Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Happili - gimme answers redirect - NEED HELP!


  • This topic is locked This topic is locked
36 replies to this topic

#1 swenb23

swenb23

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 31 March 2012 - 10:32 PM

I keep getting redirected to happili, gimme answers, mywebsearch, etc. I got the mywebsearch one to disable, but not sure how to get it deleted and have no idea how to get rid of the others. Would really appreciate some help!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:53 AM

Posted 31 March 2012 - 11:37 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 swenb23

swenb23
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 01 April 2012 - 11:37 PM

I have been getting redirects to happili, gimmeanswers, etc. When I would open a tab in firefox it would go to mywebsearch instead of just a blank page. I did figure out how to at least disable some of the stuff and some has been removed, so it hasn't been happening. But I don't have it all completely removed from my system.

This is the DDS Report:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_05
Run by becky2 at 23:29:02 on 2012-04-01
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1791.703 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\rundll32.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Program Files\Kodak\AiO\center\KodakSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
C:\Windows\system32\lxducoms.exe
C:\Windows\system32\java.exe
C:\Program Files\EMBIRD32\SEARCHER.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\OPHDLDCS.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2010 Deluxe\Planner\PLNRnote.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=1108&m=et1641-02w
uSearch Bar =
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=1108&m=et1641-02w
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn5\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
TB: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - No File
TB: {78ba36c9-6036-482b-b48d-ecca6f964b84} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {4064EA35-578D-4073-A834-C96D82CBCF40} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [EPSON WorkForce 500 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieqa.exe /fu "c:\windows\temp\E_S9493.tmp" /EF "HKCU"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.2)" -"http://content.class.com/ewew_content/anthro/02family/0202mytools/0202_010401.htm"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [eRecoveryService]
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AgentMonitor] c:\program files\vtech\downloadmanager\system\AgentMonitor.exe
mRun: [EMBIRD.Searcher] c:\program files\embird32\SEARCHER.EXE /MINIMIZE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\becky2\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventp~1.lnk - c:\windows\installer\{601be80d-247b-4084-94c7-7a54369db7a2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: target.com\www
Trusted Zone: taxslayer.com\www
Trusted Zone: tupperware.com\order
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{B7EFC340-C1FF-4A9C-A2C8-CA8864D5C9A6} : DhcpNameServer = 192.168.254.254 192.168.254.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8AE265CB-FFB7-49CD-9A80-17E85757478B} - MSIEXEC /i {8AE265CB-FFB7-49CD-9A80-17E85757478B} REINSTALL="Advertised1" REINSTALLMODE=u SETDEFAULTS="1" /qn /quiet
mASetup: {DA89EF83-F349-41D6-A897-BA11E8A3968C} - MSIEXEC /i {DA89EF83-F349-41D6-A897-BA11E8A3968C} ADDLOCAL="Advertised1" REINSTALL="Advertised1" REINSTALLMODE=ump SETDEFAULTS="1" /qn /quiet
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\becky2\appdata\roaming\mozilla\firefox\profiles\np4d00xp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/firefox/?fr=yff40-sfp
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-10 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-10 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-10 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2008-11-25 24576]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2009-5-4 279960]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\aio\center\KodakSvc.exe [2009-4-17 32768]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-15 652360]
R2 OKI OPHD DCS Loader;OKI OPHD DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHDLDCS.EXE [2008-12-17 24576]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-30 20464]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-8 136176]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2009-12-6 94208]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 fdrawcmd;Low-level Floppy Driver;c:\windows\system32\drivers\fdrawcmd.sys [2008-9-27 27544]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-11-25 24064]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-8 136176]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 SydexFDD;Sydex Diskette Driver;c:\windows\system32\drivers\SYDEXFDD.SYS [2012-1-24 13359]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-10 297752]
S4 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-1-18 737184]
.
=============== Created Last 30 ================
.
2012-03-31 17:41:49 -------- d-----w- c:\program files\BitTorrent
2012-03-31 17:40:14 -------- d-----w- c:\users\becky2\appdata\roaming\BitTorrent
2012-03-31 16:23:28 -------- d-----w- c:\program files\CCleaner
2012-03-31 02:59:38 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{386cb5a9-9359-44cd-83fa-055322c232a2}\offreg.dll
2012-03-31 02:50:44 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{386cb5a9-9359-44cd-83fa-055322c232a2}\mpengine.dll
2012-03-31 00:21:48 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 00:29:16 158720 ----a-w- c:\programdata\microsoft\windows\drm\741C.tmp
2012-03-18 21:18:53 -------- d-----w- c:\users\becky2\appdata\local\visi_coupon
2012-03-17 02:29:55 -------- d-sh--w- C:\found.001
2012-03-15 04:56:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-03-15 04:56:16 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-03-15 04:56:16 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-03-15 04:56:16 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-03-15 04:56:15 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-03-15 04:24:33 3600272 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-15 04:24:33 3548048 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 04:24:33 1205080 ----a-w- c:\windows\system32\ntdll.dll
2012-03-15 04:24:05 81920 ----a-w- c:\windows\system32\iccvid.dll
2012-03-15 04:23:52 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2012-03-15 04:23:51 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2012-03-15 04:23:19 171520 ----a-w- c:\windows\system32\wintrust.dll
2012-03-15 04:23:17 1616384 ----a-w- c:\program files\windows mail\msoe.dll
2012-03-15 04:23:13 738816 ----a-w- c:\windows\system32\inetcomm.dll
2012-03-15 04:23:09 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2012-03-15 04:23:09 1315840 ----a-w- c:\windows\system32\ole32.dll
2012-03-15 04:22:55 2048 ----a-w- c:\windows\system32\tzres.dll
2012-03-15 04:22:13 17920 ----a-w- c:\windows\system32\netevent.dll
2012-03-15 04:22:13 125952 ----a-w- c:\windows\system32\srvsvc.dll
2012-03-15 04:21:39 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-15 04:21:13 248832 ----a-w- c:\windows\system32\msshsq.dll
2012-03-15 04:21:08 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-03-15 04:21:08 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-03-15 04:17:44 1136640 ----a-w- c:\windows\system32\mfc42.dll
2012-03-15 04:16:54 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-03-15 04:16:49 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-03-15 04:16:43 72704 ----a-w- c:\windows\system32\fontsub.dll
2012-03-15 04:16:43 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-03-15 04:16:43 292864 ----a-w- c:\windows\system32\atmfd.dll
2012-03-15 04:16:39 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2012-03-15 04:16:35 157184 ----a-w- c:\windows\system32\t2embed.dll
2012-03-15 04:16:32 1257472 ----a-w- c:\windows\system32\msxml3.dll
2012-03-15 04:16:28 758784 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2012-03-15 04:16:25 1169408 ----a-w- c:\windows\system32\sdclt.exe
2012-03-15 04:16:22 98304 ----a-w- c:\windows\system32\cabview.dll
2012-03-15 04:05:27 2067456 ----a-w- c:\windows\system32\mstscax.dll
2012-03-15 04:05:26 677888 ----a-w- c:\windows\system32\mstsc.exe
2012-03-15 04:05:00 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-15 04:03:37 276992 ----a-w- c:\windows\system32\schannel.dll
2012-03-15 04:03:30 531968 ----a-w- c:\windows\system32\comctl32.dll
2012-03-13 15:10:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-12 20:02:15 -------- d-----w- c:\program files\KolorsMatch
2012-03-12 05:26:51 110080 ----a-r- c:\users\becky2\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconF7A21AF7.exe
2012-03-12 05:26:51 110080 ----a-r- c:\users\becky2\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconD7F16134.exe
2012-03-12 05:26:51 110080 ----a-r- c:\users\becky2\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconCF33A0CE.exe
2012-03-12 05:26:46 -------- d-----w- C:\sh4ldr
2012-03-12 05:26:46 -------- d-----w- c:\program files\Enigma Software Group
2012-03-12 05:25:33 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-12 05:25:29 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-03-11 20:53:05 -------- d-----w- c:\windows\pss
2012-03-08 22:32:07 74000 ----a-w- c:\program files\common files\microsoft shared\replication manager 4.0\msrpfs40.dll
2012-03-08 22:32:07 45328 ----a-w- c:\program files\common files\microsoft shared\replication manager 4.0\mstran40.exe
2012-03-08 22:32:07 37136 ----a-w- c:\program files\common files\microsoft shared\replication manager 4.0\mstrai40.exe
2012-03-08 22:31:45 -------- d-----w- c:\program files\GreatNotions
2012-03-07 02:02:41 -------- d-----w- c:\users\becky2\New Folder
.
==================== Find3M ====================
.
2012-03-15 14:34:07 87608 ----a-w- c:\users\becky2\appdata\roaming\inst.exe
2012-03-15 14:34:07 47360 ----a-w- c:\users\becky2\appdata\roaming\pcouffin.sys
2012-03-10 21:39:32 60 ----a-w- c:\windows\wpd99.drv
2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-31 04:42:36 52306 ----a-w- c:\windows\FdUninstall.exe
2012-01-22 05:03:38 156984 ----a-w- c:\users\becky2\_Setup.dll
2012-01-22 05:03:34 398472 ----a-w- c:\users\becky2\setup.exe
2012-01-22 05:03:31 1303 ----a-w- c:\users\becky2\layout.bin
2012-01-22 05:03:30 560776 ----a-w- c:\users\becky2\ISSetup.dll
.
============= FINISH: 23:30:58.87 ===============


