to write a new MBR, answer 'Y'

Then type EXIT to reboot the machine.

With that done, please post back and let me know how things are now.

[lemonlime]

I was having some trouble with Internet Explorer; would not open.

The FIXMBR took only a second, I got the completed successfully message right away: seemed too fast.

IE working now, but still getting the error messages when windows opens, strange websites in today's IE history.

[SuperDave]

Please run MBRCheck.exe as described in Reply # 22 and post the log.

[lemonlime]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:         
Windows Version:      Windows XP Professional
Windows Information:      Service Pack 3 (build 2600)
Logical Drives Mask:      0x000001ec

Kernel Drivers (total 135):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806E5000 \WINDOWS\system32\hal.dll
  0xF7AB0000 \WINDOWS\system32\KDCOM.DLL
  0xF79C0000 \WINDOWS\system32\BOOTVID.dll
  0xF7481000 ACPI.sys
  0xF7AB2000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xF7470000 pci.sys
  0xF75B0000 isapnp.sys
  0xF75C0000 ohci1394.sys
  0xF75D0000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xF7B78000 pciide.sys
  0xF7830000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xF7AB4000 viaide.sys
  0xF7AB6000 intelide.sys
  0xF75E0000 MountMgr.sys
  0xF7451000 ftdisk.sys
  0xF7AB8000 dmload.sys
  0xF742B000 dmio.sys
  0xF7838000 PartMgr.sys
  0xF75F0000 VolSnap.sys
  0xF7356000 iaStor.sys
  0xF733E000 atapi.sys
  0xF72FB000 ftsata2.sys
  0xF72E3000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
  0xF7600000 disk.sys
  0xF7610000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF72C3000 fltmgr.sys
  0xF72B1000 sr.sys
  0xF7242000 mfehidk.sys
  0xF7620000 bb-run.sys
  0xF7630000 PxHelp20.sys
  0xF722B000 KSecDD.sys
  0xF719E000 Ntfs.sys
  0xF7171000 NDIS.sys
  0xF7157000 Mup.sys
  0xF7660000 \SystemRoot\system32\DRIVERS\nic1394.sys
  0xF76F0000 \SystemRoot\system32\DRIVERS\AmdK8.sys
  0xF7880000 \SystemRoot\system32\DRIVERS\aracpi.sys
  0xF6518000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xF6504000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF7888000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0xF64E0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF7890000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF63C7000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0xF63A4000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF7AF0000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF7898000 \SystemRoot\System32\Drivers\Modem.SYS
  0xF637C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xF711B000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
  0xF6331000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
  0xF62FA000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
  0xF7700000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xF78A0000 \SystemRoot\system32\DRIVERS\PS2.sys
  0xF78A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF7AF2000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys
  0xF7117000 \SystemRoot\system32\DRIVERS\arpolicy.sys
  0xF7C44000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF7710000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF7113000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF62E3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF7720000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF7730000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF78B0000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xF62D2000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF7740000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF62A7000 \SystemRoot\system32\drivers\mfeavfk.sys
  0xF622D000 \SystemRoot\system32\drivers\mfefirek.sys
  0xF78B8000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF78C0000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF61FD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xF7750000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF78C8000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF7AF4000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF619F000 \SystemRoot\system32\DRIVERS\update.sys
  0xF7A5C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF7760000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF7770000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF7780000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
  0xF2A40000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xF2A1C000 \SystemRoot\system32\drivers\portcls.sys
  0xF7790000 \SystemRoot\system32\drivers\drmk.sys
  0xF7AF8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF7C9C000 \SystemRoot\System32\Drivers\Null.SYS
  0xF7AFA000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF78F0000 \SystemRoot\System32\drivers\vga.sys
  0xF7AFC000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF7AFE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF78F8000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF7900000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF6293000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xF2999000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xF2940000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xF292B000 \SystemRoot\system32\drivers\mfetdi2k.sys
  0xF2905000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xF28DD000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xF6283000 \SystemRoot\System32\drivers\ws2ifsl.sys
  0xF28BB000 \SystemRoot\System32\drivers\afd.sys
  0xF77C0000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xF2899000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
  0xF7908000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
  0xF286E000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xF27FE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xF7800000 \SystemRoot\System32\Drivers\Fips.SYS
  0xF7810000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xF7820000 \SystemRoot\system32\DRIVERS\arp1394.sys
  0xF618F000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xF6A74000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xF7910000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF7918000 \SystemRoot\system32\DRIVERS\arhidfltr.sys
  0xF7920000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xF618B000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xF7B00000 \SystemRoot\system32\DRIVERS\armoucfltr.sys
  0xF2778000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
  0xF2754000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xF273C000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF7B06000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xF2A08000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF7930000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF7CBC000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\nv4_disp.dll
  0xBA5D4000 \??\C:\WINDOWS\system32\drivers\mbam.sys
  0xBA580000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xB922B000 \SystemRoot\system32\drivers\wdmaud.sys
  0xB9368000 \SystemRoot\system32\drivers\sysaudio.sys
  0xB90E8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xB8F8F000 \SystemRoot\System32\Drivers\HTTP.sys
  0xB8E6F000 \SystemRoot\system32\DRIVERS\srv.sys
  0xB87C3000 \SystemRoot\system32\drivers\mfeapfk.sys
  0xB89DF000 \SystemRoot\system32\drivers\mfebopk.sys
  0xB8D47000 \SystemRoot\system32\drivers\cfwids.sys
  0xB93A8000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
  0xB5BC9000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 69):
       0 System Idle Process
       4 System
     732 C:\WINDOWS\system32\smss.exe
     804 csrss.exe
     828 C:\WINDOWS\system32\winlogon.exe
     876 C:\WINDOWS\system32\services.exe
     888 C:\WINDOWS\system32\lsass.exe
    1076 C:\WINDOWS\system32\svchost.exe
    1128 svchost.exe
    1220 C:\WINDOWS\system32\svchost.exe
    1264 svchost.exe
    1672 C:\WINDOWS\explorer.exe
    1752 C:\WINDOWS\system32\spoolsv.exe
     156 svchost.exe
     284 C:\Program Files\SUPERAntiSpyware\SASCore.exe
     300 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
     320 C:\WINDOWS\arservice.exe
     360 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
     396 C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
     420 C:\Program Files\Bonjour\mDNSResponder.exe
     544 C:\WINDOWS\ehome\ehrecvr.exe
     648 C:\WINDOWS\ehome\ehSched.exe
    1204 C:\Program Files\Java\jre7\bin\jqs.exe
    1248 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1344 C:\Program Files\Google\Update\GoogleUpdate.exe
    1380 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    1272 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    1408 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    1508 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    1592 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    1620 C:\WINDOWS\system32\mfevtps.exe
    1864 C:\WINDOWS\system32\nvsvc32.exe
    1916 svchost.exe
    2020 svchost.exe
     604 C:\WINDOWS\system32\svchost.exe
     500 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    1048 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    2140 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    2280 mcrdsvc.exe
    2596 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3108 alg.exe
    3744 wmiprvse.exe
    3100 C:\WINDOWS\ehome\ehtray.exe
    3204 C:\WINDOWS\system32\svchost.exe
    3284 C:\WINDOWS\RTHDCPL.EXE
    3292 C:\WINDOWS\arpwrmsg.exe
    1412 C:\Program Files\DISC\DISCUpdMgr.exe
    3380 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    3388 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    3404 C:\Program Files\McAfee.com\Agent\mcagent.exe
    3332 C:\Program Files\iTunes\iTunesHelper.exe
    3464 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    3480 C:\Program Files\Unlocker\UnlockerAssistant.exe
    3496 C:\WINDOWS\system32\ctfmon.exe
    3540 C:\Program Files\Messenger\msmsgs.exe
    3596 C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
    3628 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    3732 C:\Program Files\iPod\bin\iPodService.exe
    3772 C:\Program Files\OpenOffice.org 3\program\soffice.exe
    2248 C:\Program Files\OpenOffice.org 3\program\soffice.bin
    3952 C:\hp\KBD\kbd.exe
     392 C:\Program Files\Internet Explorer\iexplore.exe
    4024 C:\Program Files\DoNotTrackPlus\IE\DNTPService.exe
    2976 C:\Program Files\Internet Explorer\iexplore.exe
    3604 C:\WINDOWS\system\hpsysdrv.exe
    2332 C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    4092 C:\Program Files\Internet Explorer\iexplore.exe
     372 C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
    2300 C:\Documents and Settings\Compaq_Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`2bf5a600  (FAT32)

