Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

happili.com redirect


  • This topic is locked This topic is locked
27 replies to this topic

#1 lolas

lolas

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:59 AM

Posted 01 April 2012 - 09:58 PM

I too, am redirected to happili.com or another site.

Edited by lolas, 01 April 2012 - 09:59 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 PM

Posted 01 April 2012 - 11:38 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 lolas

lolas
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:59 AM

Posted 02 April 2012 - 09:29 AM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/4/2009 8:52:46 PM
System Uptime: 4/2/2012 8:53:03 AM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 02Y832
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 17.894 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 28 GiB total, 24.744 GiB free.
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 3/16/2012 8:12:53 AM - System Checkpoint
RP2: 3/17/2012 9:41:41 AM - System Checkpoint
RP3: 3/18/2012 1:48:47 PM - System Checkpoint
RP4: 3/20/2012 1:45:41 PM - System Checkpoint
RP5: 3/21/2012 9:08:00 PM - System Checkpoint
RP6: 3/22/2012 9:25:00 PM - System Checkpoint
RP7: 3/23/2012 9:32:33 PM - System Checkpoint
RP8: 3/24/2012 12:10:56 AM - Removed Microsoft Silverlight
RP9: 3/25/2012 1:21:01 AM - System Checkpoint
RP10: 3/26/2012 4:26:27 PM - System Checkpoint
RP11: 3/27/2012 8:31:49 PM - System Checkpoint
RP12: 3/29/2012 5:25:08 PM - Installed HiJackThis
RP13: 3/30/2012 5:26:09 PM - System Checkpoint
RP14: 3/30/2012 11:04:01 PM - Software Distribution Service 3.0
RP15: 3/31/2012 8:09:24 PM - Restore Operation
RP16: 3/31/2012 11:01:11 PM - Software Distribution Service 3.0
RP17: 4/1/2012 5:59:30 AM - Restore Operation
RP18: 4/1/2012 6:21:50 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop CS
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
aiofw
aioprnt
aioscnnr
Amazon MP3 Downloader 1.0.15
Any Video Converter 3.3.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
C4USelfUpdater
center
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Content Transfer
Finding Nemo UWF
Finding Nemo: Nemo's Underwater World of Fun
Free WMA to MP3 Converter 1.16
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone Express
Intel® PRO Network Adapters and Drivers
Java Auto Updater
Java™ 6 Update 30
KODAK AiO Home Center
ksDIP
Malwarebytes Anti-Malware version 1.60.1.1000
Media Player Utilities 5.22
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WinUsb 1.0
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
NVIDIA Drivers
NWZ-S540 WALKMAN Guide
OGA Notifier 2.0.0048.0
PreReq
QuickTime
Scratch
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SoundMAX
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
VIPRE Internet Security
VLC media player 1.1.11
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Wizard101
WordPerfect Office 11
.
==== Event Viewer Messages From Past Week ========
.
3/31/2012 8:53:47 PM, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 b70de700, parameter3 b70de3fc, parameter4 f7b5465b.
3/31/2012 8:50:16 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
3/31/2012 8:49:37 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
3/31/2012 8:08:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/31/2012 8:08:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sbaphd SbFw SbTis Tcpip
3/31/2012 8:08:36 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/31/2012 8:08:36 PM, error: Service Control Manager [7001] - The Kodak AiO Network Discovery Service service depends on the Bonjour Service service which failed to start because of the following error: The dependency service or group failed to start.
3/31/2012 8:08:36 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/31/2012 8:08:36 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/31/2012 8:08:36 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/31/2012 8:08:36 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/31/2012 8:08:36 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/31/2012 8:08:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/30/2012 8:27:00 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
3/30/2012 8:27:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
3/30/2012 8:27:00 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2012 12:31:30 PM, error: Service Control Manager [7000] - The Kodak AiO Network Discovery Service service failed to start due to the following error: The system cannot find the path specified.
3/29/2012 12:37:23 PM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 0007E96B5DAB has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
3/27/2012 8:01:54 PM, error: Dhcp [1002] - The IP address lease 192.168.2.4 for the Network Card with network address 0007E96B5DAB has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
3/26/2012 5:35:32 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 0007E96B5DAB has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 PM

Posted 02 April 2012 - 09:39 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 lolas

lolas
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:59 AM

Posted 02 April 2012 - 10:23 AM

Computer seems to be working ok except for the redirect issue. Thanks.
ComboFix 12-04-01.02 - Tina 04/02/2012 10:01:12.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1111 [GMT -5:00]
Running from: C:\Documents and Settings\Tina\Desktop\ComboFix.exe
AV: GFI Software VIPRE *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: GFI Software VIPRE *Enabled* {FF1CD5B7-1553-4625-A258-1775385CED33}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Application Data\TEMP


((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))


2012-04-01 11:02:53 . 2012-04-01 11:02:53 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
2012-04-01 02:17:54 . 2012-04-02 03:09:09 -------- d-----w- C:\Program Files\Scratch
2012-03-30 13:30:14 . 2012-01-11 19:06:47 3072 ------w- C:\WINDOWS\system32\iacenc.dll
2012-03-30 05:06:20 . 2012-04-02 02:36:29 -------- d-----w- C:\WINDOWS\system32\NtmsData
2012-03-30 03:02:17 . 2012-03-30 03:54:43 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PC Tools
2012-03-29 22:26:47 . 2012-03-29 22:26:47 388096 ------r- C:\Documents and Settings\Tina\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-29 22:26:47 . 2012-03-29 22:26:47 -------- d-----w- C:\Program Files\Trend Micro
2012-03-25 02:48:25 . 2012-03-25 02:48:25 -------- d-----w- C:\Documents and Settings\Clay\Application Data\Malwarebytes
2012-03-25 02:26:15 . 2012-03-25 02:26:15 -------- d-----w- C:\Documents and Settings\Tina\Application Data\Malwarebytes
2012-03-25 02:25:51 . 2012-03-25 02:25:51 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-03-25 02:25:49 . 2012-03-25 02:25:56 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-03-25 02:25:49 . 2011-12-10 20:24:06 20464 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2012-03-15 15:15:55 . 2012-03-15 15:15:55 139264 --sha-r- C:\WINDOWS\system32\kbdinbens.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-02-03 09:22:18 . 2008-04-14 06:00:12 1860096 ----a-w- C:\WINDOWS\system32\win32k.sys
2012-02-02 16:00:40 . 2012-02-02 16:00:40 414368 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2012-01-19 22:13:16 . 2012-01-19 22:13:16 11632 ----a-w- C:\WINDOWS\system32\drivers\VDD\apvdd.dll
2012-01-19 22:12:58 . 2012-01-19 22:12:58 42864 ----a-w- C:\WINDOWS\system32\sbbd.exe
2012-01-17 15:24:04 . 2011-07-21 17:46:15 93816 ----a-w- C:\WINDOWS\system32\drivers\sbhips.sys
2012-01-17 15:24:04 . 2011-07-21 17:46:04 335224 ----a-w- C:\WINDOWS\system32\drivers\SbFw.sys
2012-01-17 15:24:04 . 2011-05-25 19:22:03 217976 ----a-w- C:\WINDOWS\system32\drivers\sbtis.sys
2012-01-09 16:20:25 . 2009-11-05 01:45:23 139784 ----a-w- C:\WINDOWS\system32\drivers\rdpwd.sys


