Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google redirect malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google redirect malware

Unread postby flashwaawoo » July 1st, 2011, 5:30 am

I get redirected to other websites after searching google using firefox and chrome. I keep getting indicating from AVG that I have viruses and trojans. AVG isn't able to remover them. I am not able to start Windows Security Essentials. I also am not able to turn Windows Security Center.
Thanks for the help in advance.

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Laptop at 21:18:33 on 2011-07-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.8106.5993 [GMT 12:00]
.
AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Cypress\TrackPad\CyCpIo.exe
C:\Program Files\Cypress\TrackPad\CyHidWin.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Users\Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www1.ap.dell.com/content/default ... l=en&s=gen
uDefault_Page_URL = hxxp://www1.ap.dell.com/content/default ... l=en&s=gen
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
uRun: [4ECYTQ9SIC] C:\Users\Laptop\AppData\Local\Temp\Jjg.exe
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [FAStartup]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [RAMDrive] "C:\Program Files (x86)\FarStone\VirtualDrive\VHD\RDTask.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
StartupFolder: C:\Users\Laptop\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Laptop\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GPADSE~1.LNK - C:\Program Files (x86)\gPadServer\gPadServer.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{E28B210F-1E3D-45CB-B6F3-98DF8E6D5E05} : DhcpNameServer = 10.0.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO-X64: dTPodcastBHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [FAStartup]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
mRun-x64: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [RAMDrive] "C:\Program Files (x86)\FarStone\VirtualDrive\VHD\RDTask.exe"
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\cblbq9yv.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-6-11 98208]
R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-6-24 3975088]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 iPodDrv;iPodDrv;\??\C:\Windows\system32\drivers\iPodDrv.sys --> C:\Windows\system32\drivers\iPodDrv.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-24 378984]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 cyhid;Cypress Input Device;C:\Windows\system32\DRIVERS\cyhid.sys --> C:\Windows\system32\DRIVERS\cyhid.sys [?]
R3 cykbfltrService;Cypress Keyboard Filter Driver;C:\Windows\system32\DRIVERS\cykbfltr.sys --> C:\Windows\system32\DRIVERS\cykbfltr.sys [?]
R3 cymfltrService;Cypress Trackpad Filter Driver;C:\Windows\system32\DRIVERS\cymfltr.sys --> C:\Windows\system32\DRIVERS\cymfltr.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" --> C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-24 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-11 1997416]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-6-11 2656280]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\9AAA.tmp --> C:\Windows\system32\9AAA.tmp [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-18 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-01 08:54:47 6144 ------w- C:\Windows\System32\9AAA.tmp
2011-07-01 08:53:58 6144 ------w- C:\Windows\System32\DBFC.tmp
2011-07-01 08:53:50 -------- d-----w- C:\Program Files (x86)\Sophos
2011-07-01 08:42:44 -------- d-----w- C:\Users\Laptop\AppData\Roaming\AVG10
2011-07-01 08:41:41 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-07-01 08:41:41 -------- d-----w- C:\ProgramData\AVG10
2011-07-01 08:26:08 -------- d-----w- C:\Users\Laptop\AppData\Local\Diagnostics
2011-07-01 08:21:11 -------- d-----w- C:\Users\Laptop\AppData\Roaming\Malwarebytes
2011-07-01 08:21:05 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-01 08:21:05 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-01 08:21:02 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-01 08:21:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-01 07:44:19 -------- d-----w- C:\ProgramData\MFAData
2011-07-01 07:39:27 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-07-01 07:39:02 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-06-26 04:15:50 2784600 ----a-w- C:\Windows\System32\auto_reactivate.exe
2011-06-26 04:00:09 -------- d-----w- C:\Users\Laptop\AppData\Roaming\Reallusion
2011-06-26 03:44:36 272448 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-06-26 03:44:32 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro
2011-06-26 03:38:50 -------- d-----w- C:\Users\Laptop\AppData\Local\{DCE6C8D1-FC3B-4B74-B613-891B0D6D2B5E}
2011-06-26 03:19:45 133120 ----a-w- C:\Windows\Jlasea.exe
2011-06-26 03:19:36 106496 --sha-r- C:\Windows\SysWow64\dxgiz.dll
2011-06-26 02:54:57 -------- d-----w- C:\Users\Laptop\AppData\Roaming\DAEMON Tools Pro
2011-06-26 02:54:57 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
2011-06-26 01:24:07 -------- d-----w- C:\Program Files\Dameon
2011-06-26 01:00:38 -------- d-----w- C:\Users\Laptop\AppData\Roaming\PCDr
2011-06-26 01:00:04 -------- d-----w- C:\ProgramData\PCDr
2011-06-26 00:37:13 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2011-06-26 00:29:14 867064 ----a-w- C:\Windows\System32\drivers\sptd.sys
2011-06-26 00:25:27 91568 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2011-06-26 00:25:27 -------- d-----w- C:\Program Files (x86)\PowerISO
2011-06-26 00:15:13 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2011-06-26 00:08:16 -------- d-----w- C:\Program Files (x86)\MagicISO
2011-06-26 00:03:34 -------- d-----w- C:\ProgramData\farstone
2011-06-26 00:02:41 -------- d-----w- C:\Users\Laptop\AppData\Roaming\FarStone
2011-06-26 00:00:03 254224 ----a-w- C:\Windows\SysWow64\drmclien.dll
2011-06-25 23:58:15 81920 ----a-w- C:\Windows\VPLAY801.EXE
2011-06-25 23:58:13 81424 ----a-w- C:\Windows\System32\drivers\FVXSCSI.SYS
2011-06-25 23:58:10 21784 ----a-w- C:\Windows\System32\drivers\FCDABUS.SYS
2011-06-25 23:57:12 36864 ------w- C:\Windows\SysWow64\unVHDDrvExe.exe
2011-06-25 23:57:12 32768 ------w- C:\Windows\SysWow64\inVHDDrvExe.exe
2011-06-25 02:13:47 -------- d--h--w- C:\ProgramData\Common Files
2011-06-25 01:01:14 -------- d-----w- C:\Users\Laptop\AppData\Roaming\SPORE
2011-06-25 00:34:44 1240 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg
2011-06-25 00:23:43 -------- d-----w- C:\Users\Laptop\AppData\Local\Adobe
2011-06-25 00:18:37 -------- d-----w- C:\Users\Laptop\AppData\Roaming\Roxio Burn
2011-06-25 00:11:53 967 ----a-w- C:\Windows\ScUnin.pif
2011-06-25 00:11:52 68096 ----a-w- C:\Windows\ScUnin.exe
2011-06-25 00:10:06 -------- d-----w- C:\Program Files\Starcraft
2011-06-25 00:08:49 -------- d-----w- C:\Users\Laptop\AppData\Roaming\Macrovision
2011-06-25 00:07:05 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-06-25 00:07:04 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0759AC3A-AEFC-4FC4-8AF2-5B1B709BE266}\mpengine.dll
2011-06-24 23:33:35 -------- d-----w- C:\Windows\SysWow64\drivers\avg
2011-06-24 13:27:56 -------- d-----w- C:\Windows\SysWow64\Wat
2011-06-24 13:27:56 -------- d-----w- C:\Windows\System32\Wat
2011-06-24 12:46:46 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-06-24 12:45:25 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-06-24 10:24:18 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-06-24 10:23:38 -------- d-----w- C:\Users\Laptop\AppData\Local\Microsoft Help
2011-06-24 10:01:05 -------- d-----w- C:\Users\Laptop\AppData\Local\Microsoft Games
2011-06-24 09:33:01 36328 ----a-w- C:\Windows\System32\drivers\ssadadb.sys
2011-06-24 09:33:01 1917416 ----a-w- C:\Windows\System32\WdfCoInstaller01005.dll
2011-06-24 09:33:01 1917416 ----a-w- C:\Windows\System32\drivers\WdfCoInstaller01005.dll
2011-06-24 09:33:01 177128 ----a-w- C:\Windows\System32\drivers\ssadmdm.sys
2011-06-24 09:33:01 16872 ----a-w- C:\Windows\System32\drivers\ssadmdfl.sys
2011-06-24 09:33:01 157160 ----a-w- C:\Windows\System32\drivers\ssadbus.sys
2011-06-24 09:33:01 13800 ----a-w- C:\Windows\System32\drivers\ssadwhnt.sys
2011-06-24 09:33:01 13800 ----a-w- C:\Windows\System32\drivers\ssadwh.sys
2011-06-24 09:33:01 13288 ----a-w- C:\Windows\System32\drivers\ssadcmnt.sys
2011-06-24 09:33:01 13288 ----a-w- C:\Windows\System32\drivers\ssadcm.sys
2011-06-24 09:31:22 -------- d-----w- C:\Users\Laptop\AppData\Local\Downloaded Installations
2011-06-24 09:17:17 279136 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2011-06-24 09:17:16 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys
2011-06-24 09:17:15 970336 ----a-w- C:\Windows\System32\drivers\timntr.sys
2011-06-24 09:17:13 277088 ----a-w- C:\Windows\System32\drivers\snapman.sys
2011-06-24 08:22:21 -------- d-----w- C:\Users\Laptop\AppData\Roaming\ODIN
2011-06-24 07:48:53 -------- d-----w- C:\Users\Laptop\AppData\Local\doubleTwist Corporation
2011-06-24 07:48:47 -------- d-----w- C:\Program Files (x86)\Common Files\doubleTwist
2011-06-24 07:48:46 57344 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2011-06-24 07:48:45 60273 ----a-w- C:\Windows\SysWow64\pthreadGC2.dll
2011-06-24 07:48:45 -------- d-----w- C:\Program Files (x86)\ffdshow
2011-06-24 07:46:29 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-06-24 07:46:29 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-06-24 07:44:32 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-06-24 07:44:32 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-06-24 07:41:23 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-06-24 07:38:50 -------- d-----w- C:\Program Files (x86)\doubleTwist 2.0
2011-06-24 07:38:26 -------- d-----w- C:\Program Files (x86)\gPadServer
2011-06-24 07:15:16 -------- d--h--w- C:\$AVG
2011-06-24 07:15:07 -------- d-----w- C:\Program Files (x86)\AVG
2011-06-24 07:15:06 -------- d-----w- C:\ProgramData\avg9
2011-06-24 07:07:25 -------- d-----w- C:\Users\Laptop\AppData\Local\Google
2011-06-24 07:04:09 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-06-24 06:54:11 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-24 06:46:29 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-06-24 06:37:32 -------- d-----w- C:\Users\Laptop\AppData\Roaming\Dropbox
2011-06-24 06:36:29 -------- d-----w- C:\Users\Laptop\AppData\Local\Intel Wireless Display
2011-06-24 06:32:55 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-06-24 06:32:20 -------- d-----w- C:\Users\Laptop\AppData\Local\uTorrent
2011-06-24 06:32:19 -------- d-----w- C:\Users\Laptop\AppData\Roaming\uTorrent
2011-06-24 06:26:36 -------- d-----w- C:\Program Files (x86)\Dell Touch Software Suite
2011-06-24 06:26:36 -------- d-----w- C:\FIND_EULA_PATH
2011-06-24 06:25:15 -------- d-----w- C:\Users\Laptop\AppData\Local\Dell
2011-06-24 06:24:40 -------- d-----w- C:\Users\Laptop\AppData\Roaming\Dell
2011-06-24 06:24:35 -------- d-----w- C:\Users\Laptop\AppData\Roaming\Dell Touch Zone
2011-06-24 06:24:04 -------- d-----w- C:\Users\Laptop\AppData\Local\VirtualStore
2011-06-24 06:23:54 -------- d-----w- C:\Users\Laptop\AppData\Local\SoftThinks
2011-06-11 03:47:08 -------- d-----w- C:\Windows\System32\SRSLabs
2011-06-11 03:46:51 -------- d-----w- C:\Program Files\Realtek
2011-06-11 03:46:50 -------- d-----w- C:\Windows\SysWow64\RTCOM