PhysicalDrive0 Model Number: WDCWD2500JS-60NCB1, Rev: 10.02E02

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644 A


Done!

[SuperDave]

How's the computer running now?

[lemonlime]

Still getting the error messages and websites in history.  When I turn off the PC I get the message: CiceroU1Wind not responding. I have to end task about 6 times before it goes away.

Remember, I was never able to uninstall Winferno, maybe that's part of the problem?

McAfee is not automatically turning on virus protection.  It tells me I have to turn it on. Also McAfee does not seem to have the Parental Control settings which I need.  I do not want access to X rated sites. Should I switch to Norton?

[SuperDave]

McAfee is not automatically turning on virus protection.  It tells me I have to turn it on. Also McAfee does not seem to have the Parental Control settings which I need.  I do not want access to X rated sites. Should I switch to Norton?
I'm not too familiar with those products but I think the best way to set up Parental control is to establish an account on the computer for the children. Here's more information on how to set that up. Please just hold up on McAfee until we get this sorted out.

Please update and run SAS and MBAM again and post the logs.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory..

[lemonlime]

The report did not have copy/paste option.  I could highlight the text but not copy it.   I don't know how to find the log.

[SuperDave]

Please run ESET again and post the log.

[lemonlime]

ESET Scan and also figured out where TDSSKiller log was:
(I turned off PC and turned back on to see if scan fixed the problems. No strange sites in history but still getting the same error messages.) I think I may be able to uninstall Winferno.

C:\Documents and Settings\Compaq_Administrator\Desktop\Unlocker1.9.1.exe   a variant of Win32/Toolbar.Babylon application   cleaned by deleting - quarantined
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\153F.tmp   a variant of Win32/Agent.TVG trojan   cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\Compaq_Administrator\My Documents\My Music\iLividSetupV1.exe   Win32/Toolbar.SearchSuite application   cleaned by deleting - quarantined
C:\Program Files\Winferno\PC Confidential\PCCBHO.dll   Win32/Adware.PCConfidential application   cleaned by deleting - quarantined
C:\Program Files\Winferno\PC Confidential\PCConfidential.exe   Win32/Adware.PCConfidential application   cleaned by deleting - quarantined
C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe   a variant of Win32/XrayMyPC application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0009893.exe   a variant of Win32/Toolbar.Babylon application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0009894.dll   Win32/Adware.PCConfidential application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0009896.exe   Win32/Adware.PCConfidential application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0009898.exe   a variant of Win32/XrayMyPC application   cleaned by deleting - quarantined
D:\I386\APPS\APP18921\src\CompaqPresario_Spring06.exe   a variant of Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
D:\I386\APPS\APP18921\src\HPPavillion_Spring06.exe   a variant of Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0009899.exe   a variant of Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0009900.exe   a variant of Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined

F
9:24:40.0856 3240  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:24:42.0903 3240  ============================================================
19:24:42.0903 3240  Current date / time: 2012/08/28 19:24:42.0903
19:24:42.0903 3240  SystemInfo:
19:24:42.0903 3240 
19:24:42.0919 3240  OS Version: 5.1.2600 ServicePack: 3.0
19:24:42.0919 3240  Product type: Workstation
19:24:42.0919 3240  ComputerName: YOUR-4DACD0EA75
19:24:42.0919 3240  UserName: Compaq_Administrator
19:24:42.0919 3240  Windows directory: C:\WINDOWS
19:24:42.0919 3240  System windows directory: C:\WINDOWS
19:24:42.0919 3240  Processor architecture: Intel x86
19:24:42.0919 3240  Number of processors: 1
19:24:42.0919 3240  Page size: 0x1000
19:24:42.0919 3240  Boot type: Normal boot
19:24:42.0919 3240  ============================================================
19:24:49.0184 3240  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:24:49.0590 3240  Drive \Device\Harddisk5\DR15 - Size: 0x1D63C0000 (7.35 Gb), SectorSize: 0x1000, Cylinders: 0x77, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:24:49.0606 3240  ============================================================
19:24:49.0606 3240  \Device\Harddisk0\DR0:
19:24:49.0606 3240  MBR partitions:
19:24:49.0606 3240  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C15BBD3
19:24:49.0606 3240  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x1C15FAD3, BlocksNum 0x1064AAE
19:24:49.0606 3240  \Device\Harddisk5\DR15:
19:24:49.0606 3240  MBR partitions:
19:24:49.0606 3240  \Device\Harddisk5\DR15\Partition1: MBR, Type 0xB, StartLBA 0x40, BlocksNum 0x1D637F
19:24:49.0606 3240  ============================================================
19:24:49.0700 3240  C: <-> \Device\Harddisk0\DR0\Partition1
19:24:49.0731 3240  D: <-> \Device\Harddisk0\DR0\Partition2
19:24:49.0747 3240  ============================================================
19:24:49.0747 3240  Initialize success
19:24:49.0747 3240  ============================================================
19:24:57.0372 4976  ============================================================
19:24:57.0372 4976  Scan started
19:24:57.0372 4976  Mode: Manual;
19:24:57.0372 4976  ============================================================
19:25:03.0669 4976  ================ Scan system memory ========================
19:25:07.0059 4976  System memory - ok
19:25:07.0059 4976  ================ Scan services =============================
19:25:07.0247 4976  [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:25:07.0512 4976  !SASCORE - ok
19:25:07.0700 4976  Abiosdsk - ok
19:25:07.0715 4976  abp480n5 - ok
19:25:07.0747 4976  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:25:07.0794 4976  ACPI - ok
19:25:07.0840 4976  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
19:25:07.0872 4976  ACPIEC - ok
19:25:07.0887 4976  adpu160m - ok
19:25:07.0981 4976  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
19:25:08.0044 4976  aec - ok
19:25:08.0122 4976  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
19:25:08.0122 4976  AFD - ok
19:25:08.0184 4976  [ 994A42D273C35B43EE9D1E8A5D8BC639 ] AgereSoftModem  C:\WINDOWS\system32\DRIVERS\AGRSM.sys
19:25:08.0231 4976  AgereSoftModem - ok
19:25:08.0247 4976  Aha154x - ok
19:25:08.0294 4976  aic78u2 - ok
19:25:08.0309 4976  aic78xx - ok
19:25:08.0387 4976  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
19:25:08.0403 4976  Alerter - ok
19:25:08.0450 4976  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
19:25:08.0450 4976  ALG - ok
19:25:08.0465 4976  AliIde - ok
19:25:08.0497 4976  [ 59301936898AE62245A6F09C0ABA9475 ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
19:25:08.0872 4976  AmdK8 - ok
19:25:08.0887 4976  amsint - ok
19:25:09.0044 4976  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:25:09.0387 4976  Apple Mobile Device - ok
19:25:09.0450 4976  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
19:25:09.0497 4976  AppMgmt - ok
19:25:09.0559 4976  [ 00523019E3579C8F8A94457FE25F0F24 ] aracpi          C:\WINDOWS\system32\DRIVERS\aracpi.sys
19:25:09.0700 4976  aracpi - ok
19:25:09.0731 4976  [ 9FEDAA46EB1A572AC4D9EE6B5F123CF2 ] arhidfltr       C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
19:25:10.0012 4976  arhidfltr - ok
19:25:10.0044 4976  [ 82969576093CD983DD559F5A86F382B4 ] arkbcfltr       C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
19:25:10.0184 4976  arkbcfltr - ok
19:25:10.0215 4976  [ 9B21791D8A78FAECE999FADBEBDA6C22 ] armoucfltr      C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
19:25:10.0434 4976  armoucfltr - ok
19:25:10.0497 4976  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:25:10.0497 4976  Arp1394 - ok
19:25:10.0512 4976  [ 7A2DA7C7B0C524EF26A79F17A5C69FDE ] ARPolicy        C:\WINDOWS\system32\DRIVERS\arpolicy.sys
19:25:10.0715 4976  ARPolicy - ok
19:25:10.0762 4976  [ 9A0D9B2E263BEDE80FB79DDBAD240EC1 ] ARSVC           C:\WINDOWS\arservice.exe
19:25:12.0231 4976  ARSVC - ok
19:25:12.0247 4976  asc - ok
19:25:12.0262 4976  asc3350p - ok
19:25:12.0278 4976  asc3550 - ok
19:25:12.0497 4976  [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
19:25:12.0528 4976  aspnet_state - ok
19:25:12.0590 4976  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:25:12.0590 4976  AsyncMac - ok
19:25:12.0637 4976  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
19:25:12.0637 4976  atapi - ok
19:25:12.0653 4976  Atdisk - ok
19:25:12.0684 4976  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:25:12.0684 4976  Atmarpc - ok
19:25:12.0747 4976  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
19:25:12.0747 4976  AudioSrv - ok
19:25:12.0840 4976  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
19:25:12.0840 4976  audstub - ok
19:25:12.0965 4976  [ E1DAE1CFF5FE2AE95DD1C7489D26D88D ] Automatic LiveUpdate Scheduler C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
19:25:12.0981 4976  Automatic LiveUpdate Scheduler - ok
19:25:12.0997 4976  [ 7270D070173B20AC9487EA16BB08B45F ] bb-run          C:\WINDOWS\system32\DRIVERS\bb-run.sys
19:25:12.0997 4976  bb-run - ok
19:25:13.0184 4976  [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc           C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
19:25:13.0184 4976  BBSvc - ok
19:25:13.0262 4976  [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
19:25:13.0278 4976  BBUpdate - ok
19:25:13.0325 4976  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:25:13.0325 4976  Beep - ok
19:25:13.0403 4976  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
19:25:13.0450 4976  BITS - ok
19:25:13.0559 4976  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:25:13.0590 4976  Bonjour Service - ok
19:25:13.0653 4976  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
19:25:13.0653 4976  Browser - ok
19:25:13.0778 4976  catchme - ok
19:25:13.0825 4976  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
19:25:13.0825 4976  cbidf2k - ok
19:25:13.0856 4976  cd20xrnt - ok
19:25:13.0887 4976  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
19:25:13.0887 4976  Cdaudio - ok
19:25:13.0934 4976  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
19:25:13.0950 4976  Cdfs - ok
19:25:13.0965 4976  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:25:13.0965 4976  Cdrom - ok
19:25:14.0012 4976  [ 1C7B1E36F3CED9E4B0B13385E627FE8B ] cfwids          C:\WINDOWS\system32\drivers\cfwids.sys