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2009-08-07 21:34:35 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll

((((((((((((((((((((((((((((( SnapShot@2012-03-29_17.27.39 )))))))))))))))))))))))))))))))))))))))))

+ 2008-07-29 13:05:08 . 2008-07-29 13:05:08 62976 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 13:05:08 . 2008-07-29 13:05:08 46080 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 13:05:08 . 2008-07-29 13:05:08 46592 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 13:05:08 . 2008-07-29 13:05:08 64512 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 13:05:06 . 2008-07-29 13:05:06 66048 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 13:05:08 . 2008-07-29 13:05:08 65024 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 13:05:06 . 2008-07-29 13:05:06 65024 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 13:05:08 . 2008-07-29 13:05:08 56832 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 13:05:08 . 2008-07-29 13:05:08 66560 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 13:05:06 . 2008-07-29 13:05:06 39936 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 13:05:06 . 2008-07-29 13:05:06 38912 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 11:07:42 . 2008-07-29 11:07:42 59904 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 11:07:42 . 2008-07-29 11:07:42 59904 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2012-04-02 13:53:46 . 2012-04-02 13:53:46 16384 C:\WINDOWS\Temp\Perflib_Perfdata_208.dat
+ 2001-08-23 12:00:00 . 2012-04-02 13:57:48 67740 C:\WINDOWS\system32\perfc009.dat
- 2001-08-23 12:00:00 . 2012-03-29 14:05:08 67740 C:\WINDOWS\system32\perfc009.dat
+ 2008-07-29 13:05:06 . 2008-07-29 13:05:06 161784 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2001-08-23 12:00:00 . 2012-04-02 13:57:48 432784 C:\WINDOWS\system32\perfh009.dat
- 2001-08-23 12:00:00 . 2012-03-29 14:05:09 432784 C:\WINDOWS\system32\perfh009.dat
+ 2012-03-31 04:03:54 . 2012-03-31 04:03:54 532480 C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2012-03-30 03:05:33 . 2012-03-30 03:05:34 228352 C:\WINDOWS\Installer\31294d.msi
+ 2008-07-29 13:05:10 . 2008-07-29 13:05:10 3783672 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 13:05:08 . 2008-07-29 13:05:08 3768312 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2012-04-01 01:09:24 . 2012-04-01 11:04:08 1524968 C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2012-03-29 22:25:10 . 2012-03-29 22:25:10 1094656 C:\WINDOWS\Installer\a0699.msi

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-20 16:47:27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 20:42:54 1404928]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 18:22:00 7700480]
"nwiz"="nwiz.exe" [2006-10-22 18:22:00 1622016]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 18:22:00 86016]
"Conime"="C:\WINDOWS\system32\conime.exe" [2008-04-14 10:42:16 27648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-11-11 05:08:18 417792]
"EKIJ5000StatusMonitor"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 14:23:28 1638400]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 10:42:42 110592]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 19:06:06 254696]
"ContentTransferWMDetector.exe"="C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 22:05:58 497000]
"SBRegRebootCleaner"="C:\Program Files\GFI Software\VIPRE\SBRC.exe" [2012-01-19 22:13:02 200560]
"SBAMTray"="C:\Program Files\GFI Software\VIPRE\SBAMTray.exe" [2012-01-19 22:44:06 3050352]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-10-17 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9323:TCP"= 9323:TCP:EKDiscovery
"9324:TCP"= 9324:TCP:EKDiscovery
"9325:TCP"= 9325:TCP:EKDiscovery
"9322:TCP"= 9322:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353

R1 sbaphd;sbaphd;C:\WINDOWS\system32\drivers\sbaphd.sys [2/15/2012 2:50:56 PM 21240]
R1 SbFw;SbFw;C:\WINDOWS\system32\drivers\SbFw.sys [7/21/2011 12:46:04 PM 335224]
R1 SBRE;SBRE;C:\WINDOWS\system32\drivers\SBREDrv.sys [10/26/2011 3:23:40 PM 101112]
R1 SbTis;SbTis;C:\WINDOWS\system32\drivers\sbtis.sys [5/25/2011 2:22:03 PM 217976]
R2 SBAMSvc;VIPRE Internet Security;C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe [1/19/2012 5:12:10 PM 3289032]
R2 sbapifs;sbapifs;C:\WINDOWS\system32\drivers\sbapifs.sys [2/15/2012 2:51:35 PM 77816]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe [1/19/2012 5:11:20 PM 173424]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\WINDOWS\system32\drivers\SbFwIm.sys [7/21/2011 12:46:05 PM 94584]
R3 SbHips;sbhips;C:\WINDOWS\system32\drivers\sbhips.sys [7/21/2011 12:46:15 PM 93816]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [11/21/2009 4:27:03 PM 135664]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;F:\AiO\Center\ekdiscovery.exe --> F:\AiO\Center\ekdiscovery.exe [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [11/21/2009 4:27:03 PM 135664]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\WINDOWS\system32\drivers\SbFwIm.sys [7/21/2011 12:46:05 PM 94584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

Contents of the 'Scheduled Tasks' folder

2012-04-02 C:\WINDOWS\Tasks\GLFC.job
- C:\WINDOWS\system32\kbdinbens.dll [2012-03-15 15:15:55 . 2012-03-15 15:15:55]

2012-04-02 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-21 21:27:03 . 2009-11-21 21:26:55]

2012-04-02 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-21 21:27:03 . 2009-11-21 21:26:55]

2012-03-27 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1801674531-1417001333-1003Core.job
- C:\Documents and Settings\Tina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-25 00:38:56 . 2012-02-01 20:08:16]

2012-04-02 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1801674531-1417001333-1003UA.job
- C:\Documents and Settings\Tina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-25 00:38:56 . 2012-02-01 20:08:16]

2012-04-01 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1801674531-1417001333-1004Core.job
- C:\Documents and Settings\Erin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-24 23:45:48 . 2012-02-01 20:08:16]

2012-04-02 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1801674531-1417001333-1004UA.job
- C:\Documents and Settings\Erin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-24 23:45:48 . 2012-02-01 20:08:16]

2012-04-01 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1801674531-1417001333-1005Core.job
- C:\Documents and Settings\Clay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-25 00:44:28 . 2012-02-01 20:08:16]

2012-04-02 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1801674531-1417001333-1005UA.job
- C:\Documents and Settings\Clay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-25 00:44:28 . 2012-02-01 20:08:16]


------- Supplementary Scan -------

uStart Page = hxxp://www.ecarthage.com/
uDefault_Search_URL = www.google.com
mStart Page = www.ecarthage.com
mSearch Bar = www.google.com
IE: Add to Video Converter... - F:\Program Files\Media Player Utilities 5.22\AVIConverter\grab.html
Trusted Zone: k12.mo.us\campus.carthage
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AEB22D79-CF21-40E2-B43E-9FFD50184B87}: NameServer = 8.8.8.8,8.8.4.4

- - - - ORPHANS REMOVED - - - -

AddRemove-Free WMA to MP3 Converter_is1 - C:\Program Files\Free WMA to MP3 Converter\unins000.exe
AddRemove-Scratch - F:\New Folder\Scratch\uninstall.exe

#6 lolas

lolas
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:59 AM

Posted 02 April 2012 - 10:24 AM

I noticed the report said that vipre was enabled, but I had disabled the active protection and the firewall. I turned it back on when combofix was finished.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 PM

Posted 02 April 2012 - 10:34 AM

Hello

In which browsers does the redirect happen in?

firefox
chrome
internet wxplorer



I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 lolas

lolas
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:59 AM

Posted 02 April 2012 - 10:46 AM

The redirect issue occurs in both google and explorer. I haven't tried anything else.


