Google redirecting and occasional blue screen

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Google redirecting and occasional blue screen25th February 2011, 11:43 am

I am getting redirected when trying to click on a link after a google search, about 75% of the time, I read through many post here and tried some fixes however nothing has worked, Java is updated as well as Adobe reader, I installed all the critical updates, (the last update would not install I am not sure if that's part of the problem or not). I also have update Malwarebytes and performed a full scan, nothing was found.I want to send a text file of the log report as I could not get all of it to post.
But I can not seem to get that to post
Thank you in advance for your help, GeekPolice is a Godsend to say the least
Mike

Last edited by thpgrad on 26th February 2011, 7:58 pm; edited 1 time in total

Re: Google redirecting and occasional blue screen25th February 2011, 8:15 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*****************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

Re: Google redirecting and occasional blue screen26th February 2011, 3:54 pm

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/26/2011 at 10:11 AM

Application Version : 4.49.1000

Core Rules Database Version : 6488
Trace Rules Database Version: 4300

Scan type : Quick Scan
Total Scan Time : 00:58:34

Memory items scanned : 535
Memory threats detected : 0
Registry items scanned : 1730
Registry threats detected : 31
File items scanned : 117676
File threats detected : 234

Unclassified.Unknown Origin
(x86) HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{954F618B-0DEC-4D1A-9317-E0FC96F87865}
(x86) HKCR\CLSID\{954F618B-0DEC-4D1A-9317-E0FC96F87865}
(x86) HKCR\CLSID\{954F618B-0DEC-4D1A-9317-E0FC96F87865}
(x86) HKCR\CLSID\{954F618B-0DEC-4D1A-9317-E0FC96F87865}\InprocServer32
(x86) HKCR\CLSID\{954F618B-0DEC-4D1A-9317-E0FC96F87865}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{954F618B-0DEC-4D1A-9317-E0FC96F87865}\ProgID
(x86) HKCR\IEToolbar.AliveToolbar
(x86) HKCR\IEToolbar.AliveToolbar\Clsid
C:\PROGRA~2\ALIVEM~1\TEXTTO~1\IETOOL~1.DLL
(x86) HKU\S-1-5-21-3896314578-1710475560-2245159350-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{954F618B-0DEC-4D1A-9317-E0FC96F87865}
(x86) HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{954F618B-0DEC-4D1A-9317-E0FC96F87865}
(x86) HKLM\Software\Microsoft\Internet Explorer\Toolbar#{954F618B-0DEC-4D1A-9317-E0FC96F87865}

Adware.Tracking Cookie
C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Cookies\mike@collective-media[1].txt
C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Cookies\mike@content.yieldmanager[1].txt
C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Cookies\mike@ad.yieldmanager[1].txt
C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Cookies\mike@doubleclick[1].txt
C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Cookies\mike@atdmt[1].txt
ia.media-imdb.com [ C:\Users\Mike\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UHRUN8K2 ]
media.scanscout.com [ C:\Users\Mike\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UHRUN8K2 ]
secure-us.imrworldwide.com [ C:\Users\Mike\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UHRUN8K2 ]
www.naiadsystems.com [ C:\Users\Mike\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UHRUN8K2 ]
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@2o7[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@6522.dw1hedm.findsearchengineresults[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@a.gmtrack[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@a1.interclick[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@aclickz.target84.expand-search-goals[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.candystand[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.travel-japan[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.wsod[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[3].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adecn[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adjuggler[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adlegend[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@admarketplace[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.advancedmn[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.ask[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.associatedcontent[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.bighealthtree[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.blogtalkradio[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.cpxadroit[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.cpxcenter[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.e-planning[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.fearzone[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.financialcontent[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.glispa[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.lycos[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.lzjl[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pointroll[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pubmatic[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pureleads[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.react2media[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.undertone[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserve.instant-response-needed[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserving.versaneeds[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtechus[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertisefirst[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[3].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adxpose[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adxpose[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@affiliates.react2media[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@americancancersocietyinc.112.2o7[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@associatedcontent.112.2o7[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@at.atwola[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atwola[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@azjmp[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@beachstreetmedia[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizrate[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@breakmedia[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bridge1.admarketplace[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstbeacon[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstnet[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@businessfind[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@carfax.112.2o7[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cdn.jemamedia[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cdn1.trafficmp[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@checkingaccountsearch[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@chitika.pgpartner[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@chitika[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@chitika[3].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.blue-square-media[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.fastpartner[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz10.91417.information-seeking[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz10.91485.expand-search-goals[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz5.91485.expand-search-goals[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz8.91485.expand-search-goals[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz9.91417.information-seeking[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicks.blinksearchtool[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicks.fastgetonline[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicks.keensearchengine[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickthrough.kanoodle[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@collective-media[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[4].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[5].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@counter.hitslink[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@counter.surfcounters[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@crackle[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@creationdiscounted[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cuprmedia.go2cloud[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc.tremormedia[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@digitalentertainment.122.2o7[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@discountedcreation[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@discountmugs[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@driveetraffic1[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas.apm.emediate[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ehg-wss.hitbox[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@elitedistinct[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@enhance[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@entrepreneur[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@exoclick[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eyewonder[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@feed.validclick[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fidelity.rotator.hadj7.adjuggler[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@findology[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fl01.ct2.comclick[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@glammedia[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@gocitymedia[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@gotacha.rotator.hadj7.adjuggler[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@handsomeimmediately[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@harrenmedianetwork[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hitbox[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hypertracker[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@in.getclicky[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@insightexpressai[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@internettrafficbuilder[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[3].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@kitaramedia.122.2o7[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@kontera[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@legolas-media[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@limelightmediaservices[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@link.mercent[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@liveperson[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@liveperson[3].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@liveperson[4].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@lucidmedia[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@marketlive.122.2o7[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@marthastewart.122.2o7[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media.adfrontiers[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediabrandsww[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaquantics[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediatraffic[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mywebsearch[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@nautilus.122.2o7[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@network.realmedia[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@network.realmedia[3].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@opti.inextmedia[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@optimize.indieclick[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p141t1s1648471.kronos.bravenetmedia[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p141t1s1701191.kronos.bravenetmedia[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p267t1s2576072.kronos.bravenetmedia[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p268t1s2329513.kronos.bravenetmedia[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p286t1s1754440.kronos.bravenetmedia[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p288t1s1672647.kronos.bravenetmedia[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p342t1s2554859.kronos.bravenetmedia[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@paypal.112.2o7[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointroll[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pro-market[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pubads.g.doubleclick[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@r1-ads.ace.advertising[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@rbsinteractive.122.2o7[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revenue[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@rotator.adjuggler[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@servedby.adxpower[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@server.cpmstar[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@server.iad.liveperson[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[3].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificmedia[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@sportingnews.122.2o7[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statcounter[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@stats.yourwebsitestats[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statse.webtrendslive[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@surfaccuracy[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tacoda.at.atwola[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@technoratimedia[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@toseeka[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@track.amazing-brand-rewards[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@track.big-free-gifts[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.agenzy[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.servedbyy[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@traffic.prod.cobaltgroup[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficengine[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficmp[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@traveladvertising[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trvlnet.adbureau[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@vidasco.rotator.hadj7.adjuggler[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@visitracker[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@weddingwire.advertserve[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.adserverplatform[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstbeacon[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstnet[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.businessfind[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.checkingaccountsearch[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.cpcadnet[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.cpcadnet[3].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.findeven[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.finditquick[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.findstuff[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.googleadservices[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.icityfind[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.mediaquantics[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.mediatraffic[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.omgtracking[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.plomedia[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.tltrack[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.trackimizer[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.trafficrevenue[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www1.123findacar[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www1.auto-price-finder[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.happytofind[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.trafficengine[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yieldmanager[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[2].txt

Adware.HBHelper
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID

Browser Hijacker.Deskbar
(x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
(x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
(x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
(x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Malware.Trace
(x86) HKU\.DEFAULT\SOFTWARE\CE8SIIFGSU
(x86) HKU\S-1-5-18\SOFTWARE\CE8SIIFGSU
(x86) HKU\.DEFAULT\Software\JP595IR86O
(x86) HKU\S-1-5-18\Software\JP595IR86O
(x86) HKU\.DEFAULT\Software\NtWqIVLZEWZU
(x86) HKU\S-1-5-18\Software\NtWqIVLZEWZU
(x86) HKU\.DEFAULT\SOFTWARE\XML
(x86) HKU\S-1-5-18\SOFTWARE\XML
(x86) HKU\.DEFAULT\Software\VD6TK7MFWR
(x86) HKU\S-1-5-18\Software\VD6TK7MFWR

Re: Google redirecting and occasional blue screen26th February 2011, 3:56 pm

The DDS scan is stalling , I have tried it several times and waited up to twenty minuets, should I try it in safe mode?

