New UPS infection - help needed

I (stupidly) opened the UPS virus e-mail. Now, in addition to having the option of loading operating system Windows XP Professional from F8, there is now an "operating system" listed named "30," and, of course, my laptop is running incredibly slowly. No, I have not tried clicking on that bogus operating system! But I do want to get rid of it. Sophos saw that it is there (UPS - Mal/NecursDrp-A), but did not eliminate it. Neither Malwarebytes nor SuperAntiSpyware "see" it. Per a thread from a few years ago, I ran OTL and AdwCleaner Here are the Extras.Txt and AdwCleaner.Txt logs (hopefully, someone will recognize something):

OTL Extras logfile created on: 9/2/2012 7:30:32 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Downloads
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.65% Memory free
3.84 Gb Paging File | 3.24 Gb Available in Paging File | 84.43% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 182.85 Gb Free Space | 78.52% Space Free | Partition Type: NTFS

Computer Name: LIFEBOOK | User Name: Spencer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = internetshortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML.HJIGKK4FWPTJ5AAAOKWLVN4XXM] -- C:\Documents and Settings\Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistUMP] -- "C:\Program Files\UMPlayer\umplayer.exe" -add-to-playlist "%1" ()
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithUMP] -- "C:\Program Files\UMPlayer\umplayer.exe" -play-dir "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"AntivirusOverride" = 0
"UacDisableNotify" = 0
"AntiSpywareDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"AntivirusOverride" = 0
"UacDisableNotify" = 0
"AntiSpywareDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"UpdatesDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Downloads\mflpro\Data\Disk1\setup.exe" = C:\Downloads\mflpro\Data\Disk1\setup.exe:*:Enabled:Setup.exe -- (Macrovision Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007A0A19-70CE-4758-8D54-9DD023BB7118}_is1" = BackyardEOS 2.0.4
"{0A02D347-5E53-48A5-BC49-1469393103FA}" = MFL-Pro Suite
"{0CAD092C-5D1E-48AD-A845-E1EBA9AF1AF8}" = Tablet PC Tutorials for Microsoft Windows XP SP2
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{2216560B-CB29-4CEC-B98F-1C037976B317}" = Fujitsu Hotkey Utility
"{23484C5A-E7AE-4F59-B7DF-88D63BEF18F4}" = Meade LPI
"{24CF0DBF-FF47-42E5-A13F-1D4D773E8AC7}" = Security Panel Application
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{5337BED2-73A0-4EB8-A33C-91DFD4C2F82D}" = Fujitsu Pen Service
"{5EBEC21B-9C59-455B-890D-E8F7DC492D8D}" = O2Micro SmartCardBus Windows Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7959721D-8268-4565-9E0E-C41A9F4848A9}" = SigmaTel AC97 Audio Drivers
"{8961E141-B307-4882-ABAD-77A3E76A40C1}" = ASCOM Platform 6 - SP1
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8C863827-645F-4ABB-8F6C-12D16F34B023}" = Intel(R) mDriver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{93444A72-EEA4-43E9-A12C-372DCC126A9B}" = Security Panel Application for Supervisor
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AEAFF885-0382-454D-9B2B-FC4B55F90426}" = Fujitsu Button Utilities
"{B08D94CF-88AA-45ED-B323-30B321DBC92A}" = O2Micro MemoryCardBus Windows Driver
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1108168-3364-4F6F-B19E-1ECA24192164}" = Fujitsu Button Driver Component
"{CA05B399-C9A3-4F51-8E15-90CA867D0280}" = IntelliSonic DX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"7-Zip" = 7-Zip 9.20
"Access8.0" = Microsoft Access 97
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"ASCOM Celestron Telescope Driver_is1" = ASCOM Celestron Telescope Driver 5.0.28
"ASCOM Platform 6 - SP1" = ASCOM Platform 6 - SP1
"Autostar Suite" = Autostar Suite
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.6
"Envisage Install" = Envisage Install
"EOS Utility" = Canon Utilities EOS Utility
"Freecorder5.11" = Freecorder 5
"GPUSB_ASCOM_is1" = GPUSB_ASCOM Ver 1.0.0
"GPUSBCheck_is1" = GPUSBCheck 1.2.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{B08D94CF-88AA-45ED-B323-30B321DBC92A}" = O2Micro MemoryCardBus Windows Driver
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MyCamera" = Canon Utilities MyCamera
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PHD Guiding_is1" = PHD Guiding 1.12.4
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Security Task Manager" = Security Task Manager 1.8d
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"UMPlayer" = UMPlayer 0.98 [P3]
"WFTK" = Canon Utilities WFT-E1/E2/E3/E4 Utility
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WRUNINST" = Webroot SecureAnywhere
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks Setup Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/31/2012 6:13:25 PM | Computer Name = LIFEBOOK | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ContentFilter
(ContentFilter) failed. The Error code is the first DWORD in Data section.

Error - 8/31/2012 6:13:25 PM | Computer Name = LIFEBOOK | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 8680, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 8/31/2012 6:13:25 PM | Computer Name = LIFEBOOK | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ISAPISearch
(ISAPISearch) failed. The Error code is the first DWORD in Data section.

Error - 8/31/2012 6:21:34 PM | Computer Name = LIFEBOOK | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 8680, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 8/31/2012 6:21:34 PM | Computer Name = LIFEBOOK | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ContentIndex
(ContentIndex) failed. The Error code is the first DWORD in Data section.

Error - 8/31/2012 6:21:34 PM | Computer Name = LIFEBOOK | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 8680, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 8/31/2012 6:21:34 PM | Computer Name = LIFEBOOK | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ContentFilter
(ContentFilter) failed. The Error code is the first DWORD in Data section.

Error - 8/31/2012 6:21:34 PM | Computer Name = LIFEBOOK | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 8680, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 8/31/2012 6:21:34 PM | Computer Name = LIFEBOOK | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ISAPISearch
(ISAPISearch) failed. The Error code is the first DWORD in Data section.

Error - 9/2/2012 6:17:58 PM | Computer Name = LIFEBOOK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

[ ASCOM Events ]
Error - 7/24/2012 11:46:32 PM | Computer Name = LIFEBOOK | Source = ASCOM Platform | ID = 24
Description = UninstallAscom - Exception System.InvalidOperationException: This access
control list is not in canonical form and therefore cannot be modified. at System.Security.AccessControl.CommonAcl.ThrowIfNotCanonical()

at System.Security.AccessControl.CommonAcl.AddQualifiedAce(SecurityIdentifier
sid, AceQualifier qualifier, Int32 accessMask, AceFlags flags, ObjectAceFlags objectFlags,
Guid objectType, Guid inheritedObjectType) at System.Security.AccessControl.DiscretionaryAcl.AddAccess(AccessControlType
accessType, SecurityIdentifier sid, Int32 accessMask, InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags) at System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification
modification, AccessRule rule, Boolean& modified) at System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule
rule) at ASCOM.Utilities.RegistryAccess.SetRegistryACL() in C:\ASCOM Build\Export\ASCOM.Utilities\ASCOM.Utilities\RegistryAccess.vb:line
619 at UninstallAscom.Program.Main() in c:\ASCOM Build\Export\Releases\ASCOM
6\Uninstaller\UninstallASCOM\Program.cs:line 223

[ System Events ]
Error - 9/2/2012 10:03:20 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the WRSVC service, but this action
failed with the following error: %%1056

Error - 9/2/2012 10:03:27 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7031
Description = The WRSVC service terminated unexpectedly. It has done this 3 time(s).
The following corrective action will be taken in 10000 milliseconds: Restart the
service.

Error - 9/2/2012 10:03:29 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the WRSVC service, but this action
failed with the following error: %%1056

Error - 9/2/2012 10:03:35 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7031
Description = The WRSVC service terminated unexpectedly. It has done this 4 time(s).
The following corrective action will be taken in 10000 milliseconds: Restart the
service.

Error - 9/2/2012 10:03:37 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the WRSVC service, but this action
failed with the following error: %%1056

Error - 9/2/2012 10:03:44 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7031
Description = The WRSVC service terminated unexpectedly. It has done this 5 time(s).
The following corrective action will be taken in 10000 milliseconds: Restart the
service.

Error - 9/2/2012 10:03:45 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the WRSVC service, but this action
failed with the following error: %%1056

Error - 9/2/2012 10:03:53 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7031
Description = The WRSVC service terminated unexpectedly. It has done this 6 time(s).
The following corrective action will be taken in 10000 milliseconds: Restart the
service.

Error - 9/2/2012 10:03:54 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the WRSVC service, but this action
failed with the following error: %%1056

Error - 9/2/2012 10:04:01 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7031
Description = The WRSVC service terminated unexpectedly. It has done this 7 time(s).
The following corrective action will be taken in 10000 milliseconds: Restart the
service.


< End of report >
____________________________________________________________________________

# AdwCleaner v2.000 - Logfile created 09/02/2012 at 20:50:10
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Spencer - LIFEBOOK
# Boot Mode : Normal
# Running from : C:\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\gflzbfym.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&Sea[...]

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eh337h0r.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Documents and Settings\Spencer\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1541 octets] - [02/09/2012 20:50:10]

########## EOF - C:\AdwCleaner[R1].txt - [1601 octets] ##########


Thanks in advance for any help!
Spencer G.

Hi! Welcome to the forums.

Remove the Adware.

• Please close all open programs and internet browsers.
  
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

Please post the log.

ComboFix

Please download ComboFix by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

• Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  
• It is important to rename ComboFix before the download.
  
• Please do not rename ComboFix to other names, but only the one indicated.
  

After the download:

• Close any open browsers.
  
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
  

Running ComboFix:

• Double click on svchost.exe & follow the prompts.
  
• It will attempt to install the Recovery Console:
  

• When ComboFix finishes, it will produce a report for you.
  
