Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus that keeps redirecting me

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virus that keeps redirecting me

Unread postby chibikarla » December 28th, 2011, 4:15 pm

I've been struggling with a virus for 1 month now and it's been located on Gac_32desktop.ini most of the times. It keeps redirecting me to different search engines (strikingsearchsystem, starfeedsmixer, admirablesearchsystem, now mediashifting) and my NOD 32 keeps detecting it when I turn on the computer and always asks me to restart the computer to remove it, but it does nothing.
It's been making my Firefox and chrome slow and it keeps freezing everytime.

I am using Windows 7 and have an HP Touchsmart desktop.

Here is the DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_03
Run by chibikarla at 14:50:25 on 2011-12-28
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2221 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\FlashGet Network\FlashGet 3\Flashget3.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Java\jre1.6.0_03\bin\jucheck.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.orbitdownloader.com
mStart Page = hxxp://www.bigseekpro.com/hypercam/{11A2A5ED-9291-4557-B3A8-4BB8BCA1CCA4}
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbhelper.dll
mWinlogon: Userinit=userinit.exe
uWinlogon: Shell=C:\Users\chibikarla\AppData\Local\d6edda35\X
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\chibikarla\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Hyperionics DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\chibikarla\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [FlashGet 3] "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Download all by FlashGet3 - C:\Users\chibikarla\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - C:\Users\chibikarla\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
TCP: Interfaces\{9C3B4FB8-4E50-40E0-8B23-4E3ED25A5B24} : DhcpNameServer = 167.206.251.129 167.206.251.130
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\chibikarla\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
BHO-X64: FlashGetBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
BHO-X64: SMTTB2009 - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Hyperionics DB Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\chibikarla\AppData\Roaming\Mozilla\Firefox\Profiles\qmnxbt22.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20111105182142569&tb_oid=08-11-2011&tb_mrud=08-11-2011
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=f ... e=63303&p=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\chibikarla\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-31 2255464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 ACPIService;Buttons and OSDs ACPI driver gen2;C:\Windows\system32\DRIVERS\OSDACPI.SYS --> C:\Windows\system32\DRIVERS\OSDACPI.SYS [?]
R3 AVerAVF2;AVerAVF2;C:\Windows\system32\DRIVERS\AVerAVF2.sys --> C:\Windows\system32\DRIVERS\AVerAVF2.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 Gun;Gun;C:\Game\SoftnyxGame\GunboundIS\Gun64.sys [2011-9-12 45176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-12-28 14:04:14 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{15F0BAAC-6B34-4F54-9388-D6DF78096C98}\offreg.dll
2011-12-28 14:03:29 -------- d-----w- C:\Users\chibikarla\AppData\Local\{08179E74-62A1-475F-9997-96084E7A07A2}
2011-12-28 14:02:19 -------- d-----w- C:\Users\chibikarla\AppData\Local\{76164557-47F6-43FD-8A1C-3BD89D13DFF8}