Re: Google redirecting and occasional blue screen26th February 2011, 4:32 pm

after several tries i managed to get the DDS Scan to run in safe mode

DDS (Ver_10-12-12.02) - NTFS_AMD64 MINIMAL
Run by Mike at 11:20:53.44 on Sat 02/26/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3037.2450 [GMT -5:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Mike\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mWinlogon: Userinit=userinit.exe,
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Vuze Toolbar\tbcore3.dll
TB: Vuze Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\Vuze Toolbar\tbcore3.dll
TB: TextAloud: {f053c368-5458-45b2-9b4d-d8914bdddbff} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\hh4yf2df.default\
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3Adapter.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: TextAloud 3 Toolbar: {99a0337c-6303-4879-b72e-500fd9aaca8c} - C:\Program Files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}
FF - Ext: GOM Player + Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: VuzeToolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}

============= SERVICES / DRIVERS ===============

R0 fsh;fsh;C:\Windows\System32\drivers\fsh.sys [2010-5-31 56384]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
S2 BCWipeSvc;BCWipe service;C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe [2010-5-31 95544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-4 1255736]
S4 BCSWAP;BCSWAP;C:\Windows\System32\drivers\bcswap.sys [2010-5-31 101952]

=============== Created Last 30 ================

2011-02-26 14:09:09 -------- d-----w- C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com
2011-02-26 14:09:09 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2011-02-26 14:09:03 -------- d-----w- C:\PROGRA~3\!SASCORE
2011-02-26 14:08:56 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-02-26 14:03:02 -------- d-----w- C:\Users\Mike\AppData\Local\ElevatedDiagnostics
2011-02-25 08:57:04 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{19D90083-4F51-4601-B12E-8ADECACFCF54}\mpengine.dll
2011-02-24 23:53:09 -------- d-----w- C:\PROGRA~3\McAfee Security Scan
2011-02-24 23:53:07 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2011-02-24 23:48:25 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-02-24 19:16:01 -------- d-----w- C:\Users\Mike\DoctorWeb
2011-02-24 08:00:56 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-02-24 08:00:56 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-02-23 13:33:22 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-02-23 13:33:22 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-23 13:33:22 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-02-23 13:33:22 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-22 14:22:31 182680 ----a-w- C:\Windows\SysWow64\cnvshell.dll
2011-02-22 14:22:29 -------- d-----w- C:\Program Files (x86)\ImageConverter Plus
2011-02-18 12:16:45 22 --sha-w- C:\Users\Mike\AppData\Roaming\Sys2662.Config.Repository.bin
2011-02-18 12:16:38 -------- d-----w- C:\Program Files (x86)\jv16 PowerTools 2011
2011-02-18 00:11:36 -------- d-----w- C:\Program Files (x86)\Aspyr
2011-02-17 15:30:30 -------- d-----w- C:\Users\Mike\AppData\Local\assembly
2011-02-17 15:30:05 -------- d-----w- C:\Users\Mike\AppData\Local\TechSmith
2011-02-15 04:07:02 -------- d-----w- C:\Program Files (x86)\Jetico
2011-02-14 22:45:03 -------- d-----w- C:\Windows\pss
2011-02-14 22:41:50 -------- d-----w- C:\Users\Mike\AppData\Local\Diagnostics
2011-02-14 18:21:50 819200 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2011-02-14 18:21:50 77824 ----a-w- C:\Windows\SysWow64\xvid.ax
2011-02-14 18:21:50 180224 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2011-02-14 18:21:50 -------- d-----w- C:\Program Files (x86)\Xvid
2011-02-14 10:25:11 56320 ------w- C:\Windows\SysWow64\iyvu9_32.dll
2011-02-14 10:25:11 136704 ----a-w- C:\Windows\SysWow64\iacenc.dll
2011-02-14 10:25:10 -------- d-----w- C:\Program Files (x86)\Ligos
2011-02-14 10:21:45 306688 ----a-w- C:\Windows\IsUninst.exe
2011-02-13 14:19:44 -------- d-----w- C:\Program Files (x86)\ESET
2011-02-12 03:50:51 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
2011-02-12 03:50:51 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2011-02-12 03:50:51 -------- d-----w- C:\Program Files (x86)\MagicDisc
2011-02-12 03:49:45 -------- d-----w- C:\Program Files (x86)\MagicISO
2011-02-09 04:40:05 -------- d-----w- C:\Users\Mike\AppData\Roaming\Malwarebytes
2011-02-09 04:40:00 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-09 04:40:00 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-02-09 04:39:57 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-09 04:39:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-08 23:40:28 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-08 23:39:00 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2011-02-08 23:37:00 3127808 ----a-w- C:\Windows\System32\win32k.sys
2011-02-08 23:36:14 214016 ----a-w- C:\Windows\System32\winsrv.dll
2011-02-08 23:36:02 5510528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-02-08 23:36:02 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-02-08 23:36:02 1739176 ----a-w- C:\Windows\System32\ntdll.dll
2011-02-08 23:36:02 1293120 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-02-08 23:36:01 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-02-08 23:35:38 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-08 23:35:38 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-08 23:35:38 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-08 23:35:38 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-08 23:35:35 714752 ----a-w- C:\Windows\System32\kerberos.dll
2011-02-08 23:35:35 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-02-08 22:53:48 -------- d-----w- C:\Windows\System32\AGEIA
2011-02-08 22:53:28 -------- d-----w- C:\Windows\SysWow64\AGEIA
2011-02-08 22:53:11 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-02-08 10:42:30 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-02-07 11:51:42 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
2011-02-07 11:51:42 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2011-02-07 02:41:29 -------- d-----w- C:\Users\Mike\AppData\Local\Microsoft Games
2011-02-06 02:26:23 -------- d-----w- C:\Program Files (x86)\ATTNaturalVoices
2011-02-06 02:25:19 -------- d-----w- C:\Program Files (x86)\NeoSpeech
2011-02-06 02:24:18 -------- d-----w- C:\Windows\Downloaded Installations
2011-02-05 23:15:12 -------- d-----w- C:\PROGRA~3\NextUp
2011-02-05 23:13:57 103888 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3Adapter.dll
2011-02-05 23:13:55 -------- d-----w- C:\Users\Mike\AppData\Local\NextUp
2011-02-05 23:13:49 -------- d-----w- C:\Program Files (x86)\TextAloud
2011-02-05 14:55:07 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-02-05 14:55:06 -------- d-----w- C:\Program Files (x86)\Steam
2011-02-05 01:10:17 -------- d-----w- C:\Users\Mike\AppData\Local\Adobe
2011-02-05 00:31:19 -------- d-----w- C:\PROGRA~3\Applications
2011-02-05 00:14:04 152848 ----a-w- C:\Windows\SysWow64\COMDLG32.OCX
2011-02-04 23:56:02 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2011-02-04 23:56:02 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2011-02-04 23:56:02 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2011-02-04 23:56:00 2870272 ----a-w- C:\Windows\explorer.exe
2011-02-04 23:56:00 2614272 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-02-04 23:56:00 112000 ----a-w- C:\Windows\System32\consent.exe
2011-02-04 23:54:28 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2011-02-04 23:54:28 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2011-02-04 23:47:22 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-04 23:47:22 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-04 23:47:22 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2011-02-04 23:47:22 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-04 23:47:21 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-02-04 23:46:37 46592 ----a-w- C:\Windows\System32\msasn1.dll
2011-02-04 23:46:37 34816 ----a-w- C:\Windows\SysWow64\msasn1.dll
2011-02-04 23:33:30 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-02-04 23:33:30 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-02-04 23:33:30 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-02-04 23:33:30 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-02-04 23:33:30 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-02-04 23:33:29 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-02-04 23:33:29 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-02-04 23:33:29 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-02-04 23:33:29 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-02-04 23:33:29 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-02-04 22:52:55 -------- d-----w- C:\Program Files (x86)\FSAddon
2011-02-04 22:52:54 -------- d-----w- C:\PROGRA~3\FSAddon
2011-02-04 22:23:20 -------- d-----w- C:\Windows\SysWow64\Wat
2011-02-04 22:23:20 -------- d-----w- C:\Windows\System32\Wat
2011-02-04 22:12:37 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2011-02-04 22:12:37 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2011-02-04 22:11:29 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-02-04 22:11:29 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2011-02-04 22:09:57 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-02-04 21:50:48 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-02-04 21:35:31 -------- d-----w- C:\Windows\PCHEALTH
2011-02-04 21:34:55 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2011-02-04 21:31:41 -------- d-----w- C:\Program Files (x86)\GNU
2011-02-04 21:29:44 491520 ----a-w- C:\Windows\SysWow64\NCTAudioFile.dll
2011-02-04 21:29:44 158208 ----a-w- C:\Windows\SysWow64\NCTTextToAudio.dll
2011-02-04 21:29:44 120832 ----a-w- C:\Windows\SysWow64\lame_enc.dll
2011-02-04 21:29:44 -------- d-----w- C:\Program Files (x86)\AliveMedia
2011-02-04 21:28:55 -------- d-----w- C:\Users\Mike\AppData\Roaming\Azureus
2011-02-04 21:28:38 -------- d-----w- C:\Program Files (x86)\Vuze Toolbar
2011-02-04 21:28:29 -------- d-----w- C:\Program Files (x86)\Vuze
2011-02-04 21:26:24 -------- d-----w- C:\Program Files (x86)\Ask.com
2011-02-04 21:26:16 -------- d-sh--w- C:\Windows\Installer
2011-02-04 21:25:57 -------- d-----w- C:\Program Files (x86)\GRETECH
2011-02-04 21:13:43 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-02-04 21:13:43 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-02-04 21:13:42 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-02-04 21:13:42 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-02-04 21:05:22 -------- d-----w- C:\Users\Mike\AppData\Local\VirtualStore
2011-01-30 15:45:12 135568 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