• Please post the "C:\Combo-Fix.txt" in your next reply.
  

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.


NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Thanks for your reply. I finally got ComboFix to run. I downloaded it as svchost.exe, but as it was "preparing to run," it changed file name back to ComboFix.exe. I hope this is what is supposed to happen.
Below are the AdwCleaner[S1].txt and the ComboFix logs. Thanks for looking at them!
Spencer G.

# AdwCleaner v2.000 - Logfile created 09/03/2012 at 09:06:12
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Spencer - LIFEBOOK
# Boot Mode : Normal
# Running from : C:\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\gflzbfym.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&Sea[...]

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eh337h0r.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Documents and Settings\Spencer\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1670 octets] - [02/09/2012 20:50:10]
AdwCleaner[S1].txt - [1866 octets] - [03/09/2012 09:06:12]

########## EOF - C:\AdwCleaner[S1].txt - [1926 octets] ##########

ComboFix 12-09-03.07 - Spencer 09/03/2012 23:10:27.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1674 [GMT -7:00]
Running from: c:\documents and settings\Spencer\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Spencer\Application Data\.#
c:\documents and settings\Spencer\Application Data\.#\MBX@C48@D04208.###
c:\documents and settings\Spencer\Application Data\.#\MBX@C48@D04238.###
c:\documents and settings\Spencer\Application Data\.#\MBX@C48@D04268.###
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-04 to 2012-09-04 )))))))))))))))))))))))))))))))
.
.
2012-09-04 04:43 . 2012-09-04 04:43 7021336 ----a-w- c:\documents and settings\Administrator\Application Data\wruninstall.exe
2012-09-02 20:44 . 2012-09-02 20:44 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2012-09-02 20:42 . 2012-09-02 20:42 -------- d-----w- c:\windows\ERUNT
2012-09-02 20:33 . 2012-09-02 21:24 -------- d-----w- C:\SDFix
2012-09-01 23:16 . 2012-09-01 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2012-09-01 23:16 . 2012-09-01 23:16 73728 ----a-r- c:\documents and settings\Spencer\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-09-01 23:16 . 2012-09-01 23:16 73728 ----a-r- c:\documents and settings\Spencer\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-09-01 23:16 . 2012-09-01 23:16 73728 ----a-r- c:\documents and settings\Spencer\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-08-31 22:19 . 2004-08-04 12:00 80384 -c--a-w- c:\windows\system32\dllcache\charmap.exe
2012-08-31 01:56 . 2012-08-31 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-31 01:56 . 2012-08-31 01:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-31 01:56 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-23 06:16 . 2012-08-23 06:17 9826504 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-08-13 15:17 . 2012-08-13 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-08-12 19:53 . 2012-08-31 00:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-12 19:53 . 2012-08-12 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-08-11 05:36 . 2012-08-11 05:39 -------- d-----w- c:\documents and settings\Spencer\Local Settings\Application Data\Google
2012-08-09 23:47 . 2012-08-09 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-25 22:51 . 2012-06-15 05:13 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-25 22:51 . 2012-06-15 05:13 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-25 02:25 . 2012-07-25 02:37 691481 ----a-w- c:\windows\unins000.exe
2012-07-24 14:21 . 2012-07-24 14:21 388096 ----a-r- c:\documents and settings\Spencer\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-23 18:59 . 2004-09-01 01:38 94208 ----a-w- c:\windows\system32\igfxext.exe
2012-07-06 13:58 . 2004-09-01 00:59 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2004-09-01 01:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-09-01 01:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2004-09-01 01:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-09-01 01:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-09-01 01:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-09-01 01:00 385024 ------w- c:\windows\system32\html.iec
2012-06-20 03:27 . 2012-06-20 03:27 15939 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-06-18 07:04 . 2012-06-18 07:11 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-18 07:04 . 2012-06-18 07:11 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-18 07:03 . 2012-06-18 07:11 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-10 17:12 . 2012-06-15 05:22 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-08-30 712104]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\documents and settings\Administrator\Application Data\wruninstall.exe [2012-9-3 7021336]
.
c:\documents and settings\TEMP.LIFEBOOK\Start Menu\Programs\Startup\
IDrive Tray.lnk - c:\program files\IDrive\IDriveEReg2ini.exe [N/A]
Launch Utility Application.lnk - c:\documents and settings\Spencer\Application Data\Verizon\UA_ar\UtilityApplication.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-07 17:15 88363 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-07-02 11:48 163840 ----a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FjDspMon]
2003-07-28 17:20 20480 ----a-r- c:\program files\Fujitsu\Utils\FjDspMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FjEvents]
2004-08-25 19:43 20480 ----a-w- c:\program files\Fujitsu\Utils\FjEvents.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fujitsu Menu]
2003-10-28 01:00 32768 ----a-r- c:\program files\Fujitsu\Utils\FjMnuIco.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-08-11 05:35 116648 ----atw- c:\documents and settings\Spencer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-12-15 07:07 118784 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndicatorUtility]
2004-08-04 23:19 81920 ----a-w- c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadBtnHnd]
2003-08-21 01:24 61440 ----a-w- c:\program files\Fujitsu\BtnHnd\BtnHnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletTip]
2008-04-14 00:12 271872 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\tabtip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletWizard]
2008-04-14 00:12 16384 ----a-w- c:\windows\Help\splshwrp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WRSVC]
2012-08-30 22:23 712104 ----a-w- c:\program files\Webroot\WRSA.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Downloads\\mflpro\\Data\\Disk1\\setup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys --> c:\windows\system32\drivers\WRkrn.sys [?]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164;c:\windows\system32\drivers\A302.sys [8/31/2004 6:38 PM 11831]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [8/31/2004 6:38 PM 191264]
R3 DX02;DX02;c:\windows\system32\drivers\dx02.sys [7/29/2004 1:27 PM 83712]
R3 Fjbtndrv;Fujitsu LIFEBOOK T3000 Button Driver;c:\windows\system32\drivers\FjBtndrv.sys [6/20/2003 2:30 PM 11392]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [8/31/2004 6:38 PM 31104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/30/2012 6:56 PM 22344]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [8/31/2004 6:38 PM 5760]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/30/2012 6:56 PM 655944]
S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [6/14/2012 8:59 PM 712104]
S3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 4:38 PM 116608]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/14/2012 10:13 PM 250568]
S3 DsiUsb;DsiUsb;c:\windows\system32\drivers\DsiUsb.sys [7/25/2012 5:37 PM 48128]
S3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [8/31/2004 6:38 PM 6000]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/14/2012 10:22 PM 113120]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [8/31/2004 11:22 AM 14208]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 22:51]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4249785800-535049725-2160960142-1005Core.job
- c:\documents and settings\Spencer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-11 05:35]
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4249785800-535049725-2160960142-1005UA.job
- c:\documents and settings\Spencer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-11 05:35]
.
2012-09-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4249785800-535049725-2160960142-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]
.
2012-07-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4249785800-535049725-2160960142-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:?body=https%3A%2F%2Freservations.bostonhotelbuckminster.com%2Fiqreservations%2Fasp%2FPrintConfirmation.asp&subject=Boston%20Hotel%20Buckminster%20Confirmation%20-%20Mr.%20Spencer%20Gross
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Spencer\Application Data\Mozilla\Firefox\Profiles\gflzbfym.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
------- File Associations -------
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-03 23:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(552)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-09-03 23:36:56
ComboFix-quarantined-files.txt 2012-09-04 06:36
.
Pre-Run: 196,529,520,640 bytes free
Post-Run: 196,550,995,968 bytes free
.
- - End Of File - - 5EBDCBD69C7D349E59CEAC55FA448786

Good job!

ComboFix Script

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the codebox below into it:
  

  ClearJavaCache::
  
  SRPEEK::
  user32.dll
  
  Registry::
  [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
  
  Driver::
  MEMSWEEP2

  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.
  