and the other report:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/25/2008 9:32:24 PM
System Uptime: 4/1/2012 11:16:58 PM (0 hours ago)
.
Motherboard: eMachines | | MCP73VT-PM
Processor: Intel® Celeron® CPU E1400 @ 2.00GHz | CPU 1 | 2003/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 100.335 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&6CA7B23&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&6CA7B23&0
Service: i8042prt
.
Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}
Description: RIM Virtual Serial Port v2
Device ID: ROOT\PORTS\0000
Manufacturer: RIM Virtual Serial Ports
Name: RIM Virtual Serial Port v2
PNP Device ID: ROOT\PORTS\0000
Service: RimVSerPort
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 1 (SP1)
5DFly Photo Design
7-Zip 4.65
ABBYY FineReader 6.0 Sprint
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 7.0
Adobe Photoshop.com Inspiration Browser
Adobe Reader 8.3.1
Adobe Shockwave Player
aiofw
aioprnt
aioscnnr
American Greetings CreataCard Platinum 6
Any Video Converter 3.3.0
AnyDVD
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVG Free 8.5
AVS Audio Converter version 6.2
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
BitTorrent
Bonjour
C4USelfUpdater
C5500n - C5800Ldn Series GDI Driver from OKI® Printing Solutions for Windows Vista
C5500n from OKI® Printing Solutions GDI Printer Driver Version 2.0.0.0 for Windows Vista
CCleaner
CCScore
center
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CR2
Creative DRAWings 4 Evaluation edition
CyberLink DVD Suite
CyberLink LabelPrint
CyberLink Power2Go
Digital Media Reader
DivX
DVD Decrypter (Remove Only)
DVD Profiler Version 3.6.1
DVD Shrink 3.2
eFile Express 2008
eFile Express 2009
eFile Express 2010
eMachines Games
eMachines Recovery Management
Embird 2010
EPSON Scan
EPSON WorkForce 500 Series Printer Uninstall
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
Express Burn
Fdrawcmd.sys 1.0.1.10
File Type Assistant
Free File Viewer 2011
FrostWire 5.0.7
Garmin Communicator Plugin
Garmin USB Drivers
GearDrvs
GN 2006 Collection
Google Desktop
Google Earth Plug-in
Google Update Helper
GPL Ghostscript 8.70
Greeting Card Studio 1.87
GSview 4.9
Hallmark Card Studio 2008 Deluxe
Hallmark Card Studio 2010 Deluxe
Hallmark Card Studio Photo Card Edition
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImageMagick 6.4.2-0 Q16 (07/01/08)
iTunes
Java Auto Updater
Java™ 6 Update 3
Java™ 6 Update 5
Kai's Photo Soap
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
KODAK AiO Home Center
Kodak EasyShare software
ksDIP
KSU
Learning Lodge Navigator
Lernout & Hauspie TruVoice American English TTS Engine
Lexmark 5600-6600 Series
LG ODD Auto Firmware Update
LightScribe System Software
LightScribe Template Labeler
Linksys Updater
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Mozilla Firefox 4.0 (x86 en-US)
MP3 Rocket
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MultiMedia Keyboard 1.1
my editor v5.00
Nero 7 Essentials
neroxml
Norton Security Scan
Norton Security Scan (Symantec Corporation)
Notifier
NVIDIA Drivers
OfotoXMI
OLYMPUS Master 2
OTtBP
OTtBPSDK
Pdf995
PE-DESIGN Ver.6
PhotoshopdotcomInspirationBrowser
Picaboo X
Pixillion Image Converter
PreReq
QuickTime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Roxio Easy Media Creator 9 Suite
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
SFR
SHASTA
Signature Creator 1.12
SKIN0001
SKINXSDK
Slingo Deluxe
Soft Data Fax Modem with SmartCP
SpyHunter
staticcr
Sulky Color Match
SUPERAntiSpyware
Trojan Killer 2.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Office 2007 (KB946691)
VPRINTOL
VTech Download Agent Library
Vuze
Walmart Photo Manager
WavePad Sound Editor
WeatherBug
Wilcom TrueSizer
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
WinZip Self-Extractor
WIRELESS
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/1/2012 11:06:39 PM, Error: Service Control Manager [7034] - The Kodak AiO Network Discovery Service service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 8:52:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/30/2012 8:52:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 ElbyCDIO SASDIFSV SASKUTIL spldr Wanarpv6
3/30/2012 8:52:08 PM, Error: Service Control Manager [7001] - The OKI OPHD DCS Loader service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 8:52:08 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 8:51:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/30/2012 8:51:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/30/2012 8:51:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/30/2012 7:06:24 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer PDF995 with shared resource name PDF995. Error 2114. The printer cannot be used by others on the network.
3/28/2012 11:53:55 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
3/28/2012 11:53:50 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/28/2012 11:53:50 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
3/28/2012 11:52:38 PM, Error: EventLog [6008] - The previous system shutdown at 11:35:52 PM on 3/28/2012 was unexpected.
3/26/2012 9:44:00 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.254.2 for the Network Card with network address 0021972B52A6 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
3/26/2012 12:37:31 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MININT-CVIPTQ2 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7EFC340-C1FF-4A9C-A2C8-CA8. The master browser is stopping or an election is being forced.
3/25/2012 12:51:59 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.
3/25/2012 12:51:59 AM, Error: Service Control Manager [7000] - The wntpport service failed to start due to the following error: The system cannot find the file specified.
3/25/2012 12:51:59 AM, Error: Service Control Manager [7000] - The lxduCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:53 AM

Posted 01 April 2012 - 11:43 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 swenb23

swenb23
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 02 April 2012 - 08:46 AM

I have been unable to get the combofix to run to completion. I have tried four times and it never fully completes, it never advances from the blue screen that says it is starting the scan. Now when I start the computer I get two error messages: one saying my recycle bin is corrupted and another from windows defender saying something caused it to not start.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:53 AM

Posted 02 April 2012 - 08:55 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 swenb23

swenb23
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 02 April 2012 - 10:50 AM

okay - i still can't get combofix to complete and it was running since your last post. Still get the recycle bin and windows error messages at startup. Computer is slow and sounds like hard drive is accessing pretty much all the time

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:53 AM

Posted 02 April 2012 - 11:03 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 swenb23

swenb23
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 02 April 2012 - 01:23 PM

Below is the report from tdss. I can't get aswMBR to complete. I let it run for about two hours, it was stuck on the same file for about an hour.

