Google redirecting and occasional blue screen

========== Files Created - No Company Name ==========

[2011/02/26 16:12:58 | 004,275,134 | ---- | C] () -- C:\Users\Mike\Desktop\ComboFix.exe
[2011/02/26 16:04:59 | 004,275,134 | ---- | C] () -- C:\Users\Mike\Desktop\blackpudding.bat
[2011/02/26 10:18:49 | 000,624,128 | ---- | C] () -- C:\Users\Mike\Desktop\dds.scr
[2011/02/26 09:09:02 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/24 20:50:05 | 000,055,713 | ---- | C] () -- C:\Users\Mike\Documents\myspecs.xps
[2011/02/24 20:36:02 | 000,000,017 | ---- | C] () -- C:\Users\Mike\AppData\Local\resmon.resmoncfg
[2011/02/24 20:32:57 | 006,640,398 | ---- | C] () -- C:\Users\Mike\Documents\specs
[2011/02/24 19:27:47 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/02/24 18:53:08 | 000,001,940 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/02/22 09:28:07 | 000,966,054 | ---- | C] () -- C:\Users\Mike\Documents\693_max.bmp
[2011/02/22 09:27:20 | 000,063,860 | ---- | C] () -- C:\Users\Mike\Documents\693_max (1).jpg
[2011/02/22 09:27:12 | 000,063,860 | ---- | C] () -- C:\Users\Mike\Documents\693_max.jpg
[2011/02/22 09:22:34 | 000,001,014 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\ImageConverter Plus.lnk
[2011/02/18 07:16:45 | 000,000,022 | -HS- | C] () -- C:\Windows\System5537 Data.Repository
[2011/02/18 07:16:45 | 000,000,022 | -HS- | C] () -- C:\Users\Mike\AppData\Roaming\Sys2662.Config.Repository.bin
[2011/02/17 19:15:16 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\1701 A.D. The Sunken Dragon.lnk
[2011/02/17 19:15:16 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\1701 A.D..lnk
[2011/02/14 13:21:50 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/02/14 13:21:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/14 13:21:50 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2011/02/14 05:25:11 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2011/02/06 19:19:42 | 369,945,591 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/02/05 18:13:20 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/02/05 10:00:19 | 000,000,221 | ---- | C] () -- C:\Users\Mike\Desktop\RailWorks.url
[2011/02/04 17:53:39 | 000,002,639 | ---- | C] () -- C:\Users\Mike\Desktop\FSX Mission Editor.lnk
[2011/02/04 17:34:18 | 000,000,136 | ---- | C] () -- C:\Users\Mike\Desktop\Microsoft Flight Simulator X - Shortcut.lnk
[2011/02/04 16:29:46 | 000,001,139 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alive Text to Speech
[2011/02/04 16:29:44 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/02/04 16:28:45 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/02/04 16:28:45 | 000,001,859 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/02/04 16:28:45 | 000,001,859 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2011/02/04 16:26:06 | 000,001,144 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2011/02/04 16:22:44 | 000,001,974 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/04 16:22:44 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/04 16:20:51 | 000,001,448 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/04 16:14:17 | 000,001,420 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/02/04 16:14:11 | 000,001,454 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/02/04 16:04:48 | 000,000,290 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/02/04 16:04:48 | 000,000,272 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/08/18 14:45:45 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/09/28 14:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\PhysXLoader.dll
[2006/09/26 14:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2011/02/26 14:32:53 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Azureus
[2011/02/26 17:00:00 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/02/10 11:25:00 | 000,021,368 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

Sorry same problem as before I have to make the parts smaller each time to post, so far that is about half of the log file, I will continue to try and post the rest

========== Files Created - No Company Name ==========

[2011/02/26 16:12:58 | 004,275,134 | ---- | C] () -- C:\Users\Mike\Desktop\ComboFix.exe
[2011/02/26 16:04:59 | 004,275,134 | ---- | C] () -- C:\Users\Mike\Desktop\blackpudding.bat
[2011/02/26 10:18:49 | 000,624,128 | ---- | C] () -- C:\Users\Mike\Desktop\dds.scr
[2011/02/26 09:09:02 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware

Free Edition.lnk
[2011/02/24 20:50:05 | 000,055,713 | ---- | C] () -- C:\Users\Mike\Documents\myspecs.xps
[2011/02/24 20:36:02 | 000,000,017 | ---- | C] () -- C:\Users\Mike\AppData\Local\resmon.resmoncfg
[2011/02/24 20:32:57 | 006,640,398 | ---- | C] () -- C:\Users\Mike\Documents\specs
[2011/02/24 19:27:47 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu

\Programs\Adobe Reader X.lnk
[2011/02/24 18:53:08 | 000,001,940 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu

\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/02/22 09:28:07 | 000,966,054 | ---- | C] () -- C:\Users\Mike\Documents\693_max.bmp
[2011/02/22 09:27:20 | 000,063,860 | ---- | C] () -- C:\Users\Mike\Documents\693_max (1).jpg
[2011/02/22 09:27:12 | 000,063,860 | ---- | C] () -- C:\Users\Mike\Documents\693_max.jpg
[2011/02/22 09:22:34 | 000,001,014 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft

\Internet Explorer\Quick Launch\ImageConverter Plus.lnk
[2011/02/18 07:16:45 | 000,000,022 | -HS- | C] () -- C:\Windows\System5537 Data.Repository
[2011/02/18 07:16:45 | 000,000,022 | -HS- | C] () -- C:\Users\Mike\AppData\Roaming

\Sys2662.Config.Repository.bin
[2011/02/17 19:15:16 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\1701 A.D. The Sunken

Dragon.lnk
[2011/02/17 19:15:16 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\1701 A.D..lnk
[2011/02/14 13:21:50 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/02/14 13:21:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/14 13:21:50 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2011/02/14 05:25:11 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2011/02/06 19:19:42 | 369,945,591 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/02/05 18:13:20 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/02/05 10:00:19 | 000,000,221 | ---- | C] () -- C:\Users\Mike\Desktop\RailWorks.url
[2011/02/04 17:53:39 | 000,002,639 | ---- | C] () -- C:\Users\Mike\Desktop\FSX Mission Editor.lnk
[2011/02/04 17:34:18 | 000,000,136 | ---- | C] () -- C:\Users\Mike\Desktop\Microsoft Flight

Simulator X - Shortcut.lnk
[2011/02/04 16:29:46 | 000,001,139 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu

\Programs\Alive Text to Speech
[2011/02/04 16:29:44 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/02/04 16:28:45 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/02/04 16:28:45 | 000,001,859 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft

\Internet Explorer\Quick Launch\Vuze.lnk
[2011/02/04 16:28:45 | 000,001,859 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu

\Programs\Vuze.lnk
[2011/02/04 16:26:06 | 000,001,144 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft

\Internet Explorer\Quick Launch\GOM Player.lnk
[2011/02/04 16:22:44 | 000,001,974 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft

\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/04 16:22:44 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/04 16:20:51 | 000,001,448 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft

\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/04 16:14:17 | 000,001,420 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Microsoft

\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/02/04 16:14:11 | 000,001,454 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Microsoft

\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/02/04 16:04:48 | 000,000,290 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft

\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/02/04 16:04:48 | 000,000,272 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft

\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/08/18 14:45:45 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/09/28 14:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\PhysXLoader.dll
[2006/09/26 14:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows

\SysWow64\AgCPanelTraditionalChinese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows

\SysWow64\AgCPanelSimplifiedChinese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2011/02/26 14:32:53 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Azureus
[2011/02/26 17:00:00 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/02/10 11:25:00 | 000,021,368 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

Still more to post,

Ok i apologize for this long post , however I can not get the rest of the log to post, I get a connection reset, even when I break it down very small, I am going to try waiting some time, Is there a limit to the amount I can post in a certain period of time ? ,maybe its my computer? I have a good connection. I will continue to try and post the rest of the log . thank you for your patience

I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
***********************************************
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.



* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
*******************************************
Are you still getting re-directs?

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/04/11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2011/02/26 16:03:30 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3896314578-1710475560-2245159350-1001\$I937INN.bat
[2011/02/26 19:41:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3896314578-1710475560-2245159350-1001\$ICW8WSF.Txt
[2011/02/26 15:49:53 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3896314578-1710475560-2245159350-1001\$IK93DOM.exe
[2011/02/26 15:58:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3896314578-1710475560-2245159350-1001\$IXKOXUN.exe
[2011/02/26 15:49:53 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3896314578-1710475560-2245159350-1001\$IY8N2A0.exe
[2011/02/26 15:49:20 | 004,275,134 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3896314578-1710475560-2245159350-1001\$R937INN.bat
[2011/02/26 19:39:33 | 000,168,338 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3896314578-1710475560-2245159350-1001\$RCW8WSF.Txt
[2011/02/26 14:35:26 | 004,275,134 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3896314578-1710475560-2245159350-1001\$RK93DOM.exe
[2011/02/26 15:55:57 | 000,056,054 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3896314578-1710475560-2245159350-1001\$RXKOXUN.exe
[2011/02/26 08:50:29 | 004,274,990 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3896314578-1710475560-2245159350-1001\$RY8N2A0.exe
[2011/02/04 16:05:24 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3896314578-1710475560-2245159350-1001\desktop.ini