2011-06-11 03:46:30 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2011-06-11 03:46:27 -------- d-----w- C:\Program Files\NVIDIA Corporation
2011-06-11 03:46:27 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-06-11 03:46:21 -------- d-----w- C:\Intel
2011-06-11 03:46:11 21616 ----a-w- C:\Windows\System32\drivers\stdcfltn.sys
2011-06-11 03:43:26 7680 ----a-r- C:\Windows\System32\CyTpCo1.dll
2011-06-11 03:43:26 62464 ----a-r- C:\Windows\System32\drivers\cymfltr.sys
2011-06-11 03:43:22 13312 ----a-r- C:\Windows\System32\drivers\cykbfltr.sys
2011-06-11 03:43:22 -------- d-----w- C:\Program Files\Cypress
2011-06-11 03:43:06 -------- d-----w- C:\Program Files\STMicroelectronics
2011-06-11 03:32:18 -------- d-----w- C:\apps
2011-06-11 03:30:47 317440 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys
2011-06-11 03:29:47 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-11 03:28:58 -------- d-----w- C:\Windows\System32\oem
2011-06-11 03:28:56 -------- d-----w- C:\Drivers
2011-06-11 02:23:06 -------- d-----w- C:\Program Files\dell stage
2011-06-11 02:21:42 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-06-11 02:21:12 -------- d-----w- C:\ProgramData\Uninstall
2011-06-11 02:20:45 -------- d-----w- C:\Program Files (x86)\Common Files\SureThing Shared
2011-06-11 02:20:38 -------- d-----w- C:\ProgramData\PhotoShow Shared Assets
2011-06-11 02:20:37 -------- d-----w- C:\Program Files\Roxio
2011-06-11 02:20:03 55856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2011-06-11 02:20:03 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2011-06-11 02:20:03 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2011-06-11 02:16:39 -------- d-----w- C:\Program Files (x86)\Common Files\mcafee
2011-06-11 02:16:26 -------- d-----w- C:\Program Files\Dell Support Center
2011-06-11 02:15:24 -------- d-----w- C:\Windows\en
2011-06-11 02:15:04 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-06-11 02:14:19 -------- d-----w- C:\Windows\PCHEALTH
2011-06-11 02:13:48 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-06-11 02:13:48 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-06-11 02:13:38 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-06-11 02:13:23 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-06-11 02:12:24 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-06-11 02:12:24 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-06-11 02:10:25 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b9dab84f1cc27dc04\DSETUP.dll
2011-06-11 02:10:25 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b9dab84f1cc27dc04\DXSETUP.exe
2011-06-11 02:10:25 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b9dab84f1cc27dc04\dsetup32.dll
2011-06-11 02:10:24 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b963b3821cc27dc02\DSETUP.dll
2011-06-11 02:10:24 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b963b3821cc27dc02\DXSETUP.exe
2011-06-11 02:10:24 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b963b3821cc27dc02\dsetup32.dll
2011-06-11 02:10:24 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b99811c81cc27dc03\MeshBetaRemover.exe
2011-06-11 02:10:23 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b8c1d5ef1cc27dc01\Silverlight.4.0.exe
2011-06-11 02:10:22 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-06-11 02:08:39 -------- d-----w- C:\Program Files (x86)\Creative
2011-06-11 02:08:20 -------- d-----w- C:\Program Files (x86)\Dell Webcam
2011-06-11 02:08:19 224768 ----a-w- C:\Windows\System32\drivers\CtAudDrv.sys
2011-06-11 02:08:19 176096 ----a-w- C:\Windows\System32\drivers\CtClsFlt.sys
2011-06-11 02:08:16 -------- d-----w- C:\Program Files (x86)\Creative Live! Cam
2011-06-11 02:08:06 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-06-11 02:08:06 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-06-11 02:08:06 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-06-11 02:08:06 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-06-11 02:08:06 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-06-11 02:08:06 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-06-11 02:08:06 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-06-11 02:07:26 -------- d-----w- C:\Program Files (x86)\Sensible Vision
2011-06-11 02:04:33 -------- d-----r- C:\Program Files (x86)\Skype
2011-06-11 02:03:22 151656 ----a-w- C:\Windows\System32\drivers\WimFltr.sys
2011-06-11 02:03:00 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-06-11 02:02:04 -------- d-----w- C:\Program Files\Dell
2011-06-11 02:01:19 -------- d-----w- C:\Program Files (x86)\Intel Corporation
2011-06-11 02:01:19 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2011-06-11 01:59:37 -------- d-----w- C:\ProgramData\Roaming
2011-06-11 01:59:09 -------- d-----w- C:\Program Files (x86)\Cisco
2011-06-11 01:57:17 -------- d-----w- C:\Program Files (x86)\STMicroelectronics
2011-06-11 01:57:05 104960 ----a-w- C:\Windows\System32\drivers\cyhid.sys
2011-06-11 01:54:53 29288 ----a-w- C:\Windows\System32\nvhdap64.dll
2011-06-11 01:54:53 155752 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2011-06-11 01:54:53 1359976 ----a-w- C:\Windows\System32\nvgenco64hda.dll
2011-06-11 01:52:12 -------- d-----w- C:\Program Files\Dell Inc
2011-06-11 01:49:13 -------- d-----w- C:\Windows\SysWow64\NV
2011-06-11 01:49:13 -------- d-----w- C:\Windows\System32\NV
.
==================== Find3M ====================
.
2011-06-11 03:29:47 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2011-06-11 01:53:17 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-05-24 07:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-03 16:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 03:25:24 84864 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-18 01:18:50 40832 ----a-w- C:\Windows\System32\drivers\MpNWMon.sys
2011-04-18 01:18:50 189440 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2011-04-14 09:28:24 118864 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-04 12:59:54 377936 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
.
============= FINISH: 21:19:23.32 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 24/06/2011 18:44:43
System Uptime: 1/07/2011 21:16:18 (0 hours ago)
.
Motherboard: Dell Inc. | | 060G42
Processor: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz | CPU | 2701/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 684 GiB total, 451.192 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP32: 26/06/2011 11:24:24 - Removed Dell DataSafe Local Backup
RP33: 26/06/2011 11:25:00 - Removed Dell DataSafe Online
RP34: 26/06/2011 11:25:28 - Removed Dell Getting Started Guide.
RP35: 26/06/2011 11:25:47 - Removed Dell MusicStage
RP36: 26/06/2011 11:26:11 - Removed Dell PhotoStage.
RP37: 26/06/2011 11:26:44 - Removed Dell Stage
RP38: 26/06/2011 11:27:34 - Configured VideoStage
RP39: 26/06/2011 11:29:55 - Removed Quickset64.
RP40: 26/06/2011 11:31:31 - Windows Live Essentials
RP41: 26/06/2011 11:31:47 - WLSetup
RP42: 26/06/2011 11:57:38 - Installed VirtualDrive Pro
RP43: 26/06/2011 12:15:20 - Device Driver Package Install: MagicISO, Inc. Storage controllers
RP44: 26/06/2011 12:20:51 - Removed VirtualDrive Pro
RP46: 26/06/2011 12:29:07 - SPTD setup V1.50
RP47: 26/06/2011 12:33:32 - Installed Age of Empires III
RP49: 26/06/2011 13:10:15 - SPTD setup V1.50
RP51: 26/06/2011 13:15:52 - SPTD setup V1.50
RP53: 26/06/2011 13:19:35 - SPTD setup V1.50
RP54: 26/06/2011 13:26:45 - Installed Java(TM) 6 Update 26
RP55: 26/06/2011 14:56:42 - Device Driver Package Install: DT Soft Ltd System devices
RP56: 26/06/2011 15:15:19 - Device Driver Package Install: DT Soft Ltd System devices
.
==== Installed Programs ======================
.
AccelerometerP11
Acronis True Image Home 2011
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X MUI
Advanced Audio FX Engine
Age of Empires III
µTorrent
D3DX10
DAEMON Tools Pro
Definition update for Microsoft Office 2010 (KB982726)
Dell Webcam Central
DirectX 9 Runtime
doubleTwist
Dropbox
ffdshow [rev 2527] [2008-12-19]
Google Chrome
Google Update Helper
gPad Server 2.0 2.0.0
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Wireless Display
Java(TM) 6 Update 26
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 5.0 (x86 en-GB)
MSVCRT
NVIDIA Stereoscopic 3D Driver
PhotoShowExpress
Picasa 3
PowerISO
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Samsung Kies
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft InfoPath 2010 (KB2510065)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Skype Toolbars
Skype™ 4.2
Sonic CinePlayer Decoder Pack
Sophos Anti-Rootkit 1.5.4
SPORE™
Starcraft
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.10
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinZip 15.5
.
==== Event Viewer Messages From Past Week ========
.
26/06/2011 11:22:50, Error: Service Control Manager [7034] - The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).
26/06/2011 11:14:03, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
25/06/2011 14:14:08, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
25/06/2011 11:26:06, Error: Service Control Manager [7000] - The Bluetooth OBEX Service service failed to start due to the following error: Access is denied.
24/06/2011 21:38:12, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
24/06/2011 18:58:07, Error: Service Control Manager [7000] - The AVG AVI Loader Driver x64 service failed to start due to the following error: This driver has been blocked from loading
24/06/2011 18:58:07, Error: Application Popup [875] - Driver avgldx64.sys has been blocked from loading.
24/06/2011 18:44:08, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
24/06/2011 18:42:41, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.
24/06/2011 18:42:41, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff88008c8bf78, 0xfffff88008c8b7d0, 0xfffff80002d26537). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
1/07/2011 21:17:25, Error: Service Control Manager [7000] - The Bluetooth Device Monitor service failed to start due to the following error: The system cannot find the file specified.
1/07/2011 21:17:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service Bluetooth Device Monitor with arguments "" in order to run the server: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
1/07/2011 21:17:24, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
1/07/2011 21:16:19, Error: sptd [4] - Driver detected an internal error in its data structures for .
1/07/2011 20:54:47, Error: Service Control Manager [7000] - The MEMSWEEP2 service failed to start due to the following error: This driver has been blocked from loading
1/07/2011 20:54:47, Error: Application Popup [1060] - \??\C:\Windows\system32\9AAA.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/07/2011 20:53:58, Error: Application Popup [1060] - \??\C:\Windows\system32\DBFC.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/07/2011 20:44:29, Error: Service Control Manager [7034] - The Bluetooth Media Service service terminated unexpectedly. It has done this 1 time(s).
1/07/2011 20:44:21, Error: Service Control Manager [7034] - The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s).
1/07/2011 20:30:27, Error: Service Control Manager [7034] - The Acronis Nonstop Backup service service terminated unexpectedly. It has done this 1 time(s).
1/07/2011 19:41:17, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
.
==== End Of File ===========================
flashwaawoo
Active Member
 