19:25:14.0012 4976  cfwids - ok
19:25:14.0028 4976  Changer - ok
19:25:14.0075 4976  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
19:25:14.0075 4976  CiSvc - ok
19:25:14.0122 4976  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
19:25:14.0122 4976  ClipSrv - ok
19:25:14.0137 4976  CmdIde - ok
19:25:14.0169 4976  COMSysApp - ok
19:25:14.0200 4976  Cpqarray - ok
19:25:14.0231 4976  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
19:25:14.0231 4976  CryptSvc - ok
19:25:14.0247 4976  dac2w2k - ok
19:25:14.0262 4976  dac960nt - ok
19:25:14.0340 4976  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:25:14.0356 4976  DcomLaunch - ok
19:25:14.0419 4976  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
19:25:14.0419 4976  Dhcp - ok
19:25:14.0450 4976  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
19:25:14.0450 4976  Disk - ok
19:25:14.0465 4976  dmadmin - ok
19:25:14.0528 4976  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
19:25:14.0559 4976  dmboot - ok
19:25:14.0606 4976  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
19:25:14.0606 4976  dmio - ok
19:25:14.0653 4976  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
19:25:14.0653 4976  dmload - ok
19:25:14.0700 4976  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
19:25:14.0700 4976  dmserver - ok
19:25:14.0731 4976  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
19:25:14.0731 4976  DMusic - ok
19:25:14.0762 4976  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:25:14.0778 4976  Dnscache - ok
19:25:14.0872 4976  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
19:25:14.0872 4976  Dot3svc - ok
19:25:14.0887 4976  dpti2o - ok
19:25:14.0950 4976  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
19:25:14.0950 4976  drmkaud - ok
19:25:15.0012 4976  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
19:25:15.0012 4976  EapHost - ok
19:25:15.0137 4976  [ 089296AEDB9B72B4916AC959752BDC89 ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:25:15.0169 4976  eeCtrl - ok
19:25:15.0340 4976  [ D039A0C347632622934906BD59A4E1EA ] ehRecvr         C:\WINDOWS\eHome\ehRecvr.exe
19:25:15.0372 4976  ehRecvr - ok
19:25:15.0481 4976  [ A53243709439AC2A4C216B817F8D7411 ] ehSched         C:\WINDOWS\eHome\ehSched.exe
19:25:15.0481 4976  ehSched - ok
19:25:15.0497 4976  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
19:25:15.0497 4976  ERSvc - ok
19:25:15.0559 4976  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
19:25:15.0559 4976  Eventlog - ok
19:25:15.0622 4976  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
19:25:15.0637 4976  EventSystem - ok
19:25:15.0700 4976  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
19:25:15.0715 4976  Fastfat - ok
19:25:15.0731 4976  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:25:15.0762 4976  FastUserSwitchingCompatibility - ok
19:25:15.0809 4976  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
19:25:15.0887 4976  Fax - ok
19:25:15.0919 4976  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
19:25:15.0919 4976  Fdc - ok
19:25:15.0981 4976  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
19:25:15.0981 4976  Fips - ok
19:25:15.0997 4976  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
19:25:15.0997 4976  Flpydisk - ok
19:25:16.0059 4976  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
19:25:16.0059 4976  FltMgr - ok
19:25:16.0106 4976  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:25:16.0106 4976  Fs_Rec - ok
19:25:16.0122 4976  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:25:16.0137 4976  Ftdisk - ok
19:25:16.0184 4976  [ 22399D3CE5840C6082844679CCA5D2FC ] ftsata2         C:\WINDOWS\system32\DRIVERS\ftsata2.sys
19:25:16.0184 4976  ftsata2 - ok
19:25:16.0278 4976  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:25:16.0278 4976  GEARAspiWDM - ok
19:25:16.0309 4976  getPlusHelper - ok
19:25:16.0356 4976  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:25:16.0372 4976  Gpc - ok
19:25:16.0512 4976  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
19:25:16.0512 4976  gupdate - ok
19:25:16.0528 4976  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
19:25:16.0528 4976  gupdatem - ok
19:25:16.0575 4976  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:25:16.0575 4976  HDAudBus - ok
19:25:16.0715 4976  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:25:16.0715 4976  helpsvc - ok
19:25:16.0731 4976  HidServ - ok
19:25:16.0762 4976  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:25:16.0778 4976  HidUsb - ok
19:25:16.0872 4976  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
19:25:16.0903 4976  hkmsvc - ok
19:25:16.0919 4976  hpn - ok
19:25:17.0231 4976  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
19:25:17.0231 4976  HTTP - ok
19:25:17.0309 4976  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
19:25:17.0309 4976  HTTPFilter - ok
19:25:17.0325 4976  i2omgmt - ok
19:25:17.0340 4976  i2omp - ok
19:25:17.0419 4976  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:25:17.0434 4976  i8042prt - ok
19:25:17.0512 4976  [ 9A65E42664D1534B68512CAAD0EFE963 ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
19:25:17.0544 4976  iaStor - ok
19:25:17.0778 4976  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:25:17.0840 4976  IDriverT - ok
19:25:17.0887 4976  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
19:25:17.0887 4976  Imapi - ok
19:25:17.0981 4976  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
19:25:17.0997 4976  ImapiService - ok
19:25:18.0012 4976  ini910u - ok
19:25:18.0215 4976  [ 64BE56B8858CA0153C725C720FFD194F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:25:18.0419 4976  IntcAzAudAddService - ok
19:25:18.0450 4976  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
19:25:18.0450 4976  IntelIde - ok
19:25:18.0481 4976  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:25:18.0481 4976  intelppm - ok
19:25:18.0528 4976  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
19:25:18.0528 4976  Ip6Fw - ok
19:25:18.0559 4976  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:25:18.0575 4976  IpFilterDriver - ok
19:25:18.0590 4976  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:25:18.0590 4976  IpInIp - ok
19:25:18.0606 4976  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:25:18.0622 4976  IpNat - ok
19:25:18.0715 4976  [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:25:18.0747 4976  iPod Service - ok
19:25:18.0778 4976  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:25:18.0778 4976  IPSec - ok
19:25:18.0809 4976  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
19:25:18.0809 4976  IRENUM - ok
19:25:18.0856 4976  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:25:18.0856 4976  isapnp - ok
19:25:19.0012 4976  [ BC0FEADA7A5A69787C70B03EBC51B582 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
19:25:19.0012 4976  JavaQuickStarterService - ok
19:25:19.0028 4976  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:25:19.0028 4976  Kbdclass - ok
19:25:19.0106 4976  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
19:25:19.0106 4976  kmixer - ok
19:25:19.0153 4976  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
19:25:19.0153 4976  KSecDD - ok
19:25:19.0200 4976  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
19:25:19.0200 4976  lanmanserver - ok