2011-12-27 18:32:39 -------- d-----w- C:\Users\chibikarla\AppData\Local\{7E20F297-4DBC-4DC8-A7A9-8E45858ADCE6}
2011-12-27 18:32:27 -------- d-----w- C:\Users\chibikarla\AppData\Local\{A03BE4F3-AFF0-4367-B5AE-3DCABF75B190}
2011-12-27 18:08:09 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{15F0BAAC-6B34-4F54-9388-D6DF78096C98}\mpengine.dll
2011-12-27 06:31:56 -------- d-----w- C:\Users\chibikarla\AppData\Local\{2FB3F984-27F5-4E32-A642-906BE1563706}
2011-12-27 06:31:43 -------- d-----w- C:\Users\chibikarla\AppData\Local\{2A59F198-79DE-4B1F-9270-EFE10F569791}
2011-12-26 18:31:13 -------- d-----w- C:\Users\chibikarla\AppData\Local\{1B0690F2-189B-4161-AD77-F63B3D663260}
2011-12-26 18:31:02 -------- d-----w- C:\Users\chibikarla\AppData\Local\{B779F714-9A40-4A1B-B02D-989689A651E4}
2011-12-26 06:30:31 -------- d-----w- C:\Users\chibikarla\AppData\Local\{E4E96A74-5FD0-4B51-B7DC-1E21FC48C362}
2011-12-26 06:30:19 -------- d-----w- C:\Users\chibikarla\AppData\Local\{218830C0-2E63-467F-8E86-216B76176FEA}
2011-12-25 18:29:41 -------- d-----w- C:\Users\chibikarla\AppData\Local\{6F87BCAF-01A9-4853-B3E9-920F0636F07B}
2011-12-25 18:28:59 -------- d-----w- C:\Users\chibikarla\AppData\Local\{120036A4-7A50-4A38-A7F1-1E23151B85E7}
2011-12-25 18:26:55 -------- d-----w- C:\Users\chibikarla\AppData\Local\{E5084952-C635-48C2-926D-091D99A99AA8}
2011-12-25 18:21:55 -------- d-----w- C:\Users\chibikarla\AppData\Local\{9CD679FB-8162-4462-B7ED-024A05425EF8}
2011-12-25 04:56:06 -------- d-----w- C:\Users\chibikarla\AppData\Local\{968C89EF-3330-4C51-8967-2017928D452D}
2011-12-24 16:22:02 -------- d-----w- C:\Users\chibikarla\AppData\Local\{F3719DE0-EBCC-4A9C-A6A2-FCA9DABA72AE}
2011-12-24 16:21:34 -------- d-----w- C:\Users\chibikarla\AppData\Local\{5798B770-7764-4B4C-9801-801D066D7013}
2011-12-24 04:26:17 -------- d-----w- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
2011-12-23 19:57:45 -------- d-----w- C:\Users\chibikarla\AppData\Local\{A631EE4F-965C-4591-B1CC-12E6DBE965DF}
2011-12-23 19:56:37 -------- d-----w- C:\Users\chibikarla\AppData\Local\{81FEF0B9-E7F4-4D29-8F8B-A396355E7BDC}
2011-12-22 22:54:20 -------- d-----w- C:\Users\chibikarla\AppData\Local\{AEDECD6D-CEF3-42D1-A1F6-FD7718CA8F64}
2011-12-22 22:54:06 -------- d-----w- C:\Users\chibikarla\AppData\Local\{1F27F566-A8B5-44B9-81A5-552B591AF7AD}
2011-12-22 10:53:25 -------- d-----w- C:\Users\chibikarla\AppData\Local\{592B99F1-C041-4174-A8F2-5F9D5A33E309}
2011-12-22 10:52:45 -------- d-----w- C:\Users\chibikarla\AppData\Local\{F6E4549B-9B06-488A-97DA-D844CBA1B9A6}
2011-12-21 19:55:03 -------- d-----w- C:\Users\chibikarla\AppData\Local\{9C3E0B34-7CEE-4B9A-82D8-EF05E8B03696}
2011-12-21 19:53:53 -------- d-----w- C:\Users\chibikarla\AppData\Local\{1B21831A-D277-457C-B0D8-FE582C77AAD8}
2011-12-20 19:56:59 -------- d-----w- C:\Users\chibikarla\AppData\Local\{50819BE2-5D32-4E61-B91C-F07049EE6DD0}
2011-12-20 19:56:44 -------- d-----w- C:\Users\chibikarla\AppData\Local\{396A4FB2-D6CB-4911-A96C-9237EE1504BA}
2011-12-19 16:27:29 -------- d-----w- C:\Users\chibikarla\AppData\Local\{B0B160C5-62F6-4AB9-9B30-78086ABF344A}
2011-12-19 16:26:46 -------- d-----w- C:\Users\chibikarla\AppData\Local\{A653264E-51E2-42A1-9FF8-3FC2D7A833CC}
2011-12-18 17:35:00 -------- d-----w- C:\Users\chibikarla\AppData\Local\{BD568A5B-0F6C-47BC-965F-322A77E2200F}
2011-12-18 17:34:41 -------- d-----w- C:\Users\chibikarla\AppData\Local\{AD3229A0-A219-4870-9FC8-C16C30B37AA2}
2011-12-17 15:44:21 -------- d-----w- C:\Users\chibikarla\AppData\Local\{84676489-B680-4353-BB52-931D325F5588}