11:20:42.0434 1068 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
11:20:49.0587 1068 ============================================================
11:20:49.0587 1068 Current date / time: 2012/04/02 11:20:49.0587
11:20:49.0587 1068 SystemInfo:
11:20:49.0587 1068
11:20:49.0587 1068 OS Version: 6.0.6001 ServicePack: 1.0
11:20:49.0587 1068 Product type: Workstation
11:20:49.0587 1068 ComputerName: BECKY2-PC
11:20:49.0587 1068 UserName: becky2
11:20:49.0587 1068 Windows directory: C:\Windows
11:20:49.0587 1068 System windows directory: C:\Windows
11:20:49.0587 1068 Processor architecture: Intel x86
11:20:49.0587 1068 Number of processors: 2
11:20:49.0587 1068 Page size: 0x1000
11:20:49.0587 1068 Boot type: Normal boot
11:20:49.0587 1068 ============================================================
11:20:50.0141 1068 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:20:50.0190 1068 \Device\Harddisk0\DR0:
11:20:50.0190 1068 MBR used
11:20:50.0190 1068 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x2402DAB0
11:20:50.0222 1068 Initialize success
11:20:50.0222 1068 ============================================================
11:20:53.0338 5460 ============================================================
11:20:53.0338 5460 Scan started
11:20:53.0338 5460 Mode: Manual;
11:20:53.0338 5460 ============================================================
11:20:53.0793 5460 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
11:20:53.0796 5460 !SASCORE - ok
11:20:53.0973 5460 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
11:20:53.0979 5460 ACPI - ok
11:20:54.0080 5460 AdobeActiveFileMonitor7.0 (3fd8dc2c9735c2aa70155102cfb93eda) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
11:20:54.0086 5460 AdobeActiveFileMonitor7.0 - ok
11:20:54.0208 5460 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
11:20:54.0225 5460 adp94xx - ok
11:20:54.0330 5460 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
11:20:54.0341 5460 adpahci - ok
11:20:54.0431 5460 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
11:20:54.0433 5460 adpu160m - ok
11:20:54.0525 5460 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
11:20:54.0528 5460 adpu320 - ok
11:20:54.0621 5460 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
11:20:54.0622 5460 AeLookupSvc - ok
11:20:54.0754 5460 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
11:20:54.0759 5460 AFD - ok
11:20:54.0853 5460 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
11:20:54.0856 5460 agp440 - ok
11:20:54.0945 5460 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:20:54.0947 5460 aic78xx - ok
11:20:55.0031 5460 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
11:20:55.0033 5460 ALG - ok
11:20:55.0117 5460 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
11:20:55.0119 5460 aliide - ok
11:20:55.0218 5460 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
11:20:55.0220 5460 amdagp - ok
11:20:55.0551 5460 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
11:20:55.0554 5460 amdide - ok
11:20:55.0643 5460 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
11:20:55.0644 5460 AmdK7 - ok
11:20:55.0683 5460 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
11:20:55.0686 5460 AmdK8 - ok
11:20:55.0777 5460 AnyDVD (40c279a23bd43553bfba6e88a9b38ae2) C:\Windows\system32\Drivers\AnyDVD.sys
11:20:55.0779 5460 AnyDVD - ok
11:20:55.0883 5460 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
11:20:55.0885 5460 Appinfo - ok
11:20:55.0992 5460 Apple Mobile Device (367592efca7ff8b4ce11ab6b0744e1e2) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
11:20:55.0995 5460 Apple Mobile Device - ok
11:20:56.0130 5460 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
11:20:56.0132 5460 arc - ok
11:20:56.0179 5460 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
11:20:56.0181 5460 arcsas - ok
11:20:56.0262 5460 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:20:56.0263 5460 AsyncMac - ok
11:20:56.0297 5460 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
11:20:56.0299 5460 atapi - ok
11:20:56.0363 5460 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
11:20:56.0368 5460 AudioEndpointBuilder - ok
11:20:56.0404 5460 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
11:20:56.0408 5460 Audiosrv - ok
11:20:56.0499 5460 avg8wd (db338a6bd3976904eb0f8343f51e64eb) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
11:20:56.0505 5460 avg8wd - ok
11:20:56.0607 5460 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\Windows\System32\Drivers\avgldx86.sys
11:20:56.0613 5460 AvgLdx86 - ok
11:20:56.0648 5460 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\Windows\System32\Drivers\avgmfx86.sys
11:20:56.0650 5460 AvgMfx86 - ok
11:20:56.0708 5460 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\Windows\System32\Drivers\avgtdix.sys
11:20:56.0711 5460 AvgTdiX - ok
11:20:56.0756 5460 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:20:56.0757 5460 Beep - ok
11:20:56.0846 5460 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
11:20:56.0863 5460 BFE - ok
11:20:56.0955 5460 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
11:20:56.0971 5460 BITS - ok
11:20:57.0023 5460 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
11:20:57.0025 5460 blbdrive - ok
11:20:57.0080 5460 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
11:20:57.0085 5460 Bonjour Service - ok
11:20:57.0208 5460 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
11:20:57.0211 5460 bowser - ok
11:20:57.0250 5460 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:20:57.0252 5460 BrFiltLo - ok
11:20:57.0281 5460 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:20:57.0283 5460 BrFiltUp - ok
11:20:57.0323 5460 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
11:20:57.0325 5460 Browser - ok
11:20:57.0373 5460 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:20:57.0375 5460 Brserid - ok
11:20:57.0403 5460 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:20:57.0405 5460 BrSerWdm - ok
11:20:57.0434 5460 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:20:57.0435 5460 BrUsbMdm - ok
11:20:57.0465 5460 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:20:57.0467 5460 BrUsbSer - ok
11:20:57.0520 5460 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:20:57.0522 5460 BTHMODEM - ok
11:20:57.0558 5460 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
11:20:57.0560 5460 BVRPMPR5 - ok
11:20:57.0648 5460 catchme - ok
11:20:57.0733 5460 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:20:57.0735 5460 cdfs - ok
11:20:57.0815 5460 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
11:20:57.0817 5460 cdrom - ok
11:20:57.0901 5460 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
11:20:57.0903 5460 CertPropSvc - ok
11:20:57.0937 5460 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
11:20:57.0939 5460 circlass - ok
11:20:57.0969 5460 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
11:20:57.0974 5460 CLFS - ok
11:20:58.0056 5460 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:20:58.0060 5460 clr_optimization_v2.0.50727_32 - ok
11:20:58.0124 5460 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
11:20:58.0126 5460 cmdide - ok
11:20:58.0172 5460 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
11:20:58.0173 5460 Compbatt - ok
11:20:58.0184 5460 COMSysApp - ok
11:20:58.0215 5460 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
11:20:58.0217 5460 crcdisk - ok
11:20:58.0254 5460 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
11:20:58.0256 5460 Crusoe - ok
11:20:58.0302 5460 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
11:20:58.0304 5460 CryptSvc - ok
11:20:58.0352 5460 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
11:20:58.0358 5460 DcomLaunch - ok
11:20:58.0452 5460 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
11:20:58.0454 5460 DfsC - ok
11:20:58.0552 5460 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
11:20:58.0651 5460 DFSR - ok
11:20:58.0790 5460 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
11:20:58.0792 5460 Dhcp - ok
11:20:58.0893 5460 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
11:20:58.0895 5460 disk - ok
11:20:58.0955 5460 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
11:20:58.0957 5460 Dnscache - ok
11:20:58.0984 5460 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
11:20:58.0990 5460 dot3svc - ok
11:20:59.0015 5460 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
11:20:59.0017 5460 DPS - ok
11:20:59.0084 5460 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:20:59.0086 5460 drmkaud - ok
11:20:59.0142 5460 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
11:20:59.0159 5460 DXGKrnl - ok
11:20:59.0197 5460 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:20:59.0200 5460 E1G60 - ok
11:20:59.0229 5460 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
11:20:59.0232 5460 EapHost - ok
11:20:59.0288 5460 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
11:20:59.0291 5460 Ecache - ok
11:20:59.0333 5460 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
11:20:59.0338 5460 ehRecvr - ok
11:20:59.0358 5460 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
11:20:59.0362 5460 ehSched - ok
11:20:59.0374 5460 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
11:20:59.0375 5460 ehstart - ok
11:20:59.0442 5460 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
11:20:59.0443 5460 ElbyCDIO - ok
11:20:59.0497 5460 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
11:20:59.0503 5460 elxstor - ok
11:20:59.0548 5460 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
11:20:59.0565 5460 EMDMgmt - ok
11:20:59.0642 5460 EPSON_EB_RPCV4_01 (ec6a73cd8413f68655e5e0b99c415a21) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
11:20:59.0646 5460 EPSON_EB_RPCV4_01 - ok
11:20:59.0659 5460 EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
11:20:59.0662 5460 EPSON_PM_RPCV4_01 - ok
11:20:59.0769 5460 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
11:20:59.0770 5460 ErrDev - ok
11:20:59.0880 5460 esgiguard (2407b8164e966755bc6a4242fc9de31e) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
11:20:59.0882 5460 esgiguard - ok
11:20:59.0917 5460 ETService (4d06d9a26227ac485305133916888df1) C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
11:20:59.0919 5460 ETService - ok
11:21:00.0006 5460 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
11:21:00.0011 5460 EventSystem - ok
11:21:00.0063 5460 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
11:21:00.0066 5460 exfat - ok
11:21:00.0092 5460 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
11:21:00.0096 5460 fastfat - ok
11:21:00.0128 5460 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
11:21:00.0131 5460 fdc - ok
11:21:00.0160 5460 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
11:21:00.0162 5460 fdPHost - ok
11:21:00.0251 5460 fdrawcmd (75c1e92f6ac3da41728731ea2e20fbce) C:\Windows\system32\drivers\fdrawcmd.sys
11:21:00.0252 5460 fdrawcmd - ok
11:21:00.0285 5460 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
11:21:00.0287 5460 FDResPub - ok
11:21:00.0333 5460 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:21:00.0335 5460 FileInfo - ok
11:21:00.0360 5460 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:21:00.0362 5460 Filetrace - ok
11:21:00.0433 5460 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:21:00.0449 5460 FLEXnet Licensing Service - ok
11:21:00.0556 5460 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:21:00.0558 5460 flpydisk - ok
11:21:00.0591 5460 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
11:21:00.0596 5460 FltMgr - ok
11:21:00.0639 5460 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:21:00.0641 5460 FontCache3.0.0.0 - ok
11:21:00.0668 5460 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
11:21:00.0670 5460 Fs_Rec - ok
11:21:00.0695 5460 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
11:21:00.0698 5460 gagp30kx - ok
11:21:00.0875 5460 GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
11:21:00.0878 5460 GameConsoleService - ok
11:21:00.0907 5460 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\Windows\system32\Drivers\GEARAspiWDM.sys
11:21:00.0909 5460 GEARAspiWDM - ok
11:21:00.0993 5460 GoogleDesktopManager-080708-050100 (6fd7f370817f16b5e1f08b91badaa2ee) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
11:21:00.0995 5460 GoogleDesktopManager-080708-050100 - ok
11:21:01.0070 5460 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
11:21:01.0086 5460 gpsvc - ok
11:21:01.0188 5460 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:21:01.0191 5460 gupdate - ok
11:21:01.0213 5460 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:21:01.0215 5460 gupdatem - ok
11:21:01.0321 5460 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
11:21:01.0326 5460 HdAudAddService - ok
11:21:01.0354 5460 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:21:01.0355 5460 HDAudBus - ok
11:21:01.0381 5460 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:21:01.0383 5460 HidBth - ok
11:21:01.0400 5460 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:21:01.0403 5460 HidIr - ok
11:21:01.0443 5460 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
11:21:01.0445 5460 hidserv - ok
11:21:01.0459 5460 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
11:21:01.0463 5460 HidUsb - ok
11:21:01.0485 5460 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
11:21:01.0488 5460 hkmsvc - ok
11:21:01.0512 5460 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
11:21:01.0514 5460 HpCISSs - ok
11:21:01.0569 5460 HSF_DPV (9efa5fec26cec696a66a891ac90b412d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
11:21:01.0607 5460 HSF_DPV - ok
11:21:01.0835 5460 HSXHWBS2 (a3077d9ed7ff612a033536a6009dbea5) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
11:21:01.0840 5460 HSXHWBS2 - ok
11:21:01.0901 5460 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
11:21:01.0908 5460 HTTP - ok
11:21:01.0966 5460 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
11:21:01.0968 5460 i2omp - ok
11:21:02.0056 5460 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:21:02.0058 5460 i8042prt - ok
11:21:02.0096 5460 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
11:21:02.0101 5460 iaStorV - ok
11:21:02.0208 5460 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:21:02.0211 5460 IDriverT - ok
11:21:02.0297 5460 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:21:02.0320 5460 idsvc - ok
11:21:02.0381 5460 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:21:02.0384 5460 iirsp - ok
11:21:02.0430 5460 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
11:21:02.0447 5460 IKEEXT - ok
11:21:02.0487 5460 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
11:21:02.0489 5460 int15 - ok
11:21:02.0589 5460 IntcAzAudAddService (23ebcee9aaa4d6c88728791fab462456) C:\Windows\system32\drivers\RTKVHDA.sys
11:21:02.0640 5460 IntcAzAudAddService - ok
11:21:02.0705 5460 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
11:21:02.0708 5460 intelide - ok
11:21:02.0740 5460 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:21:02.0741 5460 intelppm - ok
11:21:02.0784 5460 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
11:21:02.0787 5460 IPBusEnum - ok
11:21:02.0826 5460 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:21:02.0828 5460 IpFilterDriver - ok