19:25:19.0278 4976  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:25:19.0294 4976  lanmanworkstation - ok
19:25:19.0309 4976  lbrtfdc - ok
19:25:19.0434 4976  [ E4973B3229E0015345AFBE43A8A8EB3B ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:25:19.0450 4976  LightScribeService - ok
19:25:19.0840 4976  [ 2EE3508E453CC0B1BEE47B3514EBB97A ] LiveUpdate      C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
19:25:19.0950 4976  LiveUpdate - ok
19:25:20.0044 4976  [ 2D1389E05A807D956829F44BD4B60389 ] LiveUpdate Notice Service C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
19:25:20.0075 4976  LiveUpdate Notice Service - ok
19:25:20.0200 4976  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
19:25:20.0200 4976  LmHosts - ok
19:25:20.0247 4976  [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
19:25:20.0247 4976  MBAMProtector - ok
19:25:20.0340 4976  [ 43683E970F008C93C9429EF428147A54 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:25:20.0372 4976  MBAMService - ok
19:25:20.0450 4976  [ AAC3B33BA020D2AF530D694A5A920180 ] McAfee SiteAdvisor Service C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
19:25:20.0465 4976  McAfee SiteAdvisor Service - ok
19:25:20.0528 4976  [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
19:25:20.0528 4976  McComponentHostService - ok
19:25:20.0700 4976  [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McMPFSvc        C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
19:25:20.0715 4976  McMPFSvc - ok
19:25:20.0778 4976  [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] mcmscsvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:25:20.0794 4976  mcmscsvc - ok
19:25:20.0809 4976  [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNaiAnn        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:25:20.0809 4976  McNaiAnn - ok
19:25:20.0825 4976  [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNASvc         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:25:20.0825 4976  McNASvc - ok
19:25:20.0919 4976  [ B3CD9ADE1C2665124CA34125B331B0B4 ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
19:25:20.0950 4976  McODS - ok
19:25:20.0965 4976  [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McProxy         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:25:20.0981 4976  McProxy - ok
19:25:21.0044 4976  [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc         C:\WINDOWS\ehome\mcrdsvc.exe
19:25:21.0044 4976  McrdSvc - ok
19:25:21.0169 4976  [ 85DB8DDD2D664716BB5B2D3405F9EF92 ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
19:25:21.0169 4976  McShield - ok
19:25:21.0262 4976  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:25:21.0278 4976  MDM - ok
19:25:21.0372 4976  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
19:25:21.0372 4976  Messenger - ok
19:25:21.0465 4976  [ 43C31BDF404A6D7A7AC1BFD5EAD2A566 ] mfeapfk         C:\WINDOWS\system32\drivers\mfeapfk.sys
19:25:21.0465 4976  mfeapfk - ok
19:25:21.0544 4976  [ C1DC5F42D3367F33B6451BE78B38BD46 ] mfeavfk         C:\WINDOWS\system32\drivers\mfeavfk.sys
19:25:21.0544 4976  mfeavfk - ok
19:25:21.0575 4976  mfeavfk01 - ok
19:25:21.0606 4976  [ 0435C43F4C2BE01B84868AD2A906397B ] mfebopk         C:\WINDOWS\system32\drivers\mfebopk.sys
19:25:21.0606 4976  mfebopk - ok
19:25:21.0637 4976  [ 183AB9DCE971E029C50223765671839C ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
19:25:21.0653 4976  mfefire - ok
19:25:21.0715 4976  [ 4EA6FF90015424517843E931448E00F1 ] mfefirek        C:\WINDOWS\system32\drivers\mfefirek.sys
19:25:21.0731 4976  mfefirek - ok
19:25:21.0825 4976  [ D1E998748BA24A731106611D535C6BBF ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
19:25:21.0840 4976  mfehidk - ok
19:25:21.0887 4976  [ 26C76D10ED650E6492800D6F081ECFBA ] mfendisk        C:\WINDOWS\system32\DRIVERS\mfendisk.sys
19:25:21.0887 4976  mfendisk - ok
19:25:21.0919 4976  [ F454A13377F0A006D20A8C14A753C432 ] mferkdet        C:\WINDOWS\system32\drivers\mferkdet.sys
19:25:21.0919 4976  mferkdet - ok
19:25:21.0997 4976  [ 41FE2F288E05A6C8AB85DD56770FFBAD ] mferkdk         C:\WINDOWS\system32\drivers\mferkdk.sys
19:25:21.0997 4976  mferkdk - ok
19:25:22.0059 4976  [ 096B52EA918AA909BA5903D79E129005 ] mfesmfk         C:\WINDOWS\system32\drivers\mfesmfk.sys
19:25:22.0059 4976  mfesmfk - ok
19:25:22.0122 4976  [ 070D3FAF2EAC417C59D8674A8752F7A6 ] mfetdi2k        C:\WINDOWS\system32\drivers\mfetdi2k.sys
19:25:22.0153 4976  mfetdi2k - ok
19:25:22.0215 4976  [ 2B8DFC60EDDDAA33EB5E9F7C91B48ACD ] mfevtp          C:\WINDOWS\system32\mfevtps.exe
19:25:22.0215 4976  mfevtp - ok
19:25:22.0325 4976  [ B7521F69C0A9B29D356157229376FB21 ] MHN             C:\WINDOWS\System32\mhn.dll
19:25:22.0356 4976  MHN - ok
19:25:22.0450 4976  [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV          C:\WINDOWS\system32\DRIVERS\mhndrv.sys
19:25:22.0465 4976  MHNDRV - ok
19:25:22.0481 4976  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
19:25:22.0481 4976  mnmdd - ok
19:25:22.0559 4976  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
19:25:22.0559 4976  mnmsrvc - ok
19:25:22.0637 4976  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
19:25:22.0637 4976  Modem - ok
19:25:22.0653 4976  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:25:22.0653 4976  Mouclass - ok
19:25:22.0731 4976  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:25:22.0731 4976  mouhid - ok
19:25:22.0778 4976  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
19:25:22.0778 4976  MountMgr - ok
19:25:22.0794 4976  mraid35x - ok
19:25:22.0809 4976  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:25:22.0825 4976  MRxDAV - ok
19:25:22.0887 4976  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:25:22.0919 4976  MRxSmb - ok
19:25:22.0965 4976  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:25:22.0965 4976  Msfs - ok
19:25:22.0981 4976  MSIServer - ok
19:25:23.0028 4976  [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] MSK80Service    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
19:25:23.0028 4976  MSK80Service - ok
19:25:23.0106 4976  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:25:23.0106 4976  MSKSSRV - ok
19:25:23.0122 4976  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:25:23.0122 4976  MSPCLOCK - ok
19:25:23.0200 4976  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
19:25:23.0215 4976  MSPQM - ok
19:25:23.0231 4976  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:25:23.0231 4976  mssmbios - ok
19:25:23.0278 4976  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
19:25:23.0278 4976  Mup - ok
19:25:23.0325 4976  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
19:25:23.0340 4976  napagent - ok
19:25:23.0403 4976  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
19:25:23.0403 4976  NDIS - ok
19:25:23.0419 4976  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:25:23.0419 4976  NdisTapi - ok
19:25:23.0497 4976  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:25:23.0497 4976  Ndisuio - ok
19:25:23.0512 4976  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:25:23.0528 4976  NdisWan - ok
19:25:23.0590 4976  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
19:25:23.0590 4976  NDProxy - ok
19:25:23.0653 4976  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
19:25:23.0653 4976  NetBIOS - ok
19:25:23.0731 4976  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