2011-12-17 15:44:05 -------- d-----w- C:\Users\chibikarla\AppData\Local\{193A55B2-419C-4BCF-A74A-0AF08914BA9A}
2011-12-17 03:10:53 -------- d-----w- C:\Users\chibikarla\AppData\Roaming\HpUpdate
2011-12-17 03:09:49 -------- d-----w- C:\Windows\Hewlett-Packard
2011-12-17 00:21:21 -------- d-----w- C:\Users\chibikarla\AppData\Local\{AFF3293D-AA87-4B01-9225-38D8E8C2F5C4}
2011-12-17 00:20:57 -------- d-----w- C:\Users\chibikarla\AppData\Local\{DCE4910A-C5E1-40E5-B36A-CA3071F6D851}
2011-12-16 12:20:26 -------- d-----w- C:\Users\chibikarla\AppData\Local\{E9FD230D-0E4C-4FBB-AC18-50B786DC03E0}
2011-12-16 12:17:27 -------- d-----w- C:\Users\chibikarla\AppData\Local\{A9DBC644-6A60-4E74-AD96-77C1022EBF12}
2011-12-16 00:16:57 -------- d-----w- C:\Users\chibikarla\AppData\Local\{D67482DB-AC0F-4FD4-8A1C-7F6DF8D821AF}
2011-12-16 00:16:43 -------- d-----w- C:\Users\chibikarla\AppData\Local\{0019D0C5-05D9-4910-BE5B-69DA0513DE91}
2011-12-15 12:15:57 -------- d-----w- C:\Users\chibikarla\AppData\Local\{615190C3-44EA-4B3D-91A5-9E84A811AB39}
2011-12-15 12:15:38 -------- d-----w- C:\Users\chibikarla\AppData\Local\{77360E41-94EA-4215-83CA-19ECC0CC8801}
2011-12-15 00:05:23 -------- d-----w- C:\Users\chibikarla\AppData\Local\{1958689B-DFA5-41EB-B21A-0DA7DADF3600}
2011-12-15 00:05:06 -------- d-----w- C:\Users\chibikarla\AppData\Local\{B6D1D348-434D-4057-A923-2D9482251EF9}
2011-12-14 12:16:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-14 12:16:38 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-14 12:03:50 -------- d-----w- C:\Users\chibikarla\AppData\Local\{FC9E990F-C63C-4993-8CBD-4BDF217DB3E7}
2011-12-14 12:03:29 -------- d-----w- C:\Users\chibikarla\AppData\Local\{FC91C877-805F-4A44-B841-D6BFAE1506D4}
2011-12-14 00:02:33 -------- d-----w- C:\Users\chibikarla\AppData\Local\{F9961DC3-CE44-46D2-8BA8-DE5B0403EC93}
2011-12-14 00:02:21 -------- d-----w- C:\Users\chibikarla\AppData\Local\{2277A777-0CDD-430A-B3E3-7A80D7B7583D}
2011-12-13 21:03:22 -------- d-----w- C:\Program Files\iPod
2011-12-13 21:03:14 -------- d-----w- C:\Program Files\iTunes
2011-12-13 12:01:44 -------- d-----w- C:\Users\chibikarla\AppData\Local\{92A978B2-B377-4B74-A075-722521DBCFDD}
2011-12-13 12:01:31 -------- d-----w- C:\Users\chibikarla\AppData\Local\{90195C7A-7B91-421F-AD54-5AB4B5FDD81E}
2011-12-13 11:55:46 -------- d-sh--w- C:\found.003
2011-12-13 00:00:22 -------- d-----w- C:\Users\chibikarla\AppData\Local\{D4330107-2689-4589-85DC-DF8F5B8BABE9}
2011-12-13 00:00:07 -------- d-----w- C:\Users\chibikarla\AppData\Local\{B8CE553E-3296-41A6-9C39-21FDF97C4846}
2011-12-12 11:59:33 -------- d-----w- C:\Users\chibikarla\AppData\Local\{05FB0E63-A6F1-4CFB-BCB9-A0DBCC2B742A}
2011-12-12 11:58:25 -------- d-----w- C:\Users\chibikarla\AppData\Local\{7CC96AE4-6DC5-4836-A5A1-646559EA50B5}
2011-12-11 17:22:51 -------- d-----w- C:\Users\chibikarla\AppData\Local\{BE2E5472-D21D-4791-88A4-13FF8ACA0CA7}
2011-12-11 17:22:32 -------- d-----w- C:\Users\chibikarla\AppData\Local\{09F21A1D-712B-46E2-9644-68135BF168E2}
2011-12-11 05:04:19 -------- d-----w- C:\Users\chibikarla\AppData\Local\{967F54FB-F76C-4CFE-BB13-B44CFAE6A92D}
2011-12-10 17:03:48 -------- d-----w- C:\Users\chibikarla\AppData\Local\{9616D8E3-7755-4FD1-B3C7-F0AAE065F6A8}
2011-12-10 17:02:40 -------- d-----w- C:\Users\chibikarla\AppData\Local\{3215C140-DA18-4814-898F-F6823B2D0582}
2011-12-10 00:45:54 -------- d-----w- C:\Users\chibikarla\AppData\Local\{6BA122E6-683A-4B26-A3C8-B07E5F2B081B}
2011-12-10 00:45:39 -------- d-----w- C:\Users\chibikarla\AppData\Local\{9FFD8B6D-9C43-48B2-AB47-933409B20FA0}