ComboFix 12-09-04.02 - Spencer 09/04/2012 10:54:10.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1659 [GMT -7:00]
Running from: c:\documents and settings\Spencer\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Spencer\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Spencer\Application Data\inst.exe
c:\windows\EventSystem.log
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\FlashPlayerInstaller.exe
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2
.
.
((((((((((((((((((((((((( Files Created from 2012-08-05 to 2012-09-05 )))))))))))))))))))))))))))))))
.
.
2012-09-04 04:43 . 2012-09-04 04:43 7021336 ----a-w- c:\documents and settings\Administrator\Application Data\wruninstall.exe
2012-09-02 20:44 . 2012-09-02 20:44 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2012-09-02 20:42 . 2012-09-02 20:42 -------- d-----w- c:\windows\ERUNT
2012-09-02 20:33 . 2012-09-02 21:24 -------- d-----w- C:\SDFix
2012-09-01 23:16 . 2012-09-01 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2012-09-01 23:16 . 2012-09-01 23:16 73728 ----a-r- c:\documents and settings\Spencer\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-09-01 23:16 . 2012-09-01 23:16 73728 ----a-r- c:\documents and settings\Spencer\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-09-01 23:16 . 2012-09-01 23:16 73728 ----a-r- c:\documents and settings\Spencer\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-08-31 22:19 . 2004-08-04 12:00 80384 -c--a-w- c:\windows\system32\dllcache\charmap.exe
2012-08-31 01:56 . 2012-08-31 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-31 01:56 . 2012-08-31 01:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-31 01:56 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-13 15:17 . 2012-08-13 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-08-12 19:53 . 2012-08-31 00:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-12 19:53 . 2012-08-12 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-08-11 05:36 . 2012-08-11 05:39 -------- d-----w- c:\documents and settings\Spencer\Local Settings\Application Data\Google
2012-08-09 23:47 . 2012-08-09 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-25 22:51 . 2012-06-15 05:13 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-25 22:51 . 2012-06-15 05:13 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-25 02:25 . 2012-07-25 02:37 691481 ----a-w- c:\windows\unins000.exe
2012-07-24 14:21 . 2012-07-24 14:21 388096 ----a-r- c:\documents and settings\Spencer\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-23 18:59 . 2004-09-01 01:38 94208 ----a-w- c:\windows\system32\igfxext.exe
2012-07-06 13:58 . 2004-09-01 00:59 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2004-09-01 01:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-09-01 01:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2004-09-01 01:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-09-01 01:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-09-01 01:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-09-01 01:00 385024 ------w- c:\windows\system32\html.iec
2012-06-20 03:27 . 2012-06-20 03:27 15939 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-06-18 07:04 . 2012-06-18 07:11 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-18 07:04 . 2012-06-18 07:11 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-18 07:03 . 2012-06-18 07:11 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-10 17:12 . 2012-06-15 05:22 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\documents and settings\Administrator\Application Data\wruninstall.exe [2012-9-3 7021336]
.
c:\documents and settings\TEMP.LIFEBOOK\Start Menu\Programs\Startup\
IDrive Tray.lnk - c:\program files\IDrive\IDriveEReg2ini.exe [N/A]
Launch Utility Application.lnk - c:\documents and settings\Spencer\Application Data\Verizon\UA_ar\UtilityApplication.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-07 17:15 88363 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-07-02 11:48 163840 ----a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FjDspMon]
2003-07-28 17:20 20480 ----a-r- c:\program files\Fujitsu\Utils\FjDspMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FjEvents]
2004-08-25 19:43 20480 ----a-w- c:\program files\Fujitsu\Utils\FjEvents.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fujitsu Menu]
2003-10-28 01:00 32768 ----a-r- c:\program files\Fujitsu\Utils\FjMnuIco.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-12-15 07:07 118784 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndicatorUtility]
2004-08-04 23:19 81920 ----a-w- c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadBtnHnd]
2003-08-21 01:24 61440 ----a-w- c:\program files\Fujitsu\BtnHnd\BtnHnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletTip]
2008-04-14 00:12 271872 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\tabtip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletWizard]
2008-04-14 00:12 16384 ----a-w- c:\windows\Help\splshwrp.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Downloads\\mflpro\\Data\\Disk1\\setup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/30/2012 6:56 PM 655944]
R3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164;c:\windows\system32\drivers\A302.sys [8/31/2004 6:38 PM 11831]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [8/31/2004 6:38 PM 191264]
R3 DX02;DX02;c:\windows\system32\drivers\dx02.sys [7/29/2004 1:27 PM 83712]
R3 Fjbtndrv;Fujitsu LIFEBOOK T3000 Button Driver;c:\windows\system32\drivers\FjBtndrv.sys [6/20/2003 2:30 PM 11392]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [8/31/2004 6:38 PM 31104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/30/2012 6:56 PM 22344]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [8/31/2004 6:38 PM 5760]
S3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 4:38 PM 116608]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/14/2012 10:13 PM 250568]
S3 DsiUsb;DsiUsb;c:\windows\system32\drivers\DsiUsb.sys [7/25/2012 5:37 PM 48128]
S3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [8/31/2004 6:38 PM 6000]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/14/2012 10:22 PM 113120]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [8/31/2004 11:22 AM 14208]
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 22:51]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4249785800-535049725-2160960142-1005Core.job
- c:\documents and settings\Spencer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-11 05:35]
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4249785800-535049725-2160960142-1005UA.job
- c:\documents and settings\Spencer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-11 05:35]
.
2012-09-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4249785800-535049725-2160960142-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]
.
2012-09-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4249785800-535049725-2160960142-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:?body=https%3A%2F%2Freservations.bostonhotelbuckminster.com%2Fiqreservations%2Fasp%2FPrintConfirmation.asp&subject=Boston%20Hotel%20Buckminster%20Confirmation%20-%20Mr.%20Spencer%20Gross
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Spencer\Application Data\Mozilla\Firefox\Profiles\gflzbfym.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-04 17:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1336)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(524)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
c:\windows\System32\SCardSvr.exe
c:\windows\System32\digtizer.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\igfxext.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\System32\tabbtnu.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-09-04 17:21:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-05 00:21
ComboFix2.txt 2012-09-04 06:36
.
Pre-Run: 197,094,273,024 bytes free
Post-Run: 197,060,358,144 bytes free
.
- - End Of File - - 5F996E1CC4DAEEEDF438DB91C8219930

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue




----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Please download aswMBR from here