10:42:18.0203 2060 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
10:42:25.0171 2060 ============================================================
10:42:25.0171 2060 Current date / time: 2012/04/02 10:42:25.0171
10:42:25.0171 2060 SystemInfo:
10:42:25.0171 2060
10:42:25.0171 2060 OS Version: 5.1.2600 ServicePack: 3.0
10:42:25.0171 2060 Product type: Workstation
10:42:25.0171 2060 ComputerName: OWNER-6B017A552
10:42:25.0171 2060 UserName: Tina
10:42:25.0171 2060 Windows directory: C:\WINDOWS
10:42:25.0171 2060 System windows directory: C:\WINDOWS
10:42:25.0171 2060 Processor architecture: Intel x86
10:42:25.0171 2060 Number of processors: 1
10:42:25.0171 2060 Page size: 0x1000
10:42:25.0171 2060 Boot type: Normal boot
10:42:25.0171 2060 ============================================================
10:42:27.0578 2060 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:42:27.0609 2060 Drive \Device\Harddisk1\DR1 - Size: 0x6FC23AC00 (27.94 Gb), SectorSize: 0x200, Cylinders: 0xE3F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:42:27.0609 2060 \Device\Harddisk0\DR0:
10:42:27.0609 2060 MBR used
10:42:27.0609 2060 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F
10:42:27.0609 2060 \Device\Harddisk1\DR1:
10:42:27.0609 2060 MBR used
10:42:27.0609 2060 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x37DFF40
10:42:27.0687 2060 Initialize success
10:42:27.0687 2060 ============================================================
10:42:29.0687 2860 ============================================================
10:42:29.0687 2860 Scan started
10:42:29.0687 2860 Mode: Manual;
10:42:29.0687 2860 ============================================================
10:42:30.0718 2860 Abiosdsk - ok
10:42:30.0750 2860 abp480n5 - ok
10:42:30.0843 2860 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:42:30.0859 2860 ACPI - ok
10:42:31.0046 2860 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:42:31.0046 2860 ACPIEC - ok
10:42:31.0171 2860 adpu160m - ok
10:42:31.0265 2860 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:42:31.0281 2860 aec - ok
10:42:31.0453 2860 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:42:31.0468 2860 AFD - ok
10:42:31.0640 2860 AffinegyService (b29bc445561f1ac7b1daf67af954c36b) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
10:42:34.0343 2860 AffinegyService - ok
10:42:34.0468 2860 AFGMp50 - ok
10:42:34.0562 2860 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
10:42:34.0562 2860 AFGSp50 - ok
10:42:34.0656 2860 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:42:34.0671 2860 agp440 - ok
10:42:34.0796 2860 Aha154x - ok
10:42:34.0828 2860 aic78u2 - ok
10:42:34.0859 2860 aic78xx - ok
10:42:34.0937 2860 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
10:42:34.0953 2860 Alerter - ok
10:42:35.0140 2860 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
10:42:35.0140 2860 ALG - ok
10:42:35.0234 2860 AliIde - ok
10:42:35.0343 2860 amsint - ok
10:42:35.0515 2860 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
10:42:35.0531 2860 Apple Mobile Device - ok
10:42:35.0671 2860 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
10:42:35.0703 2860 AppMgmt - ok
10:42:35.0812 2860 asc - ok
10:42:35.0859 2860 asc3350p - ok
10:42:35.0890 2860 asc3550 - ok
10:42:36.0078 2860 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:42:36.0093 2860 aspnet_state - ok
10:42:36.0250 2860 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:42:36.0265 2860 AsyncMac - ok
10:42:36.0375 2860 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:42:36.0375 2860 atapi - ok
10:42:36.0500 2860 Atdisk - ok
10:42:36.0593 2860 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:42:36.0609 2860 Atmarpc - ok
10:42:36.0718 2860 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
10:42:36.0734 2860 AudioSrv - ok
10:42:36.0875 2860 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:42:36.0890 2860 audstub - ok
10:42:37.0031 2860 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:42:37.0046 2860 Beep - ok
10:42:37.0203 2860 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
10:42:37.0296 2860 BITS - ok
10:42:37.0406 2860 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
10:42:37.0453 2860 Bonjour Service - ok
10:42:37.0640 2860 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
10:42:37.0687 2860 Browser - ok
10:42:37.0906 2860 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
10:42:37.0921 2860 BthEnum - ok
10:42:38.0078 2860 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
10:42:38.0093 2860 BTHMODEM - ok
10:42:38.0203 2860 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
10:42:38.0218 2860 BthPan - ok
10:42:38.0375 2860 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
10:42:38.0390 2860 BTHPORT - ok
10:42:38.0468 2860 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
10:42:38.0500 2860 BthServ - ok
10:42:38.0671 2860 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
10:42:38.0687 2860 BTHUSB - ok
10:42:38.0890 2860 catchme - ok
10:42:39.0062 2860 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:42:39.0078 2860 cbidf2k - ok
10:42:39.0171 2860 cd20xrnt - ok
10:42:39.0328 2860 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:42:39.0343 2860 Cdaudio - ok
10:42:39.0484 2860 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:42:39.0515 2860 Cdfs - ok
10:42:39.0859 2860 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:42:39.0875 2860 Cdrom - ok
10:42:40.0000 2860 Changer - ok
10:42:40.0093 2860 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
10:42:40.0109 2860 CiSvc - ok
10:42:40.0265 2860 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
10:42:40.0281 2860 ClipSrv - ok
10:42:40.0453 2860 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:42:40.0468 2860 clr_optimization_v2.0.50727_32 - ok
10:42:40.0593 2860 CmdIde - ok
10:42:40.0625 2860 COMSysApp - ok
10:42:40.0718 2860 Cpqarray - ok
10:42:40.0828 2860 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
10:42:40.0875 2860 CryptSvc - ok
10:42:41.0000 2860 dac2w2k - ok
10:42:41.0062 2860 dac960nt - ok
10:42:41.0156 2860 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:42:41.0171 2860 DcomLaunch - ok
10:42:41.0359 2860 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
10:42:41.0359 2860 Dhcp - ok
10:42:41.0453 2860 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:42:41.0468 2860 Disk - ok
10:42:41.0562 2860 dmadmin - ok
10:42:41.0671 2860 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:42:41.0687 2860 dmboot - ok
10:42:41.0859 2860 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:42:41.0875 2860 dmio - ok
10:42:42.0046 2860 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:42:42.0078 2860 dmload - ok
10:42:42.0250 2860 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
10:42:42.0296 2860 dmserver - ok
10:42:42.0421 2860 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:42:42.0437 2860 DMusic - ok
10:42:42.0578 2860 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
10:42:42.0593 2860 Dnscache - ok
10:42:42.0734 2860 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
10:42:42.0781 2860 Dot3svc - ok
10:42:42.0890 2860 dpti2o - ok
10:42:43.0031 2860 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:42:43.0046 2860 drmkaud - ok
10:42:43.0203 2860 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:42:43.0218 2860 E100B - ok
10:42:43.0328 2860 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
10:42:43.0359 2860 EapHost - ok
10:42:43.0500 2860 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
10:42:43.0546 2860 ERSvc - ok
10:42:43.0671 2860 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:42:43.0687 2860 Eventlog - ok
10:42:43.0890 2860 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
10:42:43.0906 2860 EventSystem - ok
10:42:44.0031 2860 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:42:44.0046 2860 Fastfat - ok
10:42:44.0218 2860 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:42:44.0234 2860 FastUserSwitchingCompatibility - ok
10:42:44.0375 2860 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:42:44.0390 2860 Fdc - ok
10:42:44.0531 2860 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:42:44.0546 2860 Fips - ok
10:42:44.0640 2860 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:42:44.0656 2860 Flpydisk - ok
10:42:44.0750 2860 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:42:44.0765 2860 FltMgr - ok
10:42:44.0968 2860 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:42:44.0984 2860 FontCache3.0.0.0 - ok
10:42:45.0171 2860 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:42:45.0187 2860 Fs_Rec - ok
10:42:45.0234 2860 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:42:45.0250 2860 Ftdisk - ok
10:42:45.0421 2860 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:42:45.0437 2860 GEARAspiWDM - ok
10:42:45.0562 2860 getPlusHelper (1dd4bb8f2110a8aeb1466a2805ae57bb) C:\Program Files\NOS\bin\getPlus_Helper.dll
10:42:45.0625 2860 getPlusHelper - ok
10:42:46.0781 2860 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:42:46.0796 2860 Gpc - ok
10:42:46.0984 2860 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
10:42:47.0000 2860 gupdate - ok
10:42:47.0015 2860 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
10:42:47.0015 2860 gupdatem - ok
10:42:47.0093 2860 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:42:47.0093 2860 gusvc - ok
10:42:47.0281 2860 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:42:47.0328 2860 helpsvc - ok
10:42:47.0421 2860 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
10:42:47.0437 2860 HidServ - ok
10:42:47.0562 2860 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:42:47.0578 2860 hidusb - ok
10:42:47.0703 2860 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
10:42:47.0734 2860 hkmsvc - ok
10:42:47.0859 2860 hpn - ok
10:42:47.0937 2860 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:42:47.0953 2860 HPZid412 - ok
10:42:48.0093 2860 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:42:48.0125 2860 HPZipr12 - ok
10:42:48.0281 2860 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:42:48.0296 2860 HPZius12 - ok