All processes killed
========== OTL ==========
Prefs.js: toolbar@ask.com:3.9.1.14019 removed from extensions.enabledItems
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike
->Temp folder emptied: 73119218 bytes
->Temporary Internet Files folder emptied: 21130292 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54118486 bytes
->Flash cache emptied: 6712 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28017080 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
RecycleBin emptied: 13076712 bytes

Total Files Cleaned = 181.00 mb


OTL by OldTimer - Version 3.2.22.1 log created on 02262011_212549

Files\Folders moved on Reboot...
C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

I am still getting redirects, I did OTL fix before I uninstalled ask toolbar, should I run the fix again ?

Are you still getting the re-directs?

Is there a limit to the amount I can post in a certain period of time ?

I don't know what the limit is but if you try to post too much data you should receive a warning, then you will have to post in two posts.

Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

• Once you have downloaded the file, double click the sarsfx icon
  
• Review the licence agreement and click on the Accept button
  
• The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
  
  
• Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  
• Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  
• Allow the program to scan your computer - please be patient as it may take some time
  
• Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  
• In the main window, you will see each of the entries found by the scan (if any)
  
  
  
  • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    
  • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
    
  
  
• If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
  
• To clean up these entries click on the Clean up checked items button
  
• If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
  
• Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
  
• When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now
  

thpgrad wrote:

I am still getting redirects, I did OTL fix before I uninstalled ask toolbar, should I run the fix again ?

No. It should be gone now.

its scanning , slowly, one thing the running processes box was grayed out so I could not check it prior to scanning , I will post the warnings ,if any as soon as the scan is complete

Area: Local hard drives
Description: Unknown hidden file
Location: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NPFFYET\token=8B;loc=left;sz=160x600;tile=5;u=sessionid-320212604591016211_szid-4333a877-1eb9-47dd-92bd-dc923d155de0;ord=6737087472424316087[1].htm
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

Area: Local hard drives
Description: Unknown hidden file
Location: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DMXRIKHG\ken=8B;loc=bottom;sz=300x250;tile=4;u=sessionid-320212604591016211_szid-4333a877-1eb9-47dd-92bd-dc923d155de0;ord=6737087472424316087[1].htm
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

Area: Local hard drives
Description: Unknown hidden file
Location: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DMXRIKHG\oken=8B;loc=bottom;sz=728x90;tile=2;u=sessionid-320212604591016211_szid-4333a877-1eb9-47dd-92bd-dc923d155de0;ord=6737087472424316087[1].htm
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

Alright there are a lot of files without check marks , like the last three I posted do you want a copy of the description for all 171 of them ? I am going to post a fresh hi jack this log first , then I need to be away from my computer for a few hours(I need to sleep) but if needed I will copy all the descriptions of the files that say" Removable: Yes (but clean up not recommended for this file)" when I start again in the morning, thanks for all the help so far

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:38:01 AM, on 2/27/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sargui.exe
C:\Program Files (x86)\Vuze\Azureus.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Mike\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Vuze Toolbar\tbcore3.dll
O3 - Toolbar: Vuze Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Vuze Toolbar\tbcore3.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BCWipe service (BCWipeSvc) - Jetico, Inc. - C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5732 bytes

Awaiting further instructions , :smile2:

Sorry. I was out most of the day playing music and hockey.

Download HostsXpert

•Unzip HostXpert to your Desktop

•Open up the HostXpert program.

•Make sure that the "Make Hosts Writable?" button in the upper right corner is enabled.

•Click Create Back Up

•Then click on Restore Microsoft's Host Files

•Close the HostXpert program
***********************************************
Please download TDSSKiller from here and save it to your Desktop.

• Doubleclick TDSSKiller.exe to run the tool
  
• Click the Start Scan button (If prompted with a "hidden service warning" do go ahead and delete it.)
  
  
• After the scan has finished, click the Close button
  
• Click the Report button and copy/paste the contents of it into your next reply
  
• Note:It will also create a log in the C:\ directory.
  

I get an error in host expert "Can not create file c/windows/system32/DRIVERS/ETC/host


2011/02/27 21:20:04.0934 3340 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/27 21:20:05.0250 3340 ================================================================================
2011/02/27 21:20:05.0250 3340 SystemInfo:
2011/02/27 21:20:05.0250 3340
2011/02/27 21:20:05.0250 3340 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/27 21:20:05.0250 3340 Product type: Workstation
2011/02/27 21:20:05.0250 3340 ComputerName: MIKE-PC
2011/02/27 21:20:05.0250 3340 UserName: Mike
2011/02/27 21:20:05.0250 3340 Windows directory: C:\Windows
2011/02/27 21:20:05.0250 3340 System windows directory: C:\Windows
2011/02/27 21:20:05.0250 3340 Running under WOW64
2011/02/27 21:20:05.0250 3340 Processor architecture: Intel x64
2011/02/27 21:20:05.0250 3340 Number of processors: 2
2011/02/27 21:20:05.0250 3340 Page size: 0x1000
2011/02/27 21:20:05.0250 3340 Boot type: Normal boot
2011/02/27 21:20:05.0250 3340 ================================================================================
2011/02/27 21:20:05.0570 3340 Initialize success
2011/02/27 21:20:15.0603 3680 ================================================================================
2011/02/27 21:20:15.0603 3680 Scan started
2011/02/27 21:20:15.0603 3680 Mode: Manual;
2011/02/27 21:20:15.0603 3680 ================================================================================
2011/02/27 21:20:16.0429 3680 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/02/27 21:20:16.0489 3680 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/02/27 21:20:16.0548 3680 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/02/27 21:20:16.0612 3680 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/02/27 21:20:16.0682 3680 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/02/27 21:20:16.0735 3680 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/02/27 21:20:16.0798 3680 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/02/27 21:20:16.0872 3680 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/02/27 21:20:16.0991 3680 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/02/27 21:20:17.0039 3680 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/02/27 21:20:17.0083 3680 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/27 21:20:17.0116 3680 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/02/27 21:20:17.0146 3680 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/02/27 21:20:17.0175 3680 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/02/27 21:20:17.0199 3680 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/02/27 21:20:17.0271 3680 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/02/27 21:20:17.0333 3680 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/02/27 21:20:17.0366 3680 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/02/27 21:20:17.0402 3680 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/27 21:20:17.0433 3680 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/02/27 21:20:17.0529 3680 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
2011/02/27 21:20:17.0726 3680 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/02/27 21:20:17.0797 3680 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/02/27 21:20:17.0908 3680 BCSWAP (f2a12da12aa071a63f4e49137237a099) C:\Windows\system32\drivers\BCSWAP.sys
2011/02/27 21:20:17.0999 3680 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/02/27 21:20:18.0089 3680 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/27 21:20:18.0138 3680 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/27 21:20:18.0171 3680 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/02/27 21:20:18.0197 3680 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/02/27 21:20:18.0235 3680 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/02/27 21:20:18.0263 3680 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/27 21:20:18.0298 3680 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/27 21:20:18.0324 3680 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/27 21:20:18.0367 3680 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/27 21:20:18.0470 3680 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/27 21:20:18.0523 3680 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/27 21:20:18.0627 3680 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/27 21:20:18.0696 3680 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/02/27 21:20:18.0810 3680 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/27 21:20:18.0851 3680 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/02/27 21:20:18.0901 3680 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/02/27 21:20:19.0009 3680 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/27 21:20:19.0067 3680 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/02/27 21:20:19.0311 3680 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/02/27 21:20:19.0470 3680 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/02/27 21:20:19.0533 3680 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/02/27 21:20:19.0609 3680 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/02/27 21:20:19.0744 3680 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/02/27 21:20:19.0843 3680 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/27 21:20:20.0023 3680 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/02/27 21:20:20.0226 3680 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/02/27 21:20:20.0278 3680 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/02/27 21:20:20.0405 3680 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/02/27 21:20:20.0457 3680 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/02/27 21:20:20.0491 3680 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/27 21:20:20.0596 3680 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/02/27 21:20:20.0644 3680 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/02/27 21:20:20.0673 3680 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/27 21:20:20.0738 3680 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/02/27 21:20:20.0803 3680 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/02/27 21:20:20.0851 3680 fsh (cb6143c55dedc04ec56bf7cd10f798d3) C:\Windows\system32\drivers\fsh.sys
2011/02/27 21:20:20.0884 3680 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/27 21:20:20.0945 3680 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/27 21:20:20.0994 3680 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/02/27 21:20:21.0031 3680 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/02/27 21:20:21.0080 3680 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/02/27 21:20:21.0157 3680 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/27 21:20:21.0189 3680 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/02/27 21:20:21.0222 3680 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/02/27 21:20:21.0249 3680 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/27 21:20:21.0297 3680 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/27 21:20:21.0423 3680 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/02/27 21:20:21.0482 3680 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/02/27 21:20:21.0566 3680 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/02/27 21:20:21.0660 3680 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/27 21:20:21.0722 3680 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/02/27 21:20:22.0093 3680 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/02/27 21:20:22.0417 3680 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/02/27 21:20:22.0456 3680 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/27 21:20:22.0495 3680 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/27 21:20:22.0527 3680 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/27 21:20:22.0564 3680 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/02/27 21:20:22.0593 3680 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/02/27 21:20:22.0630 3680 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/02/27 21:20:22.0654 3680 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/02/27 21:20:22.0701 3680 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/27 21:20:22.0748 3680 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/27 21:20:22.0780 3680 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/27 21:20:22.0825 3680 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/27 21:20:22.0874 3680 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/02/27 21:20:22.0926 3680 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/02/27 21:20:23.0000 3680 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
2011/02/27 21:20:23.0098 3680 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/27 21:20:23.0165 3680 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/27 21:20:23.0192 3680 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/27 21:20:23.0223 3680 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/02/27 21:20:23.0248 3680 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/02/27 21:20:23.0278 3680 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/02/27 21:20:23.0363 3680 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/02/27 21:20:23.0404 3680 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/02/27 21:20:23.0433 3680 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/02/27 21:20:23.0490 3680 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\Windows\system32\1507.tmp
2011/02/27 21:20:23.0536 3680 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/02/27 21:20:23.0580 3680 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/27 21:20:23.0617 3680 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/27 21:20:23.0658 3680 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/27 21:20:23.0704 3680 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/02/27 21:20:23.0735 3680 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/02/27 21:20:23.0763 3680 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/27 21:20:23.0793 3680 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/27 21:20:23.0845 3680 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/27 21:20:23.0880 3680 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/27 21:20:23.0916 3680 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/27 21:20:23.0944 3680 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/27 21:20:23.0987 3680 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/02/27 21:20:24.0043 3680 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/02/27 21:20:24.0071 3680 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/02/27 21:20:24.0099 3680 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/02/27 21:20:24.0153 3680 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/27 21:20:24.0181 3680 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/27 21:20:24.0202 3680 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/02/27 21:20:24.0236 3680 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/02/27 21:20:24.0268 3680 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/27 21:20:24.0291 3680 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/02/27 21:20:24.0329 3680 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/02/27 21:20:24.0407 3680 MTsensor (a523d9f6aeb152c4480d754df7fa9f7f) C:\Windows\system32\DRIVERS\ATK64AMD.sys
2011/02/27 21:20:24.0452 3680 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/02/27 21:20:24.0523 3680 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/27 21:20:24.0600 3680 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/02/27 21:20:24.0668 3680 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/27 21:20:24.0709 3680 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/27 21:20:24.0754 3680 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/27 21:20:24.0804 3680 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/27 21:20:24.0841 3680 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/02/27 21:20:24.0882 3680 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/27 21:20:24.0917 3680 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/27 21:20:24.0983 3680 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/02/27 21:20:25.0029 3680 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/02/27 21:20:25.0053 3680 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/27 21:20:25.0140 3680 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/02/27 21:20:25.0262 3680 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/02/27 21:20:25.0301 3680 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/02/27 21:20:25.0329 3680 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/02/27 21:20:25.0360 3680 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/02/27 21:20:25.0404 3680 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/27 21:20:25.0466 3680 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/02/27 21:20:25.0494 3680 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/02/27 21:20:25.0530 3680 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/02/27 21:20:25.0569 3680 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/27 21:20:25.0613 3680 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/27 21:20:25.0638 3680 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/02/27 21:20:25.0680 3680 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/02/27 21:20:25.0874 3680 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/27 21:20:25.0921 3680 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/02/27 21:20:25.0992 3680 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/27 21:20:26.0053 3680 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/02/27 21:20:26.0109 3680 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/02/27 21:20:26.0142 3680 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/27 21:20:26.0171 3680 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/27 21:20:26.0221 3680 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/27 21:20:26.0257 3680 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/27 21:20:26.0300 3680 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/27 21:20:26.0347 3680 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/27 21:20:26.0379 3680 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/27 21:20:26.0430 3680 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/27 21:20:26.0478 3680 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/27 21:20:26.0555 3680 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/27 21:20:26.0605 3680 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/02/27 21:20:26.0636 3680 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/02/27 21:20:26.0678 3680 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/02/27 21:20:26.0739 3680 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/27 21:20:26.0829 3680 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/02/27 21:20:26.0865 3680 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/02/27 21:20:27.0020 3680 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/02/27 21:20:27.0079 3680 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/02/27 21:20:27.0174 3680 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/02/27 21:20:27.0262 3680 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/27 21:20:27.0307 3680 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/02/27 21:20:27.0343 3680 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/02/27 21:20:27.0393 3680 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/02/27 21:20:27.0440 3680 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/02/27 21:20:27.0478 3680 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/02/27 21:20:27.0516 3680 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/02/27 21:20:27.0575 3680 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
2011/02/27 21:20:27.0613 3680 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/27 21:20:27.0653 3680 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/27 21:20:27.0692 3680 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/02/27 21:20:27.0743 3680 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/02/27 21:20:27.0826 3680 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/02/27 21:20:27.0899 3680 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/27 21:20:27.0950 3680 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/27 21:20:28.0036 3680 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/02/27 21:20:28.0078 3680 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/27 21:20:28.0239 3680 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/02/27 21:20:28.0405 3680 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/27 21:20:28.0485 3680 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/27 21:20:28.0523 3680 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/02/27 21:20:28.0554 3680 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/02/27 21:20:28.0584 3680 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/27 21:20:28.0608 3680 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/27 21:20:28.0679 3680 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/27 21:20:28.0728 3680 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/27 21:20:28.0760 3680 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/27 21:20:28.0797 3680 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/27 21:20:28.0861 3680 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/02/27 21:20:28.0902 3680 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/27 21:20:28.0925 3680 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/27 21:20:28.0985 3680 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/27 21:20:29.0022 3680 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/27 21:20:29.0062 3680 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/27 21:20:29.0105 3680 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/27 21:20:29.0140 3680 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/27 21:20:29.0165 3680 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/27 21:20:29.0202 3680 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/27 21:20:29.0236 3680 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/27 21:20:29.0289 3680 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/02/27 21:20:29.0356 3680 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/02/27 21:20:29.0396 3680 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/27 21:20:29.0423 3680 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/02/27 21:20:29.0463 3680 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/02/27 21:20:29.0492 3680 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/02/27 21:20:29.0520 3680 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/02/27 21:20:29.0557 3680 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/02/27 21:20:29.0584 3680 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/02/27 21:20:29.0629 3680 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/02/27 21:20:29.0666 3680 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/02/27 21:20:29.0698 3680 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/02/27 21:20:29.0750 3680 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/02/27 21:20:29.0807 3680 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/27 21:20:29.0830 3680 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/27 21:20:29.0896 3680 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/02/27 21:20:29.0949 3680 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/27 21:20:30.0031 3680 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/27 21:20:30.0056 3680 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/02/27 21:20:30.0137 3680 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/27 21:20:30.0209 3680 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/27 21:20:30.0261 3680 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/02/27 21:20:30.0398 3680 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/27 21:20:30.0496 3680 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/27 21:20:30.0502 3680 ================================================================================
2011/02/27 21:20:30.0502 3680 Scan finished
2011/02/27 21:20:30.0502 3680 ================================================================================
2011/02/27 21:20:30.0519 3648 Detected object count: 1
2011/02/27 21:20:48.0362 3648 \HardDisk0 - will be cured after reboot
2011/02/27 21:20:48.0364 3648 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

Nice to have you back, hope you had a good day out relaxing , I will check back as often as I can from work, Thanks again for bearing with me through this looooooong post.

Well, it looks like that last scan found something. Any change in your computer?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

looks like I am no longer being redirected :smile2: I will finish the eset scan and post results,

The scan finished with no found threats, so I could not generate a report, I did some more searching and had no more redirects. I can not thank you enough. I work in a non profit Drug and Alcohol Rehabilitation Center. so money is tight, however I will send some type of donation
Mike

Ok. Let's do some cleanup.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
************************************************
To set a new Restore Point.

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.
*******************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
********************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Sounds good to me. I am working my way through the steps suggested