• Save aswMBR.exe to your Desktop
  
• Double click aswMBR.exe to run it
  
• Click the Scan button to start the scan as illustrated below
  

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

• Once the scan finishes click Save log to save the log to your Desktop
  
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  

19:03:10.0502 1132 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:03:11.0063 1132 ============================================================
19:03:11.0063 1132 Current date / time: 2012/09/05 19:03:11.0063
19:03:11.0063 1132 SystemInfo:
19:03:11.0063 1132
19:03:11.0063 1132 OS Version: 5.1.2600 ServicePack: 3.0
19:03:11.0063 1132 Product type: Workstation
19:03:11.0063 1132 ComputerName: LIFEBOOK
19:03:11.0063 1132 UserName: Spencer
19:03:11.0063 1132 Windows directory: C:\WINDOWS
19:03:11.0063 1132 System windows directory: C:\WINDOWS
19:03:11.0063 1132 Processor architecture: Intel x86
19:03:11.0063 1132 Number of processors: 1
19:03:11.0063 1132 Page size: 0x1000
19:03:11.0063 1132 Boot type: Normal boot
19:03:11.0063 1132 ============================================================
19:03:14.0808 1132 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:03:14.0808 1132 ============================================================
19:03:14.0808 1132 \Device\Harddisk0\DR0:
19:03:14.0818 1132 MBR partitions:
19:03:14.0818 1132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
19:03:14.0818 1132 ============================================================
19:03:14.0838 1132 C: <-> \Device\Harddisk0\DR0\Partition1
19:03:14.0838 1132 ============================================================
19:03:14.0838 1132 Initialize success
19:03:14.0838 1132 ============================================================
19:06:45.0321 4092 ============================================================
19:06:45.0321 4092 Scan started
19:06:45.0321 4092 Mode: Manual; SigCheck; TDLFS;
19:06:45.0321 4092 ============================================================
19:06:46.0943 4092 ================ Scan system memory ========================
19:06:46.0943 4092 System memory - ok
19:06:46.0943 4092 ================ Scan services =============================
19:06:47.0093 4092 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:06:47.0884 4092 !SASCORE - ok
19:06:48.0555 4092 Abiosdsk - ok
19:06:48.0565 4092 abp480n5 - ok
19:06:48.0766 4092 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:06:56.0877 4092 ACPI - ok
19:06:56.0947 4092 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:06:57.0118 4092 ACPIEC - ok
19:06:57.0268 4092 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:06:57.0378 4092 AdobeFlashPlayerUpdateSvc - ok
19:06:57.0408 4092 adpu160m - ok
19:06:57.0769 4092 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:06:57.0919 4092 aec - ok
19:06:58.0179 4092 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:06:58.0259 4092 AFD - ok
19:06:59.0030 4092 [ B2B65DF27EDD281A757972E13B36FF33 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
19:07:00.0843 4092 AgereSoftModem - ok
19:07:00.0853 4092 Aha154x - ok
19:07:00.0863 4092 aic78u2 - ok
19:07:00.0883 4092 aic78xx - ok
19:07:00.0943 4092 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:07:01.0284 4092 Alerter - ok
19:07:01.0314 4092 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:07:01.0584 4092 ALG - ok
19:07:01.0594 4092 AliIde - ok
19:07:01.0604 4092 amsint - ok
19:07:01.0865 4092 [ 27276D9BBD6F5322AF18229760634DF9 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
19:07:01.0925 4092 ApfiltrService - ok
19:07:02.0005 4092 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:07:02.0095 4092 AppMgmt - ok
19:07:02.0616 4092 [ BA0D4249D42ED6EC04C89D7B53ABF065 ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
19:07:03.0016 4092 AR5211 - ok
19:07:03.0086 4092 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:07:03.0357 4092 Arp1394 - ok
19:07:03.0367 4092 asc - ok
19:07:03.0377 4092 asc3350p - ok
19:07:03.0397 4092 asc3550 - ok
19:07:03.0847 4092 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:07:03.0867 4092 aspnet_state - ok
19:07:04.0108 4092 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:07:04.0318 4092 AsyncMac - ok
19:07:04.0809 4092 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:07:05.0049 4092 atapi - ok
19:07:05.0049 4092 Atdisk - ok
19:07:05.0149 4092 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:07:05.0320 4092 Atmarpc - ok
19:07:05.0360 4092 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:07:05.0850 4092 AudioSrv - ok
19:07:05.0890 4092 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:07:06.0031 4092 audstub - ok
19:07:06.0111 4092 [ 3F09AC7CBEF693554092664DEEF9AD00 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
19:07:06.0391 4092 b57w2k - ok
19:07:07.0052 4092 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:07:07.0212 4092 Beep - ok
19:07:07.0763 4092 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:07:08.0174 4092 BITS - ok
19:07:08.0244 4092 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:07:08.0724 4092 Browser - ok
19:07:09.0005 4092 [ D4B47530831024434D780E6BE25F0AB7 ] BtnHnd C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys
19:07:09.0025 4092 BtnHnd ( UnsignedFile.Multi.Generic ) - warning
19:07:09.0025 4092 BtnHnd - detected UnsignedFile.Multi.Generic (1)
19:07:09.0035 4092 catchme - ok
19:07:09.0075 4092 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:07:09.0335 4092 cbidf2k - ok
19:07:09.0866 4092 [ 8EF654045E518AC00E52E7A1E2D3AD70 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
19:07:09.0896 4092 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
19:07:09.0896 4092 CCALib8 - detected UnsignedFile.Multi.Generic (1)
19:07:09.0906 4092 cd20xrnt - ok
19:07:10.0096 4092 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:07:10.0347 4092 Cdaudio - ok
19:07:10.0847 4092 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:07:11.0278 4092 Cdfs - ok
19:07:11.0338 4092 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:07:11.0839 4092 Cdrom - ok
19:07:11.0839 4092 Changer - ok
19:07:11.0869 4092 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:07:12.0059 4092 CiSvc - ok
19:07:12.0189 4092 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:07:12.0820 4092 ClipSrv - ok
19:07:12.0860 4092 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:07:12.0910 4092 clr_optimization_v2.0.50727_32 - ok
19:07:12.0950 4092 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:07:13.0261 4092 CmBatt - ok
19:07:13.0271 4092 CmdIde - ok
19:07:13.0321 4092 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:07:13.0692 4092 Compbatt - ok
19:07:13.0702 4092 COMSysApp - ok
19:07:13.0792 4092 [ 0D4905AA2C08E373ABE3B018F7826E96 ] CONAN C:\WINDOWS\system32\drivers\o2mmb.sys
19:07:14.0032 4092 CONAN - ok
19:07:14.0052 4092 Cpqarray - ok
19:07:14.0112 4092 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:07:14.0282 4092 CryptSvc - ok
19:07:14.0292 4092 dac2w2k - ok
19:07:14.0302 4092 dac960nt - ok
19:07:14.0833 4092 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:07:15.0234 4092 DcomLaunch - ok
19:07:15.0294 4092 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:07:15.0825 4092 Dhcp - ok
19:07:15.0885 4092 [ C88F5632D52FC81192754A17E3ADD427 ] Digitizer C:\WINDOWS\System32\digtizer.exe
19:07:16.0105 4092 Digitizer ( UnsignedFile.Multi.Generic ) - warning
19:07:16.0105 4092 Digitizer - detected UnsignedFile.Multi.Generic (1)
19:07:16.0135 4092 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:07:16.0456 4092 Disk - ok
19:07:16.0466 4092 dmadmin - ok
19:07:17.0197 4092 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:07:18.0418 4092 dmboot - ok
19:07:18.0468 4092 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:07:19.0029 4092 dmio - ok
19:07:19.0280 4092 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:07:19.0800 4092 dmload - ok
19:07:19.0830 4092 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:07:20.0101 4092 dmserver - ok
19:07:20.0301 4092 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:07:20.0642 4092 DMusic - ok
19:07:20.0872 4092 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:07:20.0962 4092 Dnscache - ok
19:07:21.0032 4092 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:07:21.0212 4092 Dot3svc - ok
19:07:21.0222 4092 dpti2o - ok
19:07:21.0383 4092 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:07:21.0653 4092 drmkaud - ok
19:07:21.0713 4092 [ 381612F20365F843C228A2BB3E8FBDD4 ] DsiUsb C:\WINDOWS\system32\DRIVERS\DsiUsb.sys
19:07:21.0753 4092 DsiUsb ( UnsignedFile.Multi.Generic ) - warning
19:07:21.0753 4092 DsiUsb - detected UnsignedFile.Multi.Generic (1)
19:07:22.0074 4092 [ 0567351701B5ECC9E1C1CD36DA6685F8 ] DX02 C:\WINDOWS\system32\drivers\dx02.sys
19:07:22.0194 4092 DX02 ( UnsignedFile.Multi.Generic ) - warning
19:07:22.0194 4092 DX02 - detected UnsignedFile.Multi.Generic (1)
19:07:22.0264 4092 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:07:22.0915 4092 EapHost - ok
19:07:23.0035 4092 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:07:23.0205 4092 ERSvc - ok
19:07:23.0275 4092 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:07:23.0375 4092 Eventlog - ok
19:07:23.0476 4092 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:07:23.0786 4092 EventSystem - ok
19:07:23.0836 4092 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:07:24.0097 4092 Fastfat - ok
19:07:24.0227 4092 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:07:24.0337 4092 FastUserSwitchingCompatibility - ok
19:07:24.0387 4092 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:07:24.0627 4092 Fdc - ok
19:07:24.0868 4092 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:07:25.0118 4092 Fips - ok
19:07:25.0418 4092 [ 589B339237147C1D5058BD5E21F04FEE ] Fjbtndrv C:\WINDOWS\system32\DRIVERS\Fjbtndrv.sys
19:07:25.0479 4092 Fjbtndrv - ok
19:07:25.0489 4092 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:07:25.0749 4092 Flpydisk - ok
19:07:25.0969 4092 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:07:26.0240 4092 FltMgr - ok
19:07:26.0520 4092 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:07:26.0610 4092 FontCache3.0.0.0 - ok
19:07:26.0640 4092 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:07:26.0951 4092 Fs_Rec - ok
19:07:27.0021 4092 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:07:27.0251 4092 Ftdisk - ok
19:07:27.0261 4092 [ 00845DCD64FE6348DDF7890C310C17B9 ] FUJ02B1 C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys
19:07:27.0321 4092 FUJ02B1 - ok
19:07:27.0351 4092 [ 4AA9DB198679CBC97C322393735BAF08 ] FUJ02E1 C:\WINDOWS\system32\Drivers\FUJ02E1.sys
19:07:27.0381 4092 FUJ02E1 - ok
19:07:27.0441 4092 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:07:27.0732 4092 Gpc - ok
19:07:27.0822 4092 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:07:28.0132 4092 helpsvc - ok
19:07:28.0303 4092 [ 9DD539F435110B2E8FC69E3676E30B34 ] hidpen C:\WINDOWS\system32\DRIVERS\hidpen.sys
19:07:28.0373 4092 hidpen - ok
19:07:28.0383 4092 HidServ - ok
19:07:28.0413 4092 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:07:28.0653 4092 HidUsb - ok
19:07:28.0893 4092 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:07:29.0164 4092 hkmsvc - ok
19:07:29.0174 4092 hpn - ok
19:07:29.0474 4092 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:07:29.0644 4092 HTTP - ok
19:07:29.0705 4092 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:07:30.0325 4092 HTTPFilter - ok
19:07:30.0325 4092 i2omgmt - ok
19:07:30.0376 4092 i2omp - ok
19:07:30.0486 4092 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:07:30.0686 4092 i8042prt - ok
19:07:30.0746 4092 [ 1AB4C121BCA5B8A0A0BF7C41A319106C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:07:31.0357 4092 ialm - ok
19:07:31.0808 4092 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:07:32.0859 4092 idsvc - ok
19:07:32.0899 4092 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:07:33.0250 4092 Imapi - ok
19:07:33.0490 4092 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:07:33.0800 4092 ImapiService - ok
19:07:33.0831 4092 ini910u - ok
19:07:34.0001 4092 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:07:34.0291 4092 IntelIde - ok
19:07:34.0351 4092 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:07:34.0822 4092 intelppm - ok
19:07:35.0733 4092 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:07:35.0893 4092 Ip6Fw - ok
19:07:36.0134 4092 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:07:36.0374 4092 IpFilterDriver - ok
19:07:36.0414 4092 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:07:36.0725 4092 IpInIp - ok
19:07:36.0895 4092 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:07:37.0075 4092 IpNat - ok
19:07:37.0155 4092 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:07:37.0326 4092 IPSec - ok
19:07:37.0416 4092 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
19:07:37.0726 4092 irda - ok
19:07:37.0896 4092 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:07:37.0986 4092 IRENUM - ok
19:07:38.0187 4092 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
19:07:38.0307 4092 Irmon - ok
19:07:38.0347 4092 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:07:38.0547 4092 isapnp - ok
19:07:38.0868 4092 [ A456937ACC87BB40D7E2331F1E3A2AC5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
19:07:38.0958 4092 JavaQuickStarterService - ok
19:07:38.0988 4092 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:07:39.0288 4092 Kbdclass - ok
19:07:39.0499 4092 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:07:39.0649 4092 kbdhid - ok
19:07:39.0739 4092 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:07:39.0929 4092 kmixer - ok
19:07:40.0039 4092 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:07:40.0140 4092 KSecDD - ok
19:07:40.0220 4092 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:07:40.0290 4092 lanmanserver - ok
19:07:40.0360 4092 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:07:40.0440 4092 lanmanworkstation - ok
19:07:40.0450 4092 lbrtfdc - ok
19:07:40.0700 4092 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:07:40.0951 4092 LmHosts - ok
19:07:41.0211 4092 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
19:07:41.0301 4092 MBAMProtector - ok
19:07:41.0722 4092 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:07:42.0383 4092 MBAMService - ok
19:07:42.0393 4092 [ C5D77B47F413EB62D41E523E2B4700E2 ] MbxStby C:\WINDOWS\system32\drivers\MbxStby.sys
19:07:42.0433 4092 MbxStby - ok
19:07:42.0773 4092 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:07:42.0874 4092 MDM - ok
19:07:42.0924 4092 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:07:43.0084 4092 Messenger - ok
19:07:43.0274 4092 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:07:43.0434 4092 mnmdd - ok
19:07:43.0484 4092 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:07:43.0905 4092 mnmsrvc - ok
19:07:43.0955 4092 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:07:44.0135 4092 Modem - ok
19:07:44.0346 4092 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:07:44.0826 4092 Mouclass - ok
19:07:44.0886 4092 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:07:45.0057 4092 mouhid - ok
19:07:45.0087 4092 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:07:45.0257 4092 MountMgr - ok
19:07:45.0347 4092 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:07:45.0417 4092 MozillaMaintenance - ok
19:07:45.0417 4092 mraid35x - ok
19:07:45.0477 4092 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:07:45.0758 4092 MRxDAV - ok
19:07:45.0908 4092 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:07:46.0359 4092 MRxSmb - ok
19:07:46.0399 4092 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:07:46.0819 4092 MSDTC - ok
19:07:46.0839 4092 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:07:47.0330 4092 Msfs - ok
19:07:47.0340 4092 MSIServer - ok
19:07:47.0370 4092 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:07:47.0700 4092 MSKSSRV - ok
19:07:47.0761 4092 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:07:47.0921 4092 MSPCLOCK - ok
19:07:47.0931 4092 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:07:48.0101 4092 MSPQM - ok
19:07:48.0321 4092 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:07:48.0472 4092 mssmbios - ok
19:07:48.0532 4092 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:07:48.0962 4092 Mup - ok
19:07:49.0092 4092 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:07:49.0984 4092 napagent - ok
19:07:50.0104 4092 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:07:50.0494 4092 NDIS - ok