==================== Find3M ====================

2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

============= FINISH: 11:21:18.83 ===============

Re: Google redirecting and occasional blue screen26th February 2011, 4:35 pm

I have the other text file from DDS but I can not seem to get it to post here, is there some kind of limit on posting that I may be exceeding ?

Re: Google redirecting and occasional blue screen26th February 2011, 7:21 pm

I have the other text file from DDS but I can not seem to get it to post here, is there some kind of limit on posting that I may be exceeding ?.

Yes. If the log is too long you may have to break it up into two or more posts.

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Re: Google redirecting and occasional blue screen26th February 2011, 7:47 pm

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:46:40 PM, on 2/26/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Mike\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Vuze Toolbar\tbcore3.dll
O3 - Toolbar: Vuze Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Vuze Toolbar\tbcore3.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BCWipe service (BCWipeSvc) - Jetico, Inc. - C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5533 bytes

Re: Google redirecting and occasional blue screen26th February 2011, 7:50 pm

Theres a new hi jack this log, when i try and run combo fix , on opening it freezes and i get a blue screen, memory dump and then my computer shuts down ,

Re: Google redirecting and occasional blue screen26th February 2011, 7:59 pm

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now

Re: Google redirecting and occasional blue screen26th February 2011, 8:53 pm

received this error the file name,directory name or volume label syntax is incorrect

Re: Google redirecting and occasional blue screen26th February 2011, 9:09 pm

Well I tried again and got past the error , combo fix started to open and stalled again to the blue screen , Whoa!

Re: Google redirecting and occasional blue screen27th February 2011, 12:16 am

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

Re: Google redirecting and occasional blue screen27th February 2011, 12:58 am

OTL logfile created on: 2/26/2011 7:46:54 PM - Run 4
OTL by OldTimer - Version 3.2.22.1 Folder = C:\Users\Mike\Desktop\New folder
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.37 Gb Total Space | 208.80 Gb Free Space | 72.91% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/26 19:24:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\New folder\OTL.exe
PRC - [2011/02/07 06:51:41 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/27 03:08:32 | 000,996,664 | ---- | M] (Jetico, Inc.) -- C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe
PRC - [2010/05/21 03:30:24 | 000,095,544 | ---- | M] (Jetico, Inc.) -- C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

========== Modules (SafeList) ==========

MOD - [2011/02/26 19:24:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\New folder\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 20:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/02/05 09:57:49 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/21 03:30:24 | 000,095,544 | ---- | M] (Jetico, Inc.) [Auto | Running] -- C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe -- (BCWipeSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/10/05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007/08/09 01:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BF 8A AE 6A B1 C4 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.7
FF - prefs.js..extensions.enabledItems: {99a0337c-6303-4879-b72e-500fd9aaca8c}:3.0.8
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/02/07 06:51:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/24 19:27:47 | 000,000,000 | ---D | M]

[2011/02/04 16:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2011/02/26 09:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\hh4yf2df.default\extensions
[2011/02/04 16:28:41 | 000,000,000 | ---D | M] (Vuze Toolbar) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\hh4yf2df.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011/02/04 16:29:02 | 000,000,000 | ---D | M] (GOM Player + Ask Toolbar) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\hh4yf2df.default\extensions\toolbar@ask.com
[2011/02/05 18:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/05 18:13:57 | 000,000,000 | ---D | M] (TextAloud 3 Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Vuze Toolbar\tbcore3.dll ()
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vuze Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Vuze Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files (x86)\TextAloud\TAForIE.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Vuze Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snagit 10.lnk - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe - (TechSmith Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files (x86)\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BCWipeTM.exe - hkey= - key= - C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe (Jetico, Inc.)
MsConfig:64bit - StartUpReg: set - hkey= - key= - Reg Error: Value error. File not found
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Re: Google redirecting and occasional blue screen27th February 2011, 1:00 am