Posts: 12
Joined: July 1st, 2011, 5:21 am
Advertisement
Register to Remove

Re: Google redirect malware

Unread postby pgmigg » July 5th, 2011, 9:52 am

Hello flashwaawoo,

Welcome to the forum!

My name is pgmigg and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean"

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect malware

Unread postby flashwaawoo » July 6th, 2011, 4:04 am

I read your post and need to give you the updated log.


.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Laptop at 20:00:26 on 2011-07-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.8106.5455 [GMT 12:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files\COMODO\COMODO BackUp\COSService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Cypress\TrackPad\CyCpIo.exe
C:\Program Files\Cypress\TrackPad\CyHidWin.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www1.ap.dell.com/content/default ... l=en&s=gen
uDefault_Page_URL = hxxp://www1.ap.dell.com/content/default ... l=en&s=gen
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [FAStartup]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [RAMDrive] "C:\Program Files (x86)\FarStone\VirtualDrive\VHD\RDTask.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Laptop\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Laptop\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GPADSE~1.LNK - C:\Program Files (x86)\gPadServer\gPadServer.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{E28B210F-1E3D-45CB-B6F3-98DF8E6D5E05} : DhcpNameServer = 10.0.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO-X64: dTPodcastBHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [FAStartup]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [RAMDrive] "C:\Program Files (x86)\FarStone\VirtualDrive\VHD\RDTask.exe"
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\cblbq9yv.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 bdisk;COMODO Disk Raw Access Filter;C:\Windows\system32\drivers\bdisk.sys --> C:\Windows\system32\drivers\bdisk.sys [?]
R0 CBUfs;CBUfs;C:\Windows\system32\drivers\CBUFS.sys --> C:\Windows\system32\drivers\CBUFS.sys [?]
R0 cbvd;Comodo Encrypted Virtual Disk;C:\Windows\system32\DRIVERS\cbvd.sys --> C:\Windows\system32\DRIVERS\cbvd.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-18 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-18 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-5 128384]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-6-11 98208]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 COSService.exe;Comodo Online Storage Service;C:\Program Files\COMODO\COMODO BackUp\COSService.exe [2011-6-2 670000]
R2 iPodDrv;iPodDrv;\??\C:\Windows\system32\drivers\iPodDrv.sys --> C:\Windows\system32\drivers\iPodDrv.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-3 2214504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
R2 SynchronizationService.exe;Comodo BackUp Service;C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe [2011-6-2 1557808]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-6-11 2656280]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 cyhid;Cypress Input Device;C:\Windows\system32\DRIVERS\cyhid.sys --> C:\Windows\system32\DRIVERS\cyhid.sys [?]
R3 cykbfltrService;Cypress Keyboard Filter Driver;C:\Windows\system32\DRIVERS\cykbfltr.sys --> C:\Windows\system32\DRIVERS\cykbfltr.sys [?]
R3 cymfltrService;Cypress Trackpad Filter Driver;C:\Windows\system32\DRIVERS\cymfltr.sys --> C:\Windows\system32\DRIVERS\cymfltr.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 vdbus;Virtual Disk Bus Enumerator;C:\Windows\system32\DRIVERS\vdbus.sys --> C:\Windows\system32\DRIVERS\vdbus.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" --> C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-24 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\8EF8.tmp --> C:\Windows\system32\8EF8.tmp [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-18 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 reparse;reparse;C:\Windows\system32\DRIVERS\cbreparse.sys --> C:\Windows\system32\DRIVERS\cbreparse.sys [?]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-05 10:36:30 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{517C409E-2FC1-4631-B764-C300B72ABF5C}\mpengine.dll
2011-07-05 07:41:48 -------- d-----w- C:\Users\Laptop\Backups
2011-07-05 07:38:01 -------- d-----w- C:\Program Files\COMODO
2011-07-05 07:37:52 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2011-07-03 11:38:50 -------- d-----w- C:\My backups
2011-07-03 11:33:49 -------- d-----w- C:\Windows\SysWow64\NV
2011-07-03 11:33:49 -------- d-----w- C:\Windows\System32\NV
2011-07-03 11:27:24 8863336 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2011-07-03 11:26:22 -------- d-----w- C:\NVIDIA
2011-07-03 09:34:00 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-03 02:30:39 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D4FCC5B9-D92F-43CC-8506-AD927009A334}\gapaengine.dll
2011-07-02 08:41:10 20 ----a-w- C:\Windows\SysWow64\DXGIZ.DLL
2011-07-02 07:17:24 -------- d-----w- C:\Users\Laptop\AppData\Roaming\SUPERAntiSpyware.com
2011-07-02 07:17:24 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-02 07:17:13 -------- d-----w- C:\ProgramData\!SASCORE
2011-07-02 07:17:08 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-07-02 00:33:29 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2011-07-02 00:33:29 -------- d-----w- C:\Program Files (x86)\StarCraft II
2011-07-02 00:33:29 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2011-07-02 00:09:11 -------- d-----w- C:\Users\Laptop\AppData\Local\Apple Computer
2011-07-02 00:03:43 -------- d-----w- C:\Users\Laptop\AppData\Local\Apple
2011-07-01 10:27:54 6144 ------w- C:\Windows\System32\8EF8.tmp
2011-07-01 10:25:19 6144 ------w- C:\Windows\System32\344A.tmp
2011-07-01 09:53:57 -------- d-----w- C:\Users\Laptop\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2011-07-01 09:53:49 -------- d-----w- C:\Program Files (x86)\TweetDeck
2011-07-01 09:44:06 -------- d-----w- C:\Users\Laptop\AppData\Roaming\AVG
2011-07-01 08:54:47 6144 ------w- C:\Windows\System32\9AAA.tmp
2011-07-01 08:53:58 6144 ------w- C:\Windows\System32\DBFC.tmp
2011-07-01 08:53:50 -------- d-----w- C:\Program Files (x86)\Sophos
2011-07-01 08:42:44 -------- d-----w- C:\Users\Laptop\AppData\Roaming\AVG10
2011-07-01 08:41:41 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-07-01 08:41:41 -------- d-----w- C:\ProgramData\AVG10
2011-07-01 08:26:08 -------- d-----w- C:\Users\Laptop\AppData\Local\Diagnostics
2011-07-01 08:21:11 -------- d-----w- C:\Users\Laptop\AppData\Roaming\Malwarebytes
2011-07-01 08:21:05 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-01 08:21:05 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-01 08:21:02 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-01 08:21:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-01 07:44:19 -------- d-----w- C:\ProgramData\MFAData
2011-07-01 07:39:27 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-07-01 07:39:02 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-06-26 04:15:50 2784600 ----a-w- C:\Windows\System32\auto_reactivate.exe
2011-06-26 04:00:09 -------- d-----w- C:\Users\Laptop\AppData\Roaming\Reallusion
2011-06-26 03:44:36 272448 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-06-26 03:44:32 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro
2011-06-26 03:38:50 -------- d-----w- C:\Users\Laptop\AppData\Local\{DCE6C8D1-FC3B-4B74-B613-891B0D6D2B5E}
2011-06-26 02:54:57 -------- d-----w- C:\Users\Laptop\AppData\Roaming\DAEMON Tools Pro
2011-06-26 02:54:57 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
2011-06-26 01:24:07 -------- d-----w- C:\Program Files\Dameon
2011-06-26 01:00:38 -------- d-----w- C:\Users\Laptop\AppData\Roaming\PCDr
2011-06-26 01:00:04 -------- d-----w- C:\ProgramData\PCDr
2011-06-26 00:37:13 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2011-06-26 00:29:14 867064 ----a-w- C:\Windows\System32\drivers\sptd.sys
2011-06-26 00:25:27 91568 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2011-06-26 00:25:27 -------- d-----w- C:\Program Files (x86)\PowerISO
2011-06-26 00:15:13 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2011-06-26 00:08:16 -------- d-----w- C:\Program Files (x86)\MagicISO
2011-06-26 00:03:34 -------- d-----w- C:\ProgramData\farstone
2011-06-26 00:02:41 -------- d-----w- C:\Users\Laptop\AppData\Roaming\FarStone
2011-06-26 00:00:03 254224 ----a-w- C:\Windows\SysWow64\drmclien.dll
2011-06-25 23:58:15 81920 ----a-w- C:\Windows\VPLAY801.EXE
2011-06-25 23:58:13 81424 ----a-w- C:\Windows\System32\drivers\FVXSCSI.SYS
2011-06-25 23:58:10 21784 ----a-w- C:\Windows\System32\drivers\FCDABUS.SYS
2011-06-25 23:57:12 36864 ------w- C:\Windows\SysWow64\unVHDDrvExe.exe
2011-06-25 23:57:12 32768 ------w- C:\Windows\SysWow64\inVHDDrvExe.exe
2011-06-25 02:13:47 -------- d--h--w- C:\ProgramData\Common Files
2011-06-25 01:01:14 -------- d-----w- C:\Users\Laptop\AppData\Roaming\SPORE
2011-06-25 00:34:44 1240 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg
2011-06-25 00:23:43 -------- d-----w- C:\Users\Laptop\AppData\Local\Adobe
2011-06-25 00:18:37 -------- d-----w- C:\Users\Laptop\AppData\Roaming\Roxio Burn
2011-06-25 00:08:49 -------- d-----w- C:\Users\Laptop\AppData\Roaming\Macrovision
2011-06-25 00:07:05 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-06-25 00:07:04 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0759AC3A-AEFC-4FC4-8AF2-5B1B709BE266}\mpengine.dll
2011-06-24 23:33:35 -------- d-----w- C:\Windows\SysWow64\drivers\avg
2011-06-24 13:27:56 -------- d-----w- C:\Windows\SysWow64\Wat
2011-06-24 13:27:56 -------- d-----w- C:\Windows\System32\Wat
2011-06-24 12:46:46 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-06-24 12:45:25 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-06-24 10:24:18 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-06-24 10:23:38 -------- d-----w- C:\Users\Laptop\AppData\Local\Microsoft Help
2011-06-24 10:01:05 -------- d-----w- C:\Users\Laptop\AppData\Local\Microsoft Games
2011-06-24 09:33:01 36328 ----a-w- C:\Windows\System32\drivers\ssadadb.sys
2011-06-24 09:33:01 1917416 ----a-w- C:\Windows\System32\WdfCoInstaller01005.dll
2011-06-24 09:33:01 1917416 ----a-w- C:\Windows\System32\drivers\WdfCoInstaller01005.dll
2011-06-24 09:33:01 177128 ----a-w- C:\Windows\System32\drivers\ssadmdm.sys
2011-06-24 09:33:01 16872 ----a-w- C:\Windows\System32\drivers\ssadmdfl.sys
2011-06-24 09:33:01 157160 ----a-w- C:\Windows\System32\drivers\ssadbus.sys
2011-06-24 09:33:01 13800 ----a-w- C:\Windows\System32\drivers\ssadwhnt.sys
2011-06-24 09:33:01 13800 ----a-w- C:\Windows\System32\drivers\ssadwh.sys
2011-06-24 09:33:01 13288 ----a-w- C:\Windows\System32\drivers\ssadcmnt.sys
2011-06-24 09:33:01 13288 ----a-w- C:\Windows\System32\drivers\ssadcm.sys
2011-06-24 09:31:22 -------- d-----w- C:\Users\Laptop\AppData\Local\Downloaded Installations
2011-06-24 09:17:16 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys
2011-06-24 09:17:15 970336 ----a-w- C:\Windows\System32\drivers\timntr.sys
2011-06-24 08:22:21 -------- d-----w- C:\Users\Laptop\AppData\Roaming\ODIN
2011-06-24 07:48:53 -------- d-----w- C:\Users\Laptop\AppData\Local\doubleTwist Corporation
2011-06-24 07:48:47 -------- d-----w- C:\Program Files (x86)\Common Files\doubleTwist
2011-06-24 07:48:46 57344 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2011-06-24 07:48:45 60273 ----a-w- C:\Windows\SysWow64\pthreadGC2.dll
2011-06-24 07:48:45 -------- d-----w- C:\Program Files (x86)\ffdshow