19:07:50.0555 4092 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:07:50.0655 4092 NdisTapi - ok
19:07:50.0695 4092 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:07:50.0935 4092 Ndisuio - ok
19:07:50.0965 4092 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:07:51.0236 4092 NdisWan - ok
19:07:51.0276 4092 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:07:51.0336 4092 NDProxy - ok
19:07:51.0396 4092 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:07:51.0586 4092 NetBIOS - ok
19:07:51.0736 4092 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:07:51.0947 4092 NetBT - ok
19:07:52.0017 4092 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:07:52.0247 4092 NetDDE - ok
19:07:52.0287 4092 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:07:52.0557 4092 NetDDEdsdm - ok
19:07:53.0719 4092 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:07:53.0889 4092 Netlogon - ok
19:07:54.0080 4092 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:07:54.0290 4092 Netman - ok
19:07:54.0360 4092 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:07:54.0400 4092 NetTcpPortSharing - ok
19:07:54.0640 4092 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:07:54.0971 4092 NIC1394 - ok
19:07:55.0191 4092 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:07:55.0211 4092 Nla - ok
19:07:55.0271 4092 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:07:55.0542 4092 Npfs - ok
19:07:55.0882 4092 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:07:56.0293 4092 Ntfs - ok
19:07:56.0443 4092 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:07:56.0583 4092 NtLmSsp - ok
19:07:56.0753 4092 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:07:57.0284 4092 NtmsSvc - ok
19:07:57.0334 4092 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:07:57.0485 4092 Null - ok
19:07:57.0635 4092 [ 2C2FD0E6B0180F94C260DD26706AA5F4 ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll
19:07:57.0985 4092 NWCWorkstation - ok
19:07:58.0236 4092 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:07:58.0386 4092 NwlnkFlt - ok
19:07:58.0396 4092 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:07:58.0646 4092 NwlnkFwd - ok
19:07:58.0826 4092 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
19:07:59.0047 4092 NwlnkIpx - ok
19:07:59.0077 4092 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
19:07:59.0367 4092 NwlnkNb - ok
19:07:59.0387 4092 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
19:07:59.0568 4092 NwlnkSpx - ok
19:07:59.0678 4092 [ 36B9B950E3D2E100970A48D8BAD86740 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys
19:07:59.0788 4092 NWRDR - ok
19:07:59.0838 4092 [ DCD4019074A00E4CA177F9B62F8E41E9 ] O2SCBUS C:\WINDOWS\system32\DRIVERS\ozscr.sys
19:07:59.0888 4092 O2SCBUS - ok
19:07:59.0918 4092 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:08:00.0238 4092 ohci1394 - ok
19:08:00.0349 4092 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:08:00.0389 4092 ose - ok
19:08:00.0659 4092 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
19:08:00.0990 4092 Parport - ok
19:08:01.0010 4092 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:08:01.0380 4092 PartMgr - ok
19:08:01.0420 4092 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:08:01.0781 4092 ParVdm - ok
19:08:01.0811 4092 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:08:01.0961 4092 PCI - ok
19:08:01.0981 4092 PCIDump - ok
19:08:02.0001 4092 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:08:02.0191 4092 PCIIde - ok
19:08:02.0382 4092 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
19:08:02.0602 4092 Pcmcia - ok
19:08:02.0622 4092 PDCOMP - ok
19:08:02.0642 4092 PDFRAME - ok
19:08:02.0662 4092 PDRELI - ok
19:08:02.0752 4092 PDRFRAME - ok
19:08:02.0792 4092 perc2 - ok
19:08:02.0832 4092 perc2hib - ok
19:08:03.0163 4092 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:08:03.0253 4092 PlugPlay - ok
19:08:03.0263 4092 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:08:03.0563 4092 PolicyAgent - ok
19:08:03.0713 4092 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:08:03.0944 4092 PptpMiniport - ok
19:08:03.0964 4092 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:08:04.0234 4092 ProtectedStorage - ok
19:08:04.0254 4092 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:08:04.0515 4092 PSched - ok
19:08:04.0545 4092 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:08:04.0795 4092 Ptilink - ok
19:08:04.0805 4092 ql1080 - ok
19:08:04.0815 4092 Ql10wnt - ok
19:08:04.0825 4092 ql12160 - ok
19:08:04.0835 4092 ql1240 - ok
19:08:04.0845 4092 ql1280 - ok
19:08:04.0965 4092 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:08:05.0115 4092 RasAcd - ok
19:08:05.0176 4092 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:08:05.0356 4092 RasAuto - ok
19:08:05.0616 4092 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
19:08:05.0716 4092 Rasirda - ok
19:08:05.0746 4092 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:08:05.0937 4092 Rasl2tp - ok
19:08:06.0167 4092 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:08:06.0437 4092 RasMan - ok
19:08:06.0467 4092 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:08:06.0908 4092 RasPppoe - ok
19:08:06.0928 4092 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:08:07.0118 4092 Raspti - ok
19:08:07.0239 4092 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:08:07.0449 4092 Rdbss - ok
19:08:07.0489 4092 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:08:07.0940 4092 RDPCDD - ok
19:08:08.0000 4092 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:08:08.0220 4092 rdpdr - ok
19:08:08.0420 4092 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:08:08.0500 4092 RDPWD - ok
19:08:08.0570 4092 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:08:08.0821 4092 RDSessMgr - ok
19:08:08.0981 4092 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:08:09.0251 4092 redbook - ok
19:08:09.0602 4092 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:08:09.0962 4092 RemoteAccess - ok
19:08:10.0113 4092 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:08:10.0473 4092 RemoteRegistry - ok
19:08:10.0523 4092 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:08:10.0764 4092 RpcLocator - ok
19:08:10.0894 4092 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:08:11.0244 4092 RpcSs - ok
19:08:11.0314 4092 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:08:11.0585 4092 RSVP - ok
19:08:11.0595 4092 s24trans - ok
19:08:11.0745 4092 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:08:11.0925 4092 SamSs - ok
19:08:11.0945 4092 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:08:11.0955 4092 SASDIFSV - ok
19:08:12.0025 4092 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:08:12.0045 4092 SASKUTIL - ok
19:08:12.0116 4092 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:08:12.0476 4092 SCardSvr - ok
19:08:12.0606 4092 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:08:13.0197 4092 Schedule - ok
19:08:13.0377 4092 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:08:13.0548 4092 Secdrv - ok
19:08:13.0598 4092 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:08:13.0958 4092 seclogon - ok
19:08:14.0529 4092 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:08:14.0839 4092 SENS - ok
19:08:15.0140 4092 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:08:15.0370 4092 Serial - ok
19:08:15.0480 4092 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
19:08:15.0761 4092 Sfloppy - ok
19:08:15.0901 4092 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:08:16.0482 4092 SharedAccess - ok
19:08:16.0742 4092 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:08:16.0832 4092 ShellHWDetection - ok
19:08:16.0842 4092 Simbad - ok
19:08:16.0882 4092 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
19:08:17.0033 4092 SMCIRDA - ok
19:08:17.0043 4092 Sparrow - ok
19:08:17.0223 4092 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:08:17.0393 4092 splitter - ok
19:08:17.0453 4092 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:08:17.0533 4092 Spooler - ok
19:08:17.0573 4092 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:08:17.0974 4092 sr - ok
19:08:18.0054 4092 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:08:18.0264 4092 srservice - ok
19:08:18.0415 4092 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:08:18.0635 4092 Srv - ok
19:08:18.0795 4092 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:08:19.0066 4092 SSDPSRV - ok
19:08:19.0236 4092 [ 243A7E7EB95257DFAA9A449A4DF358E2 ] STAC97 C:\WINDOWS\system32\drivers\stac97.sys
19:08:19.0546 4092 STAC97 - ok
19:08:19.0596 4092 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
19:08:19.0877 4092 StillCam - ok
19:08:20.0167 4092 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:08:20.0688 4092 stisvc - ok
19:08:21.0008 4092 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:08:21.0319 4092 swenum - ok
19:08:21.0409 4092 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:08:21.0749 4092 swmidi - ok
19:08:21.0759 4092 SwPrv - ok
19:08:21.0779 4092 symc810 - ok
19:08:21.0789 4092 symc8xx - ok
19:08:21.0799 4092 sym_hi - ok
19:08:21.0810 4092 sym_u3 - ok
19:08:21.0850 4092 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:08:22.0140 4092 sysaudio - ok
19:08:22.0240 4092 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:08:22.0551 4092 SysmonLog - ok
19:08:22.0651 4092 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:08:23.0021 4092 TapiSrv - ok
19:08:23.0382 4092 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:08:23.0602 4092 Tcpip - ok
19:08:23.0872 4092 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:08:24.0083 4092 TDPIPE - ok
19:08:24.0123 4092 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:08:24.0403 4092 TDTCP - ok
19:08:24.0483 4092 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:08:24.0914 4092 TermDD - ok
19:08:25.0024 4092 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:08:25.0345 4092 TermService - ok
19:08:25.0435 4092 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:08:25.0485 4092 Themes - ok
19:08:25.0545 4092 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:08:26.0086 4092 TlntSvr - ok
19:08:26.0096 4092 TosIde - ok
19:08:26.0166 4092 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:08:26.0356 4092 TrkWks - ok
19:08:26.0406 4092 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:08:26.0897 4092 Udfs - ok
19:08:26.0907 4092 ultra - ok
19:08:27.0247 4092 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:08:27.0878 4092 Update - ok
19:08:27.0978 4092 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:08:28.0249 4092 upnphost - ok
19:08:28.0269 4092 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:08:28.0479 4092 UPS - ok
19:08:28.0719 4092 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:08:29.0100 4092 usbccgp - ok
19:08:29.0230 4092 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:08:29.0450 4092 usbehci - ok
19:08:29.0511 4092 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:08:29.0911 4092 usbhub - ok
19:08:29.0941 4092 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:08:30.0101 4092 usbscan - ok
19:08:30.0151 4092 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:08:30.0302 4092 usbstor - ok
19:08:30.0402 4092 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:08:30.0562 4092 usbuhci - ok
19:08:30.0602 4092 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:08:30.0792 4092 VgaSave - ok
19:08:30.0802 4092 ViaIde - ok
19:08:31.0053 4092 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:08:31.0243 4092 VolSnap - ok
19:08:31.0353 4092 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:08:31.0533 4092 VSS - ok
19:08:32.0775 4092 [ EC606DB5388C3BFFDC254B1FC9E0FBBA ] w22n51 C:\WINDOWS\system32\DRIVERS\w22n51.sys
19:08:36.0170 4092 w22n51 - ok
19:08:37.0522 4092 [ F0608F3B5B6D16F4870E867F9D069B6B ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
19:08:40.0276 4092 w29n51 - ok
19:08:40.0366 4092 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:08:40.0526 4092 W32Time - ok
19:08:40.0566 4092 [ ACED8C149B30F8496C237BCBA3727B48 ] WacomPen C:\WINDOWS\system32\DRIVERS\wacompen.sys
19:08:40.0997 4092 WacomPen - ok
19:08:41.0147 4092 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:08:41.0608 4092 Wanarp - ok
19:08:41.0618 4092 WDICA - ok
19:08:41.0928 4092 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:08:42.0379 4092 wdmaud - ok
19:08:42.0439 4092 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:08:42.0680 4092 WebClient - ok
19:08:42.0840 4092 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:08:43.0090 4092 winmgmt - ok
19:08:43.0481 4092 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
19:08:44.0502 4092 WinRM - ok
19:08:44.0722 4092 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:08:44.0853 4092 WmdmPmSN - ok
19:08:45.0053 4092 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
19:08:45.0453 4092 Wmi - ok
19:08:45.0544 4092 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:08:45.0784 4092 WmiApSrv - ok
19:08:46.0124 4092 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:08:46.0976 4092 WMPNetworkSvc - ok
19:08:47.0016 4092 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:08:47.0176 4092 WS2IFSL - ok
19:08:47.0396 4092 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:08:47.0627 4092 wscsvc - ok
19:08:47.0677 4092 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:08:47.0977 4092 wuauserv - ok
19:08:48.0037 4092 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:08:48.0097 4092 WudfPf - ok
19:08:48.0137 4092 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:08:48.0187 4092 WudfRd - ok
19:08:48.0217 4092 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:08:48.0258 4092 WudfSvc - ok
19:08:48.0428 4092 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:08:49.0139 4092 WZCSVC - ok
19:08:49.0209 4092 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:08:49.0539 4092 xmlprov - ok
19:08:49.0619 4092 [ 5A5749D1B68BD321A6DF6C2589879908 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
19:08:49.0790 4092 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
19:08:49.0860 4092 [ 11D6D2EB80CCB2F676B7A9A84D74C6AE ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
19:08:49.0950 4092 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
19:08:49.0980 4092 [ E13F355E70358D0757A7F6EDFECE7BB8 ] {E6759E0C-470B-44DC-A4A1-627E68BB3A85} C:\WINDOWS\system32\drivers\A302.sys
19:08:50.0010 4092 {E6759E0C-470B-44DC-A4A1-627E68BB3A85} - ok
19:08:50.0010 4092 ================ Scan global ===============================
19:08:50.0070 4092 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:08:50.0371 4092 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:08:50.0571 4092 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:08:50.0831 4092 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:08:50.0951 4092 [Global] - ok
19:08:50.0951 4092 ================ Scan MBR ==================================
19:08:51.0082 4092 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk0\DR0
19:08:52.0083 4092 \Device\Harddisk0\DR0 - ok
19:08:52.0083 4092 ================ Scan VBR ==================================
19:08:52.0113 4092 [ 7A71AB37604B0E1D794CD00BE343D0E3 ] \Device\Harddisk0\DR0\Partition1
19:08:52.0113 4092 \Device\Harddisk0\DR0\Partition1 - ok
19:08:52.0123 4092 ============================================================
19:08:52.0123 4092 Scan finished
19:08:52.0123 4092 ============================================================
19:08:52.0233 3364 Detected object count: 5
19:08:52.0233 3364 Actual detected object count: 5
19:11:59.0092 3364 BtnHnd ( UnsignedFile.Multi.Generic ) - skipped by user
19:11:59.0092 3364 BtnHnd ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:11:59.0102 3364 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
19:11:59.0102 3364 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:11:59.0102 3364 Digitizer ( UnsignedFile.Multi.Generic ) - skipped by user
19:11:59.0102 3364 Digitizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:11:59.0112 3364 DsiUsb ( UnsignedFile.Multi.Generic ) - skipped by user
19:11:59.0112 3364 DsiUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:11:59.0112 3364 DX02 ( UnsignedFile.Multi.Generic ) - skipped by user
19:11:59.0112 3364 DX02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
________________________________________________________________________________________________________________________