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\iyvu9_32.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2011/02/26 19:43:00 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\New folder
[2011/02/26 16:13:18 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/02/26 14:45:41 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Mike\Desktop\HijackThis.exe
[2011/02/26 09:09:09 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com
[2011/02/26 09:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/02/26 09:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/02/26 09:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/02/26 09:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/26 09:03:02 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\ElevatedDiagnostics
[2011/02/24 19:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/02/24 18:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/02/24 18:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/02/24 18:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/02/24 18:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2011/02/24 18:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/02/24 14:16:01 | 000,000,000 | ---D | C] -- C:\Users\Mike\DoctorWeb
[2011/02/24 12:29:43 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\the.next.three.days.2010.dvdrip.xvid-amiable.cd1
[2011/02/22 09:27:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Viewpad
[2011/02/22 09:22:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ImageConverter Plus
[2011/02/22 09:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageConverter Plus
[2011/02/22 09:22:31 | 000,182,680 | ---- | C] (fCoder Group International) -- C:\Windows\SysWow64\cnvshell.dll
[2011/02/22 09:22:31 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Image Converter Plus
[2011/02/22 09:22:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImageConverter Plus
[2011/02/18 07:16:40 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools 2011
[2011/02/18 07:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jv16 PowerTools 2011
[2011/02/17 19:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aspyr Media
[2011/02/17 19:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aspyr
[2011/02/17 18:34:52 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\sr-1701gold
[2011/02/17 10:30:34 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Snagit
[2011/02/17 10:30:30 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\assembly
[2011/02/17 10:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snagit 10
[2011/02/17 10:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2011/02/17 10:30:05 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\TechSmith
[2011/02/17 10:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2011/02/16 17:30:49 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\WizardMission2
[2011/02/14 23:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BCWipe 4
[2011/02/14 23:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jetico
[2011/02/14 17:45:03 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/02/14 17:41:50 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Diagnostics
[2011/02/14 13:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011/02/14 13:21:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2011/02/14 05:25:11 | 000,136,704 | ---- | C] (Ligos Corporation) -- C:\Windows\SysWow64\iacenc.dll
[2011/02/14 05:25:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ligos
[2011/02/13 09:19:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/02/11 22:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2011/02/11 22:50:51 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
[2011/02/11 22:50:51 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2011/02/11 22:50:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
[2011/02/11 22:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2011/02/11 22:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2011/02/08 23:40:05 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes
[2011/02/08 23:40:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/02/08 23:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/08 23:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/08 23:39:57 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/02/08 23:39:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/02/08 17:53:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\AGEIA
[2011/02/08 17:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGEIA
[2011/02/08 17:53:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2011/02/08 17:53:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2011/02/08 17:53:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/02/07 20:17:28 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\gorge text
[2011/02/07 06:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/02/07 06:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2011/02/06 21:41:29 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Microsoft Games
[2011/02/06 19:19:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/02/05 22:33:20 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\clutter
[2011/02/05 21:26:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATTNaturalVoices
[2011/02/05 21:25:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoSpeech
[2011/02/05 21:24:18 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011/02/05 18:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\NextUp
[2011/02/05 18:13:55 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\NextUp
[2011/02/05 18:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TextAloud
[2011/02/05 18:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TextAloud
[2011/02/05 17:03:58 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\WizardMission1
[2011/02/05 14:31:30 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\GRETECH
[2011/02/05 14:25:15 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Vuze Downloads
[2011/02/05 10:00:19 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/02/05 09:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/02/05 09:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011/02/05 09:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2011/02/04 20:30:28 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\srdiag
[2011/02/04 20:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/02/04 20:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/02/04 20:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/02/04 20:10:17 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Adobe
[2011/02/04 20:04:12 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Macromedia
[2011/02/04 20:04:12 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Adobe
[2011/02/04 20:01:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011/02/04 19:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2011/02/04 19:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Owl's Tools
[2011/02/04 18:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/02/04 18:33:09 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/02/04 17:53:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Missions
[2011/02/04 17:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FSAddon
[2011/02/04 17:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FSAddon
[2011/02/04 17:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\FSAddon
[2011/02/04 17:51:01 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\WinRAR
[2011/02/04 17:23:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/02/04 17:23:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/02/04 17:07:05 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Flight Simulator X Files
[2011/02/04 17:03:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/02/04 17:03:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/02/04 17:03:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games
[2011/02/04 16:35:31 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/02/04 16:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2011/02/04 16:32:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011/02/04 16:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GNU
[2011/02/04 16:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alive Text to Speech
[2011/02/04 16:29:44 | 000,491,520 | ---- | C] (NCT Company) -- C:\Windows\SysWow64\NCTAudioFile.dll
[2011/02/04 16:29:44 | 000,158,208 | ---- | C] (NCT Company) -- C:\Windows\SysWow64\NCTTextToAudio.dll
[2011/02/04 16:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AliveMedia
[2011/02/04 16:28:55 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Azureus
[2011/02/04 16:28:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze Toolbar
[2011/02/04 16:28:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2011/02/04 16:26:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2011/02/04 16:26:16 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/02/04 16:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2011/02/04 16:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
[2011/02/04 16:25:33 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Google Secrets How To Get A top 10 Ranking{ DSARG } eXXXclusive
[2011/02/04 16:24:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Polygraph Secrets-1
[2011/02/04 16:24:26 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/02/04 16:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/02/04 16:24:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2011/02/04 16:22:47 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Mozilla
[2011/02/04 16:22:47 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Mozilla
[2011/02/04 16:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/02/04 16:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/02/04 16:16:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011/02/04 16:05:49 | 000,000,000 | R--D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/02/04 16:05:49 | 000,000,000 | R--D | C] -- C:\Users\Mike\Searches
[2011/02/04 16:05:49 | 000,000,000 | R--D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/02/04 16:05:49 | 000,000,000 | -H-D | C] -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/02/04 16:05:34 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Identities
[2011/02/04 16:05:27 | 000,000,000 | R--D | C] -- C:\Users\Mike\Contacts
[2011/02/04 16:05:22 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\VirtualStore
[2011/02/04 16:04:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\AppData\Local\Temporary Internet Files
[2011/02/04 16:04:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Templates
[2011/02/04 16:04:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Start Menu
[2011/02/04 16:04:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\SendTo
[2011/02/04 16:04:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Recent
[2011/02/04 16:04:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\PrintHood
[2011/02/04 16:04:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\NetHood
[2011/02/04 16:04:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Documents\My Videos
[2011/02/04 16:04:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Documents\My Pictures
[2011/02/04 16:04:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Documents\My Music
[2011/02/04 16:04:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\My Documents
[2011/02/04 16:04:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Local Settings
[2011/02/04 16:04:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\AppData\Local\History
[2011/02/04 16:04:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Cookies
[2011/02/04 16:04:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Application Data
[2011/02/04 16:04:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\AppData\Local\Application Data
[2011/02/04 16:04:48 | 000,000,000 | --SD | C] -- C:\Users\Mike\AppData\Roaming\Microsoft
[2011/02/04 16:04:48 | 000,000,000 | R--D | C] -- C:\Users\Mike\Videos
[2011/02/04 16:04:48 | 000,000,000 | R--D | C] -- C:\Users\Mike\Saved Games
[2011/02/04 16:04:48 | 000,000,000 | R--D | C] -- C:\Users\Mike\Music
[2011/02/04 16:04:48 | 000,000,000 | R--D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/02/04 16:04:48 | 000,000,000 | R--D | C] -- C:\Users\Mike\Links
[2011/02/04 16:04:48 | 000,000,000 | R--D | C] -- C:\Users\Mike\Favorites
[2011/02/04 16:04:48 | 000,000,000 | R--D | C] -- C:\Users\Mike\Downloads
[2011/02/04 16:04:48 | 000,000,000 | R--D | C] -- C:\Users\Mike\Desktop
[2011/02/04 16:04:48 | 000,000,000 | R--D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/02/04 16:04:48 | 000,000,000 | -H-D | C] -- C:\Users\Mike\AppData
[2011/02/04 16:04:48 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Temp
[2011/02/04 16:04:48 | 000,000,000 | ---D | C] -- C:\Users\Mike\Pictures
[2011/02/04 16:04:48 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Microsoft
[2011/02/04 16:04:48 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Media Center Programs
[2011/02/04 16:04:48 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents

========== Files - Modified Within 30 Days ==========

[2011/02/26 17:00:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/02/26 16:21:45 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/26 16:21:45 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/26 16:14:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/26 16:14:22 | 369,945,591 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/26 16:14:20 | 2388,459,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/26 16:13:07 | 004,275,134 | ---- | M] () -- C:\Users\Mike\Desktop\ComboFix.exe
[2011/02/26 16:05:09 | 004,275,134 | ---- | M] () -- C:\Users\Mike\Desktop\blackpudding.bat
[2011/02/26 14:45:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Mike\Desktop\HijackThis.exe
[2011/02/26 10:18:53 | 000,624,128 | ---- | M] () -- C:\Users\Mike\Desktop\dds.scr
[2011/02/26 09:09:02 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/24 20:50:06 | 000,055,713 | ---- | M] () -- C:\Users\Mike\Documents\myspecs.xps
[2011/02/24 20:36:02 | 000,000,017 | ---- | M] () -- C:\Users\Mike\AppData\Local\resmon.resmoncfg
[2011/02/24 20:33:37 | 006,640,398 | ---- | M] () -- C:\Users\Mike\Documents\specs
[2011/02/24 18:53:08 | 000,001,940 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/02/22 09:28:07 | 000,966,054 | ---- | M] () -- C:\Users\Mike\Documents\693_max.bmp
[2011/02/22 09:27:20 | 000,063,860 | ---- | M] () -- C:\Users\Mike\Documents\693_max (1).jpg
[2011/02/22 09:27:12 | 000,063,860 | ---- | M] () -- C:\Users\Mike\Documents\693_max.jpg
[2011/02/22 09:22:34 | 000,001,014 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\ImageConverter Plus.lnk
[2011/02/18 07:16:45 | 000,000,022 | -HS- | M] () -- C:\Windows\System5537 Data.Repository
[2011/02/18 07:16:45 | 000,000,022 | -HS- | M] () -- C:\Users\Mike\AppData\Roaming\Sys2662.Config.Repository.bin
[2011/02/17 19:15:16 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\1701 A.D. The Sunken Dragon.lnk
[2011/02/17 19:15:16 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\1701 A.D..lnk
[2011/02/08 18:47:56 | 000,273,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/06 03:02:13 | 000,740,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/06 03:02:13 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/06 03:02:13 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/05 10:00:19 | 000,000,221 | ---- | M] () -- C:\Users\Mike\Desktop\RailWorks.url
[2011/02/04 18:46:44 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/02/04 18:46:44 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/02/04 18:27:12 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/02/04 17:53:39 | 000,002,639 | ---- | M] () -- C:\Users\Mike\Desktop\FSX Mission Editor.lnk
[2011/02/04 17:34:18 | 000,000,136 | ---- | M] () -- C:\Users\Mike\Desktop\Microsoft Flight Simulator X - Shortcut.lnk
[2011/02/04 16:28:45 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/02/04 16:28:45 | 000,001,859 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/02/04 16:26:06 | 000,001,144 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2011/02/04 16:22:44 | 000,001,974 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/04 16:22:44 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/04 16:20:51 | 000,001,448 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Re: Google redirecting and occasional blue screen27th February 2011, 1:04 am