2011-06-24 07:46:29 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-06-24 07:46:29 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-06-24 07:44:32 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-06-24 07:44:32 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-06-24 07:41:23 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-06-24 07:38:50 -------- d-----w- C:\Program Files (x86)\doubleTwist 2.0
2011-06-24 07:38:26 -------- d-----w- C:\Program Files (x86)\gPadServer
2011-06-24 07:15:16 -------- d--h--w- C:\$AVG
2011-06-24 07:15:07 -------- d-----w- C:\Program Files (x86)\AVG
2011-06-24 07:15:06 -------- d-----w- C:\ProgramData\avg9
2011-06-24 07:07:25 -------- d-----w- C:\Users\Laptop\AppData\Local\Google
2011-06-24 07:04:09 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-06-24 06:54:11 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-24 06:46:29 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-06-24 06:37:32 -------- d-----w- C:\Users\Laptop\AppData\Roaming\Dropbox
2011-06-24 06:36:29 -------- d-----w- C:\Users\Laptop\AppData\Local\Intel Wireless Display
2011-06-24 06:32:55 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-06-24 06:32:20 -------- d-----w- C:\Users\Laptop\AppData\Local\uTorrent
2011-06-24 06:32:19 -------- d-----w- C:\Users\Laptop\AppData\Roaming\uTorrent
2011-06-24 06:26:36 -------- d-----w- C:\Program Files (x86)\Dell Touch Software Suite
2011-06-24 06:26:36 -------- d-----w- C:\FIND_EULA_PATH
2011-06-24 06:25:15 -------- d-----w- C:\Users\Laptop\AppData\Local\Dell
2011-06-24 06:24:40 -------- d-----w- C:\Users\Laptop\AppData\Roaming\Dell
2011-06-24 06:24:35 -------- d-----w- C:\Users\Laptop\AppData\Roaming\Dell Touch Zone
2011-06-24 06:24:04 -------- d-----w- C:\Users\Laptop\AppData\Local\VirtualStore
2011-06-24 06:23:54 -------- d-----w- C:\Users\Laptop\AppData\Local\SoftThinks
2011-06-11 03:47:08 -------- d-----w- C:\Windows\System32\SRSLabs
2011-06-11 03:46:51 -------- d-----w- C:\Program Files\Realtek
2011-06-11 03:46:50 -------- d-----w- C:\Windows\SysWow64\RTCOM
2011-06-11 03:46:27 -------- d-----w- C:\Program Files\NVIDIA Corporation
2011-06-11 03:46:27 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-06-11 03:46:21 -------- d-----w- C:\Intel
2011-06-11 03:46:11 21616 ----a-w- C:\Windows\System32\drivers\stdcfltn.sys
2011-06-11 03:43:26 7680 ----a-r- C:\Windows\System32\CyTpCo1.dll
2011-06-11 03:43:26 62464 ----a-r- C:\Windows\System32\drivers\cymfltr.sys
2011-06-11 03:43:22 13312 ----a-r- C:\Windows\System32\drivers\cykbfltr.sys
2011-06-11 03:43:22 -------- d-----w- C:\Program Files\Cypress
2011-06-11 03:43:06 -------- d-----w- C:\Program Files\STMicroelectronics
2011-06-11 03:32:18 -------- d-----w- C:\apps
2011-06-11 03:30:47 317440 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys
2011-06-11 03:29:47 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-11 03:28:58 -------- d-----w- C:\Windows\System32\oem
2011-06-11 03:28:56 -------- d-----w- C:\Drivers
2011-06-11 02:23:06 -------- d-----w- C:\Program Files\dell stage
2011-06-11 02:21:42 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-06-11 02:21:12 -------- d-----w- C:\ProgramData\Uninstall
2011-06-11 02:20:45 -------- d-----w- C:\Program Files (x86)\Common Files\SureThing Shared
2011-06-11 02:20:38 -------- d-----w- C:\ProgramData\PhotoShow Shared Assets
2011-06-11 02:20:37 -------- d-----w- C:\Program Files\Roxio
2011-06-11 02:20:03 55856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2011-06-11 02:20:03 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2011-06-11 02:20:03 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2011-06-11 02:16:39 -------- d-----w- C:\Program Files (x86)\Common Files\mcafee
2011-06-11 02:16:26 -------- d-----w- C:\Program Files\Dell Support Center
2011-06-11 02:15:24 -------- d-----w- C:\Windows\en
2011-06-11 02:15:04 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-06-11 02:14:19 -------- d-----w- C:\Windows\PCHEALTH
2011-06-11 02:13:48 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-06-11 02:13:48 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-06-11 02:13:38 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-06-11 02:13:23 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-06-11 02:12:24 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-06-11 02:12:24 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-06-11 02:10:25 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b9dab84f1cc27dc04\DSETUP.dll
2011-06-11 02:10:25 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b9dab84f1cc27dc04\DXSETUP.exe
2011-06-11 02:10:25 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b9dab84f1cc27dc04\dsetup32.dll
2011-06-11 02:10:24 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b963b3821cc27dc02\DSETUP.dll
2011-06-11 02:10:24 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b963b3821cc27dc02\DXSETUP.exe
2011-06-11 02:10:24 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b963b3821cc27dc02\dsetup32.dll
2011-06-11 02:10:24 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b99811c81cc27dc03\MeshBetaRemover.exe
2011-06-11 02:10:23 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b8c1d5ef1cc27dc01\Silverlight.4.0.exe
2011-06-11 02:10:22 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-06-11 02:08:39 -------- d-----w- C:\Program Files (x86)\Creative
2011-06-11 02:08:20 -------- d-----w- C:\Program Files (x86)\Dell Webcam
2011-06-11 02:08:19 224768 ----a-w- C:\Windows\System32\drivers\CtAudDrv.sys
2011-06-11 02:08:19 176096 ----a-w- C:\Windows\System32\drivers\CtClsFlt.sys
2011-06-11 02:08:16 -------- d-----w- C:\Program Files (x86)\Creative Live! Cam
2011-06-11 02:08:06 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-06-11 02:08:06 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-06-11 02:08:06 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-06-11 02:08:06 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-06-11 02:08:06 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-06-11 02:08:06 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-06-11 02:08:06 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-06-11 02:07:26 -------- d-----w- C:\Program Files (x86)\Sensible Vision
2011-06-11 02:04:33 -------- d-----r- C:\Program Files (x86)\Skype
2011-06-11 02:03:22 151656 ----a-w- C:\Windows\System32\drivers\WimFltr.sys
2011-06-11 02:03:00 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-06-11 02:02:04 -------- d-----w- C:\Program Files\Dell
2011-06-11 02:01:19 -------- d-----w- C:\Program Files (x86)\Intel Corporation
2011-06-11 02:01:19 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2011-06-11 01:59:37 -------- d-----w- C:\ProgramData\Roaming
2011-06-11 01:59:09 -------- d-----w- C:\Program Files (x86)\Cisco
2011-06-11 01:57:17 -------- d-----w- C:\Program Files (x86)\STMicroelectronics
2011-06-11 01:57:05 104960 ----a-w- C:\Windows\System32\drivers\cyhid.sys
2011-06-11 01:52:12 -------- d-----w- C:\Program Files\Dell Inc
.
==================== Find3M ====================
.
2011-06-11 03:29:47 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2011-06-11 01:53:17 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-06-02 08:07:00 80864 ----a-w- C:\Windows\System32\drivers\bdisk.sys
2011-06-02 08:06:52 143688 ----a-w- C:\Windows\System32\drivers\cbufs.sys
2011-06-02 08:06:44 493352 ----a-w- C:\Windows\System32\drivers\CBVD.sys
2011-06-02 08:06:34 632384 ----a-w- C:\Windows\System32\drivers\vdbus.sys
2011-06-02 08:06:26 497984 ----a-w- C:\Windows\System32\drivers\cbreparse.sys
2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-20 10:35:28 304744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 16:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 03:25:24 84864 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-22 09:35:34 1720192 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2011-04-18 01:18:50 40832 ----a-w- C:\Windows\System32\drivers\MpNWMon.sys
2011-04-18 01:18:50 189440 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2011-04-14 09:28:24 118864 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 20:02:14.89 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 24/06/2011 18:44:43
System Uptime: 6/07/2011 19:12:30 (1 hours ago)
.
Motherboard: Dell Inc. | | 060G42
Processor: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz | CPU | 783/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 684 GiB total, 444.631 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP58: 5/07/2011 22:37:28 - Restore 1
RP59: 5/07/2011 22:42:18 - Windows Backup
RP60: 6/07/2011 09:08:00 - Windows Backup
RP61: 6/07/2011 09:26:17 - Windows Update
.
==== Installed Programs ======================
.
AccelerometerP11
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Advanced Audio FX Engine
Age of Empires III
Apple Application Support
Apple Software Update
µTorrent
AVG PC Tuneup 2011
D3DX10
DAEMON Tools Pro
Definition update for Microsoft Office 2010 (KB982726)
Dell Webcam Central
DirectX 9 Runtime
doubleTwist
Dropbox
ffdshow [rev 2527] [2008-12-19]
Google Chrome
Google Update Helper
gPad Server 2.0 2.0.0
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Wireless Display
Java(TM) 6 Update 26
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 5.0 (x86 en-GB)
MSVCRT
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PhotoShowExpress
Picasa 3
PowerISO
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Samsung Kies
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Skype Toolbars
Skype™ 4.2
Sonic CinePlayer Decoder Pack
Sophos Anti-Rootkit 1.5.4
SPORE™
StarCraft II
TweetDeck
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2010 (KB2494150)
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.10
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinZip 15.5
.
==== Event Viewer Messages From Past Week ========
.
6/07/2011 19:14:21, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/07/2011 19:14:06, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
6/07/2011 19:14:06, Error: Service Control Manager [7000] - The Bluetooth Device Monitor service failed to start due to the following error: The system cannot find the file specified.
6/07/2011 19:14:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service Bluetooth Device Monitor with arguments "" in order to run the server: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
6/07/2011 19:12:31, Error: sptd [4] - Driver detected an internal error in its data structures for .
6/07/2011 09:39:58, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/07/2011 09:32:08, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Service Pack 1 for Microsoft Office 2010 (KB2510690) 32-bit Edition.
5/07/2011 19:39:55, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/07/2011 09:14:32, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/07/2011 15:02:59, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/07/2011 15:02:20, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xfffff88000bf6000, 0x0000000000000009, 0x0000000000000000, 0xfffff880091ba618). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070311-34320-01.
1/07/2011 23:10:08, Error: Service Control Manager [7000] - The MEMSWEEP2 service failed to start due to the following error: This driver has been blocked from loading
1/07/2011 23:10:08, Error: Application Popup [1060] - \??\C:\Windows\system32\8EF8.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/07/2011 22:25:42, Error: Application Popup [1060] - \??\C:\Windows\system32\344A.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================
flashwaawoo
Active Member
 