10:42:48.0468 2860 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
10:42:48.0484 2860 HSFHWBS2 - ok
10:42:48.0718 2860 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
10:42:48.0750 2860 HSF_DP - ok
10:42:48.0968 2860 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:42:48.0984 2860 HTTP - ok
10:42:49.0093 2860 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
10:42:49.0140 2860 HTTPFilter - ok
10:42:49.0265 2860 i2omgmt - ok
10:42:49.0296 2860 i2omp - ok
10:42:49.0375 2860 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:42:49.0406 2860 i8042prt - ok
10:42:49.0656 2860 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:42:49.0687 2860 idsvc - ok
10:42:49.0890 2860 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:42:49.0906 2860 Imapi - ok
10:42:49.0984 2860 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
10:42:50.0000 2860 ImapiService - ok
10:42:50.0156 2860 ini910u - ok
10:42:50.0265 2860 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:42:50.0265 2860 IntelIde - ok
10:42:50.0468 2860 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:42:50.0484 2860 intelppm - ok
10:42:50.0609 2860 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:42:50.0625 2860 Ip6Fw - ok
10:42:50.0734 2860 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:42:50.0750 2860 IpFilterDriver - ok
10:42:50.0968 2860 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:42:50.0984 2860 IpInIp - ok
10:42:51.0046 2860 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:42:51.0062 2860 IpNat - ok
10:42:51.0281 2860 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:42:51.0296 2860 IPSec - ok
10:42:51.0468 2860 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:42:51.0484 2860 IRENUM - ok
10:42:51.0609 2860 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:42:51.0625 2860 isapnp - ok
10:42:51.0875 2860 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
10:42:51.0890 2860 JavaQuickStarterService - ok
10:42:52.0093 2860 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:42:52.0109 2860 Kbdclass - ok
10:42:52.0187 2860 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:42:52.0203 2860 kbdhid - ok
10:42:52.0406 2860 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:42:52.0421 2860 kmixer - ok
10:42:52.0437 2860 Kodak AiO Network Discovery Service - ok
10:42:52.0546 2860 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:42:52.0562 2860 KSecDD - ok
10:42:52.0703 2860 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
10:42:52.0718 2860 LanmanServer - ok
10:42:52.0937 2860 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
10:42:52.0953 2860 lanmanworkstation - ok
10:42:53.0062 2860 lbrtfdc - ok
10:42:53.0250 2860 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
10:42:53.0296 2860 LmHosts - ok
10:42:53.0468 2860 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:42:53.0484 2860 mdmxsdk - ok
10:42:53.0593 2860 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
10:42:53.0625 2860 Messenger - ok
10:42:53.0859 2860 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:42:53.0875 2860 mnmdd - ok
10:42:54.0046 2860 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
10:42:54.0078 2860 mnmsrvc - ok
10:42:54.0265 2860 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:42:54.0281 2860 Modem - ok
10:42:54.0359 2860 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
10:42:54.0375 2860 MODEMCSA - ok
10:42:54.0546 2860 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:42:54.0562 2860 Mouclass - ok
10:42:54.0703 2860 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:42:54.0718 2860 mouhid - ok
10:42:54.0875 2860 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:42:54.0890 2860 MountMgr - ok
10:42:54.0968 2860 mraid35x - ok
10:42:55.0125 2860 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:42:55.0140 2860 MRxDAV - ok
10:42:55.0359 2860 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:42:55.0375 2860 MRxSmb - ok
10:42:55.0531 2860 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
10:42:55.0546 2860 MSDTC - ok
10:42:55.0781 2860 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:42:55.0781 2860 Msfs - ok
10:42:55.0859 2860 MSIServer - ok
10:42:55.0984 2860 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:42:56.0000 2860 MSKSSRV - ok
10:42:56.0109 2860 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:42:56.0125 2860 MSPCLOCK - ok
10:42:56.0281 2860 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:42:56.0296 2860 MSPQM - ok
10:42:56.0359 2860 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:42:56.0375 2860 mssmbios - ok
10:42:56.0562 2860 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:42:56.0578 2860 Mup - ok
10:42:56.0703 2860 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
10:42:56.0734 2860 napagent - ok
10:42:56.0921 2860 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:42:56.0937 2860 NDIS - ok
10:42:57.0078 2860 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:42:57.0093 2860 NdisTapi - ok
10:42:57.0234 2860 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:42:57.0250 2860 Ndisuio - ok
10:42:57.0343 2860 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:42:57.0359 2860 NdisWan - ok
10:42:57.0500 2860 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:42:57.0515 2860 NDProxy - ok
10:42:57.0750 2860 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:42:57.0765 2860 NetBIOS - ok
10:42:58.0000 2860 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:42:58.0015 2860 NetBT - ok
10:42:58.0187 2860 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:42:58.0218 2860 NetDDE - ok
10:42:58.0234 2860 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:42:58.0234 2860 NetDDEdsdm - ok
10:42:58.0406 2860 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:42:58.0421 2860 Netlogon - ok
10:42:58.0515 2860 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
10:42:58.0562 2860 Netman - ok
10:42:58.0765 2860 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:42:58.0796 2860 NetTcpPortSharing - ok
10:42:58.0984 2860 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
10:42:58.0984 2860 Nla - ok
10:42:59.0078 2860 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:42:59.0093 2860 Npfs - ok
10:42:59.0218 2860 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:42:59.0234 2860 Ntfs - ok
10:42:59.0375 2860 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:42:59.0390 2860 NtLmSsp - ok
10:42:59.0531 2860 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
10:42:59.0562 2860 NtmsSvc - ok
10:42:59.0828 2860 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:42:59.0843 2860 Null - ok
10:43:00.0109 2860 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:43:00.0156 2860 nv - ok
10:43:00.0359 2860 NVSvc (0febe37db6650faa5965c00545009d1d) C:\WINDOWS\system32\nvsvc32.exe
10:43:00.0375 2860 NVSvc - ok
10:43:00.0468 2860 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:43:00.0484 2860 NwlnkFlt - ok
10:43:00.0593 2860 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:43:00.0609 2860 NwlnkFwd - ok
10:43:00.0750 2860 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:43:00.0796 2860 ose - ok
10:43:00.0968 2860 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:43:00.0984 2860 Parport - ok
10:43:01.0109 2860 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:43:01.0125 2860 PartMgr - ok
10:43:01.0265 2860 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:43:01.0281 2860 ParVdm - ok
10:43:01.0390 2860 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:43:01.0406 2860 PCI - ok
10:43:01.0531 2860 PCIDump - ok
10:43:01.0625 2860 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:43:01.0640 2860 PCIIde - ok
10:43:01.0843 2860 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:43:01.0859 2860 Pcmcia - ok
10:43:01.0937 2860 PDCOMP - ok
10:43:02.0046 2860 PDFRAME - ok
10:43:02.0093 2860 PDRELI - ok
10:43:02.0125 2860 PDRFRAME - ok
10:43:02.0156 2860 perc2 - ok
10:43:02.0187 2860 perc2hib - ok
10:43:02.0281 2860 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:43:02.0281 2860 PlugPlay - ok
10:43:02.0390 2860 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
10:43:02.0421 2860 Pml Driver HPZ12 - ok
10:43:02.0609 2860 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:43:02.0609 2860 PolicyAgent - ok
10:43:02.0718 2860 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:43:02.0734 2860 PptpMiniport - ok
10:43:02.0890 2860 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:43:02.0890 2860 ProtectedStorage - ok
10:43:03.0046 2860 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:43:03.0062 2860 PSched - ok
10:43:03.0218 2860 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:43:03.0234 2860 Ptilink - ok
10:43:03.0281 2860 ql1080 - ok
10:43:03.0312 2860 Ql10wnt - ok
10:43:03.0343 2860 ql12160 - ok
10:43:03.0375 2860 ql1240 - ok
10:43:03.0406 2860 ql1280 - ok
10:43:03.0468 2860 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:43:03.0484 2860 RasAcd - ok
10:43:03.0625 2860 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
10:43:03.0656 2860 RasAuto - ok
10:43:03.0843 2860 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:43:03.0859 2860 Rasl2tp - ok
10:43:03.0953 2860 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
10:43:04.0000 2860 RasMan - ok
10:43:04.0171 2860 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:43:04.0187 2860 RasPppoe - ok
10:43:04.0328 2860 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:43:04.0328 2860 Raspti - ok
10:43:04.0531 2860 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:43:04.0546 2860 Rdbss - ok
10:43:04.0703 2860 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:43:04.0718 2860 RDPCDD - ok
10:43:04.0859 2860 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:43:04.0875 2860 rdpdr - ok
10:43:05.0046 2860 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
10:43:05.0062 2860 RDPWD - ok
10:43:05.0171 2860 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
10:43:05.0187 2860 RDSessMgr - ok
10:43:05.0359 2860 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:43:05.0375 2860 redbook - ok