========== Files Created - No Company Name ==========

[2011/02/26 16:12:58 | 004,275,134 | ---- | C] () -- C:\Users\Mike\Desktop\ComboFix.exe
[2011/02/26 16:04:59 | 004,275,134 | ---- | C] () -- C:\Users\Mike\Desktop\blackpudding.bat
[2011/02/26 10:18:49 | 000,624,128 | ---- | C] () -- C:\Users\Mike\Desktop\dds.scr
[2011/02/26 09:09:02 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/24 20:50:05 | 000,055,713 | ---- | C] () -- C:\Users\Mike\Documents\myspecs.xps
[2011/02/24 20:36:02 | 000,000,017 | ---- | C] () -- C:\Users\Mike\AppData\Local\resmon.resmoncfg
[2011/02/24 20:32:57 | 006,640,398 | ---- | C] () -- C:\Users\Mike\Documents\specs
[2011/02/24 19:27:47 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/02/24 18:53:08 | 000,001,940 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/02/22 09:28:07 | 000,966,054 | ---- | C] () -- C:\Users\Mike\Documents\693_max.bmp
[2011/02/22 09:27:20 | 000,063,860 | ---- | C] () -- C:\Users\Mike\Documents\693_max (1).jpg
[2011/02/22 09:27:12 | 000,063,860 | ---- | C] () -- C:\Users\Mike\Documents\693_max.jpg
[2011/02/22 09:22:34 | 000,001,014 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\ImageConverter Plus.lnk
[2011/02/18 07:16:45 | 000,000,022 | -HS- | C] () -- C:\Windows\System5537 Data.Repository
[2011/02/18 07:16:45 | 000,000,022 | -HS- | C] () -- C:\Users\Mike\AppData\Roaming\Sys2662.Config.Repository.bin
[2011/02/17 19:15:16 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\1701 A.D. The Sunken Dragon.lnk
[2011/02/17 19:15:16 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\1701 A.D..lnk
[2011/02/14 13:21:50 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/02/14 13:21:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/14 13:21:50 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2011/02/14 05:25:11 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2011/02/06 19:19:42 | 369,945,591 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/02/05 18:13:20 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/02/05 10:00:19 | 000,000,221 | ---- | C] () -- C:\Users\Mike\Desktop\RailWorks.url
[2011/02/04 17:53:39 | 000,002,639 | ---- | C] () -- C:\Users\Mike\Desktop\FSX Mission Editor.lnk
[2011/02/04 17:34:18 | 000,000,136 | ---- | C] () -- C:\Users\Mike\Desktop\Microsoft Flight Simulator X - Shortcut.lnk
[2011/02/04 16:29:46 | 000,001,139 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alive Text to Speech
[2011/02/04 16:29:44 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/02/04 16:28:45 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/02/04 16:28:45 | 000,001,859 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/02/04 16:28:45 | 000,001,859 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2011/02/04 16:26:06 | 000,001,144 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2011/02/04 16:22:44 | 000,001,974 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/04 16:22:44 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/04 16:20:51 | 000,001,448 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/04 16:14:17 | 000,001,420 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/02/04 16:14:11 | 000,001,454 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/02/04 16:04:48 | 000,000,290 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/02/04 16:04:48 | 000,000,272 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/08/18 14:45:45 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/09/28 14:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\PhysXLoader.dll
[2006/09/26 14:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2011/02/26 14:32:53 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Azureus
[2011/02/26 17:00:00 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/02/10 11:25:00 | 000,021,368 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

Re: Google redirecting and occasional blue screen27th February 2011, 1:06 am

Sorry same problem as before I have to make the parts smaller each time to post, so far that is about half of the log file, I will continue to try and post the rest

Re: Google redirecting and occasional blue screen27th February 2011, 1:15 am

========== Files Created - No Company Name ==========

[2011/02/26 16:12:58 | 004,275,134 | ---- | C] () -- C:\Users\Mike\Desktop\ComboFix.exe
[2011/02/26 16:04:59 | 004,275,134 | ---- | C] () -- C:\Users\Mike\Desktop\blackpudding.bat
[2011/02/26 10:18:49 | 000,624,128 | ---- | C] () -- C:\Users\Mike\Desktop\dds.scr
[2011/02/26 09:09:02 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware

Free Edition.lnk
[2011/02/24 20:50:05 | 000,055,713 | ---- | C] () -- C:\Users\Mike\Documents\myspecs.xps
[2011/02/24 20:36:02 | 000,000,017 | ---- | C] () -- C:\Users\Mike\AppData\Local\resmon.resmoncfg
[2011/02/24 20:32:57 | 006,640,398 | ---- | C] () -- C:\Users\Mike\Documents\specs
[2011/02/24 19:27:47 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu

\Programs\Adobe Reader X.lnk
[2011/02/24 18:53:08 | 000,001,940 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu

\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/02/22 09:28:07 | 000,966,054 | ---- | C] () -- C:\Users\Mike\Documents\693_max.bmp
[2011/02/22 09:27:20 | 000,063,860 | ---- | C] () -- C:\Users\Mike\Documents\693_max (1).jpg
[2011/02/22 09:27:12 | 000,063,860 | ---- | C] () -- C:\Users\Mike\Documents\693_max.jpg
[2011/02/22 09:22:34 | 000,001,014 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft

\Internet Explorer\Quick Launch\ImageConverter Plus.lnk
[2011/02/18 07:16:45 | 000,000,022 | -HS- | C] () -- C:\Windows\System5537 Data.Repository
[2011/02/18 07:16:45 | 000,000,022 | -HS- | C] () -- C:\Users\Mike\AppData\Roaming

\Sys2662.Config.Repository.bin
[2011/02/17 19:15:16 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\1701 A.D. The Sunken

Dragon.lnk
[2011/02/17 19:15:16 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\1701 A.D..lnk
[2011/02/14 13:21:50 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/02/14 13:21:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/14 13:21:50 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2011/02/14 05:25:11 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2011/02/06 19:19:42 | 369,945,591 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/02/05 18:13:20 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/02/05 10:00:19 | 000,000,221 | ---- | C] () -- C:\Users\Mike\Desktop\RailWorks.url
[2011/02/04 17:53:39 | 000,002,639 | ---- | C] () -- C:\Users\Mike\Desktop\FSX Mission Editor.lnk
[2011/02/04 17:34:18 | 000,000,136 | ---- | C] () -- C:\Users\Mike\Desktop\Microsoft Flight

Simulator X - Shortcut.lnk
[2011/02/04 16:29:46 | 000,001,139 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu

\Programs\Alive Text to Speech
[2011/02/04 16:29:44 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/02/04 16:28:45 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/02/04 16:28:45 | 000,001,859 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft

\Internet Explorer\Quick Launch\Vuze.lnk
[2011/02/04 16:28:45 | 000,001,859 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu

\Programs\Vuze.lnk
[2011/02/04 16:26:06 | 000,001,144 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft

\Internet Explorer\Quick Launch\GOM Player.lnk
[2011/02/04 16:22:44 | 000,001,974 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft

\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/04 16:22:44 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/04 16:20:51 | 000,001,448 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft

\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/04 16:14:17 | 000,001,420 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Microsoft

\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/02/04 16:14:11 | 000,001,454 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Microsoft

\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/02/04 16:04:48 | 000,000,290 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft

\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/02/04 16:04:48 | 000,000,272 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft

\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/08/18 14:45:45 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/09/28 14:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\PhysXLoader.dll
[2006/09/26 14:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows

\SysWow64\AgCPanelTraditionalChinese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows

\SysWow64\AgCPanelSimplifiedChinese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2011/02/26 14:32:53 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Azureus
[2011/02/26 17:00:00 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/02/10 11:25:00 | 000,021,368 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

Re: Google redirecting and occasional blue screen27th February 2011, 1:17 am

Still more to post,

Re: Google redirecting and occasional blue screen27th February 2011, 1:21 am

Ok i apologize for this long post , however I can not get the rest of the log to post, I get a connection reset, even when I break it down very small, I am going to try waiting some time, Is there a limit to the amount I can post in a certain period of time ? ,maybe its my computer? I have a good connection. I will continue to try and post the rest of the log . thank you for your patience

Re: Google redirecting and occasional blue screen27th February 2011, 1:26 am

I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
***********************************************
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:

:OTL
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
:Files
C:\Windows\tasks\At1.job

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
*******************************************
Are you still getting re-directs?