Posts: 12
Joined: July 1st, 2011, 5:21 am

Re: Google redirect malware

Unread postby pgmigg » July 7th, 2011, 11:24 pm

Hello flashwaawoo,

I apologize for the delay in coming back to you on this and thank you again for your patience. :)

Please tell me, is this computer used for business purposes or connected to a business network?
I need to know it - so I can provide the proper instructions.

P2P Advisory!
IMPORTANT: There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
µTorrent

As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assistance.
If you choose NOT to remove the program(s), please indicate that in your next reply and this topic will be closed.

Otherwise, please perform the following steps:

Step 1.
Remove P2P Program(s)
  1. Click on Start -> Control Panel and depends on View by selection in upper right corner:
    • If Category - click on Uninstall Programs.
    • If Icons - click on Programs and Features.
  2. Locate the following program:
    µTorrent
  3. Click on the Change/Remove button to uninstall it.
    Repeat steps 2 and 3 for each program listed.
  4. When the program(s) have been uninstalled, please close Control Panel.
By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program
itself, may be safe but the files may not - use P2P at your own risk!
Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

Step 2.
MGA Diagnostics
I need you to run a tool which will aid in determining what additional steps we'll need to perform.
  • Please download this tool from Microsoft and save it to your Desktop.
  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click "Run" again and then click "Continue".
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in. Save this file and post it in your next reply.

Step 3.
WVCheck
Please go to Artellos.com.
  1. Choose the "Latest EXE Download" to download WVCheck and save it to your Desktop.
  2. Double click WVCheck.exe, to run the process.
  3. Read the comments on the screen, then press Enter.
    The scan can take a while depending on the size of your hard drive.
  4. Once the program is done, Notepad will open with the scan report. Save the report to your Desktop.
  5. Please copy and paste the contents of the Notepad file in your next reply.

Step 4.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Right-click CKScanner.exe and select Run as administrator..., then click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Please include in your next reply:
  1. Answer for my question about type of using of your computer.
  2. Your decision about removing P2P program.
  3. Do you have any problems executing the instructions?
  4. Contents of a log created by MGADiag.exe
  5. Contents of a log created by WVCheck.exe
  6. Contents of a log created by CKFiles.txt
  7. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect malware

Unread postby flashwaawoo » July 8th, 2011, 5:39 pm

A.This machine isn't being used for work. It is a home machine.
B. Have removed uTorrent.
C. I didn't have any problems executing these instructions.
D. Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-QCPVQ-KHRB8-RMV82
Windows Product Key Hash: +Rj3N34NLM2JqoBO/OzgzTZXgbY=
Windows Product ID: 00359-OEM-8992687-00095
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {A9564F77-6BBA-4057-9429-D753951EF041}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110408-1631
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A9564F77-6BBA-4057-9429-D753951EF041}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RMV82</PKey><PID>00359-OEM-8992687-00095</PID><PIDType>2</PIDType><SID>S-1-5-21-2372956138-338855233-1135559829</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dell System XPS 15Z</Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>A02</Version><SMBIOSVersion major="2" minor="6"/><Date>20110509000000.000000+000</Date></BIOS><HWID>AAB93D07018400FE</HWID><UserLCID>1409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>New Zealand Standard Time(GMT+12:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>QA09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800095-02-1033-7601.0000-1612011
Installation ID: 011452453510416250458596231590026506045765567966832425
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: RMV82
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 9/07/2011 09:20:55

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NAAAAAIAAQABAAIAAAABAAAABAABAAEAln3sFXcWYLUE6eaFgC5wlz5ulkdo9mZCOI0ucw==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL QA09
FACP DELL QA09
HPET DELL QA09
MCFG DELL QA09
SLIC DELL QA09
SSDT DELL PtidDevc
ASF! DELL QA09
SSDT DELL PtidDevc
SSDT DELL PtidDevc
SSDT DELL PtidDevc
UEFI DELL QA09
UEFI DELL QA09
DMAR INTEL SNB
UEFI DELL QA09

E.
Windows Validation Check
Version: 1.9.12.5
Log Created On: 0923_09-07-2011
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2011-07-08 03:42:09
Last Success Time for Update Download: 2011-07-05 21:26:13
Last Success Time for Update Installation: 2011-07-05 21:32:08


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 21/11/2010 16:23:48
Modification; 21/11/2010 16:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 14336 bytes
Creation; 21/11/2010 16:23:48
Modification; 21/11/2010 16:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
Size: 15360 bytes
Creation; 21/11/2010 16:24:21
Modification; 21/11/2010 16:24:21
MD5; b6d6886149573278cba6abd44c4317f5
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 21/11/2010 16:23:48
Modification; 21/11/2010 16:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3


-------- End of File, program close at 0929_09-07-2011 --------

F.
CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\laptop\documents\jamie's documents\darky rom\apps\android mega pack\apps\gremote pro (1.1.2)\crack for pc\gremoteserver.exe
c:\users\laptop\documents\jamie's documents\darky rom\apps\android mega pack\apps\yxflash (1.2.9) - (1.3.5) - (1.3.6)\keygenerator.exe
c:\users\laptop\documents\jamie's documents\school\cds\science\los\l15\vo\woodcrack.swf
c:\users\laptop\documents\jamie's documents\school\cds\science\los\l199\vo\woodcrack.swf
c:\users\laptop\documents\jamie's documents\school\cds\science\los\l209\lv985\vo\woodcrack.swf
c:\users\laptop\documents\jamie's documents\school\cds\science\los\l73\lv578\vo\woodcrack.swf
c:\users\laptop\documents\useful application\daemon tools pro advanced 4.41.0314.0232 incl crack & patch\crack.rar
c:\users\laptop\documents\useful application\daemon tools pro advanced 4.41.0314.0232 incl crack & patch\setup.exe
c:\users\laptop\documents\useful application\daemon tools pro advanced 4.41.0314.0232 incl crack & patch\crack\crack\readme.txt
c:\users\laptop\documents\useful application\daemon tools pro advanced 4.41.0314.0232 incl crack & patch\crack\crack\pre-cracked dll\ind.dll
c:\users\laptop\documents\useful application\daemon tools pro advanced 4.41.0314.0232 incl crack & patch\crack\crack\pre-cracked dll\mfc100u.dll
c:\users\laptop\documents\useful application\pdf password cracker enterprise v3.2\pdf password cracker enterprise v3.2.rar
c:\users\laptop\documents\useful application\pdf password cracker enterprise v3.2\torrent_downloaded_from_demonoid.com.txt
c:\users\laptop\documents\useful application\pdf password cracker enterprise v3.2\pdf password cracker enterprise v3.2\cimage.dll
c:\users\laptop\documents\useful application\pdf password cracker enterprise v3.2\pdf password cracker enterprise v3.2\crackpdf.exe
c:\users\laptop\documents\useful application\pdf password cracker enterprise v3.2\pdf password cracker enterprise v3.2\crackpdf.log
c:\users\laptop\documents\useful application\pdf password cracker enterprise v3.2\pdf password cracker enterprise v3.2\crackpdf.url
c:\users\laptop\documents\useful application\pdf password cracker enterprise v3.2\pdf password cracker enterprise v3.2\help.htm
c:\users\laptop\documents\useful application\pdf password cracker enterprise v3.2\pdf password cracker enterprise v3.2\password.dic
c:\users\laptop\documents\useful application\pdf password cracker enterprise v3.2\pdf password cracker enterprise v3.2\remopt.dll
c:\users\laptop\documents\useful application\pdf password cracker enterprise v3.2\pdf password cracker enterprise v3.2\skinmagic.dll
c:\users\laptop\documents\useful application\pdf password cracker enterprise v3.2\pdf password cracker enterprise v3.2\unins000.dat
c:\users\laptop\documents\useful application\pdf password cracker enterprise v3.2\pdf password cracker enterprise v3.2\unins000.exe
c:\users\laptop\documents\useful application\pdf password cracker enterprise v3.2\pdf password cracker enterprise v3.2\xpgrean.smf
c:\users\laptop\downloads\torrents\age of empires 3 full dvd +crack + serial.iso.torrent
c:\users\laptop\downloads\torrents\daemon tools pro advanced 4.41.0314.0232 incl crack & patch.torrent
c:\users\laptop\downloads\torrents\daemon tools pro advanced 4.41.0314__ keygen.rar.torrent
c:\users\laptop\music\kanye west - late registration - 08 - crack music feat. game.m4a
c:\users\laptop\music\spl & limewax - spl & limewax knowledge studio mix - 12 - deathcracking core.m4a
scanner sequence 3.ZZ.11.QQNASC
----- EOF -----