10:43:05.0453 2860 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
10:43:05.0484 2860 RemoteAccess - ok
10:43:05.0656 2860 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
10:43:05.0687 2860 RemoteRegistry - ok
10:43:05.0843 2860 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
10:43:05.0859 2860 RFCOMM - ok
10:43:05.0968 2860 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
10:43:06.0000 2860 RpcLocator - ok
10:43:06.0203 2860 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
10:43:06.0203 2860 RpcSs - ok
10:43:06.0390 2860 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
10:43:06.0468 2860 RSVP - ok
10:43:06.0656 2860 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:43:06.0656 2860 SamSs - ok
10:43:06.0953 2860 SBAMSvc (2977a3760a2780b467e92ffa6c92d426) C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
10:43:07.0140 2860 SBAMSvc - ok
10:43:07.0312 2860 sbaphd (62ba65cc0b4a4bd1eaff5fed6e2b5069) C:\WINDOWS\system32\drivers\sbaphd.sys
10:43:07.0328 2860 sbaphd - ok
10:43:07.0406 2860 sbapifs (3fff8cda4d2f29ca06f1557e85163c30) C:\WINDOWS\system32\drivers\sbapifs.sys
10:43:07.0421 2860 sbapifs - ok
10:43:07.0609 2860 SbFw (06e4a98f248e8fb3070d10e6a03d2616) C:\WINDOWS\system32\drivers\SbFw.sys
10:43:07.0625 2860 SbFw - ok
10:43:07.0828 2860 SBFWIMCL (1dcad90cc9c0ddc7d060fd97854f8518) C:\WINDOWS\system32\DRIVERS\sbfwim.sys
10:43:07.0843 2860 SBFWIMCL - ok
10:43:07.0890 2860 SBFWIMCLMP (1dcad90cc9c0ddc7d060fd97854f8518) C:\WINDOWS\system32\DRIVERS\SBFWIM.sys
10:43:07.0906 2860 SBFWIMCLMP - ok
10:43:07.0984 2860 SbHips (d9973a92e36b9677e4091f0f4db34872) C:\WINDOWS\system32\drivers\sbhips.sys
10:43:08.0000 2860 SbHips - ok
10:43:08.0156 2860 SBPIMSvc (7d7652fb094a4632b0314641de976855) C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
10:43:08.0218 2860 SBPIMSvc - ok
10:43:08.0390 2860 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\WINDOWS\system32\drivers\SBREdrv.sys
10:43:08.0421 2860 SBRE - ok
10:43:08.0531 2860 SbTis (8bb1632b79ff24f570956ebb43a07501) C:\WINDOWS\system32\drivers\sbtis.sys
10:43:08.0546 2860 SbTis - ok
10:43:08.0687 2860 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
10:43:08.0734 2860 SCardSvr - ok
10:43:08.0921 2860 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
10:43:08.0968 2860 Schedule - ok
10:43:09.0140 2860 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:43:09.0156 2860 Secdrv - ok
10:43:09.0296 2860 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
10:43:09.0328 2860 seclogon - ok
10:43:09.0484 2860 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
10:43:09.0515 2860 senfilt - ok
10:43:09.0687 2860 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
10:43:09.0718 2860 SENS - ok
10:43:09.0859 2860 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:43:09.0875 2860 serenum - ok
10:43:10.0015 2860 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:43:10.0031 2860 Serial - ok
10:43:10.0171 2860 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:43:10.0187 2860 Sfloppy - ok
10:43:10.0343 2860 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
10:43:10.0359 2860 SharedAccess - ok
10:43:10.0515 2860 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:43:10.0531 2860 ShellHWDetection - ok
10:43:10.0656 2860 Simbad - ok
10:43:10.0796 2860 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
10:43:10.0812 2860 smwdm - ok
10:43:10.0921 2860 Sparrow - ok
10:43:11.0078 2860 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:43:11.0093 2860 splitter - ok
10:43:11.0234 2860 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:43:11.0250 2860 Spooler - ok
10:43:11.0390 2860 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:43:11.0406 2860 sr - ok
10:43:11.0546 2860 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
10:43:11.0562 2860 srservice - ok
10:43:11.0796 2860 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:43:11.0812 2860 Srv - ok
10:43:11.0937 2860 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
10:43:11.0953 2860 SSDPSRV - ok
10:43:12.0171 2860 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
10:43:12.0187 2860 stisvc - ok
10:43:12.0375 2860 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:43:12.0375 2860 swenum - ok
10:43:12.0500 2860 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:43:12.0515 2860 swmidi - ok
10:43:12.0656 2860 SwPrv - ok
10:43:12.0796 2860 symc810 - ok
10:43:12.0875 2860 symc8xx - ok
10:43:12.0984 2860 sym_hi - ok
10:43:13.0046 2860 sym_u3 - ok
10:43:13.0125 2860 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:43:13.0140 2860 sysaudio - ok
10:43:13.0265 2860 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
10:43:13.0281 2860 SysmonLog - ok
10:43:13.0468 2860 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
10:43:13.0515 2860 TapiSrv - ok
10:43:13.0703 2860 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:43:13.0718 2860 Tcpip - ok
10:43:13.0890 2860 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:43:13.0906 2860 TDPIPE - ok
10:43:14.0000 2860 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:43:14.0015 2860 TDTCP - ok
10:43:14.0203 2860 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:43:14.0218 2860 TermDD - ok
10:43:14.0328 2860 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
10:43:14.0343 2860 TermService - ok
10:43:14.0515 2860 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:43:14.0515 2860 Themes - ok
10:43:14.0609 2860 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
10:43:14.0625 2860 TlntSvr - ok
10:43:14.0750 2860 TosIde - ok
10:43:14.0890 2860 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
10:43:14.0937 2860 TrkWks - ok
10:43:15.0125 2860 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:43:15.0140 2860 Udfs - ok
10:43:15.0203 2860 ultra - ok
10:43:15.0390 2860 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:43:15.0406 2860 Update - ok
10:43:15.0609 2860 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
10:43:15.0671 2860 upnphost - ok
10:43:15.0828 2860 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
10:43:15.0859 2860 UPS - ok
10:43:16.0031 2860 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:43:16.0046 2860 usbccgp - ok
10:43:16.0140 2860 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:43:16.0140 2860 usbehci - ok
10:43:16.0343 2860 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:43:16.0359 2860 usbhub - ok
10:43:16.0468 2860 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:43:16.0484 2860 usbprint - ok
10:43:16.0656 2860 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:43:16.0671 2860 usbscan - ok
10:43:16.0843 2860 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:43:16.0875 2860 USBSTOR - ok
10:43:16.0984 2860 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:43:17.0000 2860 usbuhci - ok
10:43:17.0187 2860 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:43:17.0203 2860 VgaSave - ok
10:43:17.0281 2860 ViaIde - ok
10:43:17.0390 2860 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:43:17.0406 2860 VolSnap - ok
10:43:17.0609 2860 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
10:43:17.0640 2860 VSS - ok
10:43:17.0781 2860 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
10:43:17.0796 2860 W32Time - ok
10:43:18.0000 2860 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:43:18.0015 2860 Wanarp - ok
10:43:18.0140 2860 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
10:43:18.0156 2860 Wdf01000 - ok
10:43:18.0281 2860 WDICA - ok
10:43:18.0375 2860 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:43:18.0390 2860 wdmaud - ok
10:43:18.0578 2860 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
10:43:18.0625 2860 WebClient - ok
10:43:18.0843 2860 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:43:18.0859 2860 winachsf - ok
10:43:19.0062 2860 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:43:19.0109 2860 winmgmt - ok
10:43:19.0234 2860 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
10:43:19.0250 2860 WmdmPmSN - ok
10:43:19.0468 2860 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
10:43:19.0468 2860 Wmi - ok
10:43:19.0656 2860 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:43:19.0671 2860 WmiApSrv - ok
10:43:19.0859 2860 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
10:43:19.0890 2860 WMPNetworkSvc - ok
10:43:20.0078 2860 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
10:43:20.0078 2860 WpdUsb - ok
10:43:20.0203 2860 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:43:20.0218 2860 WS2IFSL - ok
10:43:20.0390 2860 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
10:43:20.0437 2860 wscsvc - ok
10:43:20.0625 2860 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
10:43:20.0640 2860 wuauserv - ok
10:43:20.0781 2860 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:43:20.0796 2860 WudfPf - ok
10:43:20.0937 2860 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:43:20.0968 2860 WudfRd - ok
10:43:21.0125 2860 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
10:43:21.0156 2860 WudfSvc - ok
10:43:21.0312 2860 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
10:43:21.0359 2860 WZCSVC - ok
10:43:21.0546 2860 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
10:43:21.0609 2860 xmlprov - ok
10:43:21.0656 2860 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:43:21.0875 2860 \Device\Harddisk0\DR0 - ok
10:43:21.0890 2860 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
10:43:21.0890 2860 \Device\Harddisk1\DR1 - ok
10:43:21.0921 2860 Boot (0x1200) (008556af91d6d297034845f5cb0bdd06) \Device\Harddisk0\DR0\Partition0
10:43:21.0921 2860 \Device\Harddisk0\DR0\Partition0 - ok
10:43:21.0921 2860 Boot (0x1200) (2c80cb625338bc16f6e70031328a3ea1) \Device\Harddisk1\DR1\Partition0
10:43:21.0937 2860 \Device\Harddisk1\DR1\Partition0 - ok
10:43:21.0937 2860 ============================================================
10:43:21.0937 2860 Scan finished
10:43:21.0937 2860 ============================================================
10:43:21.0953 3636 Detected object count: 0
10:43:21.0953 3636 Actual detected object count: 0

#9 lolas

lolas
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:59 AM

Posted 02 April 2012 - 10:49 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-02 10:47:12
-----------------------------
10:47:12.296 OS Version: Windows 5.1.2600 Service Pack 3
10:47:12.296 Number of processors: 1 586 0x207
10:47:12.296 ComputerName: OWNER-6B017A552 UserName: Tina
10:47:13.859 Initialize success
10:47:26.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
10:47:26.265 Disk 0 Vendor: WDC_WD400BB-75JHC0 06.01C06 Size: 38146MB BusType: 3
10:47:26.265 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
10:47:26.265 Disk 1 Vendor: IC35L030AVV207-0 V21OA66A Size: 28610MB BusType: 3
10:47:26.281 Disk 0 MBR read successfully
10:47:26.281 Disk 0 MBR scan
10:47:26.281 Disk 0 Windows XP default MBR code
10:47:26.281 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38138 MB offset 63
10:47:26.296 Disk 0 scanning sectors +78108030
10:47:26.390 Disk 0 scanning C:\WINDOWS\system32\drivers
10:47:35.734 Service scanning
10:48:02.468 Modules scanning
10:48:17.609 Disk 0 trace - called modules:
10:48:17.625 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
10:48:18.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x898c8ab8]
10:48:18.125 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x89908d98]
10:48:18.125 Scan finished successfully
10:48:33.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tina\Desktop\MBR.dat"
10:48:33.140 The log file has been saved successfully to "C:\Documents and Settings\Tina\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 PM

Posted 02 April 2012 - 11:01 AM

Hello


I want you to uninstall chrome and if asked about user data or user settings remove those also and when that is complete then reinstall it and let me know if chrome and LE are still redirecting


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 lolas

lolas
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:59 AM

Posted 02 April 2012 - 02:25 PM

I uninstalled Chrome and reinstalled. I have not had a redirect problem yet, but have not been on here much. Cautiously optimistic. Thanks so much for your help.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 PM

Posted 02 April 2012 - 02:31 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 lolas

lolas
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:59 AM

Posted 02 April 2012 - 07:25 PM

Still having redirect issues with chrome and ie.

OTL logfile created on: 4/2/2012 6:31:30 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Tina\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 69.62% Memory free
2.11 Gb Paging File | 1.77 Gb Available in Paging File | 83.94% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 17.01 Gb Free Space | 45.68% Space Free | Partition Type: NTFS
Drive F: | 27.94 Gb Total Space | 24.71 Gb Free Space | 88.46% Space Free | Partition Type: NTFS

Computer Name: OWNER-6B017A552 | User Name: Tina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Tina\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Tina\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\GFI Software\VIPRE\SBAMTray.exe (GFI Software)
PRC - C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe (GFI Software)
PRC - C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe (GFI Software)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Tina\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\Tina\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\pdf.dll ()
MOD - C:\Documents and Settings\Tina\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\avutil-51.dll ()
MOD - C:\Documents and Settings\Tina\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\avformat-53.dll ()
MOD - C:\Documents and Settings\Tina\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\avcodec-53.dll ()
MOD - C:\Program Files\GFI Software\VIPRE\Definitions\libBase64.dll ()
MOD - C:\Program Files\GFI Software\VIPRE\Definitions\libMachoUniv.dll ()
MOD - C:\WINDOWS\system32\nvapi.dll ()
MOD - C:\Program Files\GFI Software\VIPRE\unrar.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Kodak AiO Network Discovery Service) -- F:\AiO\Center\ekdiscovery.exe File not found
SRV - (SBAMSvc) -- C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe (GFI Software)
SRV - (SBPIMSvc) -- C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe (GFI Software)
SRV - (AffinegyService) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Tina\LOCALS~1\Temp\catchme.sys File not found
DRV - (AFGMp50) -- System32\Drivers\AFGMp50.sys File not found
DRV - (SbFw) -- C:\WINDOWS\system32\drivers\SbFw.sys (GFI Software)
DRV - (SbTis) -- C:\WINDOWS\system32\drivers\sbtis.sys (GFI Software)
DRV - (SbHips) -- C:\WINDOWS\system32\drivers\sbhips.sys (GFI Software)
DRV - (sbapifs) -- C:\WINDOWS\system32\drivers\sbapifs.sys (GFI Software)
DRV - (sbaphd) -- C:\WINDOWS\system32\drivers\sbaphd.sys (GFI Software)
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (GFI Software)
DRV - (SBFWIMCLMP) -- C:\WINDOWS\system32\drivers\SbFwIm.sys (GFI Software)
DRV - (SBFWIMCL) -- C:\WINDOWS\system32\drivers\SbFwIm.sys (GFI Software)
DRV - (AFGSp50) -- C:\WINDOWS\system32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8DF
IE - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=B8DF
IE - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\..\SearchScopes,DefaultScope = {30DBE050-4CF9-4F1C-A5CC-D1489C31DD74}
IE - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\..\SearchScopes\{30DBE050-4CF9-4F1C-A5CC-D1489C31DD74}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADSA_enUS389
IE - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\..\SearchScopes\{7ABD5EFD-88A6-E9CE-80AE-DBCA8C52F41C}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z134&form=ZGAIDF&install_date=20111129&iesrc={referrer:source}
IE - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2611275
IE - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Tina\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Tina\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)


[2011/11/29 09:50:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tina\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Tina\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Tina\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Tina\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Tina\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Angry Birds = C:\Documents and Settings\Tina\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: YouTube = C:\Documents and Settings\Tina\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Tina\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Tina\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/29 12:27:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\GFI Software\VIPRE\SBAMTray.exe (GFI Software)
O4 - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files\GFI Software\VIPRE\SBRC.exe (GFI Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Video Converter... - F:\Program Files\Media Player Utilities 5.22\AVIConverter\grab.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\..Trusted Domains: k12.mo.us ([campus.carthage] * in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257470040578 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEB22D79-CF21-40E2-B43E-9FFD50184B87}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEB22D79-CF21-40E2-B43E-9FFD50184B87}: NameServer = 8.8.8.8,8.8.4.4
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/04 20:50:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-19\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-20\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/02 15:57:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/04/02 14:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tina\Start Menu\Programs\Google Chrome
[2012/04/02 13:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tina\Application Data\vlc
[2012/04/02 13:06:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/04/02 11:21:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/02 10:40:12 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Tina\Desktop\aswMBR.exe
[2012/04/02 09:59:14 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/02 09:57:12 | 004,453,701 | R--- | C] (Swearware) -- C:\Documents and Settings\Tina\Desktop\ComboFix.exe
[2012/04/02 09:06:43 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Tina\Desktop\dds.scr
[2012/03/31 21:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\Scratch
[2012/03/30 10:22:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tina\Recent
[2012/03/30 00:06:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/03/29 22:02:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/03/29 17:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/03/29 17:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tina\Start Menu\Programs\HiJackThis
[2012/03/29 12:20:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/29 12:16:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/29 12:16:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/29 12:16:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/29 12:16:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/29 12:16:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/29 12:16:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/27 16:54:13 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tina\Desktop\tdsskiller.exe
[2012/03/24 21:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tina\Application Data\Malwarebytes
[2012/03/24 21:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/24 21:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/24 21:25:49 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/24 21:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/02 18:55:24 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1801674531-1417001333-1005UA.job
[2012/04/02 18:55:16 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1801674531-1417001333-1004UA.job
[2012/04/02 18:55:08 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1801674531-1417001333-1004Core.job
[2012/04/02 18:26:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/04/02 18:26:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/02 18:25:57 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/02 18:18:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/02 18:15:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1801674531-1417001333-1003UA.job
[2012/04/02 16:55:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1801674531-1417001333-1005Core.job
[2012/04/02 16:08:47 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/02 16:08:47 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/02 16:04:41 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Tina\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/02 16:04:35 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\GLFC.job
[2012/04/02 16:04:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/02 16:04:26 | 1609,633,792 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/02 16:02:38 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/02 14:15:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1801674531-1417001333-1003Core.job
[2012/04/02 14:12:57 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Tina\Desktop\Google Chrome.lnk
[2012/04/02 14:12:57 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Tina\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/02 11:21:30 | 000,000,518 | ---- | M] () -- C:\Documents and Settings\Tina\Desktop\Shortcut to Internet Explorer (2).lnk
[2012/04/02 11:20:20 | 000,000,518 | ---- | M] () -- C:\Documents and Settings\Tina\Desktop\Shortcut to Internet Explorer.lnk
[2012/04/02 11:20:05 | 000,000,518 | ---- | M] () -- C:\Program Files\Shortcut to Internet Explorer.lnk
[2012/04/02 10:48:33 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Tina\Desktop\MBR.dat
[2012/04/02 10:40:07 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Tina\Desktop\aswMBR.exe
[2012/04/02 09:57:07 | 004,453,701 | R--- | M] (Swearware) -- C:\Documents and Settings\Tina\Desktop\ComboFix.exe
[2012/04/02 09:07:21 | 000,001,391 | ---- | M] () -- C:\Documents and Settings\Tina\Desktop\dds_scr.gif
[2012/04/02 09:06:44 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Tina\Desktop\dds.scr
[2012/04/02 09:04:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tina\defogger_reenable
[2012/03/30 13:58:08 | 000,000,397 | -HS- | M] () -- C:\boot.ini
[2012/03/30 10:08:43 | 000,164,840 | ---- | M] () -- C:\Documents and Settings\Tina\My Documents\cc_20120330_100635.reg
[2012/03/30 00:09:44 | 026,653,696 | ---- | M] () -- C:\Documents and Settings\Tina\Desktop\backup.bkf
[2012/03/29 22:05:49 | 000,621,318 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/29 17:27:26 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Tina\Desktop\HiJackThis.lnk
[2012/03/29 14:55:33 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Tina\My Documents\MBR.dat
[2012/03/29 12:27:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/27 16:53:52 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tina\Desktop\tdsskiller.exe
[2012/03/24 21:25:53 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/16 22:27:33 | 000,214,343 | ---- | M] () -- C:\Documents and Settings\Tina\My Documents\Maddox.jpg
[2012/03/15 10:15:55 | 000,139,264 | RHS- | M] () -- C:\WINDOWS\System32\kbdinbens.dll
[2012/03/14 06:49:11 | 000,177,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/10 16:13:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/02 15:59:39 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/04/02 14:12:57 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\Tina\Desktop\Google Chrome.lnk
[2012/04/02 14:12:57 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\Tina\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/02 14:10:42 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1801674531-1417001333-1003UA.job
[2012/04/02 14:10:41 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1801674531-1417001333-1003Core.job
[2012/04/02 11:21:30 | 000,000,518 | ---- | C] () -- C:\Documents and Settings\Tina\Desktop\Shortcut to Internet Explorer (2).lnk
[2012/04/02 11:20:20 | 000,000,518 | ---- | C] () -- C:\Documents and Settings\Tina\Desktop\Shortcut to Internet Explorer.lnk
[2012/04/02 11:20:05 | 000,000,518 | ---- | C] () -- C:\Program Files\Shortcut to Internet Explorer.lnk
[2012/04/02 10:48:33 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Tina\Desktop\MBR.dat
[2012/04/02 09:05:32 | 000,001,391 | ---- | C] () -- C:\Documents and Settings\Tina\Desktop\dds_scr.gif
[2012/04/02 09:04:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tina\defogger_reenable
[2012/03/31 20:20:26 | 1609,633,792 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/30 10:06:40 | 000,164,840 | ---- | C] () -- C:\Documents and Settings\Tina\My Documents\cc_20120330_100635.reg
[2012/03/30 08:30:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/30 00:08:02 | 026,653,696 | ---- | C] () -- C:\Documents and Settings\Tina\Desktop\backup.bkf
[2012/03/29 22:05:42 | 000,621,318 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/29 17:25:10 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Tina\Desktop\HiJackThis.lnk
[2012/03/29 14:55:33 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Tina\My Documents\MBR.dat
[2012/03/29 12:20:24 | 000,000,211 | -HS- | C] () -- C:\Boot.bak
[2012/03/29 12:20:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/29 12:16:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/29 12:16:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/29 12:16:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/29 12:16:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/29 12:16:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/24 21:25:53 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/24 19:44:29 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1801674531-1417001333-1005UA.job
[2012/03/24 19:44:28 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1801674531-1417001333-1005Core.job
[2012/03/24 18:45:49 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1801674531-1417001333-1004UA.job
[2012/03/24 18:45:48 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1801674531-1417001333-1004Core.job
[2012/03/16 22:27:33 | 000,214,343 | ---- | C] () -- C:\Documents and Settings\Tina\My Documents\Maddox.jpg
[2012/03/15 10:15:55 | 000,139,264 | RHS- | C] () -- C:\WINDOWS\System32\kbdinbens.dll
[2012/03/15 10:15:55 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\GLFC.job
[2011/12/07 10:43:20 | 000,104,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/12/01 23:30:35 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2011/05/09 02:13:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/17 16:20:24 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Tina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/25 15:09:13 | 000,000,390 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\REGISTRY.INI

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 PM

Posted 03 April 2012 - 04:25 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
    O3 - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O8 - Extra context menu item: Add to Video Converter... - F:\Program Files\Media Player Utilities 5.22\AVIConverter\grab.html File not found
    O37 - HKU\S-1-5-19\...exe [@ = exefile] -- Reg Error: Key error. File not found
    O37 - HKU\S-1-5-20\...exe [@ = exefile] -- Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\..\SearchScopes,DefaultScope = {30DBE050-4CF9-4F1C-A5CC-D1489C31DD74}
    IE - HKU\S-1-5-21-2052111302-1801674531-1417001333-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2611275
    [2012/04/02 16:04:35 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\GLFC.job
    [2012/03/15 10:15:55 | 000,139,264 | RHS- | M] () -- C:\WINDOWS\System32\kbdinbens.dll
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 lolas

lolas
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:59 AM

Posted 03 April 2012 - 04:41 PM

========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2052111302-1801674531-1417001333-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2052111302-1801674531-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-2052111302-1801674531-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Video Converter...\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19_Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-20_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20_Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
HKEY_USERS\S-1-5-21-2052111302-1801674531-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2052111302-1801674531-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
C:\WINDOWS\tasks\GLFC.job moved successfully.
C:\WINDOWS\system32\kbdinbens.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Tina\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Tina\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Clay
->Java cache emptied: 5220952 bytes

User: Default User

User: Erin
->Java cache emptied: 0 bytes

User: LocalService

User: Mike
->Java cache emptied: 0 bytes

User: NetworkService

User: Tina
->Java cache emptied: 11010356 bytes

Total Java Files Cleaned = 15.00 mb


[EMPTYFLASH]

User: All Users

User: Clay
->Flash cache emptied: 650 bytes

User: Default User
->Flash cache emptied: 56468 bytes

User: Erin
->Flash cache emptied: 3039 bytes

User: LocalService

User: Mike
->Flash cache emptied: 470 bytes

User: NetworkService

User: Tina
->Flash cache emptied: 628 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04032012_163804




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users