Re: Google redirecting and occasional blue screen27th February 2011, 2:05 am

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2008/04/11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2011/02/26 16:03:30 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3896314578-1710475560-2245159350-1001\$I937INN.bat
[2011/02/26 19:41:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3896314578-1710475560-2245159350-1001\$ICW8WSF.Txt
[2011/02/26 15:49:53 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3896314578-1710475560-2245159350-1001\$IK93DOM.exe
[2011/02/26 15:58:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3896314578-1710475560-2245159350-1001\$IXKOXUN.exe
[2011/02/26 15:49:53 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3896314578-1710475560-2245159350-1001\$IY8N2A0.exe
[2011/02/26 15:49:20 | 004,275,134 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3896314578-1710475560-2245159350-1001\$R937INN.bat
[2011/02/26 19:39:33 | 000,168,338 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3896314578-1710475560-2245159350-1001\$RCW8WSF.Txt
[2011/02/26 14:35:26 | 004,275,134 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3896314578-1710475560-2245159350-1001\$RK93DOM.exe
[2011/02/26 15:55:57 | 000,056,054 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3896314578-1710475560-2245159350-1001\$RXKOXUN.exe
[2011/02/26 08:50:29 | 004,274,990 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3896314578-1710475560-2245159350-1001\$RY8N2A0.exe
[2011/02/04 16:05:24 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3896314578-1710475560-2245159350-1001\desktop.ini

Re: Google redirecting and occasional blue screen27th February 2011, 2:29 am

All processes killed
========== OTL ==========
Prefs.js: toolbar@ask.com:3.9.1.14019 removed from extensions.enabledItems
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike
->Temp folder emptied: 73119218 bytes
->Temporary Internet Files folder emptied: 21130292 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54118486 bytes
->Flash cache emptied: 6712 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28017080 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
RecycleBin emptied: 13076712 bytes

Total Files Cleaned = 181.00 mb

OTL by OldTimer - Version 3.2.22.1 log created on 02262011_212549

Files\Folders moved on Reboot...
C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Re: Google redirecting and occasional blue screen27th February 2011, 2:36 am

I am still getting redirects, I did OTL fix before I uninstalled ask toolbar, should I run the fix again ?

Re: Google redirecting and occasional blue screen27th February 2011, 2:44 am

Are you still getting the re-directs?

Is there a limit to the amount I can post in a certain period of time ?

I don't know what the limit is but if you try to post too much data you should receive a warning, then you will have to post in two posts.

Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

Once you have downloaded the file, double click the sarsfx icon
Review the licence agreement and click on the Accept button
The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
Allow the program to scan your computer - please be patient as it may take some time
Once the scan has completed a window will pop-up with the results of the scan - click OK to this
In the main window, you will see each of the entries found by the scan (if any)
- If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
- Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
To clean up these entries click on the Clean up checked items button
If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now

Re: Google redirecting and occasional blue screen27th February 2011, 2:45 am

thpgrad wrote:

I am still getting redirects, I did OTL fix before I uninstalled ask toolbar, should I run the fix again ?

No. It should be gone now.

Re: Google redirecting and occasional blue screen27th February 2011, 3:53 am

its scanning , slowly, one thing the running processes box was grayed out so I could not check it prior to scanning , I will post the warnings ,if any as soon as the scan is complete

Re: Google redirecting and occasional blue screen27th February 2011, 4:06 am

Area: Local hard drives
Description: Unknown hidden file
Location: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NPFFYET\token=8B;loc=left;sz=160x600;tile=5;u=sessionid-320212604591016211_szid-4333a877-1eb9-47dd-92bd-dc923d155de0;ord=6737087472424316087[1].htm
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

Area: Local hard drives
Description: Unknown hidden file
Location: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DMXRIKHG\ken=8B;loc=bottom;sz=300x250;tile=4;u=sessionid-320212604591016211_szid-4333a877-1eb9-47dd-92bd-dc923d155de0;ord=6737087472424316087[1].htm
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

Area: Local hard drives
Description: Unknown hidden file
Location: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DMXRIKHG\oken=8B;loc=bottom;sz=728x90;tile=2;u=sessionid-320212604591016211_szid-4333a877-1eb9-47dd-92bd-dc923d155de0;ord=6737087472424316087[1].htm
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

Re: Google redirecting and occasional blue screen27th February 2011, 5:37 am

Alright there are a lot of files without check marks , like the last three I posted do you want a copy of the description for all 171 of them ? I am going to post a fresh hi jack this log first , then I need to be away from my computer for a few hours(I need to sleep) but if needed I will copy all the descriptions of the files that say" Removable: Yes (but clean up not recommended for this file)" when I start again in the morning, thanks for all the help so far

Re: Google redirecting and occasional blue screen27th February 2011, 5:38 am

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:38:01 AM, on 2/27/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sargui.exe
C:\Program Files (x86)\Vuze\Azureus.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Mike\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Vuze Toolbar\tbcore3.dll
O3 - Toolbar: Vuze Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Vuze Toolbar\tbcore3.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BCWipe service (BCWipeSvc) - Jetico, Inc. - C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5732 bytes

Re: Google redirecting and occasional blue screen27th February 2011, 3:06 pm

Awaiting further instructions , :smile2:

Re: Google redirecting and occasional blue screen28th February 2011, 2:01 am

Sorry. I was out most of the day playing music and hockey.

Download HostsXpert

•Unzip HostXpert to your Desktop

•Open up the HostXpert program.

•Make sure that the "Make Hosts Writable?" button in the upper right corner is enabled.

•Click Create Back Up

•Then click on Restore Microsoft's Host Files

•Close the HostXpert program
***********************************************
Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool
Click the Start Scan button (If prompted with a "hidden service warning" do go ahead and delete it.)
After the scan has finished, click the Close button
Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

Re: Google redirecting and occasional blue screen28th February 2011, 2:21 am

I get an error in host expert "Can not create file c/windows/system32/DRIVERS/ETC/host

2011/02/27 21:20:04.0934 3340 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/27 21:20:05.0250 3340 ================================================================================
2011/02/27 21:20:05.0250 3340 SystemInfo:
2011/02/27 21:20:05.0250 3340
2011/02/27 21:20:05.0250 3340 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/27 21:20:05.0250 3340 Product type: Workstation
2011/02/27 21:20:05.0250 3340 ComputerName: MIKE-PC
2011/02/27 21:20:05.0250 3340 UserName: Mike
2011/02/27 21:20:05.0250 3340 Windows directory: C:\Windows
2011/02/27 21:20:05.0250 3340 System windows directory: C:\Windows
2011/02/27 21:20:05.0250 3340 Running under WOW64
2011/02/27 21:20:05.0250 3340 Processor architecture: Intel x64
2011/02/27 21:20:05.0250 3340 Number of processors: 2
2011/02/27 21:20:05.0250 3340 Page size: 0x1000
2011/02/27 21:20:05.0250 3340 Boot type: Normal boot
2011/02/27 21:20:05.0250 3340 ================================================================================
2011/02/27 21:20:05.0570 3340 Initialize success
2011/02/27 21:20:15.0603 3680 ================================================================================
2011/02/27 21:20:15.0603 3680 Scan started
2011/02/27 21:20:15.0603 3680 Mode: Manual;
2011/02/27 21:20:15.0603 3680 ================================================================================
2011/02/27 21:20:16.0429 3680 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/02/27 21:20:16.0489 3680 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/02/27 21:20:16.0548 3680 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/02/27 21:20:16.0612 3680 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/02/27 21:20:16.0682 3680 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/02/27 21:20:16.0735 3680 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/02/27 21:20:16.0798 3680 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/02/27 21:20:16.0872 3680 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/02/27 21:20:16.0991 3680 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/02/27 21:20:17.0039 3680 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/02/27 21:20:17.0083 3680 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/27 21:20:17.0116 3680 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/02/27 21:20:17.0146 3680 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/02/27 21:20:17.0175 3680 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/02/27 21:20:17.0199 3680 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/02/27 21:20:17.0271 3680 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/02/27 21:20:17.0333 3680 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/02/27 21:20:17.0366 3680 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/02/27 21:20:17.0402 3680 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/27 21:20:17.0433 3680 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/02/27 21:20:17.0529 3680 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
2011/02/27 21:20:17.0726 3680 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/02/27 21:20:17.0797 3680 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/02/27 21:20:17.0908 3680 BCSWAP (f2a12da12aa071a63f4e49137237a099) C:\Windows\system32\drivers\BCSWAP.sys
2011/02/27 21:20:17.0999 3680 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/02/27 21:20:18.0089 3680 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/27 21:20:18.0138 3680 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/27 21:20:18.0171 3680 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/02/27 21:20:18.0197 3680 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/02/27 21:20:18.0235 3680 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/02/27 21:20:18.0263 3680 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/27 21:20:18.0298 3680 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/27 21:20:18.0324 3680 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/27 21:20:18.0367 3680 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/27 21:20:18.0470 3680 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/27 21:20:18.0523 3680 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/27 21:20:18.0627 3680 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/27 21:20:18.0696 3680 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/02/27 21:20:18.0810 3680 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/27 21:20:18.0851 3680 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/02/27 21:20:18.0901 3680 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/02/27 21:20:19.0009 3680 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/27 21:20:19.0067 3680 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/02/27 21:20:19.0311 3680 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/02/27 21:20:19.0470 3680 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/02/27 21:20:19.0533 3680 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/02/27 21:20:19.0609 3680 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/02/27 21:20:19.0744 3680 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/02/27 21:20:19.0843 3680 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/27 21:20:20.0023 3680 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/02/27 21:20:20.0226 3680 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/02/27 21:20:20.0278 3680 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/02/27 21:20:20.0405 3680 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/02/27 21:20:20.0457 3680 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/02/27 21:20:20.0491 3680 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/27 21:20:20.0596 3680 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/02/27 21:20:20.0644 3680 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/02/27 21:20:20.0673 3680 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/27 21:20:20.0738 3680 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/02/27 21:20:20.0803 3680 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/02/27 21:20:20.0851 3680 fsh (cb6143c55dedc04ec56bf7cd10f798d3) C:\Windows\system32\drivers\fsh.sys
2011/02/27 21:20:20.0884 3680 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/27 21:20:20.0945 3680 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/27 21:20:20.0994 3680 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/02/27 21:20:21.0031 3680 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/02/27 21:20:21.0080 3680 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/02/27 21:20:21.0157 3680 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/27 21:20:21.0189 3680 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/02/27 21:20:21.0222 3680 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/02/27 21:20:21.0249 3680 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/27 21:20:21.0297 3680 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/27 21:20:21.0423 3680 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/02/27 21:20:21.0482 3680 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/02/27 21:20:21.0566 3680 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/02/27 21:20:21.0660 3680 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/27 21:20:21.0722 3680 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/02/27 21:20:22.0093 3680 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/02/27 21:20:22.0417 3680 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/02/27 21:20:22.0456 3680 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/27 21:20:22.0495 3680 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/27 21:20:22.0527 3680 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/27 21:20:22.0564 3680 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/02/27 21:20:22.0593 3680 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/02/27 21:20:22.0630 3680 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/02/27 21:20:22.0654 3680 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/02/27 21:20:22.0701 3680 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/27 21:20:22.0748 3680 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/27 21:20:22.0780 3680 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/27 21:20:22.0825 3680 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/27 21:20:22.0874 3680 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/02/27 21:20:22.0926 3680 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/02/27 21:20:23.0000 3680 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
2011/02/27 21:20:23.0098 3680 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/27 21:20:23.0165 3680 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/27 21:20:23.0192 3680 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/27 21:20:23.0223 3680 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/02/27 21:20:23.0248 3680 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/02/27 21:20:23.0278 3680 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/02/27 21:20:23.0363 3680 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/02/27 21:20:23.0404 3680 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/02/27 21:20:23.0433 3680 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/02/27 21:20:23.0490 3680 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\Windows\system32\1507.tmp
2011/02/27 21:20:23.0536 3680 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/02/27 21:20:23.0580 3680 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/27 21:20:23.0617 3680 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/27 21:20:23.0658 3680 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/27 21:20:23.0704 3680 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/02/27 21:20:23.0735 3680 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/02/27 21:20:23.0763 3680 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/27 21:20:23.0793 3680 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/27 21:20:23.0845 3680 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/27 21:20:23.0880 3680 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/27 21:20:23.0916 3680 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/27 21:20:23.0944 3680 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/27 21:20:23.0987 3680 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/02/27 21:20:24.0043 3680 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/02/27 21:20:24.0071 3680 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/02/27 21:20:24.0099 3680 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/02/27 21:20:24.0153 3680 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/27 21:20:24.0181 3680 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/27 21:20:24.0202 3680 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/02/27 21:20:24.0236 3680 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/02/27 21:20:24.0268 3680 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/27 21:20:24.0291 3680 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/02/27 21:20:24.0329 3680 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/02/27 21:20:24.0407 3680 MTsensor (a523d9f6aeb152c4480d754df7fa9f7f) C:\Windows\system32\DRIVERS\ATK64AMD.sys
2011/02/27 21:20:24.0452 3680 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/02/27 21:20:24.0523 3680 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/27 21:20:24.0600 3680 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/02/27 21:20:24.0668 3680 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/27 21:20:24.0709 3680 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/27 21:20:24.0754 3680 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/27 21:20:24.0804 3680 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/27 21:20:24.0841 3680 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/02/27 21:20:24.0882 3680 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/27 21:20:24.0917 3680 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/27 21:20:24.0983 3680 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/02/27 21:20:25.0029 3680 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/02/27 21:20:25.0053 3680 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/27 21:20:25.0140 3680 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/02/27 21:20:25.0262 3680 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/02/27 21:20:25.0301 3680 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/02/27 21:20:25.0329 3680 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/02/27 21:20:25.0360 3680 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/02/27 21:20:25.0404 3680 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/27 21:20:25.0466 3680 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/02/27 21:20:25.0494 3680 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/02/27 21:20:25.0530 3680 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/02/27 21:20:25.0569 3680 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/27 21:20:25.0613 3680 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/27 21:20:25.0638 3680 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/02/27 21:20:25.0680 3680 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/02/27 21:20:25.0874 3680 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/27 21:20:25.0921 3680 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/02/27 21:20:25.0992 3680 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/27 21:20:26.0053 3680 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/02/27 21:20:26.0109 3680 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/02/27 21:20:26.0142 3680 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/27 21:20:26.0171 3680 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/27 21:20:26.0221 3680 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/27 21:20:26.0257 3680 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/27 21:20:26.0300 3680 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/27 21:20:26.0347 3680 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/27 21:20:26.0379 3680 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/27 21:20:26.0430 3680 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/27 21:20:26.0478 3680 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/27 21:20:26.0555 3680 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/27 21:20:26.0605 3680 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/02/27 21:20:26.0636 3680 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/02/27 21:20:26.0678 3680 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/02/27 21:20:26.0739 3680 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/27 21:20:26.0829 3680 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/02/27 21:20:26.0865 3680 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/02/27 21:20:27.0020 3680 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/02/27 21:20:27.0079 3680 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/02/27 21:20:27.0174 3680 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/02/27 21:20:27.0262 3680 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/27 21:20:27.0307 3680 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/02/27 21:20:27.0343 3680 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/02/27 21:20:27.0393 3680 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/02/27 21:20:27.0440 3680 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/02/27 21:20:27.0478 3680 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/02/27 21:20:27.0516 3680 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/02/27 21:20:27.0575 3680 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
2011/02/27 21:20:27.0613 3680 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/27 21:20:27.0653 3680 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/27 21:20:27.0692 3680 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/02/27 21:20:27.0743 3680 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/02/27 21:20:27.0826 3680 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/02/27 21:20:27.0899 3680 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/27 21:20:27.0950 3680 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/27 21:20:28.0036 3680 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/02/27 21:20:28.0078 3680 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/27 21:20:28.0239 3680 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/02/27 21:20:28.0405 3680 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/27 21:20:28.0485 3680 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/27 21:20:28.0523 3680 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/02/27 21:20:28.0554 3680 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/02/27 21:20:28.0584 3680 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/27 21:20:28.0608 3680 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/27 21:20:28.0679 3680 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/27 21:20:28.0728 3680 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/27 21:20:28.0760 3680 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/27 21:20:28.0797 3680 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/27 21:20:28.0861 3680 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/02/27 21:20:28.0902 3680 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/27 21:20:28.0925 3680 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/27 21:20:28.0985 3680 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/27 21:20:29.0022 3680 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/27 21:20:29.0062 3680 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/27 21:20:29.0105 3680 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/27 21:20:29.0140 3680 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/27 21:20:29.0165 3680 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/27 21:20:29.0202 3680 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/27 21:20:29.0236 3680 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/27 21:20:29.0289 3680 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/02/27 21:20:29.0356 3680 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/02/27 21:20:29.0396 3680 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/27 21:20:29.0423 3680 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/02/27 21:20:29.0463 3680 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/02/27 21:20:29.0492 3680 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/02/27 21:20:29.0520 3680 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/02/27 21:20:29.0557 3680 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/02/27 21:20:29.0584 3680 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/02/27 21:20:29.0629 3680 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/02/27 21:20:29.0666 3680 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/02/27 21:20:29.0698 3680 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/02/27 21:20:29.0750 3680 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/02/27 21:20:29.0807 3680 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/27 21:20:29.0830 3680 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/27 21:20:29.0896 3680 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/02/27 21:20:29.0949 3680 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/27 21:20:30.0031 3680 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/27 21:20:30.0056 3680 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/02/27 21:20:30.0137 3680 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/27 21:20:30.0209 3680 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/27 21:20:30.0261 3680 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/02/27 21:20:30.0398 3680 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/27 21:20:30.0496 3680 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/27 21:20:30.0502 3680 ================================================================================
2011/02/27 21:20:30.0502 3680 Scan finished
2011/02/27 21:20:30.0502 3680 ================================================================================
2011/02/27 21:20:30.0519 3648 Detected object count: 1
2011/02/27 21:20:48.0362 3648 \HardDisk0 - will be cured after reboot
2011/02/27 21:20:48.0364 3648 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

Re: Google redirecting and occasional blue screen28th February 2011, 2:43 am

Nice to have you back, hope you had a good day out relaxing , I will check back as often as I can from work, Thanks again for bearing with me through this looooooong post.

Re: Google redirecting and occasional blue screen28th February 2011, 7:19 pm

Well, it looks like that last scan found something. Any change in your computer?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the Google redirecting and occasional blue screen EsetOnline

Google redirecting and occasional blue screen EsetOnline

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

Google redirecting and occasional blue screen EsetAcceptTerms

•Click the Google redirecting and occasional blue screen EsetStart

button.
•Accept any security warnings from your browser.
•Check Google redirecting and occasional blue screen EsetScanArchives

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push Google redirecting and occasional blue screen EsetListThreats

Google redirecting and occasional blue screen EsetListThreats

•Push

Google redirecting and occasional blue screen EsetExport

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the Google redirecting and occasional blue screen EsetBack

Google redirecting and occasional blue screen EsetBack

button.
•Push Google redirecting and occasional blue screen EsetFinish

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Re: Google redirecting and occasional blue screen28th February 2011, 7:40 pm

looks like I am no longer being redirected :smile2: I will finish the eset scan and post results,

Re: Google redirecting and occasional blue screen28th February 2011, 9:15 pm

The scan finished with no found threats, so I could not generate a report, I did some more searching and had no more redirects. I can not thank you enough. I work in a non profit Drug and Alcohol Rehabilitation Center. so money is tight, however I will send some type of donation
Mike

Re: Google redirecting and occasional blue screen28th February 2011, 11:21 pm

Ok. Let's do some cleanup.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
************************************************
To set a new Restore Point.

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.
*******************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
********************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Re: Google redirecting and occasional blue screen28th February 2011, 11:36 pm

Sounds good to me. I am working my way through the steps suggested

Google redirecting and occasional blue screen

descriptionGoogle redirecting and occasional blue screen25th February 2011, 11:43 am

descriptionRe: Google redirecting and occasional blue screen25th February 2011, 8:15 pm

descriptionRe: Google redirecting and occasional blue screen26th February 2011, 3:54 pm

descriptionRe: Google redirecting and occasional blue screen26th February 2011, 3:56 pm

descriptionRe: Google redirecting and occasional blue screen26th February 2011, 4:32 pm

descriptionRe: Google redirecting and occasional blue screen26th February 2011, 4:35 pm

descriptionRe: Google redirecting and occasional blue screen26th February 2011, 7:21 pm

descriptionRe: Google redirecting and occasional blue screen26th February 2011, 7:47 pm

descriptionRe: Google redirecting and occasional blue screen26th February 2011, 7:50 pm

descriptionRe: Google redirecting and occasional blue screen26th February 2011, 7:59 pm

descriptionRe: Google redirecting and occasional blue screen26th February 2011, 8:53 pm

descriptionRe: Google redirecting and occasional blue screen26th February 2011, 9:09 pm

descriptionRe: Google redirecting and occasional blue screen27th February 2011, 12:16 am

descriptionRe: Google redirecting and occasional blue screen27th February 2011, 12:58 am

descriptionRe: Google redirecting and occasional blue screen27th February 2011, 1:00 am

descriptionRe: Google redirecting and occasional blue screen27th February 2011, 1:04 am

descriptionRe: Google redirecting and occasional blue screen27th February 2011, 1:06 am

descriptionRe: Google redirecting and occasional blue screen27th February 2011, 1:15 am

descriptionRe: Google redirecting and occasional blue screen27th February 2011, 1:17 am

descriptionRe: Google redirecting and occasional blue screen27th February 2011, 1:21 am

descriptionRe: Google redirecting and occasional blue screen27th February 2011, 1:26 am

descriptionRe: Google redirecting and occasional blue screen27th February 2011, 2:05 am

descriptionRe: Google redirecting and occasional blue screen27th February 2011, 2:29 am

descriptionRe: Google redirecting and occasional blue screen27th February 2011, 2:36 am

descriptionRe: Google redirecting and occasional blue screen27th February 2011, 2:44 am

descriptionRe: Google redirecting and occasional blue screen27th February 2011, 2:45 am

descriptionRe: Google redirecting and occasional blue screen27th February 2011, 3:53 am

descriptionRe: Google redirecting and occasional blue screen27th February 2011, 4:06 am

descriptionRe: Google redirecting and occasional blue screen27th February 2011, 5:37 am

descriptionRe: Google redirecting and occasional blue screen27th February 2011, 5:38 am

descriptionRe: Google redirecting and occasional blue screen27th February 2011, 3:06 pm

descriptionRe: Google redirecting and occasional blue screen28th February 2011, 2:01 am

descriptionRe: Google redirecting and occasional blue screen28th February 2011, 2:21 am

descriptionRe: Google redirecting and occasional blue screen28th February 2011, 2:43 am

descriptionRe: Google redirecting and occasional blue screen28th February 2011, 7:19 pm

descriptionRe: Google redirecting and occasional blue screen28th February 2011, 7:40 pm

descriptionRe: Google redirecting and occasional blue screen28th February 2011, 9:15 pm

descriptionRe: Google redirecting and occasional blue screen28th February 2011, 11:21 pm

descriptionRe: Google redirecting and occasional blue screen28th February 2011, 11:36 pm

descriptionRe: Google redirecting and occasional blue screen