G. No I haven't noticed that my computer is going faster.
Thanks for your help.
You do not have the required permissions to view the files attached to this post.
flashwaawoo
Active Member
 
Posts: 12
Joined: July 1st, 2011, 5:21 am

Re: Google redirect malware

Unread postby pgmigg » July 9th, 2011, 11:18 pm

Hello flashwaawoo,

Is there any reason why you have not Validated Windows yet?

  • Please visit This website using Internet Explorer.
  • Follow the instructions to Validate Windows, then run MGADiag.exe again and post the new log in your next reply.

NOTE: Contact Microsoft, if you feel there has been a validation error - begin here .

Cracked/Keygen related software detected!!!

While going through your logs I found out that you have downloaded various keygen/cracked software and that you are actively using it.
Our forum policy Here says we will not help people who use cracked or pirated software.
You likely got infected by using cracked software or visiting crack sites.
Hence, I would like you to remove all the crack/keygen applications that are present on your system, then run CKScanner again and post the new log.

I would like to recommend you to go to a huge bleepingcomputer's list of freeware applications: http://www.bleepingcomputer.com/forums/topic366982.html and probably you will be able to find free replacements for previously installed cracked or pirated software.

NOTE: If you give me advice that the software/Keygens have been removed and then I find it has not (the tools we use can and will detect it) then I will have no choice but to closed this thread.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of fresh log created by MGADiag.exe after Windows validation.
  3. Contents of fresh log created by CKScanner after removing of all cracked or pirated software.

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect malware

Unread postby flashwaawoo » July 10th, 2011, 4:31 am

A. I didn't have any problems. I think I have removed all the cracked software as listed in the CKScanner log. Please tell me of others as my son was the one who installed them and I'm not sure what he has or hasn't put on. I will remove them.
B.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-QCPVQ-KHRB8-RMV82
Windows Product Key Hash: +Rj3N34NLM2JqoBO/OzgzTZXgbY=
Windows Product ID: 00359-OEM-8992687-00095
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {A9564F77-6BBA-4057-9429-D753951EF041}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110408-1631
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A9564F77-6BBA-4057-9429-D753951EF041}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RMV82</PKey><PID>00359-OEM-8992687-00095</PID><PIDType>2</PIDType><SID>S-1-5-21-2372956138-338855233-1135559829</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dell System XPS 15Z</Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>A02</Version><SMBIOSVersion major="2" minor="6"/><Date>20110509000000.000000+000</Date></BIOS><HWID>AAB93D07018400FE</HWID><UserLCID>1409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>New Zealand Standard Time(GMT+12:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>QA09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800095-02-1033-7601.0000-1612011
Installation ID: 011452453510416250458596231590026506045765567966832425
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: RMV82
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 10/07/2011 19:56:50

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NAAAAAIAAQABAAIAAAABAAAABAABAAEAln3sFXcWYLUE6eaFgC5wlz5ulkdo9mZCOI0ucw==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL QA09
FACP DELL QA09
HPET DELL QA09
MCFG DELL QA09
SLIC DELL QA09
SSDT DELL PtidDevc
ASF! DELL QA09
SSDT DELL PtidDevc
SSDT DELL PtidDevc
SSDT DELL PtidDevc
UEFI DELL QA09
UEFI DELL QA09
DMAR INTEL SNB
UEFI DELL QA09

C.

CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\laptop\documents\jamie's documents\school\cds\science\los\l15\vo\woodcrack.swf
c:\users\laptop\documents\jamie's documents\school\cds\science\los\l199\vo\woodcrack.swf
c:\users\laptop\documents\jamie's documents\school\cds\science\los\l209\lv985\vo\woodcrack.swf
c:\users\laptop\documents\jamie's documents\school\cds\science\los\l73\lv578\vo\woodcrack.swf
c:\users\laptop\music\kanye west - late registration - 08 - crack music feat. game.m4a
c:\users\laptop\music\spl & limewax - spl & limewax knowledge studio mix - 12 - deathcracking core.m4a
scanner sequence 3.BD.11.FLAAFF
----- EOF -----

I think that is all. Please let me know if I need to remove more programs. Like I said before my son may have downloaded others that I am unaware of and will happily remove.
flashwaawoo
Active Member
 
Posts: 12
Joined: July 1st, 2011, 5:21 am

Re: Google redirect malware

Unread postby pgmigg » July 10th, 2011, 9:34 pm

Hello flashwaawoo,

Thank you for removing pirated software. :)

Your Windows is still not validated! :(
Definitely I need to apologize for giving you a link which may redirect you to different Microsoft page during Windows Validation process - please let me know if something goes wrong again when you will validate your operating system...

  • Please visit This website using Internet Explorer.
  • Follow the instructions to Validate Windows, then run MGADiag.exe again and post the new log in your next reply.

NOTE: To contact Microsoft, if you feel there has been a validation error, please visit for beginning this place.

Also please let me know what make your computer is?

Please include in your next reply:
  1. Contents of fresh log created by MGADiag.exe after Windows validation.
  2. Answer for question "What make your computer is?".

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect malware

Unread postby flashwaawoo » July 11th, 2011, 4:51 am

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-QCPVQ-KHRB8-RMV82
Windows Product Key Hash: +Rj3N34NLM2JqoBO/OzgzTZXgbY=
Windows Product ID: 00359-OEM-8992687-00095
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {A9564F77-6BBA-4057-9429-D753951EF041}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110408-1631
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A9564F77-6BBA-4057-9429-D753951EF041}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RMV82</PKey><PID>00359-OEM-8992687-00095</PID><PIDType>2</PIDType><SID>S-1-5-21-2372956138-338855233-1135559829</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dell System XPS 15Z</Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>A02</Version><SMBIOSVersion major="2" minor="6"/><Date>20110509000000.000000+000</Date></BIOS><HWID>AAB93D07018400FE</HWID><UserLCID>1409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>New Zealand Standard Time(GMT+12:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>QA09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800095-02-5129-7601.0000-1922011
Installation ID: 011452453510416250458596231590026506045765567966832425
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: RMV82
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 11/07/2011 20:43:05

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NAAAAAIAAQABAAIAAAABAAAABAABAAEAln3sFXcWYLUE6eaFgC5wlz5ulkdo9mZCOI0ucw==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL QA09
FACP DELL QA09
HPET DELL QA09
MCFG DELL QA09
SLIC DELL QA09
SSDT DELL PtidDevc
ASF! DELL QA09
SSDT DELL PtidDevc
SSDT DELL PtidDevc
SSDT DELL PtidDevc
UEFI DELL QA09
UEFI DELL QA09
DMAR INTEL SNB
UEFI DELL QA09

My computer is a Dell.

I also checked under my computer properties and it states that my copy of windows is activated. Hope this helps.
flashwaawoo
Active Member
 
Posts: 12
Joined: July 1st, 2011, 5:21 am

Re: Google redirect malware

Unread postby pgmigg » July 11th, 2011, 5:29 pm

Hello flashwaawoo,

Let continue our treatment. Please printout my instructions below.

Step 1.
Uninstall Sophos Anti-Rootkit
  1. Click on Start -> Control Panel and depends on View by selection in upper right corner:
    • If Category - click on Uninstall Programs.
    • If Icons - click on Programs and Features.
  2. Locate the following program:
    Sophos Anti-Rootkit 1.5.4
  3. Click on the Change/Remove button to uninstall it.
  4. When the program have been uninstalled, please close Control Panel.

Step 2.
TDSSKiller - Rootkit Removal Tool - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Right-click on TDSSKiller.exe and select "Run As Administrator..." to run the tool for known TDSS/TDL variants.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt file.
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect malware