11:21:02.0883 5460 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
11:21:02.0887 5460 iphlpsvc - ok
11:21:02.0897 5460 IpInIp - ok
11:21:02.0914 5460 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
11:21:02.0917 5460 IPMIDRV - ok
11:21:02.0957 5460 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:21:02.0960 5460 IPNAT - ok
11:21:03.0021 5460 iPod Service (5c7538b244e439df39388da28e0a18d1) C:\Program Files\iPod\bin\iPodService.exe
11:21:03.0026 5460 iPod Service - ok
11:21:03.0040 5460 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:21:03.0045 5460 IRENUM - ok
11:21:03.0063 5460 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
11:21:03.0065 5460 isapnp - ok
11:21:03.0099 5460 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
11:21:03.0102 5460 iScsiPrt - ok
11:21:03.0131 5460 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:21:03.0133 5460 iteatapi - ok
11:21:03.0154 5460 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:21:03.0157 5460 iteraid - ok
11:21:03.0182 5460 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:21:03.0183 5460 kbdclass - ok
11:21:03.0197 5460 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
11:21:03.0199 5460 kbdhid - ok
11:21:03.0237 5460 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
11:21:03.0240 5460 KeyIso - ok
11:21:03.0329 5460 Kodak AiO Network Discovery Service (eaef6257eead7cdad19ece129de2faea) C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
11:21:03.0331 5460 Kodak AiO Network Discovery Service - ok
11:21:03.0347 5460 KodakSvc (9999ae8ace65298c56e89100f6483292) C:\Program Files\Kodak\AiO\center\KodakSvc.exe
11:21:03.0348 5460 KodakSvc - ok
11:21:03.0534 5460 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
11:21:03.0543 5460 KSecDD - ok
11:21:03.0611 5460 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
11:21:03.0624 5460 KtmRm - ok
11:21:03.0680 5460 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\System32\srvsvc.dll
11:21:03.0684 5460 LanmanServer - ok
11:21:03.0721 5460 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
11:21:03.0727 5460 LanmanWorkstation - ok
11:21:03.0864 5460 LightScribeService (9c0546a363fcf52c4aac6560a92e88ff) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
11:21:03.0868 5460 LightScribeService - ok
11:21:03.0934 5460 LinksysUpdater (06dc2fdc6282f0d68910417b1150c848) C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
11:21:03.0938 5460 LinksysUpdater - ok
11:21:04.0029 5460 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:21:04.0031 5460 lltdio - ok
11:21:04.0071 5460 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
11:21:04.0076 5460 lltdsvc - ok
11:21:04.0106 5460 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
11:21:04.0108 5460 lmhosts - ok
11:21:04.0149 5460 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
11:21:04.0151 5460 LSI_FC - ok
11:21:04.0173 5460 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
11:21:04.0177 5460 LSI_SAS - ok
11:21:04.0213 5460 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
11:21:04.0216 5460 LSI_SCSI - ok
11:21:04.0243 5460 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:21:04.0246 5460 luafv - ok
11:21:04.0313 5460 lxduCATSCustConnectService (4a0b6533f035d74729942ee1d19c35c5) C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
11:21:04.0316 5460 lxduCATSCustConnectService - ok
11:21:04.0343 5460 lxdu_device - ok
11:21:04.0391 5460 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
11:21:04.0393 5460 MBAMProtector - ok
11:21:04.0455 5460 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:21:04.0462 5460 MBAMService - ok
11:21:04.0492 5460 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
11:21:04.0495 5460 Mcx2Svc - ok
11:21:04.0520 5460 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:21:04.0522 5460 mdmxsdk - ok
11:21:04.0554 5460 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
11:21:04.0556 5460 megasas - ok
11:21:04.0600 5460 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
11:21:04.0616 5460 MegaSR - ok
11:21:04.0687 5460 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
11:21:04.0691 5460 Microsoft Office Groove Audit Service - ok
11:21:04.0776 5460 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:21:04.0779 5460 MMCSS - ok
11:21:04.0831 5460 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:21:04.0832 5460 Modem - ok
11:21:04.0871 5460 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:21:04.0903 5460 monitor - ok
11:21:04.0946 5460 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\Windows\system32\DRIVERS\motccgp.sys
11:21:04.0947 5460 motccgp - ok
11:21:04.0975 5460 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\Windows\system32\DRIVERS\motccgpfl.sys
11:21:04.0976 5460 motccgpfl - ok
11:21:05.0022 5460 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys
11:21:05.0024 5460 motmodem - ok
11:21:05.0062 5460 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:21:05.0064 5460 mouclass - ok
11:21:05.0087 5460 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:21:05.0089 5460 mouhid - ok
11:21:05.0105 5460 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:21:05.0109 5460 MountMgr - ok
11:21:05.0147 5460 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
11:21:05.0149 5460 mpio - ok
11:21:05.0173 5460 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:21:05.0175 5460 mpsdrv - ok
11:21:05.0218 5460 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
11:21:05.0235 5460 MpsSvc - ok
11:21:05.0419 5460 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:21:05.0422 5460 Mraid35x - ok
11:21:05.0583 5460 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
11:21:05.0588 5460 MRxDAV - ok
11:21:05.0786 5460 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:21:05.0791 5460 mrxsmb - ok
11:21:05.0896 5460 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:21:05.0900 5460 mrxsmb10 - ok
11:21:05.0948 5460 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:21:05.0951 5460 mrxsmb20 - ok
11:21:05.0991 5460 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
11:21:05.0993 5460 msahci - ok
11:21:06.0027 5460 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
11:21:06.0031 5460 msdsm - ok
11:21:06.0077 5460 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
11:21:06.0082 5460 MSDTC - ok
11:21:06.0116 5460 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:21:06.0118 5460 Msfs - ok
11:21:06.0163 5460 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:21:06.0166 5460 msisadrv - ok
11:21:06.0201 5460 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
11:21:06.0204 5460 MSiSCSI - ok
11:21:06.0222 5460 msiserver - ok
11:21:06.0257 5460 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:21:06.0259 5460 MSKSSRV - ok
11:21:06.0290 5460 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:21:06.0292 5460 MSPCLOCK - ok
11:21:06.0321 5460 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:21:06.0323 5460 MSPQM - ok
11:21:06.0346 5460 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
11:21:06.0351 5460 MsRPC - ok
11:21:06.0380 5460 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:21:06.0381 5460 mssmbios - ok
11:21:06.0406 5460 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:21:06.0408 5460 MSTEE - ok
11:21:06.0451 5460 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
11:21:06.0454 5460 Mup - ok
11:21:06.0488 5460 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
11:21:06.0494 5460 napagent - ok
11:21:06.0535 5460 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
11:21:06.0539 5460 NativeWifiP - ok
11:21:06.0590 5460 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
11:21:06.0606 5460 NDIS - ok
11:21:06.0635 5460 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:21:06.0638 5460 NdisTapi - ok
11:21:06.0661 5460 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:21:06.0663 5460 Ndisuio - ok
11:21:06.0706 5460 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
11:21:06.0710 5460 NdisWan - ok
11:21:06.0744 5460 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:21:06.0746 5460 NDProxy - ok
11:21:06.0811 5460 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:21:06.0813 5460 NetBIOS - ok
11:21:06.0833 5460 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
11:21:06.0839 5460 netbt - ok
11:21:06.0870 5460 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
11:21:06.0872 5460 Netlogon - ok
11:21:06.0919 5460 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
11:21:06.0924 5460 Netman - ok
11:21:06.0962 5460 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
11:21:06.0969 5460 netprofm - ok
11:21:07.0028 5460 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:21:07.0034 5460 NetTcpPortSharing - ok
11:21:07.0082 5460 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:21:07.0085 5460 nfrd960 - ok
11:21:07.0119 5460 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
11:21:07.0124 5460 NlaSvc - ok
11:21:07.0229 5460 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
11:21:07.0246 5460 NMIndexingService - ok
11:21:07.0308 5460 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
11:21:07.0311 5460 Npfs - ok
11:21:07.0340 5460 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
11:21:07.0343 5460 nsi - ok
11:21:07.0381 5460 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:21:07.0384 5460 nsiproxy - ok
11:21:07.0430 5460 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
11:21:07.0466 5460 Ntfs - ok
11:21:07.0498 5460 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:21:07.0501 5460 ntrigdigi - ok
11:21:07.0538 5460 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:21:07.0540 5460 Null - ok
11:21:07.0788 5460 nvlddmkm (59fe1884276ad3bcf07c21ea7b46d092) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:21:07.0944 5460 nvlddmkm - ok
11:21:07.0976 5460 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
11:21:07.0980 5460 nvraid - ok
11:21:08.0004 5460 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
11:21:08.0007 5460 nvstor - ok
11:21:08.0037 5460 nvstor32 (bb4dd678706510d9249eed1da0219900) C:\Windows\system32\DRIVERS\nvstor32.sys
11:21:08.0039 5460 nvstor32 - ok
11:21:08.0077 5460 nvsvc (5f6253e3c458864a2d684b39d10dea7a) C:\Windows\system32\nvvsvc.exe
11:21:08.0083 5460 nvsvc - ok
11:21:08.0116 5460 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
11:21:08.0123 5460 nv_agp - ok
11:21:08.0137 5460 NwlnkFlt - ok
11:21:08.0160 5460 NwlnkFwd - ok
11:21:08.0255 5460 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:21:08.0294 5460 odserv - ok
11:21:08.0434 5460 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
11:21:08.0438 5460 ohci1394 - ok
11:21:08.0542 5460 OKI OPHD DCS Loader (5ef635b8440db8596248b5f93a60f355) C:\Windows\system32\spool\DRIVERS\W32X86\3\OPHDLDCS.EXE
11:21:08.0543 5460 OKI OPHD DCS Loader - ok
11:21:08.0660 5460 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:21:08.0665 5460 ose - ok
11:21:08.0772 5460 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
11:21:08.0796 5460 p2pimsvc - ok
11:21:08.0821 5460 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
11:21:08.0829 5460 p2psvc - ok
11:21:08.0882 5460 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:21:08.0885 5460 Parport - ok
11:21:08.0918 5460 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
11:21:08.0920 5460 partmgr - ok
11:21:08.0944 5460 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:21:08.0947 5460 Parvdm - ok
11:21:08.0979 5460 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
11:21:08.0983 5460 PcaSvc - ok
11:21:09.0019 5460 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
11:21:09.0023 5460 pci - ok
11:21:09.0050 5460 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
11:21:09.0052 5460 pciide - ok
11:21:09.0076 5460 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
11:21:09.0082 5460 pcmcia - ok
11:21:09.0119 5460 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
11:21:09.0125 5460 pcouffin - ok
11:21:09.0178 5460 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:21:09.0205 5460 PEAUTH - ok
11:21:09.0306 5460 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
11:21:09.0338 5460 pla - ok
11:21:09.0378 5460 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
11:21:09.0385 5460 PlugPlay - ok
11:21:09.0419 5460 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
11:21:09.0426 5460 PNRPAutoReg - ok
11:21:09.0568 5460 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
11:21:09.0576 5460 PNRPsvc - ok
11:21:09.0616 5460 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
11:21:09.0625 5460 PolicyAgent - ok
11:21:09.0676 5460 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:21:09.0679 5460 PptpMiniport - ok
11:21:09.0705 5460 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
11:21:09.0707 5460 Processor - ok
11:21:09.0743 5460 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
11:21:09.0749 5460 ProfSvc - ok
11:21:09.0787 5460 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
11:21:09.0788 5460 ProtectedStorage - ok
11:21:09.0837 5460 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
11:21:09.0840 5460 PSched - ok
11:21:09.0877 5460 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
11:21:09.0880 5460 PxHelp20 - ok
11:21:09.0939 5460 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
11:21:09.0964 5460 ql2300 - ok
11:21:09.0992 5460 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:21:09.0997 5460 ql40xx - ok
11:21:10.0026 5460 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
11:21:10.0032 5460 QWAVE - ok
11:21:10.0053 5460 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:21:10.0055 5460 QWAVEdrv - ok
11:21:10.0073 5460 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:21:10.0076 5460 RasAcd - ok
11:21:10.0096 5460 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
11:21:10.0101 5460 RasAuto - ok
11:21:10.0124 5460 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:21:10.0127 5460 Rasl2tp - ok
11:21:10.0165 5460 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
11:21:10.0171 5460 RasMan - ok
11:21:10.0192 5460 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
11:21:10.0195 5460 RasPppoe - ok
11:21:10.0207 5460 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
11:21:10.0211 5460 RasSstp - ok
11:21:10.0271 5460 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
11:21:10.0276 5460 rdbss - ok
11:21:10.0297 5460 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:21:10.0299 5460 RDPCDD - ok
11:21:10.0330 5460 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
11:21:10.0335 5460 rdpdr - ok
11:21:10.0346 5460 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:21:10.0349 5460 RDPENCDD - ok
11:21:10.0386 5460 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
11:21:10.0390 5460 RDPWD - ok
11:21:10.0426 5460 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
11:21:10.0430 5460 RemoteAccess - ok
11:21:10.0468 5460 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
11:21:10.0472 5460 RemoteRegistry - ok
11:21:10.0515 5460 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
11:21:10.0517 5460 RimUsb - ok
11:21:10.0558 5460 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
11:21:10.0561 5460 RimVSerPort - ok
11:21:10.0609 5460 Roxio UPnP Renderer 9 (52b79926d0fe190545c16a0e7e1dcab4) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