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-05 21:21:47
-----------------------------
21:21:47.162 OS Version: Windows 5.1.2600 Service Pack 3
21:21:47.162 Number of processors: 1 586 0xD06
21:21:47.162 ComputerName: LIFEBOOK UserName: Spencer
21:21:51.939 Initialize success
21:22:52.747 AVAST engine defs: 12090502
21:23:04.243 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:23:04.243 Disk 0 Vendor: WDC_WD2500BEVE-00A0HT0 11.01A11 Size: 238475MB BusType: 3
21:23:04.544 Disk 0 MBR read successfully
21:23:04.544 Disk 0 MBR scan
21:23:04.624 Disk 0 unknown MBR code
21:23:04.624 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63
21:23:04.644 Disk 0 scanning sectors +488392065
21:23:04.734 Disk 0 scanning C:\WINDOWS\system32\drivers
21:23:52.202 Service scanning
21:24:46.170 Modules scanning
21:25:09.303 Disk 0 trace - called modules:
21:25:09.323 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
21:25:09.333 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89bafab8]
21:25:09.664 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000007d[0x89bf5f18]
21:25:09.664 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89b12d98]
21:25:09.674 Scan finished successfully
21:25:29.092 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Spencer\Desktop\MBR.dat"
21:25:29.102 The log file has been saved successfully to "C:\Documents and Settings\Spencer\Desktop\aswMBR.txt"

Please upload the following file: C:\Documents and Settings\Spencer\Desktop\MBR.dat

If it is too difficult for you to post here, then the log can be uploaded to www.mediafire.com, which is a free cloud service that provides storage for documents, photos, etc. Please use that service to upload it, and then click on the Share button after it finishes upload and it will provide a download link. Post that in your next reply, please.

Good. Your MBR was clean.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  
• Click Start or wait for the scanner to load.
  
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, there are a couple of things to keep in mind:
  
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  
• Open the logfile from wherever you saved it
  
• Copy and paste the contents in your next reply.

It looks like my reply didn't go through, so I repeat it:

Sorry this reply took so long. It looked like the scan stopped, so I restarted it. Before I restarted it, 4 threats had been found:
Win32/SpeedUpMyPC application
Win32/Adware.ADON application
Win32/Adware.ADON application
Win32/Beagle.gen.zip worm

The second scan took 12 hours, but found no threats.
The following 4 items were listed in the quarantined Scan results section:
C:\Documents and Settings\Spencer\My Documents\Downloads\speedupmypc.exe
C:\Documents and Settings\Spencer\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.url
C:\Documents and Settings\All Users\Start Menu\Programs\eBay.url
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Complitly15.zip

Everything still takes forever, e.g. to close a window, start the Task Manager, or switch focus from one window to another, the machine stops responding for about 3-5 minutes before the task is completed.

Please download SilentRunners

• Save it to the desktop.
  
• Run Silent Runner's by clicking on the "Silent Runners" icon on your desktop.
  
• You will receive a prompt: Do you want to skip supplementary searches? click NO
  
• If you receive an error just click OK and click it to run it again.
  
• A text file will appear on your desktop - it may take a while to complete its run
  
• Once you receive the prompt All Done!, open the text , copy that entire log, and paste it here.
  

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

When I click on the SilentRunners link, I get a couple hundred lines of .vbs code. If I right click and Save Link As...to my desktop, it saves as a .vbs.txt file. I'm not sure how to run it. :sad:
Spencer G.

Rename the file to silentrunners.vbs (in essence, removing the .txt extension).

"Silent Runners.vbs", revision 64, http://www.silentrunners.org/
Operating System: Microsoft Windows XP Professional Service Pack 3 (32-bit)
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
Malwarebytes' Anti-Malware = "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [Malwarebytes Corporation]
SpyHunter Security Suite = C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [Enigma Software Group USA, LLC.]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\

{8b15971b-5355-4c82-8c07-7e181ea07608}\(Default) = Fax
\StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser [MS]

{94de52c8-2d59-4f1b-883e-79663d2d9a8c}\(Default) = Fax Provider
\StubPath = rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
-> {HKLM…CLSID} = Adobe PDF Link Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]

{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM…CLSID} = RealPlayer Download and Record Plugin for Internet Explorer
\InProcServer32\(Default) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [file not found]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM…CLSID} = Java(tm) Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext
-> {HKLM…CLSID} = HyperTerminal Icon Ext
\InProcServer32\(Default) = C:\WINDOWS\system32\hticons.dll [Hilgraeve, Inc.]

{00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler
-> {HKLM…CLSID} = Microsoft Office Outlook
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL [MS]

{0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler
-> {HKLM…CLSID} = Outlook File Icon Extension
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL [MS]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll [MS]

{BB7DF450-F119-11CD-8465-00AA00425D90} = Microsoft Access Custom Icon Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office\soa800.dll [MS]

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = Shell Extensions for RealOne Player
-> {HKLM…CLSID} = RealOne Player Context Menu Class
\InProcServer32\(Default) = C:\Program Files\Real\RealPlayer\rpshell.dll [file not found]

{8e9d6600-f84a-11ce-8daa-00aa004a5691} = Shell extensions for NetWare
-> {HKLM…CLSID} = NetWare Objects
\InProcServer32\(Default) = nwprovau.dll [MS]

{e3f2bac0-099f-11cf-8daa-00aa004a5691} = Shell extensions for NetWare
-> {HKLM…CLSID} = NetWare UNC Folder Menu
\InProcServer32\(Default) = nwprovau.dll [MS]

{52c68510-09a0-11cf-8daa-00aa004a5691} = Shell extensions for NetWare
-> {HKLM…CLSID} = NetWare Hood Verbs
\InProcServer32\(Default) = nwprovau.dll [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM…CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM…CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} = (no title provided)
-> {HKLM…CLSID} = SABShellExecuteHook Class
\InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [SuperAdBlocker.com]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

WPDShServiceObj = {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
-> {HKLM…CLSID} = WPDShServiceObj Class
\InProcServer32\(Default) = C:\WINDOWS\system32\WPDShServiceObj.dll [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<> Authentication Packages = msv1_0|nwprovau

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\
<> ("credssp.dll" [MS]) SecurityProviders = credssp.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> igfxcui\DLLName = igfxsrvc.dll [Intel Corporation]
<> loginkey\DLLName = C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll [MS]
<> TabBtnWL\DLLName = TabBtnWL.dll [MS]
<> tpgwlnotify\DLLName = tpgwlnot.dll [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = {807553E5-5146-11D5-A672-00B0D022E945}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<> ms-itss\CLSID = {0A9007C0-4076-11D3-8789-0000F8105754}
-> {HKLM…CLSID} = Microsoft Infotech Storage Protocol for IE 4.0
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [MS]

<> mso-offdap11\CLSID = {32505114-5902-49B2-880A-1F7738E5A384}
-> {HKLM…CLSID} = Data Page Plugable Protocal mso-offdap11 Handler
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu
-> {HKLM…CLSID} = SASContextMenu Class
\InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL [SUPERAntiSpyware.com]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM…CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu
-> {HKLM…CLSID} = SASContextMenu Class
\InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL [SUPERAntiSpyware.com]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM…CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM…CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

NetWareUNCMenu\(Default) = {e3f2bac0-099f-11cf-8daa-00aa004a5691}
-> {HKLM…CLSID} = NetWare UNC Folder Menu
\InProcServer32\(Default) = nwprovau.dll [MS]


Default executables:
--------------------

<> HKLM\SOFTWARE\Classes\.com\(Default) = ComFile

HKLM\SOFTWARE\Classes\.exe\(Default) = exefile
<> HKCU\Software\Classes\exefile\shell\open\command\(Default) = "%1" %* [file not found]

HKLM\SOFTWARE\Classes\.hta\(Default) = htafile
<> HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = "%1" %* [file not found]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoDevMgrUpdate = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoSetTaskbar = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Prevent changes to Taskbar and Start Menu Settings}

NoDeletePrinter = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoDFSTab = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoChangeStartMenu = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoLogoff = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|Logon/Logoff|
Disable Logoff}

NoEncryptOnMove = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoRunasInstallPrompt = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoResolveSearch = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoResolveTrack = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoHardwareTab = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoStartMenuSubFolders = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoDevMgrUpdate = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoSetTaskbar = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoDeletePrinter = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoDFSTab = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoChangeStartMenu = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoLogoff = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoEncryptOnMove = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoRunasInstallPrompt = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoResolveSearch = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoResolveTrack = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoHardwareTab = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoStartMenuSubFolders = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
Wallpaper = C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Documents and Settings\Spencer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

CanonZB4PicturesOnArrival\
Provider = Canon ZoomBrowser EX
InvokeProgID = Zb.AutoplayHandler
InvokeVerb = open
HKLM\SOFTWARE\Classes\Zb.AutoplayHandler\shell\open\command\(Default) = C:\Program Files\Canon\ZoomBrowser EX MCU\MCULauncher.exe [null data]

MSWPDShellNamespaceHandler\
Provider = @%SystemRoot%\System32\WPDShextRes.dll,-501
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine =
-> {HKLM…CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS]


Enabled Scheduled Tasks:
------------------------

Adobe Flash Player Updater -> launches: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
GoogleUpdateTaskUserS-1-5-21-4249785800-535049725-2160960142-1005Core -> launches: C:\Documents and Settings\Spencer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskUserS-1-5-21-4249785800-535049725-2160960142-1005UA -> launches: C:\Documents and Settings\Spencer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
RealUpgradeLogonTaskS-1-5-21-4249785800-535049725-2160960142-1005 -> launches: C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck [RealNetworks, Inc.]
RealUpgradeScheduledTaskS-1-5-21-4249785800-535049725-2160960142-1005 -> launches: C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck [RealNetworks, Inc.]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000004\LibraryPath = %SystemRoot%\System32\nwprovau.dll [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 25
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Research
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
ButtonText = Research

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
MenuText = @xpsp3res.dll,-20001
Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
ButtonText = Messenger
MenuText = Windows Messenger
Exec = C:\Program Files\Messenger\msmsgs.exe [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Client Service for NetWare, NWCWorkstation, C:\WINDOWS\system32\svchost.exe -k netsvcs {C:\WINDOWS\System32\nwwks.dll [MS]}
Digitizer Service, Digitizer, C:\WINDOWS\System32\digtizer.exe [WACOM]
Machine Debug Manager, MDM, "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [MS]
MBAMService, MBAMService, "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [Malwarebytes Corporation]
Net.Tcp Port Sharing Service, NetTcpPortSharing, "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [MS]
SpyHunter 4 Service, SpyHunter 4 Service, C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [Enigma Software Group USA, LLC.]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<> !SASCORE,

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<> !SASCORE,
<> WRkrn, Driver
<> WRSVC, Service


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Journal Note Port\Driver = jnwmon.dll [MS]
Microsoft Document Imaging Writer Monitor\Driver = mdimon.dll [MS]


---------- (launch time: 2012-09-10 21:34:57)
<>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 92 seconds, including 19 seconds for message boxes)

Did you buy SpyHunter Security Suite?

Yes, just yesterday...is it a problem?

Okay. Just checking. Probably would have been more effective to wait for my call on that. It's okay, though.

Hopefully it works out for you.

What other problems are happening?

It didn't occur to me that installing Spy Hunter might interfere with your helping me. Sorry about that. I think I am still responsible for solving my own problem...well, except if what I do ends up interfering with someone trying to help me, which I really do appreciate! So, no more surprise installs.
You asked what problems are happening. There are two:
1) there has been a long standing problem of this laptop taking forever with everything: taking minutes to open the start menu, to open the Task Manager, to close the Task Manager, to close a browser..anything, so that it takes so long to do anything that the computer is virtually unusable. I have suspected the file called igfxext.exe because it frequently is running, and when I end that process, things seem to go faster. When I did a search about it, one link that came up was for Spy Hunter, which is why I installed it...but it didn't identify it as a problem. So, I still don't know if igfxext is the culprit in my computer's SUPER-slow operation.
2) since I opened the UPS virus e-mail a second "operating system" is listed along with Windows XP when I start the computer with F8. That second system is listed as "30". I assume if I were to choose "30" when booting, all hell would break loose. I want to get rid of that second, phantom "operating system."
Thanks, Spencer G.

I would have recommended a far better anti-malware solution than SpyHunter by Enigma Software. But, since it's paid for, I wouldn't muster a reversal of that. I'm sure it'd require a refund, and more messes along with it. But, since they're legitimate in their operations, I won't continue my comment on that.

For the memory-type issues... do the following please and let me know how it goes...

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:





Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:




Go to Step 4 and under "System Restore" click on Create button:




Go to Start Repairs tab and click Start button.




Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):



Click on box next to the Restart System when Finished. Then click on Start.

---

As for the extra OS you're talking about...

Please download Listparts
Run the tool,
check the "list BCD" box
click "Scan" and post the log (Result.txt) it makes.

Even though I have paid for SpyHunter, at this point, having really good anti-malware is worth replacing it with something better. What would you recommend. And what would you recommend for anti-virus?
I ran Windows Repair per your instructions - an impressive program.
Things still really slow, e.g. I opened a browser to go online and look at your instructions. I then clicked the Minimize button in the upper right...and a full 5 minutes later, it minimized! And igfxext.exe is using 11% of the CPU.
The result.txt is below. And, much thanks:
____________________________________________________________
ListParts by Farbar Version: 15-09-2012
Ran by Spencer (administrator) on 16-09-2012 at 08:51:15
Windows XP (X86)
Running From: C:\Documents and Settings\Spencer\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 2038.48 MB
Available physical RAM: 1695.3 MB
Total Pagefile: 3935 MB
Available Pagefile: 3764.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.97 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:232.88 GB) (Free:182.52 GB) NTFS ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 233 GB 32 KB
======================================================================================================

Disk: 0
The disk management services could not complete the operation.

======================================================================================================

****** End Of Log ******

Take a look here for the antivirus programs recommended list:

http://secureconnexion.wordpress.com/2012/06/14/antivirus-software-toplist-top-20-summer-2012/

• Download RogueKiller and save it on your desktop.
  
• Quit all programs
  
• Start RogueKiller.exe.
  
• Wait until Prescan has finished ...
  
• Click on Scan
  

• Wait for the end of the scan.
  
• The report has been created on the desktop.
  
• Click on the Delete button.
  

• The report has been created on the desktop.
  

• Next click on the ShortcutsFix
  
  
  
• The report has been created on the desktop.
  

Please post:

All RKreport.txt text files located on your desktop.

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Spencer [Admin rights]
Mode : Scan -- Date : 09/17/2012 22:53:48

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[STARTUP][SUSP PATH] Uninstall Webroot RunOnce.lnk @Administrator : C:\Documents and Settings\Administrator\Application Data\wruninstall.exe -> FOUND
[STARTUP][SUSP PATH] Launch Utility Application.lnk @TEMP.LIFEBOOK : C:\Documents and Settings\TEMP.LIFEBOOK\Application Data\Verizon\UA_ar\UtilityApplication.exe -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[50] : NtCreateSection @ 0x805653B3 -> HOOKED (\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys @ 0xF7A09700)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVE-00A0HT0 +++++
--- User ---
[MBR] b97e439e083baa508cea9442867ae5a8
[BSP] 9d427aca4bb75d08431671ed7666ac3e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
________________________________________________________________________________________________________________________

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Spencer [Admin rights]
Mode : Remove -- Date : 09/17/2012 22:56:56

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[STARTUP][SUSP PATH] Uninstall Webroot RunOnce.lnk @Administrator : C:\Documents and Settings\Administrator\Application Data\wruninstall.exe -> DELETED
[STARTUP][SUSP PATH] Launch Utility Application.lnk @TEMP.LIFEBOOK : C:\Documents and Settings\TEMP.LIFEBOOK\Application Data\Verizon\UA_ar\UtilityApplication.exe -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[50] : NtCreateSection @ 0x805653B3 -> HOOKED (\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys @ 0xF7A09700)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVE-00A0HT0 +++++
--- User ---
[MBR] b97e439e083baa508cea9442867ae5a8
[BSP] 9d427aca4bb75d08431671ed7666ac3e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
________________________________________________________________________________________________________________________

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Spencer [Admin rights]
Mode : Shortcuts HJfix -- Date : 09/17/2012 22:59:17

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 15 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 77 / Fail 0
My documents: Success 14 / Fail 14
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 354 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Going to take a final look to help assist in the other issues experienced...

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.



Set the slider to Maximum.



IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.




On the General tab, make sure all of the boxes are checked.




On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.



Click Create Report to run it.


It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
  
• Error messages
  
• Fake antivirus alerts or the icon in the system tray
  
• svchost.exe running at 100%
  
• System crashes or blue screen of death

The predominant problem is stupendous [i]slowness.[i] I haven't responded in a couple days because I was running a scan (SuperAntiSpyware) and it took 48 hrs. Most of that time Task Manager showed System Idle at 99%. It could take 30 seconds per file.
Minimizing a window can take several minutes during which nothing else responds.
I do get occassional Blue Screens, but infrequently. I do have about 6 svchost.exe running, but all listed at 0%. No fake antivirus alerts.
Mostly just so slow, slow slow that I can hardly use the computer!

Please do a memory test: http://www.playtool.com/pages/memtest/memtest.html

Then, let me know results. It takes one to two hours at the most, usually.

Well, it took a while to get MemTest to work: 4.0 wouldn't run on my computer, so I ended up using 3.5b...but, no Errors, no ECC Errors.
A friend suggested 1) 2G RAM actually run slower than 1G on this processor, and 2) maybe I have some incorrect BIOS setting. I wanted to see if you think either of those might explain the extreme slowness. He suggested I actually take out 1G RAM.

Oh, I may have solved the extra OS ("30") mystery: Before I contacted GeekPolice.net, I had tried to delete SpyBot to eliminate things which might have been slowing the computer, but it persisted in my Startup, so I used msconfig and deleted the SpyBot line from boot.ini. There is another line in boot.ini: Timeout.old=30, which I just read might have been introduced by SpyBot to create a faster and easier boot to Safe Mode, but I haven't tried it yet to see if it, in fact, boots into Safe Mode.

Well, it definitely is not connected with another operating system or partition for that matter.

2G RAM actually run slower than 1G on this processor

I find this untrue. RAM is different than CPU power. Processing is hardware that runs the programs and helps process information to memory. It only has an effect on how much data can be written to memory at one time.

The more memory you have (RAM), the more available space in memory there is that the processor can help write to.

If RAM were a problem, then the test would have found faults.

What were the MEMTEST results?

Well, it took a while to get MemTest to work: 4.0 wouldn't run on my computer, so I ended up using 3.5b...but, no Errors, no ECC Errors.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
  
• Error messages
  
• Fake antivirus alerts or the icon in the system tray
  
• svchost.exe running at 100%
  
• System crashes or blue screen of death
  

1) The computer continues to be very slow; 2) I do seem to be having a fair number of system crashes (blue screen) every couple days, but I see no pattern.

Please follow this guide and post information back: http://www.sevenforums.com/tutorials/92394-sf-diagnostic-tool-using-troubleshooting.html

I ran the SF diagnostic tool, but I can't figure out how to upload either the folder (sf_01-10-2012) or the .zip file made from it. I can't use servimg because it does not upload .zip files. I've spent the past hour trying to figure this out without success..so, I'm declaring defeat!

Please upload it to www.mediafire.com and post download link here...

http://www.mediafire.com/?ru3o3absdrdymw7

Thanks!

Please download BlueScreenVew
Unzip the downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit > Select All.
Go File > Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

==================================================
Dump File : Mini093012-01.dmp
Crash Time : 9/30/2012 10:18:39 PM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x898bfda0
Parameter 3 : 0x898bff14
Parameter 4 : 0x805faffc
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+5c876
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c876
Stack Address 1 : ntoskrnl.exe+157149
Stack Address 2 : ntoskrnl.exe+123fba
Stack Address 3 : ntoskrnl.exe+77ec
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini093012-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini092812-01.dmp
Crash Time : 9/28/2012 6:21:16 PM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x89a91da0
Parameter 3 : 0x89a91f14
Parameter 4 : 0x805faffc
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+5c876
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c876
Stack Address 1 : ntoskrnl.exe+157149
Stack Address 2 : ntoskrnl.exe+123fba
Stack Address 3 : ntoskrnl.exe+77ec
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini092812-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini090512-02.dmp
Crash Time : 9/5/2012 9:19:17 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x00000008
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x804ea79a
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+81dd
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+1379a
Stack Address 1 : atapi.sys+416c
Stack Address 2 : atapi.sys+6d4b
Stack Address 3 : aswMBR.sys+2c71
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini090512-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini090512-01.dmp
Crash Time : 9/5/2012 8:53:27 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x00000008
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x804ea79a
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+81dd
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+1379a
Stack Address 1 : atapi.sys+416c
Stack Address 2 : atapi.sys+6d4b
Stack Address 3 : aswMBR.sys+2c71
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini090512-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 98,304
==================================================

==================================================
Dump File : Mini090212-01.dmp
Crash Time : 9/2/2012 9:10:08 PM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x88f93020
Parameter 3 : 0x88f93194
Parameter 4 : 0x805faffc
Caused By Driver : WRkrn.sys
Caused By Address : WRkrn.sys+100a0
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c876
Stack Address 1 : ntoskrnl.exe+157149
Stack Address 2 : ntoskrnl.exe+123fba
Stack Address 3 : WRkrn.sys+100f2
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini090212-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini081212-01.dmp
Crash Time : 8/12/2012 1:41:44 PM
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0xc000000e
Parameter 2 : 0xc000000e
Parameter 3 : 0x00000000
Parameter 4 : 0x015e4000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+5c876
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c876
Stack Address 1 : ntoskrnl.exe+49e3a
Stack Address 2 : ntoskrnl.exe+110de
Stack Address 3 : ntoskrnl.exe+fb51
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini081212-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini080512-01.dmp
Crash Time : 8/5/2012 8:17:52 PM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x897fb880
Parameter 3 : 0x897fb9f4
Parameter 4 : 0x805faffc
Caused By Driver : WRkrn.sys
Caused By Address : WRkrn.sys+ffe0
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c876
Stack Address 1 : ntoskrnl.exe+157149
Stack Address 2 : ntoskrnl.exe+123fba
Stack Address 3 : WRkrn.sys+10032
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini080512-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

Do you ever use Hibernate?

If the computer is slowing down often, then bad RAM is usually the issue.

I never deliberately use Hibernate, but if I leave the computer on for a while, it automatically goes into Hibernate.
I'll try removing one and then the other RAM chip and see if it makes a difference.

Okay. Let me know.

Wow, you may be the Master! There are two 1G RAM chips in my system. When I took out one of them, after 20 minutes, the computer had still not finished booting. I replaced it with the other RAM chip, it booted very quickly and is now zipping along faster than I have seen it for a long time! So, I think the first chip has problems. I'm still afraid to trust that it will last!
Thank-you, Spencer Gross

You're welcome. Now, if you don't know what RAM replacement you need, you can go here to find out: www.crucial.com/systemscanner

Otherwise, let's finish up so you can prevent malware in the future... (woo a long drag, a month so far in this topic):

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - [URL='http://www.majorgeeks.com/CCleaner_Slim_No_Toolbar_d4191.html']Alternate download link[/URL]

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or [URL='http://screen317.changelog.fr/SecurityCheck.exe']Changelog.fr[/URL].

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.