Unread postby flashwaawoo » July 12th, 2011, 3:04 am

A. No problems with the instructions.
B.

2011/07/12 18:57:59.0728 3612 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/12 18:58:01.0734 3612 ================================================================================
2011/07/12 18:58:01.0734 3612 SystemInfo:
2011/07/12 18:58:01.0734 3612
2011/07/12 18:58:01.0734 3612 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/12 18:58:01.0734 3612 Product type: Workstation
2011/07/12 18:58:01.0734 3612 ComputerName: LAPTOP-PC
2011/07/12 18:58:01.0735 3612 UserName: Laptop
2011/07/12 18:58:01.0735 3612 Windows directory: C:\Windows
2011/07/12 18:58:01.0735 3612 System windows directory: C:\Windows
2011/07/12 18:58:01.0735 3612 Running under WOW64
2011/07/12 18:58:01.0735 3612 Processor architecture: Intel x64
2011/07/12 18:58:01.0735 3612 Number of processors: 4
2011/07/12 18:58:01.0736 3612 Page size: 0x1000
2011/07/12 18:58:01.0736 3612 Boot type: Normal boot
2011/07/12 18:58:01.0736 3612 ================================================================================
2011/07/12 18:58:02.0300 3612 Initialize success
2011/07/12 18:58:29.0567 6584 ================================================================================
2011/07/12 18:58:29.0567 6584 Scan started
2011/07/12 18:58:29.0568 6584 Mode: Manual;
2011/07/12 18:58:29.0568 6584 ================================================================================
2011/07/12 18:58:35.0039 6584 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/07/12 18:58:35.0265 6584 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
2011/07/12 18:58:35.0886 6584 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/07/12 18:58:36.0007 6584 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/07/12 18:58:36.0102 6584 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
2011/07/12 18:58:36.0176 6584 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
2011/07/12 18:58:36.0247 6584 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
2011/07/12 18:58:36.0386 6584 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/07/12 18:58:36.0468 6584 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/07/12 18:58:36.0517 6584 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/07/12 18:58:36.0565 6584 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/07/12 18:58:36.0600 6584 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
2011/07/12 18:58:36.0640 6584 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
2011/07/12 18:58:36.0722 6584 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
2011/07/12 18:58:36.0797 6584 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
2011/07/12 18:58:36.0858 6584 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
2011/07/12 18:58:36.0916 6584 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
2011/07/12 18:58:36.0964 6584 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/07/12 18:58:37.0070 6584 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
2011/07/12 18:58:37.0117 6584 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
2011/07/12 18:58:37.0202 6584 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/12 18:58:37.0265 6584 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/07/12 18:58:37.0381 6584 Avgfwfd (705417fd6c165ccf926aca943b478d68) C:\Windows\system32\DRIVERS\avgfwd6a.sys
2011/07/12 18:58:37.0512 6584 AVGIDSDriver (eee718457f24f2154f23a7fad1a0cea3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/07/12 18:58:37.0564 6584 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/07/12 18:58:37.0640 6584 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/07/12 18:58:37.0714 6584 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
2011/07/12 18:58:37.0779 6584 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
2011/07/12 18:58:37.0854 6584 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
2011/07/12 18:58:37.0926 6584 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
2011/07/12 18:58:38.0046 6584 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
2011/07/12 18:58:38.0125 6584 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/12 18:58:38.0241 6584 bdisk (05fe9b36dba652e6c5760eeb67da41a0) C:\Windows\system32\drivers\bdisk.sys
2011/07/12 18:58:38.0316 6584 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/12 18:58:38.0393 6584 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/12 18:58:38.0453 6584 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/12 18:58:38.0489 6584 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
2011/07/12 18:58:38.0526 6584 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
2011/07/12 18:58:38.0596 6584 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/12 18:58:38.0640 6584 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/12 18:58:38.0697 6584 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/12 18:58:38.0736 6584 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/12 18:58:38.0798 6584 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/07/12 18:58:38.0835 6584 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
2011/07/12 18:58:38.0881 6584 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/07/12 18:58:38.0945 6584 BTHPORT (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\system32\Drivers\BTHport.sys
2011/07/12 18:58:39.0012 6584 BTHUSB (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/07/12 18:58:39.0062 6584 btmaux (ba554bfcbf21201d310738a42c9c19e1) C:\Windows\system32\DRIVERS\btmaux.sys
2011/07/12 18:58:39.0105 6584 btmhsf (0010a54571f525a97eed8c091e96eaa9) C:\Windows\system32\DRIVERS\btmhsf.sys
2011/07/12 18:58:39.0201 6584 CBUfs (383d279204cb9a9fd105c58f0d7247f6) C:\Windows\system32\drivers\CBUFS.sys
2011/07/12 18:58:39.0329 6584 cbvd (838d569b60b602f131705cffea767b13) C:\Windows\system32\DRIVERS\cbvd.sys
2011/07/12 18:58:39.0434 6584 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/12 18:58:39.0487 6584 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/12 18:58:39.0560 6584 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
2011/07/12 18:58:39.0641 6584 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/12 18:58:39.0748 6584 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/12 18:58:39.0817 6584 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/07/12 18:58:39.0876 6584 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/07/12 18:58:39.0939 6584 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/12 18:58:39.0975 6584 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/12 18:58:40.0048 6584 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
2011/07/12 18:58:40.0130 6584 CtClsFlt (58cb536da016641c9d24d183197f6dbf) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2011/07/12 18:58:40.0218 6584 cyhid (4d6f3baab386f3bc89ca934d50882f18) C:\Windows\system32\DRIVERS\cyhid.sys
2011/07/12 18:58:40.0276 6584 cykbfltrService (c55a4130a0fa401a4dd0579e65189602) C:\Windows\system32\DRIVERS\cykbfltr.sys
2011/07/12 18:58:40.0319 6584 cymfltrService (64cc1e6cc5eedba636aa51ac595edc64) C:\Windows\system32\DRIVERS\cymfltr.sys
2011/07/12 18:58:40.0408 6584 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/07/12 18:58:40.0463 6584 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/12 18:58:40.0514 6584 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
2011/07/12 18:58:40.0654 6584 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/12 18:58:40.0734 6584 dtsoftbus01 (1cecd1252261153c7873b5d9eb259d65) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/07/12 18:58:40.0808 6584 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/12 18:58:40.0970 6584 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
2011/07/12 18:58:41.0140 6584 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
2011/07/12 18:58:41.0197 6584 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/07/12 18:58:41.0289 6584 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/12 18:58:41.0364 6584 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
2011/07/12 18:58:41.0401 6584 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/12 18:58:41.0463 6584 fcdabus (4a30c5cd68d467a64bb2cb8cd8e919d2) C:\Windows\system32\DRIVERS\fcdabus.sys
2011/07/12 18:58:41.0521 6584 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
2011/07/12 18:58:41.0582 6584 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/12 18:58:41.0626 6584 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/12 18:58:41.0680 6584 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
2011/07/12 18:58:41.0723 6584 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/07/12 18:58:41.0805 6584 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/12 18:58:41.0869 6584 fsRamDsk (7b64cbc4fddad2cb4f774e6b81052e98) C:\Windows\system32\DRIVERS\fsRamDsk.sys
2011/07/12 18:58:41.0936 6584 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/12 18:58:41.0982 6584 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/12 18:58:42.0034 6584 FVXSCSI (f3b2437fbc499f01a762d13800fd3222) C:\Windows\system32\DRIVERS\fvxscsi.sys
2011/07/12 18:58:42.0105 6584 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/12 18:58:42.0192 6584 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/12 18:58:42.0240 6584 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/12 18:58:42.0274 6584 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
2011/07/12 18:58:42.0313 6584 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
2011/07/12 18:58:42.0353 6584 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
2011/07/12 18:58:42.0415 6584 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/12 18:58:42.0494 6584 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/12 18:58:42.0548 6584 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/07/12 18:58:42.0598 6584 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/12 18:58:42.0679 6584 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/12 18:58:42.0761 6584 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
2011/07/12 18:58:42.0819 6584 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/07/12 18:58:42.0873 6584 iBtFltCoex (50b8ab6013ef9970ac85fdba0f622300) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
2011/07/12 18:58:43.0235 6584 igfx (66dc0ce2d1867b8178eaa0e11930dbd7) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/07/12 18:58:43.0549 6584 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
2011/07/12 18:58:43.0648 6584 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
2011/07/12 18:58:43.0889 6584 IntcAzAudAddService (404561d4ee0cae109379a40247046b03) C:\Windows\system32\drivers\RTKVHD64.sys
2011/07/12 18:58:44.0059 6584 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/07/12 18:58:44.0167 6584 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/07/12 18:58:44.0223 6584 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/12 18:58:44.0279 6584 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/12 18:58:44.0332 6584 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/12 18:58:44.0372 6584 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/12 18:58:44.0416 6584 iPodDrv (02def37ab75e0032c50724646f708de8) C:\Windows\system32\drivers\iPodDrv.sys
2011/07/12 18:58:44.0518 6584 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/12 18:58:44.0563 6584 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/07/12 18:58:44.0652 6584 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/07/12 18:58:44.0745 6584 JMCR (43f319de026e04b9cf9219a14bf24fe8) C:\Windows\system32\DRIVERS\jmcr.sys
2011/07/12 18:58:44.0839 6584 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/12 18:58:44.0873 6584 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/12 18:58:44.0928 6584 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/12 18:58:44.0975 6584 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/12 18:58:45.0021 6584 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/12 18:58:45.0100 6584 L1C (0219f13ab1664005adcba884c0eb975e) C:\Windows\system32\DRIVERS\L1C62x64.sys
2011/07/12 18:58:45.0178 6584 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/12 18:58:45.0283 6584 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/12 18:58:45.0320 6584 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/12 18:58:45.0367 6584 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
2011/07/12 18:58:45.0406 6584 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/12 18:58:45.0447 6584 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/12 18:58:45.0515 6584 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/07/12 18:58:45.0638 6584 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
2011/07/12 18:58:45.0705 6584 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
2011/07/12 18:58:45.0767 6584 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/07/12 18:58:45.0855 6584 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\Windows\system32\8EF8.tmp
2011/07/12 18:58:45.0930 6584 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/12 18:58:45.0968 6584 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/12 18:58:46.0028 6584 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/12 18:58:46.0069 6584 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/12 18:58:46.0106 6584 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/07/12 18:58:46.0182 6584 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/07/12 18:58:46.0224 6584 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/07/12 18:58:46.0275 6584 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/07/12 18:58:46.0306 6584 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/12 18:58:46.0366 6584 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/07/12 18:58:46.0425 6584 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/12 18:58:46.0472 6584 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/12 18:58:46.0523 6584 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/12 18:58:46.0580 6584 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/07/12 18:58:46.0645 6584 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/07/12 18:58:46.0733 6584 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/12 18:58:46.0785 6584 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/12 18:58:46.0839 6584 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/07/12 18:58:46.0910 6584 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/12 18:58:46.0966 6584 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/12 18:58:47.0010 6584 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/12 18:58:47.0048 6584 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/07/12 18:58:47.0109 6584 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/12 18:58:47.0150 6584 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/12 18:58:47.0197 6584 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
2011/07/12 18:58:47.0232 6584 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/12 18:58:47.0320 6584 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/12 18:58:47.0403 6584 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
2011/07/12 18:58:47.0469 6584 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/12 18:58:47.0516 6584 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/12 18:58:47.0549 6584 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/12 18:58:47.0613 6584 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/12 18:58:47.0661 6584 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/07/12 18:58:47.0699 6584 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/12 18:58:47.0757 6584 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/12 18:58:48.0190 6584 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
2011/07/12 18:58:48.0445 6584 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
2011/07/12 18:58:48.0499 6584 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/07/12 18:58:48.0561 6584 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/12 18:58:48.0624 6584 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/12 18:58:48.0736 6584 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/07/12 18:58:48.0800 6584 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/12 18:58:48.0881 6584 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys
2011/07/12 18:58:48.0941 6584 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2011/07/12 18:58:49.0390 6584 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/12 18:58:49.0764 6584 nvpciflt (88b625725a297e638b8bc55334d75020) C:\Windows\system32\DRIVERS\nvpciflt.sys
2011/07/12 18:58:49.0877 6584 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/07/12 18:58:49.0946 6584 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/07/12 18:58:50.0009 6584 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/07/12 18:58:50.0049 6584 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/07/12 18:58:50.0152 6584 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
2011/07/12 18:58:50.0210 6584 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/07/12 18:58:50.0280 6584 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/07/12 18:58:50.0332 6584 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/07/12 18:58:50.0398 6584 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
2011/07/12 18:58:50.0434 6584 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/12 18:58:50.0488 6584 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/12 18:58:50.0709 6584 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/12 18:58:50.0757 6584 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
2011/07/12 18:58:50.0844 6584 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/12 18:58:50.0901 6584 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/07/12 18:58:50.0979 6584 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
2011/07/12 18:58:51.0053 6584 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
2011/07/12 18:58:51.0108 6584 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/12 18:58:51.0149 6584 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/12 18:58:51.0199 6584 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/12 18:58:51.0253 6584 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/12 18:58:51.0318 6584 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/12 18:58:51.0362 6584 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/12 18:58:51.0412 6584 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/12 18:58:51.0463 6584 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
2011/07/12 18:58:51.0506 6584 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/12 18:58:51.0567 6584 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/12 18:58:51.0618 6584 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/12 18:58:51.0666 6584 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/07/12 18:58:51.0711 6584 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/07/12 18:58:51.0881 6584 reparse (3d9be06fa40e54e37bc326764f581dae) C:\Windows\system32\DRIVERS\cbreparse.sys
2011/07/12 18:58:52.0064 6584 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/07/12 18:58:52.0171 6584 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/12 18:58:52.0268 6584 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/07/12 18:58:52.0319 6584 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/07/12 18:58:52.0355 6584 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/07/12 18:58:52.0437 6584 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
2011/07/12 18:58:52.0497 6584 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/12 18:58:52.0606 6584 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
2011/07/12 18:58:52.0711 6584 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/12 18:58:52.0810 6584 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
2011/07/12 18:58:52.0848 6584 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
2011/07/12 18:58:52.0889 6584 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
2011/07/12 18:58:52.0974 6584 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/12 18:58:53.0015 6584 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/12 18:58:53.0056 6584 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/12 18:58:53.0101 6584 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
2011/07/12 18:58:53.0177 6584 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
2011/07/12 18:58:53.0221 6584 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
2011/07/12 18:58:53.0269 6584 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/12 18:58:53.0354 6584 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/12 18:58:53.0486 6584 sptd (aa90a319bb067e0d149b4c95608c4b05) C:\Windows\system32\Drivers\sptd.sys
2011/07/12 18:58:53.0578 6584 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/07/12 18:58:53.0647 6584 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/12 18:58:53.0709 6584 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/12 18:58:53.0763 6584 ssadbus (d52282225d5bd73a9cbf420699d1a0fe) C:\Windows\system32\DRIVERS\ssadbus.sys
2011/07/12 18:58:53.0843 6584 ssadmdfl (f7936ac6e8437e10e1ae488ce21f3086) C:\Windows\system32\DRIVERS\ssadmdfl.sys
2011/07/12 18:58:53.0902 6584 ssadmdm (1fe033372a58c67b3ecca903fc637b36) C:\Windows\system32\DRIVERS\ssadmdm.sys
2011/07/12 18:58:53.0962 6584 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/07/12 18:58:54.0006 6584 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/07/12 18:58:54.0052 6584 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/07/12 18:58:54.0212 6584 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
2011/07/12 18:58:54.0290 6584 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
2011/07/12 18:58:54.0363 6584 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/12 18:58:54.0558 6584 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/07/12 18:58:54.0694 6584 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/12 18:58:54.0770 6584 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/12 18:58:54.0841 6584 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/12 18:58:54.0884 6584 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/12 18:58:54.0934 6584 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/12 18:58:54.0973 6584 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/12 18:58:55.0093 6584 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/12 18:58:55.0136 6584 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/12 18:58:55.0178 6584 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
2011/07/12 18:58:55.0231 6584 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/12 18:58:55.0299 6584 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
2011/07/12 18:58:55.0376 6584 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
2011/07/12 18:58:55.0425 6584 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/12 18:58:55.0522 6584 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/12 18:58:55.0566 6584 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/12 18:58:55.0608 6584 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
2011/07/12 18:58:55.0703 6584 usbccgp (3faf7e3545695d3ae0f2a11fcc01c1f1) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/12 18:58:55.0743 6584 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/07/12 18:58:55.0806 6584 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/12 18:58:55.0883 6584 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/12 18:58:55.0943 6584 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
2011/07/12 18:58:55.0981 6584 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
2011/07/12 18:58:56.0016 6584 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/12 18:58:56.0101 6584 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
2011/07/12 18:58:56.0154 6584 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/12 18:58:56.0300 6584 vdbus (d277eefae695bb4be7de1b4325368fab) C:\Windows\system32\DRIVERS\vdbus.sys
2011/07/12 18:58:56.0367 6584 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/12 18:58:56.0421 6584 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/12 18:58:56.0471 6584 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/12 18:58:56.0534 6584 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/07/12 18:58:56.0577 6584 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/07/12 18:58:56.0626 6584 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/07/12 18:58:56.0689 6584 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/07/12 18:58:56.0739 6584 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/07/12 18:58:56.0823 6584 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
2011/07/12 18:58:56.0901 6584 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/12 18:58:56.0955 6584 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/12 18:58:57.0018 6584 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/07/12 18:58:57.0091 6584 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
2011/07/12 18:58:57.0127 6584 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/12 18:58:57.0164 6584 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/12 18:58:57.0276 6584 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
2011/07/12 18:58:57.0328 6584 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/12 18:58:57.0410 6584 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\Windows\system32\DRIVERS\WDKMD.sys
2011/07/12 18:58:57.0561 6584 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/12 18:58:57.0662 6584 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/07/12 18:58:57.0701 6584 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/12 18:58:57.0910 6584 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/12 18:58:58.0007 6584 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/12 18:58:58.0167 6584 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/12 18:58:58.0277 6584 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/07/12 18:58:58.0326 6584 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/12 18:58:58.0512 6584 MBR (0x1B8) (f6c797dc6f7b4771309bd6bdb2832bbc) \Device\Harddisk0\DR0
2011/07/12 18:58:58.0694 6584 Boot (0x1200) (88d3a655573ae5486e7aacd98429a745) \Device\Harddisk0\DR0\Partition0
2011/07/12 18:58:58.0727 6584 Boot (0x1200) (d1d9fcdc3135eb6657693bb92f4041e1) \Device\Harddisk0\DR0\Partition1
2011/07/12 18:58:58.0745 6584 ================================================================================
2011/07/12 18:58:58.0745 6584 Scan finished
2011/07/12 18:58:58.0746 6584 ================================================================================
2011/07/12 18:58:58.0769 0832 Detected object count: 0
2011/07/12 18:58:58.0769 0832 Actual detected object count: 0