11:21:10.0611 5460 Roxio UPnP Renderer 9 - ok
11:21:10.0635 5460 Roxio Upnp Server 9 (903dc5cc548e7a61a1af7669402f833a) C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
11:21:10.0640 5460 Roxio Upnp Server 9 - ok
11:21:10.0697 5460 RoxLiveShare9 (ad3beb2aca78acfc96fe6c4666406272) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
11:21:10.0703 5460 RoxLiveShare9 - ok
11:21:10.0750 5460 RoxMediaDB9 (315532475b1316fdeaddb17f77257071) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
11:21:10.0768 5460 RoxMediaDB9 - ok
11:21:10.0794 5460 RoxWatch9 (75176aea967f6ed822f5a3cb92d07e74) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
11:21:10.0798 5460 RoxWatch9 - ok
11:21:10.0871 5460 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
11:21:10.0873 5460 RpcLocator - ok
11:21:10.0927 5460 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
11:21:10.0933 5460 RpcSs - ok
11:21:10.0968 5460 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:21:10.0970 5460 rspndr - ok
11:21:11.0034 5460 RTL8169 (13e97cf38286b8a1d7605d3175db28ee) C:\Windows\system32\DRIVERS\Rtlh86.sys
11:21:11.0040 5460 RTL8169 - ok
11:21:11.0075 5460 RxFilter (a6ec7f912cd8584d8f1b15df0032796a) C:\Windows\system32\DRIVERS\RxFilter.sys
11:21:11.0077 5460 RxFilter - ok
11:21:11.0112 5460 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
11:21:11.0113 5460 SamSs - ok
11:21:11.0191 5460 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:21:11.0192 5460 SASDIFSV - ok
11:21:11.0227 5460 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:21:11.0229 5460 SASKUTIL - ok
11:21:11.0304 5460 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:21:11.0307 5460 sbp2port - ok
11:21:11.0353 5460 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
11:21:11.0358 5460 SCardSvr - ok
11:21:11.0490 5460 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
11:21:11.0507 5460 Schedule - ok
11:21:11.0534 5460 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
11:21:11.0535 5460 SCPolicySvc - ok
11:21:11.0576 5460 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
11:21:11.0580 5460 SDRSVC - ok
11:21:11.0613 5460 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:21:11.0615 5460 secdrv - ok
11:21:11.0633 5460 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
11:21:11.0636 5460 seclogon - ok
11:21:11.0660 5460 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
11:21:11.0663 5460 SENS - ok
11:21:11.0709 5460 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
11:21:11.0710 5460 Serenum - ok
11:21:11.0729 5460 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
11:21:11.0732 5460 Serial - ok
11:21:11.0751 5460 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:21:11.0753 5460 sermouse - ok
11:21:11.0795 5460 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
11:21:11.0799 5460 SessionEnv - ok
11:21:11.0814 5460 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
11:21:11.0815 5460 sffdisk - ok
11:21:11.0833 5460 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
11:21:11.0835 5460 sffp_mmc - ok
11:21:11.0854 5460 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
11:21:11.0857 5460 sffp_sd - ok
11:21:11.0881 5460 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
11:21:11.0883 5460 sfloppy - ok
11:21:11.0919 5460 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
11:21:11.0928 5460 SharedAccess - ok
11:21:11.0984 5460 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
11:21:11.0990 5460 ShellHWDetection - ok
11:21:12.0021 5460 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
11:21:12.0024 5460 sisagp - ok
11:21:12.0053 5460 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
11:21:12.0056 5460 SiSRaid2 - ok
11:21:12.0079 5460 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
11:21:12.0081 5460 SiSRaid4 - ok
11:21:12.0164 5460 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
11:21:12.0227 5460 slsvc - ok
11:21:12.0258 5460 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
11:21:12.0262 5460 SLUINotify - ok
11:21:12.0329 5460 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
11:21:12.0331 5460 Smb - ok
11:21:12.0369 5460 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
11:21:12.0373 5460 SNMPTRAP - ok
11:21:12.0408 5460 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:21:12.0411 5460 spldr - ok
11:21:12.0490 5460 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
11:21:12.0496 5460 Spooler - ok
11:21:12.0598 5460 SpyHunter 4 Service (63f2b52947577dbb075fe646bc758a2f) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
11:21:12.0614 5460 SpyHunter 4 Service - ok
11:21:12.0733 5460 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
11:21:12.0739 5460 srv - ok
11:21:12.0778 5460 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
11:21:12.0782 5460 srv2 - ok
11:21:12.0851 5460 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
11:21:12.0854 5460 srvnet - ok
11:21:12.0882 5460 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
11:21:12.0885 5460 SSDPSRV - ok
11:21:12.0936 5460 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
11:21:12.0941 5460 SstpSvc - ok
11:21:13.0001 5460 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
11:21:13.0019 5460 stisvc - ok
11:21:13.0066 5460 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:21:13.0068 5460 swenum - ok
11:21:13.0121 5460 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
11:21:13.0127 5460 swprv - ok
11:21:13.0210 5460 SydexFDD (9b2bdd7a8629a9c5a55cd5635ddf136f) C:\Windows\system32\Drivers\sydexfdd.sys
11:21:13.0211 5460 SydexFDD - ok
11:21:13.0266 5460 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:21:13.0268 5460 Symc8xx - ok
11:21:13.0289 5460 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:21:13.0290 5460 Sym_hi - ok
11:21:13.0310 5460 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:21:13.0312 5460 Sym_u3 - ok
11:21:13.0350 5460 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
11:21:13.0357 5460 SysMain - ok
11:21:13.0380 5460 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
11:21:13.0384 5460 TabletInputService - ok
11:21:13.0406 5460 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
11:21:13.0413 5460 TapiSrv - ok
11:21:13.0437 5460 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
11:21:13.0440 5460 TBS - ok
11:21:13.0522 5460 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
11:21:13.0547 5460 Tcpip - ok
11:21:13.0585 5460 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
11:21:13.0593 5460 Tcpip6 - ok
11:21:13.0628 5460 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
11:21:13.0630 5460 tcpipreg - ok
11:21:13.0658 5460 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:21:13.0659 5460 TDPIPE - ok
11:21:13.0683 5460 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:21:13.0688 5460 TDTCP - ok
11:21:13.0753 5460 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
11:21:13.0755 5460 tdx - ok
11:21:13.0770 5460 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
11:21:13.0774 5460 TermDD - ok
11:21:13.0813 5460 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
11:21:13.0830 5460 TermService - ok
11:21:13.0892 5460 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
11:21:13.0896 5460 Themes - ok
11:21:13.0925 5460 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:21:13.0927 5460 THREADORDER - ok
11:21:13.0947 5460 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
11:21:13.0951 5460 TrkWks - ok
11:21:13.0999 5460 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
11:21:14.0000 5460 TrustedInstaller - ok
11:21:14.0061 5460 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:21:14.0063 5460 tssecsrv - ok
11:21:14.0083 5460 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:21:14.0086 5460 tunmp - ok
11:21:14.0144 5460 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
11:21:14.0147 5460 tunnel - ok
11:21:14.0198 5460 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
11:21:14.0200 5460 uagp35 - ok
11:21:14.0224 5460 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
11:21:14.0228 5460 udfs - ok
11:21:14.0288 5460 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
11:21:14.0292 5460 UI0Detect - ok
11:21:14.0316 5460 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
11:21:14.0319 5460 uliagpkx - ok
11:21:14.0343 5460 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
11:21:14.0348 5460 uliahci - ok
11:21:14.0362 5460 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:21:14.0366 5460 UlSata - ok
11:21:14.0390 5460 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:21:14.0393 5460 ulsata2 - ok
11:21:14.0411 5460 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:21:14.0414 5460 umbus - ok
11:21:14.0443 5460 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
11:21:14.0450 5460 upnphost - ok
11:21:14.0489 5460 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:21:14.0491 5460 usbccgp - ok
11:21:14.0520 5460 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:21:14.0523 5460 usbcir - ok
11:21:14.0552 5460 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
11:21:14.0554 5460 usbehci - ok
11:21:14.0592 5460 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
11:21:14.0596 5460 usbhub - ok
11:21:14.0616 5460 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
11:21:14.0618 5460 usbohci - ok
11:21:14.0653 5460 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
11:21:14.0655 5460 usbprint - ok
11:21:14.0692 5460 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
11:21:14.0693 5460 usbscan - ok
11:21:14.0727 5460 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:21:14.0728 5460 USBSTOR - ok
11:21:14.0764 5460 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:21:14.0767 5460 usbuhci - ok
11:21:14.0786 5460 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
11:21:14.0791 5460 UxSms - ok
11:21:14.0829 5460 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
11:21:14.0846 5460 vds - ok
11:21:14.0867 5460 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
11:21:14.0869 5460 vga - ok
11:21:14.0890 5460 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:21:14.0892 5460 VgaSave - ok
11:21:14.0912 5460 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
11:21:14.0914 5460 viaagp - ok
11:21:14.0935 5460 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
11:21:14.0937 5460 ViaC7 - ok
11:21:14.0962 5460 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
11:21:14.0963 5460 viaide - ok
11:21:14.0992 5460 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:21:14.0994 5460 volmgr - ok
11:21:15.0016 5460 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
11:21:15.0034 5460 volmgrx - ok
11:21:15.0049 5460 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
11:21:15.0056 5460 volsnap - ok
11:21:15.0090 5460 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
11:21:15.0094 5460 vsmraid - ok
11:21:15.0140 5460 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
11:21:15.0150 5460 VSS - ok
11:21:15.0172 5460 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
11:21:15.0189 5460 W32Time - ok
11:21:15.0209 5460 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:21:15.0212 5460 WacomPen - ok
11:21:15.0261 5460 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:21:15.0263 5460 Wanarp - ok
11:21:15.0270 5460 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:21:15.0272 5460 Wanarpv6 - ok
11:21:15.0295 5460 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
11:21:15.0305 5460 wcncsvc - ok
11:21:15.0320 5460 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
11:21:15.0325 5460 WcsPlugInService - ok
11:21:15.0342 5460 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
11:21:15.0343 5460 Wd - ok
11:21:15.0378 5460 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
11:21:15.0386 5460 Wdf01000 - ok
11:21:15.0405 5460 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:21:15.0410 5460 WdiServiceHost - ok
11:21:15.0419 5460 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:21:15.0423 5460 WdiSystemHost - ok
11:21:15.0446 5460 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
11:21:15.0452 5460 WebClient - ok
11:21:15.0476 5460 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
11:21:15.0482 5460 Wecsvc - ok
11:21:15.0505 5460 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
11:21:15.0509 5460 wercplsupport - ok
11:21:15.0525 5460 WerSvc (4081288554294f144e5a7d4ee20e3ce6) C:\Windows\System32\WerSvc.dll
11:21:15.0530 5460 WerSvc - ok
11:21:15.0576 5460 winachsf (cf27edac75c87f2b776d9218f02f8301) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
11:21:15.0592 5460 winachsf - ok
11:21:15.0642 5460 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
11:21:15.0645 5460 WinDefend - ok
11:21:15.0657 5460 WinHttpAutoProxySvc - ok
11:21:15.0718 5460 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
11:21:15.0722 5460 Winmgmt - ok
11:21:15.0769 5460 WinRM (20fc93fdc916843cfdfcaa7a1b0db16f) C:\Windows\system32\WsmSvc.dll
11:21:15.0787 5460 WinRM - ok
11:21:15.0839 5460 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
11:21:15.0856 5460 Wlansvc - ok
11:21:15.0888 5460 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:21:15.0889 5460 WmiAcpi - ok
11:21:15.0972 5460 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
11:21:15.0977 5460 wmiApSrv - ok
11:21:16.0072 5460 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:21:16.0115 5460 WMPNetworkSvc - ok
11:21:16.0189 5460 wntpport - ok
11:21:16.0258 5460 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
11:21:16.0263 5460 WPCSvc - ok
11:21:16.0299 5460 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
11:21:16.0303 5460 WPDBusEnum - ok
11:21:16.0340 5460 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
11:21:16.0342 5460 WpdUsb - ok
11:21:16.0402 5460 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:21:16.0404 5460 ws2ifsl - ok
11:21:16.0464 5460 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
11:21:16.0467 5460 wscsvc - ok
11:21:16.0477 5460 WSearch - ok
11:21:16.0556 5460 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
11:21:16.0575 5460 wuauserv - ok
11:21:16.0636 5460 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:21:16.0639 5460 WUDFRd - ok
11:21:16.0666 5460 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
11:21:16.0670 5460 wudfsvc - ok
11:21:16.0703 5460 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
11:21:16.0704 5460 XAudio - ok
11:21:16.0730 5460 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
11:21:16.0735 5460 XAudioService - ok
11:21:16.0825 5460 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
11:21:16.0830 5460 YahooAUService - ok
11:21:16.0857 5460 MBR (0x1B8) (3f52334f255df9dc66b0111a308bfa16) \Device\Harddisk0\DR0
11:21:19.0496 5460 \Device\Harddisk0\DR0 - ok
11:21:19.0511 5460 Boot (0x1200) (5957075210d4f9a55f67fae4deeb3ef9) \Device\Harddisk0\DR0\Partition0
11:21:19.0512 5460 \Device\Harddisk0\DR0\Partition0 - ok
11:21:19.0513 5460 ============================================================
11:21:19.0513 5460 Scan finished
11:21:19.0513 5460 ============================================================
11:21:19.0536 5868 Detected object count: 0
11:21:19.0537 5868 Actual detected object count: 0
11:28:36.0056 4592 Deinitialize success

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:53 AM

Posted 02 April 2012 - 01:34 PM

Hello


under which browsers are the redirect happening - check all that is installed on the computer and let me know



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 swenb23

swenb23
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 02 April 2012 - 01:40 PM

I have firefox and internet explorer. I pretty much mainly use firefox and that's where it was happening. Like I previously stated, It's not right now because I did manage to get the items disable in the about:config through firefox. I would like to get my computer cleaned up though if possible

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:53 AM

Posted 02 April 2012 - 01:55 PM

Hello


What I have found so far is that if you uninstall firefox and reinstall it it will clear it up



Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 swenb23

swenb23
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 02 April 2012 - 02:35 PM

OTL logfile created on: 4/2/2012 2:28:48 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\becky2\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 42.33% Memory free
3.74 Gb Paging File | 2.32 Gb Available in Paging File | 62.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 98.62 Gb Free Space | 34.23% Space Free | Partition Type: NTFS

Computer Name: BECKY2-PC | User Name: becky2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\becky2\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe ()
PRC - C:\Program Files\EMBIRD32\SEARCHER.EXE ()
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\lxduserv.exe (Lexmark International, Inc.)
PRC - C:\Windows\System32\lxducoms.exe ( )
PRC - C:\Program Files\Creative Home\Hallmark Card Studio 2010 Deluxe\Planner\PLNRnote.exe (Creative Home)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\AiO\Center\KodakSvc.exe (Eastman Kodak Company)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
PRC - C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
PRC - C:\Windows\System32\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\OPHDLDCS.EXE (Oki Data Corporation)
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe ()
MOD - C:\Program Files\EMBIRD32\SEARCHER.EXE ()
MOD - C:\Program Files\VTech\DownloadManager\System\QtWebKit4.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\VTech\DownloadManager\System\DACommCenter.dll ()
MOD - C:\Program Files\VTech\DownloadManager\System\QtGui4.dll ()
MOD - C:\Program Files\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll ()
MOD - C:\Program Files\VTech\DownloadManager\System\QtCore4.dll ()
MOD - C:\Program Files\VTech\DownloadManager\System\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\VTech\DownloadManager\System\phonon4.dll ()
MOD - C:\Program Files\VTech\DownloadManager\System\QtXmlPatterns4.dll ()
MOD - C:\Program Files\VTech\DownloadManager\System\QtNetwork4.dll ()
MOD - C:\Program Files\VTech\DownloadManager\System\QtXml4.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll ()
MOD - C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (lxduCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe ()
SRV - (lxdu_device) -- C:\Windows\System32\lxducoms.exe ( )
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe (Eastman Kodak Company)
SRV - (KodakSvc) -- C:\Program Files\Kodak\AiO\Center\KodakSvc.exe (Eastman Kodak Company)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (ETService) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (OKI OPHD DCS Loader) -- C:\Windows\System32\spool\drivers\w32x86\3\OPHDLDCS.EXE (Oki Data Corporation)


========== Driver Services (SafeList) ==========

DRV - (wntpport) -- File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\becky2\AppData\Local\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\Users\becky2\AppData\Local\Temp\aswMBR.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (SydexFDD) -- C:\Windows\System32\drivers\SYDEXFDD.SYS (Windows ® 2000 DDK provider)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (fdrawcmd) -- C:\Windows\System32\drivers\fdrawcmd.sys (simonowen.com)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (RxFilter) -- C:\Windows\System32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=1108&m=et1641-02w
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm039YYus&ptnrS=ZXxdm039YYus&si=radiopi&ptb=1571F787-EF90-45F8-AC57-0DF65C79169C&ind=2012032512&n=77ed2e00&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=1108&m=et1641-02w
IE - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm039YYus&ptnrS=ZXxdm039YYus&si=radiopi&ptb=1571F787-EF90-45F8-AC57-0DF65C79169C&ind=2012032512&n=77ed2e00&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..\SearchScopes\{8BC30AF0-2F8E-448B-99A3-433213EC50FC}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=FM&apn_dtid=TES002YYUS&apn_uid=0aef8aa2-9430-42e5-8dd1-d4c916d52bc0&apn_sauid=EC8FAEF7-C09C-4716-94A8-0488B9CBBE2D
IE - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
IE - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com/firefox/?fr=yff40-sfp"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RadioRage_4j.com/Plugin: C:\Program Files\RadioRage_4j\bar\1.bin\NP4jStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4jffxtbr@RadioRage_4j.com: C:\Program Files\RadioRage_4j\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/06 23:32:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/06 23:55:57 | 000,000,000 | ---D | M]

[2010/08/13 11:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\becky2\AppData\Roaming\Mozilla\Extensions
[2010/08/13 11:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\becky2\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/03/31 12:25:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\becky2\AppData\Roaming\Mozilla\Firefox\Profiles\np4d00xp.default\extensions
[2011/12/15 01:28:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\becky2\AppData\Roaming\Mozilla\Firefox\Profiles\np4d00xp.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(256)
[2011/11/07 23:30:40 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\becky2\AppData\Roaming\Mozilla\Firefox\Profiles\np4d00xp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/03/30 18:59:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/06 23:32:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/04/06 23:32:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
() (No name found) -- C:\USERS\BECKY2\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NP4D00XP.DEFAULT\EXTENSIONS\WGBAVCFKBU@WGBAVCFKBU.ORG.XPI
[2012/03/15 00:11:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/01/01 03:00:00 | 000,135,168 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/07/09 16:36:52 | 000,002,280 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {78ba36c9-6036-482b-b48d-ecca6f964b84} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..\Toolbar\WebBrowser: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - No CLSID value found.
O3 - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EMBIRD.Searcher] C:\Program Files\EMBIRD32\SEARCHER.EXE ()
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BL)
O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-2777053692-3429718355-512852848-1000..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-2777053692-3429718355-512852848-1000..\Run: [EPSON WorkForce 500 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2777053692-3429718355-512852848-1000..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\S-1-5-21-2777053692-3429718355-512852848-1000..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-2777053692-3429718355-512852848-1000..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-21-2777053692-3429718355-512852848-1000..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-2777053692-3429718355-512852848-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10w_Plugin.exe (Adobe Systems, Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..Trusted Domains: target.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..Trusted Domains: taxslayer.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..Trusted Domains: tupperware.com ([order] https in Trusted sites)
O15 - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7EFC340-C1FF-4A9C-A2C8-CA8864D5C9A6}: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\becky2\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\becky2\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{52719221-5573-11e1-bebd-0021972b52a6}\Shell - "" = AutoRun
O33 - MountPoints2\{52719221-5573-11e1-bebd-0021972b52a6}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe
O33 - MountPoints2\{ee25ea84-594f-11de-9c3e-0021972b52a6}\Shell\AutoRun\command - "" = K:\rcaeasyrip_setup.exe
O33 - MountPoints2\{ee25ea84-594f-11de-9c3e-0021972b52a6}\Shell\install\command - "" = K:\rcaeasyrip_setup.exe
O33 - MountPoints2\{ee25ea84-594f-11de-9c3e-0021972b52a6}\Shell\usermanualEnglish\command - "" = K:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{ee25ea84-594f-11de-9c3e-0021972b52a6}\Shell\usermanualFrench\command - "" = K:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{ee25ea84-594f-11de-9c3e-0021972b52a6}\Shell\usermanualSpanish\command - "" = K:\rcaeasyrip_setup.exe /pdf_Spanish
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/02 09:02:15 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/01 23:49:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/01 23:49:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/01 23:49:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/01 23:49:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/01 23:49:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/31 12:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2012/03/31 12:40:14 | 000,000,000 | ---D | C] -- C:\Users\becky2\AppData\Roaming\BitTorrent
[2012/03/31 11:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/03/31 11:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/30 19:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/30 19:21:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/30 18:59:58 | 000,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/30 18:59:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/18 16:18:53 | 000,000,000 | ---D | C] -- C:\Users\becky2\AppData\Local\visi_coupon
[2012/03/16 21:29:55 | 000,000,000 | -HSD | C] -- C:\found.001
[2012/03/14 23:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/03/14 23:56:16 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2012/03/14 23:56:16 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2012/03/14 23:56:16 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2012/03/14 23:25:23 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/03/14 23:25:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/03/14 23:25:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/03/14 23:25:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/03/14 23:25:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/03/14 23:25:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/03/14 23:25:22 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/03/14 23:25:22 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/03/14 23:25:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/03/14 23:25:21 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/03/14 23:25:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/03/14 23:25:19 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/03/14 23:25:19 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/03/14 23:25:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/03/14 23:25:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/03/14 23:25:18 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/03/14 23:25:18 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/03/14 23:24:33 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/03/14 23:24:33 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/03/14 23:24:05 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2012/03/14 23:23:51 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2012/03/14 23:22:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/03/14 23:22:13 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012/03/14 23:21:13 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2012/03/14 23:20:50 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2012/03/14 23:20:50 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2012/03/14 23:20:49 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2012/03/14 23:20:44 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/03/14 23:20:39 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/03/14 23:20:38 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2012/03/14 23:20:38 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012/03/14 23:20:38 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2012/03/14 23:20:32 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2012/03/14 23:20:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2012/03/14 23:20:11 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/03/14 23:20:11 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/03/14 23:20:07 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2012/03/14 23:17:44 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2012/03/14 23:17:43 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2012/03/14 23:17:36 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2012/03/14 23:17:33 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2012/03/14 23:17:14 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2012/03/14 23:17:14 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2012/03/14 23:17:00 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/14 23:16:43 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/03/14 23:16:43 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2012/03/14 23:16:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/03/14 23:16:35 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2012/03/14 23:16:25 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2012/03/13 10:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/13 10:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/12 15:02:17 | 000,000,000 | ---D | C] -- C:\Users\becky2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kolors thread Match
[2012/03/12 15:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolors thread Match
[2012/03/12 15:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\KolorsMatch
[2012/03/12 00:26:48 | 000,000,000 | ---D | C] -- C:\Users\becky2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012/03/12 00:26:46 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/03/12 00:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/03/12 00:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/03/11 15:53:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/03/08 17:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Great Notions
[2012/03/08 17:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\GreatNotions
[2012/03/06 21:02:41 | 000,000,000 | ---D | C] -- C:\Users\becky2\New Folder
[2010/05/14 11:21:55 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\becky2\AppData\Roaming\pcouffin.sys
[2 C:\Users\becky2\Documents\*.tmp files -> C:\Users\becky2\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/02 14:27:36 | 000,000,819 | ---- | M] () -- C:\Users\becky2\Desktop\OTL - Shortcut.lnk
[2012/04/02 14:25:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/02 13:18:00 | 000,000,512 | ---- | M] () -- C:\Users\becky2\Documents\MBR.dat
[2012/04/02 12:44:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/02 12:44:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/02 10:51:12 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/02 10:51:12 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/02 10:45:02 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/04/02 10:44:56 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/02 10:44:56 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/04/02 10:44:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/02 09:01:10 | 000,000,545 | ---- | M] () -- C:\Users\becky2\Desktop\ComboFix - Shortcut.lnk
[2012/04/01 23:28:01 | 000,000,000 | ---- | M] () -- C:\Users\becky2\defogger_reenable
[2012/04/01 23:06:05 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Kodak AiO Scheduled Maintenance.job
[2012/04/01 22:52:47 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/04/01 15:52:31 | 000,028,160 | ---- | M] () -- C:\Users\becky2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/01 00:51:17 | 000,000,772 | ---- | M] () -- C:\Windows\password.klc
[2012/03/31 22:27:04 | 000,000,838 | ---- | M] () -- C:\Users\becky2\Desktop\aswMBR - Shortcut.lnk
[2012/03/31 12:42:03 | 000,000,774 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012/03/31 11:31:29 | 000,107,262 | ---- | M] () -- C:\Users\becky2\Documents\cc_20120331_113109.reg
[2012/03/31 11:23:29 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/30 20:49:20 | 000,000,696 | ---- | M] () -- C:\Users\becky2\Desktop\TDSSKiller - Shortcut.lnk
[2012/03/30 19:21:52 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/25 10:19:18 | 000,001,134 | ---- | M] () -- C:\Windows\quark.ini
[2012/03/24 09:54:12 | 001,034,911 | ---- | M] () -- C:\Users\becky2\Desktop\pr1379.pdf
[2012/03/22 12:46:44 | 000,390,557 | ---- | M] () -- C:\Users\becky2\Desktop\Embroidery Patches.pdf
[2012/03/22 12:46:28 | 000,400,763 | ---- | M] () -- C:\Users\becky2\Desktop\Plastic Bag Organizer.pdf
[2012/03/15 09:34:07 | 000,087,608 | ---- | M] () -- C:\Users\becky2\AppData\Roaming\inst.exe
[2012/03/15 09:34:07 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\becky2\AppData\Roaming\pcouffin.sys
[2012/03/15 09:34:07 | 000,007,887 | ---- | M] () -- C:\Users\becky2\AppData\Roaming\pcouffin.cat
[2012/03/15 09:34:07 | 000,001,144 | ---- | M] () -- C:\Users\becky2\AppData\Roaming\pcouffin.inf
[2012/03/15 09:04:45 | 000,575,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/15 08:57:23 | 000,000,580 | ---- | M] () -- C:\Users\becky2\AppData\Local\cookies.ini
[2012/03/13 23:18:01 | 000,000,037 | ---- | M] () -- C:\Users\becky2\AppData\Roaming\Opusbext.dat
[2012/03/13 10:11:09 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/13 10:10:21 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/12 15:06:44 | 000,000,856 | ---- | M] () -- C:\Users\becky2\Application Data\Microsoft\Internet Explorer\Quick Launch\Kolors Thread Match.lnk
[2012/03/12 15:06:44 | 000,000,832 | ---- | M] () -- C:\Users\becky2\Desktop\Kolors Thread Match.lnk
[2012/03/12 00:27:22 | 000,008,192 | ---- | M] () -- C:\shldr.mbr
[2012/03/12 00:26:49 | 000,002,081 | ---- | M] () -- C:\Users\becky2\Desktop\SpyHunter.lnk
[2012/03/10 16:39:34 | 000,344,521 | ---- | M] () -- C:\Users\becky2\Documents\25mar12a.pdf
[2012/03/10 16:39:32 | 000,000,060 | ---- | M] () -- C:\Windows\wpd99.drv
[2012/03/10 16:38:28 | 000,360,892 | ---- | M] () -- C:\Users\becky2\Documents\25mar12b.pdf
[2012/03/10 10:38:33 | 085,073,570 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012/03/09 12:30:24 | 000,128,869 | ---- | M] () -- C:\Users\becky2\Desktop\Wl1803.pes
[2012/03/09 12:30:24 | 000,001,020 | ---- | M] () -- C:\Users\becky2\Desktop\Wl1803.edr
[2012/03/08 17:32:09 | 000,001,884 | ---- | M] () -- C:\Users\Public\Desktop\Design Collections.lnk
[2 C:\Users\becky2\Documents\*.tmp files -> C:\Users\becky2\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/02 14:27:36 | 000,000,819 | ---- | C] () -- C:\Users\becky2\Desktop\OTL - Shortcut.lnk
[2012/04/02 13:18:00 | 000,000,512 | ---- | C] () -- C:\Users\becky2\Documents\MBR.dat
[2012/04/02 09:01:10 | 000,000,545 | ---- | C] () -- C:\Users\becky2\Desktop\ComboFix - Shortcut.lnk
[2012/04/01 23:49:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/01 23:49:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/01 23:49:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/01 23:49:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/01 23:49:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/01 23:28:01 | 000,000,000 | ---- | C] () -- C:\Users\becky2\defogger_reenable
[2012/03/31 22:27:04 | 000,000,838 | ---- | C] () -- C:\Users\becky2\Desktop\aswMBR - Shortcut.lnk
[2012/03/31 12:42:03 | 000,000,774 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012/03/31 11:31:17 | 000,107,262 | ---- | C] () -- C:\Users\becky2\Documents\cc_20120331_113109.reg
[2012/03/31 11:23:29 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/30 20:49:20 | 000,000,696 | ---- | C] () -- C:\Users\becky2\Desktop\TDSSKiller - Shortcut.lnk
[2012/03/30 19:21:52 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/24 09:54:11 | 001,034,911 | ---- | C] () -- C:\Users\becky2\Desktop\pr1379.pdf
[2012/03/22 12:46:43 | 000,390,557 | ---- | C] () -- C:\Users\becky2\Desktop\Embroidery Patches.pdf
[2012/03/22 12:46:28 | 000,400,763 | ---- | C] () -- C:\Users\becky2\Desktop\Plastic Bag Organizer.pdf
[2012/03/13 10:11:09 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/03/13 10:10:21 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/12 15:06:44 | 000,000,856 | ---- | C] () -- C:\Users\becky2\Application Data\Microsoft\Internet Explorer\Quick Launch\Kolors Thread Match.lnk
[2012/03/12 15:02:21 | 000,000,832 | ---- | C] () -- C:\Users\becky2\Desktop\Kolors Thread Match.lnk
[2012/03/12 01:10:41 | 000,185,835 | ---- | C] () -- C:\shldr
[2012/03/12 01:10:41 | 000,008,192 | ---- | C] () -- C:\shldr.mbr
[2012/03/12 00:26:49 | 000,002,081 | ---- | C] () -- C:\Users\becky2\Desktop\SpyHunter.lnk
[2012/03/10 16:39:32 | 000,344,521 | ---- | C] () -- C:\Users\becky2\Documents\25mar12a.pdf
[2012/03/10 16:38:25 | 000,360,892 | ---- | C] () -- C:\Users\becky2\Documents\25mar12b.pdf
[2012/03/09 12:30:24 | 000,001,020 | ---- | C] () -- C:\Users\becky2\Desktop\Wl1803.edr
[2012/03/09 12:30:06 | 000,128,869 | ---- | C] () -- C:\Users\becky2\Desktop\Wl1803.pes
[2012/03/08 17:32:09 | 000,001,884 | ---- | C] () -- C:\Users\Public\Desktop\Design Collections.lnk
[2012/01/30 23:41:21 | 000,000,120 | ---- | C] () -- C:\Windows\WINRESAZ.INI
[2012/01/26 00:37:54 | 000,000,039 | ---- | C] () -- C:\Windows\Embmake.INI
[2012/01/26 00:31:05 | 000,000,040 | ---- | C] () -- C:\Windows\Embedit.INI
[2012/01/26 00:28:13 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2012/01/26 00:28:13 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2011/12/15 01:23:09 | 000,011,884 | -HS- | C] () -- C:\Users\becky2\AppData\Local\4x70lg1q28c707
[2011/12/15 01:23:09 | 000,011,884 | -HS- | C] () -- C:\ProgramData\4x70lg1q28c707
[2011/10/08 17:21:45 | 000,000,580 | ---- | C] () -- C:\Users\becky2\AppData\Local\cookies.ini
[2011/08/01 23:09:43 | 000,446,464 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll
[2011/08/01 23:09:43 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll
[2010/05/14 11:21:55 | 000,087,608 | ---- | C] () -- C:\Users\becky2\AppData\Roaming\inst.exe
[2010/05/14 11:21:55 | 000,007,887 | ---- | C] () -- C:\Users\becky2\AppData\Roaming\pcouffin.cat
[2010/05/14 11:21:55 | 000,001,144 | ---- | C] () -- C:\Users\becky2\AppData\Roaming\pcouffin.inf
[2010/05/13 17:32:23 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2010/05/13 17:26:28 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv
[2010/05/13 17:26:25 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\becky2\Documents\Rental Property:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\becky2\Documents\OneNote Notebooks:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\becky2\Documents\gold canyon:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\becky2\Documents\Chelsy:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\becky2\Documents\12-14-2009:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\becky2\Desktop\img026.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\becky2\Desktop\Gold Canyon:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\becky2\Desktop\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\becky2\Desktop\Adobe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\becky2\Desktop\2006 Tax Forms:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\becky2\Desktop\2005 Tax forms:Roxio EMC Stream
@Alternate Data Stream - 208 bytes -> C:\Users\becky2\Desktop\Wl1803.pes:SummaryInformation
@Alternate Data Stream - 116 bytes -> C:\Users\becky2\Desktop\Wl1803.pes:DocumentSummaryInformation

< End of report >

#14 swenb23

swenb23
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 02 April 2012 - 02:54 PM

the happili redirect is back - so I know it is not completely disabled

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:53 AM

Posted 02 April 2012 - 02:56 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@RadioRage_4j.com/Plugin: C:\Program Files\RadioRage_4j\bar\1.bin\NP4jStub.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O3 - HKLM\..\Toolbar: (no name) - {78ba36c9-6036-482b-b48d-ecca6f964b84} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - No CLSID value found.
    O3 - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..\Toolbar\WebBrowser: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - No CLSID value found.
    O3 - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
    O3 - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [eRecoveryService] File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O33 - MountPoints2\{52719221-5573-11e1-bebd-0021972b52a6}\Shell - "" = AutoRun
    O33 - MountPoints2\{52719221-5573-11e1-bebd-0021972b52a6}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe
    O33 - MountPoints2\{ee25ea84-594f-11de-9c3e-0021972b52a6}\Shell\AutoRun\command - "" = K:\rcaeasyrip_setup.exe
    O33 - MountPoints2\{ee25ea84-594f-11de-9c3e-0021972b52a6}\Shell\install\command - "" = K:\rcaeasyrip_setup.exe
    O33 - MountPoints2\{ee25ea84-594f-11de-9c3e-0021972b52a6}\Shell\usermanualEnglish\command - "" = K:\rcaeasyrip_setup.exe /pdf_English
    O33 - MountPoints2\{ee25ea84-594f-11de-9c3e-0021972b52a6}\Shell\usermanualFrench\command - "" = K:\rcaeasyrip_setup.exe /pdf_French
    O33 - MountPoints2\{ee25ea84-594f-11de-9c3e-0021972b52a6}\Shell\usermanualSpanish\command - "" = K:\rcaeasyrip_setup.exe /pdf_Spanish
    @Alternate Data Stream - 76 bytes -> C:\Users\becky2\Documents\Rental Property:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\becky2\Documents\OneNote Notebooks:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\becky2\Documents\gold canyon:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\becky2\Documents\Chelsy:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\becky2\Documents\12-14-2009:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\becky2\Desktop\img026.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\becky2\Desktop\Gold Canyon:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\becky2\Desktop\Downloads:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\becky2\Desktop\Adobe:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\becky2\Desktop\2006 Tax Forms:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\becky2\Desktop\2005 Tax forms:Roxio EMC Stream
    @Alternate Data Stream - 208 bytes -> C:\Users\becky2\Desktop\Wl1803.pes:SummaryInformation
    @Alternate Data Stream - 116 bytes -> C:\Users\becky2\Desktop\Wl1803.pes:DocumentSummaryInformat
    IE - HKLM\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm039YYus&ptnrS=ZXxdm039YYus&si=radiopi&ptb=1571F787-EF90-45F8-AC57-0DF65C79169C&ind=2012032512&n=77ed2e00&psa=&st=sb&searchfor={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
    IE - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm039YYus&ptnrS=ZXxdm039YYus&si=radiopi&ptb=1571F787-EF90-45F8-AC57-0DF65C79169C&ind=2012032512&n=77ed2e00&psa=&st=sb&searchfor={searchTerms}
    IE - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..\SearchScopes\{8BC30AF0-2F8E-448B-99A3-433213EC50FC}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=FM&apn_dtid=TES002YYUS&apn_uid=0aef8aa2-9430-42e5-8dd1-d4c916d52bc0&apn_sauid=EC8FAEF7-C09C-4716-94A8-0488B9CBBE2D
    IE - HKU\S-1-5-21-2777053692-3429718355-512852848-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    [2011/11/07 23:30:40 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\becky2\AppData\Roaming\Mozilla\Firefox\Profiles\np4d00xp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2011/12/15 01:23:09 | 000,011,884 | -HS- | C] () -- C:\Users\becky2\AppData\Local\4x70lg1q28c707
    [2011/12/15 01:23:09 | 000,011,884 | -HS- | C] () -- C:\ProgramData\4x70lg1q28c707
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users