19:25:23.0731 4976  NetBT - ok
19:25:23.0809 4976  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
19:25:23.0809 4976  NetDDE - ok
19:25:23.0840 4976  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
19:25:23.0840 4976  NetDDEdsdm - ok
19:25:23.0919 4976  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
19:25:23.0919 4976  Netlogon - ok
19:25:23.0997 4976  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
19:25:24.0012 4976  Netman - ok
19:25:24.0059 4976  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:25:24.0075 4976  NIC1394 - ok
19:25:24.0184 4976  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
19:25:24.0200 4976  Nla - ok
19:25:24.0247 4976  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:25:24.0247 4976  Npfs - ok
19:25:24.0340 4976  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:25:24.0356 4976  Ntfs - ok
19:25:24.0372 4976  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
19:25:24.0372 4976  NtLmSsp - ok
19:25:24.0450 4976  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
19:25:24.0465 4976  NtmsSvc - ok
19:25:24.0528 4976  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:25:24.0528 4976  Null - ok
19:25:24.0684 4976  [ CE58F42B11BE20A47C3D8D2F38DA254E ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:25:24.0809 4976  nv - ok
19:25:24.0856 4976  [ 22EEDB34C4D7613A25B10C347C6C4C21 ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:25:24.0856 4976  NVENETFD - ok
19:25:24.0903 4976  [ 5E3F6AD5CAD0F12D3CCCD06FD964087A ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:25:24.0903 4976  nvnetbus - ok
19:25:24.0981 4976  [ 95CAEC95D6777CE7D6B7091BC4D91CEB ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
19:25:24.0981 4976  NVSvc - ok
19:25:25.0044 4976  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:25:25.0044 4976  NwlnkFlt - ok
19:25:25.0059 4976  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:25:25.0059 4976  NwlnkFwd - ok
19:25:25.0090 4976  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:25:25.0106 4976  ohci1394 - ok
19:25:25.0153 4976  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:25:25.0153 4976  ose - ok
19:25:25.0215 4976  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
19:25:25.0215 4976  Parport - ok
19:25:25.0278 4976  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
19:25:25.0278 4976  PartMgr - ok
19:25:25.0325 4976  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
19:25:25.0340 4976  ParVdm - ok
19:25:25.0356 4976  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
19:25:25.0356 4976  PCI - ok
19:25:25.0372 4976  PCIDump - ok
19:25:25.0387 4976  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
19:25:25.0387 4976  PCIIde - ok
19:25:25.0434 4976  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
19:25:25.0450 4976  Pcmcia - ok
19:25:25.0465 4976  PDCOMP - ok
19:25:25.0481 4976  PDFRAME - ok
19:25:25.0497 4976  PDRELI - ok
19:25:25.0512 4976  PDRFRAME - ok
19:25:25.0528 4976  perc2 - ok
19:25:25.0544 4976  perc2hib - ok
19:25:25.0606 4976  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
19:25:25.0606 4976  PlugPlay - ok
19:25:25.0637 4976  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
19:25:25.0637 4976  PolicyAgent - ok
19:25:25.0715 4976  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:25:25.0715 4976  PptpMiniport - ok
19:25:25.0731 4976  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
19:25:25.0731 4976  Processor - ok
19:25:25.0747 4976  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:25:25.0747 4976  ProtectedStorage - ok
19:25:25.0794 4976  [ 390C204CED3785609AB24E9C52054A84 ] Ps2             C:\WINDOWS\system32\DRIVERS\PS2.sys
19:25:25.0794 4976  Ps2 - ok
19:25:25.0825 4976  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
19:25:25.0825 4976  PSched - ok
19:25:25.0840 4976  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:25:25.0840 4976  Ptilink - ok
19:25:25.0856 4976  [ 0457E25BB122B854E267CF552DCDC370 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:25:25.0856 4976  PxHelp20 - ok
19:25:25.0887 4976  ql1080 - ok
19:25:25.0903 4976  Ql10wnt - ok
19:25:25.0919 4976  ql12160 - ok
19:25:25.0934 4976  ql1240 - ok
19:25:25.0965 4976  ql1280 - ok
19:25:25.0997 4976  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:25:25.0997 4976  RasAcd - ok
19:25:26.0044 4976  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
19:25:26.0044 4976  RasAuto - ok
19:25:26.0059 4976  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:25:26.0059 4976  Rasl2tp - ok
19:25:26.0106 4976  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:25:26.0122 4976  RasMan - ok
19:25:26.0153 4976  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:25:26.0153 4976  RasPppoe - ok
19:25:26.0169 4976  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
19:25:26.0169 4976  Raspti - ok
19:25:26.0247 4976  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:25:26.0247 4976  Rdbss - ok
19:25:26.0309 4976  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:25:26.0309 4976  RDPCDD - ok
19:25:26.0372 4976  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:25:26.0372 4976  rdpdr - ok
19:25:26.0434 4976  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
19:25:26.0434 4976  RDPWD - ok
19:25:26.0497 4976  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
19:25:26.0512 4976  RDSessMgr - ok
19:25:26.0544 4976  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
19:25:26.0544 4976  redbook - ok
19:25:26.0622 4976  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:25:26.0622 4976  RemoteAccess - ok
19:25:26.0684 4976  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
19:25:26.0684 4976  RemoteRegistry - ok
19:25:26.0700 4976  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
19:25:26.0700 4976  RpcLocator - ok
19:25:26.0747 4976  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
19:25:26.0762 4976  RpcSs - ok
19:25:26.0825 4976  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
19:25:26.0825 4976  RSVP - ok
19:25:26.0903 4976  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:25:26.0903 4976  rtl8139 - ok
19:25:26.0919 4976  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
19:25:26.0919 4976  SamSs - ok
19:25:26.0934 4976  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:25:26.0997 4976  SASDIFSV - ok
19:25:27.0028 4976  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:25:27.0028 4976  SASKUTIL - ok
19:25:27.0059 4976  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
19:25:27.0075 4976  SCardSvr - ok
19:25:27.0137 4976  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:25:27.0153 4976  Schedule - ok
19:25:27.0278 4976  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:25:27.0278 4976  Secdrv - ok
19:25:27.0403 4976  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
19:25:27.0403 4976  seclogon - ok
19:25:27.0465 4976  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
19:25:27.0465 4976  SENS - ok
19:25:27.0544 4976  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
19:25:27.0544 4976  Serial - ok
19:25:27.0559 4976  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
19:25:27.0559 4976  Sfloppy - ok
19:25:27.0637 4976  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
19:25:27.0653 4976  SharedAccess - ok
19:25:27.0684 4976  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:25:27.0715 4976  ShellHWDetection - ok
19:25:27.0731 4976  Simbad - ok
19:25:27.0747 4976  Sparrow - ok
19:25:27.0840 4976  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
19:25:27.0840 4976  splitter - ok
19:25:27.0903 4976  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
19:25:27.0903 4976  Spooler - ok
19:25:27.0997 4976  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
19:25:27.0997 4976  sr - ok
19:25:28.0090 4976  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
19:25:28.0106 4976  srservice - ok
19:25:28.0231 4976  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
19:25:28.0231 4976  Srv - ok
19:25:28.0294 4976  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
19:25:28.0294 4976  SSDPSRV - ok
19:25:28.0340 4976  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
19:25:28.0356 4976  stisvc - ok
19:25:28.0434 4976  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
19:25:28.0434 4976  swenum - ok
19:25:28.0512 4976  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
19:25:28.0512 4976  swmidi - ok
19:25:28.0528 4976  SwPrv - ok
19:25:28.0544 4976  symc810 - ok
19:25:28.0559 4976  symc8xx - ok
19:25:28.0575 4976  sym_hi - ok
19:25:28.0590 4976  sym_u3 - ok
19:25:28.0653 4976  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
19:25:28.0653 4976  sysaudio - ok
19:25:28.0700 4976  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
19:25:28.0700 4976  SysmonLog - ok
19:25:28.0747 4976  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
19:25:28.0762 4976  TapiSrv - ok
19:25:28.0840 4976  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:25:28.0872 4976  Tcpip - ok
19:25:28.0934 4976  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
19:25:28.0934 4976  TDPIPE - ok
19:25:28.0965 4976  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
19:25:28.0965 4976  TDTCP - ok
19:25:28.0997 4976  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
19:25:29.0012 4976  TermDD - ok
19:25:29.0137 4976  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
19:25:29.0153 4976  TermService - ok
19:25:29.0262 4976  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
19:25:29.0262 4976  Themes - ok
19:25:29.0356 4976  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
19:25:29.0356 4976  TlntSvr - ok
19:25:29.0372 4976  TosIde - ok
19:25:29.0403 4976  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
19:25:29.0403 4976  TrkWks - ok
19:25:29.0465 4976  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
19:25:29.0465 4976  Udfs - ok
19:25:29.0497 4976  ultra - ok
19:25:29.0575 4976  [ 9651E5D850B6F6BD7C77C70AA06F02BF ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
19:25:29.0575 4976  UMWdf - ok
19:25:29.0669 4976  [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
19:25:29.0669 4976  UnlockerDriver5 - ok
19:25:29.0747 4976  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
19:25:29.0762 4976  Update - ok
19:25:29.0825 4976  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:25:29.0840 4976  upnphost - ok
19:25:29.0903 4976  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
19:25:29.0903 4976  UPS - ok
19:25:29.0965 4976  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
19:25:29.0981 4976  USBAAPL - ok
19:25:30.0044 4976  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:25:30.0044 4976  usbehci - ok
19:25:30.0090 4976  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:25:30.0090 4976  usbhub - ok
19:25:30.0137 4976  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:25:30.0137 4976  usbohci - ok
19:25:30.0262 4976  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:25:30.0262 4976  usbscan - ok
19:25:30.0309 4976  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:25:30.0340 4976  usbstor - ok
19:25:30.0403 4976  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:25:30.0403 4976  usbuhci - ok
19:25:30.0450 4976  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
19:25:30.0450 4976  VgaSave - ok
19:25:30.0512 4976  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
19:25:30.0528 4976  ViaIde - ok
19:25:30.0590 4976  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
19:25:30.0590 4976  VolSnap - ok
19:25:30.0653 4976  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
19:25:30.0669 4976  VSS - ok
19:25:30.0762 4976  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
19:25:30.0809 4976  W32Time - ok
19:25:30.0840 4976  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:25:30.0840 4976  Wanarp - ok
19:25:30.0856 4976  WDICA - ok
19:25:30.0887 4976  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
19:25:30.0887 4976  wdmaud - ok
19:25:30.0950 4976  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
19:25:30.0965 4976  WebClient - ok
19:25:31.0090 4976  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
19:25:31.0090 4976  winmgmt - ok
19:25:31.0294 4976  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:25:31.0372 4976  wlidsvc - ok
19:25:31.0434 4976  [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
19:25:31.0434 4976  WmdmPmSN - ok
19:25:31.0497 4976  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
19:25:31.0528 4976  Wmi - ok
19:25:31.0575 4976  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:25:31.0575 4976  WmiApSrv - ok
19:25:31.0637 4976  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:25:31.0637 4976  WS2IFSL - ok
19:25:31.0715 4976  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
19:25:31.0731 4976  wscsvc - ok
19:25:31.0794 4976  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
19:25:31.0809 4976  wuauserv - ok
19:25:31.0887 4976  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
19:25:31.0903 4976  WZCSVC - ok
19:25:31.0981 4976  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
19:25:31.0981 4976  xmlprov - ok
19:25:32.0012 4976  ================ Scan global ===============================
19:25:32.0075 4976  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:25:32.0137 4976  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:25:32.0169 4976  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:25:32.0231 4976  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:25:32.0231 4976  [Global] - ok
19:25:32.0231 4976  ================ Scan MBR ==================================
19:25:32.0262 4976  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:25:32.0434 4976  \Device\Harddisk0\DR0 - ok
19:25:32.0450 4976  [ 25A853D87F74184AE65B48F3C5D1C82B ] \Device\Harddisk5\DR15
19:25:44.0247 4976  \Device\Harddisk5\DR15 - ok
19:25:44.0262 4976  ================ Scan VBR ==================================
19:25:44.0262 4976  [ 167A6C50D11A9DDEA20D4B01998AC4FE ] \Device\Harddisk0\DR0\Partition1
19:25:44.0262 4976  \Device\Harddisk0\DR0\Partition1 - ok
19:25:44.0309 4976  [ 8363D296BF854078B8A7139CF283180A ] \Device\Harddisk0\DR0\Partition2
19:25:44.0309 4976  \Device\Harddisk0\DR0\Partition2 - ok
19:25:44.0325 4976  [ 6C9A98165BB7C051EA6139C24F55CEC0 ] \Device\Harddisk5\DR15\Partition1
19:25:44.0325 4976  \Device\Harddisk5\DR15\Partition1 - ok
19:25:44.0325 4976  ============================================================
19:25:44.0325 4976  Scan finished
19:25:44.0325 4976  ============================================================
19:25:44.0372 3724  Detected object count: 0
19:25:44.0372 3724  Actual detected object count: 0
19:30:57.0700 5272  Deinitialize success

[SuperDave]

It looks clean. How's your computer running now?

[lemonlime]

I think I successfully got rid of Winferno.  However, I'm still getting the error mesages and now, instead of photos and graphics on some (not all) websites I get red Xs.

[lemonlime]

My trial version of MBAM is expiring: is this something I need to purchase?

[SuperDave]

However, I'm still getting the error mesages and now, instead of photos and graphics on some (not all) websites I get red Xs.

Can you give me screenshots of those?
How to post screenshots or images

My trial version of MBAM is expiring: is this something I need to purchase?

If you want full time protection, you can purchase it. The free version doesn't have full-time protection. You have to initiate the scans yourself.
We should do some cleanup now.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

********************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
******************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[lemonlime]

Here's a shot of an image from this thread.

http://imageshack.us/photo/my-images/20/screenshotec.jpg/

TFC  wouldn't run.  It said you have to log in as an administrator.  When I try to change my log in; the only option was Compaq Administrator. In safe mode I can be Administrator but TFC does not show up in Safe Mode.  I did not try Start>Run in Safe Mode; maybe that would bring up TFC?

I got a bit lost in Secunia, I got unable to install messages and I can't click on the proper buttons because the icons are all red Xs and I can't tell what they are.  It also was unable to install some updates due to McAfee security, so I will try to temporarily disable. It seems like it wasn't going to update Real Player and ITunes, for example, but was going to install as new; asking me where I wanted it on the desktop or somewhere else.  I was afraid this would mess up the ITunes files I have saved.

I still have on my desktop MBRcheck, aswMBR.exe, RogueKiller.exe and RK Quarantine file. and Kapersky.

[SuperDave]

Here's a shot of an image from this thread.

What am I suppose to be seeing in this image?

TFC  wouldn't run. 

That's ok. Just do a disk cleanup.
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
**************************************************

I still have on my desktop MBRcheck, aswMBR.exe, RogueKiller.exe and RK Quarantine file. and Kapersky.

You can unistall/delete those.
As for Secunia, just make sure all your programs and especially your OS is kept up-to-date.

[lemonlime]

What am I suppose to be seeing in this image?

It is supposed to be the screenshot you sent of the TDSSKiller screen.

The screenshots you sent last of Disk Cleanup screens also showed up as boxes with a red X in the corner.  The page layout of the forum changed too. However, now that I am in "reply" forum mode, I can see the images and the layout now looks as usual.

I tried to send you a shot of how my Yahoo homepage looks, but the file was too large. It has some red Xs instead of the icons along the left side and some icons missing altogether, just a blank space.

[SuperDave]

I tried to send you a shot of how my Yahoo homepage looks, but the file was too large. It has some red Xs instead of the icons along the left side and some icons missing altogether, just a blank space

That doesn't seem correct. Here's how to post screenshots.

How to post screenshots or images

[lemonlime]

OK, the reason I couldn't upload was because the Upload or Enter button on my screen is not visible, not even a red X appears.
I only found it by moving the mouse until I got that little finger/hand thingy. This is how my Imageshack page looks:

http://imageshack.us/photo/my-images/716/imagehome.png/

Here is how the Computer Hope Forum page looks on my PC. 
http://imageshack.us/photo/my-images/543/forumio.png/

Here is how the Yahoo Homepage looks:
http://imageshack.us/photo/my-images/854/yahooeo.png/
All of the Yahoo Sites along the left side are supposed to have picture icons.

[SuperDave]

Please try the suggestions from this MS site.

[lemonlime]

I tried the suggestions, no luck so far.  I will keep working on it.

Thanks so much for all your help.  It would probably have cost hundreds of dollars for someone to come out and fix my software.

My last question is about browsers. Some say that IE is the least secure browser and I should switch to Firefox or Google Chrome.  What do you think?

[SuperDave]

My last question is about browsers. Some say that IE is the least secure browser and I should switch to Firefox or Google Chrome.  What do you think?

Some people say the FF is more secure but I've been hit using FF as well as IE so it all comes down to protection.
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.