C.
Still finding the computer to be slow on the internet and a little sluggish running applications.
flashwaawoo
Active Member
 
Posts: 12
Joined: July 1st, 2011, 5:21 am

Re: Google redirect malware

Unread postby pgmigg » July 12th, 2011, 2:13 pm

Hello flashwaawoo,

Good job, thank you! Let continue...

Step 1.
Download and Run ComboFix
  1. Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  2. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  3. Double click on ComboFix.exe & follow the prompts
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  5. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Step 2.
DDS Scan - I need to receive fresh DDS logs after ComboFix is finished. Please don't forget to include Attach.txt as you did last time...
  1. Please double click dds.com to run the tool. A black window will open with some instructions/comments...
  2. When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
    Caution: The above logs will NOT be saved - you must save them to your desktop.
  3. Please post both the DDS.txt and Attach.txt files in your next reply.

Step 3.
Please don't forget to enable all defense programs your disabled at Step 1.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of ComboFix.txt.
  3. Contents of fresh DDS.txt.
  4. Contents of fresh Attach.txt.
  5. Do you see any changes in computer behavior?
  6. Are you still experiencing redirects?

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect malware

Unread postby flashwaawoo » July 12th, 2011, 4:48 pm

I couldn't run Combofix. It said that it wouldn't work when AVG is installed. AVG was disabled. I tried to uninstall AVG and was told I do not have sufficient privileges to uninstall.
flashwaawoo
Active Member
 
Posts: 12
Joined: July 1st, 2011, 5:21 am

Re: Google redirect malware

Unread postby pgmigg » July 12th, 2011, 8:48 pm

Hello flashwaawoo,

It is OK - don't worry! :)

AVG advice
The ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus.
This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results".
Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
In the meantime after running ComboFix I would like you to install Microsoft Security Essentials, see instructions at the bottom of this post.

I recommend to use special AVG removal tool - in your case you have 32bit version of AVG.

Step 1.
AVG Remover
Please save any work and close all open windows - you have to REBOOT your machine during in this step.
Please download AVG Remover(32bit) and save it to your desktop.
  1. Right click on avgremover.exe and choose "Run As Administrator..." to start the process.
    A black command window will open and you will receive a "removal and rebooting" warning prompt...
  2. Reply Yes to the "Do you want to continue?" prompt.
    The remover will begin searching for and removing AVG entries...
  3. When completed, a text file will appear on your desktop "avgremover.log"...
    Please reboot your computer at this time. (You may receive a prompt to do so...)
  4. Please copy and paste the contents of avgremover.log in your next reply.

Step 2.
Run ComboFix
  1. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  2. Double click on ComboFix.exe & follow the prompts
  3. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  4. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Step 3.
Download and install Microsoft Security Essentials

Step 4.
DDS Scan - I need to receive fresh DDS logs after ComboFix is finished and you installed Microsoft Security Essentials.
  1. Please double click dds.com to run the tool. A black window will open with some instructions/comments...
  2. When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
    Caution: The above logs will NOT be saved - you must save them to your desktop.
  3. Please post both the DDS.txt and Attach.txt files in your next reply.

Step 5.
Please don't forget to enable all defense programs your disabled at Step 2.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of avgremover.log.
  3. Contents of ComboFix.txt.
  4. Contents of fresh DDS.txt.
  5. Contents of fresh Attach.txt.
  6. Do you see any changes in computer behavior?
  7. Are you still experiencing redirects?

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect malware

Unread postby flashwaawoo » July 13th, 2011, 4:30 am

A. I didn't have any problems running the applications. I am having trouble attaching the files to the post and they are too long to include in the post.
B. Too long to post and can't attach
C. Attached
D. Attached
E. Attached
F. No I don't see any changes in the computer.
G. No I'm not experiencing the redirects.
You do not have the required permissions to view the files attached to this post.
flashwaawoo
Active Member
 
Posts: 12
Joined: July 1st, 2011, 5:21 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware