browser being redirected

I'm being redirected about every 6th search give or take.I appreciate any help on this.Here is my hjt log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:14 PM, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21020)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=374
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9329 bytes
Thanks in advance--Gary

Hello.

I strongly recommend you to remove Ask from your computer because it's:

• Promoting its toolbars on sites targeted to kids.
  
• Promoting its toolbars through ads that appear to be part of other companies' sites.
  
• Promoting its toolbars through other companies' spyware.
  
• Installing without any disclosure whatsoever and without any consent whatsoever.
  
• Soliciting installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  
• Making confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
  

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

• Ask Toolbar
  

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis

Now go to Start > Run.
In the run box, type in regedit.
Hit enter.

Tell me, does regedit/the machine freeze when doing this?

I could not find the ask program in the add/remove program.I did find C:\Program Files\AskBarDis and removed it after some trouble.Went to regedit and had no problem with it.I think ASK was slipped in with some toolbar or add on in firefox.

Okay, it's not one common Google hijacker I know, so lets run this.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run
  
• When complete, DDS.txt will open.
  
• Save the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.
  

DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 21:34:18.56 on Sat 04/18/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1391 [GMT -4:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [VistaDrive] c:\windows\vistadrive\VistaDrive.exe
mRun: [UnlockerAssistant] c:\program files\unlocker\UnlockerAssistant.exe -H
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\imon.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\rrska6jq.default\
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-4-18 150544]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-4-3 15424]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-4-18 353672]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-3 55152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-18 210216]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-4-3 552064]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 ASKService;ASKService;c:\program files\askbardis\bar\bin\askservice.exe --> c:\program files\askbardis\bar\bin\AskService.exe [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

=============== Created Last 30 ================

2009-04-18 17:33 --d----- c:\program files\common files\McAfee
2009-04-18 17:33 --d----- c:\program files\McAfee
2009-04-18 15:22 --d----- c:\docume~1\admini~1\applic~1\MailFrontier
2009-04-18 15:16 --d----- c:\program files\Zone Labs
2009-04-18 15:15 --d----- c:\windows\Internet Logs
2009-04-18 14:29 --d----- c:\program files\Trend Micro
2009-04-18 12:30 --d----- c:\windows\pss
2009-04-18 11:42 --d----- c:\program files\Spybot - Search & Destroy
2009-04-18 11:42 --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-17 22:22 --d----- c:\program files\MSXML 4.0
2009-04-17 22:20 --d----- c:\windows\system32\appmgmt
2009-04-17 20:05 --d----- c:\program files\Microsoft Games
2009-04-17 19:45 --d----- c:\program files\SystemRequirementsLab
2009-04-16 20:05 188 a------- c:\windows\CmdFile.INI
2009-04-16 18:53 20,480 a------- c:\windows\system32\ak1.exe
2009-04-15 10:28 671,232 -------- c:\windows\system32\dllcache\mstime.dll
2009-04-15 10:27 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 10:27 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-13 00:49 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-04-13 00:49 5,632 a------- c:\windows\system32\ptpusb.dll
2009-04-13 00:49 159,232 a------- c:\windows\system32\ptpusd.dll
2009-04-08 17:04 2,713 ---sh--- c:\windows\system32\zusenene.exe
2009-04-03 23:18 --d----- c:\program files\Fisher
2009-04-03 23:18 299,520 a------- c:\windows\uninst.exe
2009-04-03 22:17 --d----- c:\program files\VS Revo Group
2009-04-03 17:11 15,615 a------- c:\windows\system32\wacom.dat
2009-04-03 17:11 1,985,304 a------- c:\windows\system32\TabCP-En.znc
2009-04-03 17:11 872,448 a------- c:\windows\system32\Tablet.cpl
2009-04-03 17:11 90,112 a------- c:\windows\system32\Wintab32.dll
2009-04-03 17:11 53,248 a------- c:\windows\system32\TabUnst.dll
2009-04-03 17:11 49,152 a------- c:\windows\system32\TabHook.dll
2009-04-03 17:11 15,744 a------- c:\windows\system32\wintab.dll
2009-04-03 17:11 8,138 a------- c:\windows\system32\drivers\penclass.sys
2009-04-03 17:11 454,656 a------- c:\windows\system32\Tablet.exe
2009-04-03 17:11 --d----- c:\program files\Wacom
2009-04-03 17:11 36,864 a------- c:\windows\system32\pencls32.dll
2009-04-03 17:11 13,344 a------- c:\windows\system32\tabinst.dll
2009-04-03 17:11 4,032 a------- c:\windows\system32\tabins16.dll
2009-04-03 17:11 --d----- c:\documents and settings\administrator\WINDOWS
2009-04-03 17:10 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-04-03 17:10 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-04-03 17:02 306,688 a------- c:\windows\IsUninst.exe
2009-04-03 17:00 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-04-03 16:59 6,184 a----r-- c:\windows\system32\cmglue.vxd
2009-04-03 16:59 107,008 a------- c:\windows\system32\CNMLM5c.DLL
2009-04-03 16:59 6,656 a------- c:\windows\system32\CNMVS5c.DLL
2009-04-03 16:59 73,728 a----r-- c:\windows\system32\CNMCP5c.exe
2009-04-03 16:59 --d-h--- C:\BJPrinter
2009-04-03 16:58 --d----- c:\windows\StartHtmico
2009-04-03 16:58 --d----- c:\windows\I960
2009-04-03 16:57 --d----- C:\EPSONREG
2009-04-03 16:54 --d----- c:\program files\ABBYY FineReader 6.0 Sprint
2009-04-03 16:50 5,632 a------- c:\windows\system32\escdev.dll
2009-04-03 16:50 --d----- c:\program files\epson
2009-04-03 16:50 163,840 a------- c:\windows\system32\esint66.dll
2009-04-03 16:50 65,793 a------- c:\windows\system32\esfw66.bin
2009-04-03 16:50 64,512 a------- c:\windows\system32\eswia66.dll
2009-04-03 16:50 3,584 a------- c:\windows\system32\eswiaml.dll
2009-04-03 16:48 44 a------- c:\windows\PERFV100V350.ini
2009-04-03 16:35 952 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-04-03 16:34 --d----- c:\docume~1\alluse~1\applic~1\Corel
2009-04-03 16:32 --d----- c:\program files\Corel
2009-04-03 16:32 --d----- c:\program files\common files\Corel
2009-04-03 16:23 --d----- c:\program files\Canon
2009-04-03 15:43 1,002 a------- C:\net_save.dna
2009-04-03 15:42 --d----- c:\program files\support.com
2009-04-03 15:42 --d----- c:\program files\common files\SupportSoft
2009-04-03 13:46 221,184 a------- c:\windows\system32\wmpns.dll
2009-04-03 13:44 --d----- c:\docume~1\admini~1\applic~1\uTorrent
2009-04-03 13:44 --d----- c:\documents and settings\Administrator
2009-04-03 13:35 512,096 a------- c:\windows\system32\drivers\amon.sys
2009-04-03 13:35 298,104 a------- c:\windows\system32\imon.dll
2009-04-03 13:35 15,424 a------- c:\windows\system32\drivers\nod32drv.sys
2009-04-03 13:35 --d----- c:\program files\Eset
2009-04-03 13:34 354,560 a------- c:\windows\system32\TuneUpDefragService.exe
2009-04-03 13:33 28,416 a------- c:\windows\system32\uxtuneup.dll
2009-04-03 13:33 --d----- c:\docume~1\admini~1\applic~1\TuneUp Software
2009-04-03 13:32 --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-04-03 13:32 --d----- c:\program files\TuneUp Utilities 2008
2009-04-03 13:32 --d----- c:\program files\common files\Wise Installation Wizard
2009-04-03 13:30 --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-04-03 13:30 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-03 13:30 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-03 13:30 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-03 13:30 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-03 13:26 135,168 a------- c:\windows\system32\igfxres.dll
2009-04-03 13:21 --d----- c:\docume~1\admini~1\applic~1\Windows Search
2009-04-03 13:17 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-04-03 13:17 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-04-03 13:17 --d----- c:\windows\system32\Lang
2009-04-03 13:14 --d----- c:\documents and settings\administrator\Tracing
2009-04-03 13:14 55,152 a------- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-04-03 13:13 --d----- c:\windows\system32\DirectX
2009-04-03 13:13 --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-04-03 13:12 --d----- c:\program files\Microsoft
2009-04-03 13:11 --d----- c:\program files\Windows Live SkyDrive
2009-04-03 13:07 8,192 a------- c:\windows\REGLOCS.OLD
2009-04-03 13:07 --d----- c:\program files\common files\Windows Live
2009-04-03 13:06 --d----- c:\docume~1\admini~1\applic~1\Windows Desktop Search
2009-04-03 13:05 --d----- c:\program files\Windows Desktop Search
2009-04-03 13:05 --d----- c:\windows\system32\GroupPolicy
2009-04-03 13:04 --ds---- c:\windows\system32\Microsoft
2009-04-03 13:04 --d----- c:\program files\Alky for Applications
2009-04-03 13:03 29,696 -------- c:\windows\system32\dllcache\mimefilt.dll
2009-04-03 13:03 192,000 -------- c:\windows\system32\dllcache\offfilt.dll
2009-04-03 13:03 98,304 -------- c:\windows\system32\dllcache\nlhtml.dll
2009-04-03 13:03 18,590 a------- c:\windows\sKzVistaUltimateSound(Loud).reg
2009-04-03 13:03 --d----- c:\windows\system32\RTCOM
2009-04-03 13:03 146,048 a------- c:\windows\system32\drivers\portcls.sys
2009-04-03 13:03 129,536 a------- c:\windows\system32\ksproxy.ax
2009-04-03 13:03 4,096 a------- c:\windows\system32\ksuser.dll
2009-04-03 13:03 60,160 a------- c:\windows\system32\drivers\drmk.sys
2009-04-03 13:03 --d----- c:\program files\Kristanix
2009-04-03 13:02 1,847,552 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-03 13:02 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-03 13:02 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-03 13:02 144,896 -------- c:\windows\system32\dllcache\schannel.dll
2009-04-03 13:02 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-04-03 13:01 129,520 -------- c:\windows\system32\pxafs.dll
2009-04-03 13:01 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-04-03 13:01 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-04-03 12:57 --d----- c:\windows\system32\XPSViewer
2009-04-03 12:56 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-04-03 12:55 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-03 12:55 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-04-03 12:55 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-03 12:55 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-03 12:54 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-03 12:54 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-03 12:54 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-03 12:52 44,944 -------- c:\windows\system32\drivers\pxhelp20.sys
2009-04-03 12:51 --d----- c:\program files\Windows Plus
2009-04-03 12:51 11,452 a------- c:\windows\system32\mypixdx.chm
2009-04-03 12:51 3,343,360 a------- c:\windows\system32\nature.scr
2009-04-03 12:51 1,742,336 a------- c:\windows\system32\mypixdx.scr
2009-04-03 12:51 5,068,800 a------- c:\windows\system32\davinci.scr
2009-04-03 12:51 7,093,760 a------- c:\windows\system32\space.scr
2009-04-03 12:51 4,396,544 a------- c:\windows\system32\wpgldfsh.scr
2009-04-03 12:50 85,504 a------- c:\windows\system32\mhn.dll
2009-04-03 12:50 11,008 a------- c:\windows\system32\drivers\mhndrv.sys
2009-04-03 12:50 8,704 a------- c:\windows\system32\igdetect.dll
2009-04-03 12:42 --d----- c:\windows\system32\URTTemp
2009-04-03 12:41 2,577 a------- c:\windows\system32\CONFIG.NT
2009-04-03 12:41 0 a------- c:\windows\control.ini
2009-04-03 12:41 23,392 a------- c:\windows\system32\nscompat.tlb
2009-04-03 12:41 16,832 a------- c:\windows\system32\amcompat.tlb
2009-04-03 12:41 316,640 a------- c:\windows\WMSysPr9.prx
2009-04-03 12:41 --d----- c:\windows\system32\dllcache
2009-04-03 12:40 --dsh--- c:\documents and settings\all users\DRM
2009-04-03 12:40 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-04-03 12:40 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-04-03 12:40 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-04-03 12:40 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-04-03 12:40 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-04-03 12:40 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-04-03 12:40 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-04-03 12:40 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-04-03 12:39 --d-h--- c:\program files\WindowsUpdate
2009-04-03 12:39 --d----- c:\program files\Online Services
2009-04-03 12:39 --d----- c:\program files\Windows Media Connect 2
2009-04-03 12:37 11,264 a------- c:\windows\system32\atrace.dll
2009-04-03 12:37 2 a------- c:\windows\system32\desktop.ini
2009-04-03 12:37 2 a------- c:\windows\desktop.ini
2009-04-03 12:36 118,784 a------- c:\windows\system32\msg723.acm
2009-04-03 12:36 12,288 a------- c:\windows\system32\nmevtmsg.dll
2009-04-03 12:35 --d----- c:\program files\common files\MSSoap
2009-04-03 12:24 --d----- c:\program files\VistaExperience.org
2009-04-03 12:22 --d----- c:\program files\uTorrent
2009-04-03 12:21 --d----- c:\program files\RocketDock
2009-04-03 12:20 --d----- c:\program files\Desktop
2009-04-03 12:19 --d----- c:\program files\CCleaner
2009-04-03 12:18 --d----- c:\program files\HashTab Shell Extension
2009-04-03 12:18 --d----- c:\program files\Unlocker
2009-04-03 12:18 --d----- c:\program files\Microsoft PowerToys
2009-04-03 12:18 --d----- c:\program files\MSN Gaming Zone
2009-04-03 12:15 --d----- c:\program files\Windows NT
2009-04-03 07:05 --d----- c:\program files\common files\ODBC
2009-04-03 07:05 --d----- c:\program files\common files\SpeechEngines
2009-04-03 07:00 --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-04-18 17:13 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-04-03 22:43 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-03 12:27 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-03-31 19:20 72,584 a------- c:\windows\zllsputility.exe
2009-03-31 19:20 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-03-31 02:41 28,672 a------- c:\windows\system32\setupold.exe
2009-03-31 02:41 3,186 a------- c:\windows\system32\presetup.cmd
2009-03-31 02:32 1,700,864 a------- c:\windows\system32\zipfldr.dll
2009-03-31 02:32 301,568 a------- c:\windows\system32\xpsp1res.dll
2009-03-31 02:32 191,448 a------- c:\windows\system32\wuaueng1.dll
2009-03-31 02:32 29,696 a------- c:\windows\system32\wupdmgr.exe
2009-03-31 02:32 343,000 a------- c:\windows\system32\wuauclt1.exe
2009-03-31 02:32 918,528 a------- c:\windows\system32\wsecedit.dll
2009-03-31 02:32 1,146,880 a------- c:\windows\system32\wpdshext.dll
2009-03-31 02:32 200,704 a------- c:\windows\system32\wscript.exe
2009-03-31 02:32 31,232 a------- c:\windows\system32\write.exe
2009-03-31 02:30 349,184 a------- c:\windows\system32\sysocmgr.exe
2009-03-31 02:29 791,040 a------- c:\windows\system32\shdoclc.dll
2009-03-31 02:28 2,013,696 a------- c:\windows\system32\netplwiz.dll
2009-03-31 02:27 55,296 a------- c:\windows\system32\migpwd.exe
2009-03-31 02:26 473,600 a------- c:\windows\system32\devmgr.dll
2009-03-31 02:20 323,641 a------- c:\windows\system32\usrdtea.dll
2009-03-31 02:15 361,600 a------- c:\windows\system32\drivers\tcpip.sys
2009-03-31 02:15 140,288 a------- c:\windows\system32\sfc_os.dll
2009-03-31 02:15 24,576 a------- c:\windows\system32\nlsdl.dll
2009-03-31 02:15 23,552 a------- c:\windows\system32\normaliz.dll
2009-03-31 02:15 26,112 a------- c:\windows\system32\idndl.dll
2009-03-31 02:14 156,160 a------- c:\windows\system32\msls31.dll
2009-03-31 02:14 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-31 02:14 40,960 a------- c:\windows\system32\licmgr10.dll
2009-03-31 02:14 36,352 a------- c:\windows\system32\imgutil.dll
2009-03-31 02:14 17,408 a------- c:\windows\system32\corpol.dll
2009-03-31 02:14 16,384 a------- c:\windows\system32\lcid.exe
2009-03-31 02:12 204,288 a------- c:\windows\system32\wmpsrcwp.dll
2009-03-31 02:11 519,280 a------- c:\windows\system32\SecProc_isv.dll
2009-03-31 02:10 296,448 a------- c:\windows\system32\termsrv.dll
2009-03-31 02:09 272,128 a------- c:\windows\system32\drivers\bthport.sys
2009-03-31 02:09 62,976 a------- c:\windows\system32\drivers\cdrom.sys
2009-03-31 02:09 138,496 a------- c:\windows\system32\drivers\afd.sys
2009-03-31 02:09 68,096 a------- c:\windows\system32\adsmsext.dll
2009-03-31 02:09 176,128 a------- c:\windows\system32\adsldp.dll
2009-03-31 02:08 271,872 a------- c:\windows\upx.exe
2009-03-31 02:08 8,636 a------- c:\windows\modifyPE.exe
2009-03-31 02:08 394,240 a------- c:\windows\system32\HMTCD.dll
2009-03-31 02:08 114,688 a------- c:\windows\system32\cabarc.exe
2009-03-31 02:08 98,304 a------- c:\windows\system32\makecab.exe
2009-03-31 02:08 61,440 a------- c:\windows\system32\CopyToSendTo.dll
2009-03-30 15:58 342,016 a------- c:\windows\system32\sndvol32.exe
2009-03-26 15:26 5,497,856 a------- c:\windows\system32\winbrand.dll
2009-03-26 15:26 6,203,904 a------- c:\windows\system32\xpsp2res.dll
2009-03-24 13:20 4,253,184 a------- c:\windows\system32\setupapi.dll
2009-03-22 15:23 7,479,808 a------- c:\windows\system32\logonui.exe
2009-03-21 19:29 991,744 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-16 15:18 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-03-16 15:18 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-03-16 15:18 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 15:18 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-03-16 13:32 3,326,464 a------- c:\windows\system32\netshell.dll
2009-03-15 14:08 2,259,456 a------- c:\windows\explorer.exe
2009-03-09 16:27 4,178,264 a------- c:\windows\system32\d3dx9_41.dll
2009-03-09 16:27 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-03-09 16:27 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-03-06 09:49 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 09:49 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 20:17 828,416 a------- c:\windows\system32\wininet.dll
2009-03-02 20:17 828,416 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-21 13:09 3,596,800 -------- c:\windows\system32\dllcache\mshtml.dll
2009-02-20 06:24 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 06:24 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 01:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-10 19:26 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-10 19:26 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-02-09 07:08 1,847,552 a------- c:\windows\system32\win32k.sys
2009-02-09 06:56 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 06:56 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:56 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 06:56 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-02-09 06:56 715,264 a------- c:\windows\system32\ntdll.dll
2009-02-09 06:56 715,264 -------- c:\windows\system32\dllcache\ntdll.dll
2009-02-09 06:56 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-02-09 06:56 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-07 19:35 2,189,184 a------- c:\windows\system32\ntoskrnl.exe
2009-02-07 19:35 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 19:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 07:06 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:06 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-02-06 07:03 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 06:36 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:36 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-02-06 06:30 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 06:30 2,066,176 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 06:30 2,066,176 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 06:15 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-02-04 05:12 56,832 a------- c:\windows\system32\secur32.dll
2009-02-04 05:12 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-01-23 16:23 2,369,536 a------- c:\windows\system32\msgina.dll
2009-01-19 23:20 3,972,608 a------- c:\windows\system32\winntbbu.dll


============= FINISH: 21:34:40.48 ==========

Hello.

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :services
  ASKService
  
  :files
  c:\program files\askbardis
  c:\docume~1\admini~1\applic~1\uTorrent
  
  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
  "SfcDisable"=-
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

Please download GooredFix and save it to your Desktop. Double-click GooredFix.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet.

========== SERVICES/DRIVERS ==========

Service\Driver ASKService deleted successfully.
========== FILES ==========
File/Folder c:\program files\askbardis not found.
c:\docume~1\admini~1\applic~1\uTorrent moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\SfcDisable deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ .

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04192009_122113


this is the otmoveit log.

GooredFix v1.92 by jpshortstuff
Log created at 12:26 on 19/04/2009 running Option #1 (Administrator)
Firefox version 3.0.8 (en-US)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{A27BDA95-5520-400A-A0A3-4F68F3807862}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

This is the goodredfix

Hello.

That found the problem. Please double-click GooredFix.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

GooredFix v1.92 by jpshortstuff
Log created at 12:43 on 19/04/2009 running Option #2 (Administrator)
Firefox version 3.0.8 (en-US)

=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{A27BDA95-5520-400A-A0A3-4F68F3807862}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

here are the results

Hello.
The re-directs should stop now.

We can remove OTMoveIt now.

• Please double-click OTMoveIt3.exe to run it again.
  
• Press the green CleanUp! button.
  
• Press Yes cleanup process prompt, do the same for the reboot prompt.
  

How is the machine running now?