2011-12-09 12:45:09 -------- d-----w- C:\Users\chibikarla\AppData\Local\{3BFD3552-0A86-48CA-B946-EAC3F3AC5712}
2011-12-09 12:44:58 -------- d-----w- C:\Users\chibikarla\AppData\Local\{614D43AA-C29D-4B6A-A9DE-E7C4D4B4FC27}
2011-12-09 00:44:27 -------- d-----w- C:\Users\chibikarla\AppData\Local\{EF8217E1-5001-40E2-B1FE-60B4C07EA0AA}
2011-12-09 00:44:13 -------- d-----w- C:\Users\chibikarla\AppData\Local\{39500E21-DC18-48F2-837F-F8DD724E7B33}
2011-12-08 12:43:35 -------- d-----w- C:\Users\chibikarla\AppData\Local\{F086B2D6-8F1D-463A-BD17-05737FD47F95}
2011-12-08 12:43:19 -------- d-----w- C:\Users\chibikarla\AppData\Local\{3D4E568A-D893-4FBB-8566-F0AE8E8D9F5F}
2011-12-08 00:42:46 -------- d-----w- C:\Users\chibikarla\AppData\Local\{57D3B3A9-0824-4D6C-9066-940F9811E85A}
2011-12-08 00:42:31 -------- d-----w- C:\Users\chibikarla\AppData\Local\{044A6259-8309-47EA-9FBE-3AC280FC34A1}
2011-12-07 12:41:15 -------- d-----w- C:\Users\chibikarla\AppData\Local\{3204898C-690C-40D2-9E66-2E28FE87353B}
2011-12-07 12:40:59 -------- d-----w- C:\Users\chibikarla\AppData\Local\{8A7FBED1-40EB-4A95-9080-0013B5FB9F35}
2011-12-07 00:21:01 -------- d-----w- C:\Users\chibikarla\AppData\Local\{BC2CFB84-7D29-4839-A93F-433E9F3F2164}
2011-12-07 00:20:41 -------- d-----w- C:\Users\chibikarla\AppData\Local\{D78E94AC-1CA4-4664-B726-FA79020E5923}
2011-12-06 22:35:15 -------- d-----w- C:\ProgramData\MiMedia
2011-12-06 22:35:15 -------- d-----w- C:\Program Files\MiMedia LLC
2011-12-06 12:20:09 -------- d-----w- C:\Users\chibikarla\AppData\Local\{33EC92B0-A398-4620-853F-46B2AA0945B7}
2011-12-06 12:19:58 -------- d-----w- C:\Users\chibikarla\AppData\Local\{EB1A1B8D-3A3B-4834-A9FB-E89562A59F3D}
2011-12-06 01:11:44 -------- d-----w- C:\Program Files\gs
2011-12-06 00:52:36 -------- d-----w- C:\Users\chibikarla\AppData\Roaming\IrfanView
2011-12-06 00:52:30 -------- d-----w- C:\Program Files (x86)\IrfanView
2011-12-06 00:19:29 -------- d-----w- C:\Users\chibikarla\AppData\Local\{31720EC7-8274-4A68-B793-57052234C7CF}
2011-12-06 00:19:17 -------- d-----w- C:\Users\chibikarla\AppData\Local\{9B9E0710-3581-42BC-88C0-2F64105C9E0F}
2011-12-05 12:18:48 -------- d-----w- C:\Users\chibikarla\AppData\Local\{EDBB55AE-C374-4723-9D58-D7FDA792424F}
2011-12-05 12:18:35 -------- d-----w- C:\Users\chibikarla\AppData\Local\{87C7408A-6E32-46BC-ADE6-43880B172ED8}
2011-12-04 17:59:23 -------- d-----w- C:\Users\chibikarla\AppData\Local\{74EEC535-676A-435D-BFE8-DAF32EC068B4}
2011-12-04 17:59:12 -------- d-----w- C:\Users\chibikarla\AppData\Local\{585A00E4-B052-4B62-B2CC-023234830747}
2011-12-04 05:08:17 -------- d-----w- C:\Users\chibikarla\AppData\Local\{5ED7949B-F87F-455B-8914-4F747551FEE5}
2011-12-04 05:08:06 -------- d-----w- C:\Users\chibikarla\AppData\Local\{D51B435C-C323-41DA-9C30-D91C380C3A8C}
2011-12-03 19:16:29 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
2011-12-03 17:29:02 -------- d-----w- C:\ProgramData\PC Tools
2011-12-03 17:07:34 -------- d-----w- C:\Users\chibikarla\AppData\Local\{D190F0D7-1CB4-4E6B-BC40-01A002610629}
2011-12-03 17:07:20 -------- d-----w- C:\Users\chibikarla\AppData\Local\{16BFD371-51D9-48A9-8FC1-2D9E0CA73183}
2011-12-03 00:24:56 -------- d-----w- C:\Program Files\ESET
2011-12-03 00:09:56 -------- d-----w- C:\Program Files (x86)\TNod User & Password Finder
2011-12-02 23:21:07 -------- d-----w- C:\Users\chibikarla\AppData\Local\{E3386976-1F20-4F81-B563-11CCC4500F18}
2011-12-02 23:20:55 -------- d-----w- C:\Users\chibikarla\AppData\Local\{A4513455-60A2-43A2-830B-17E9092C0B69}
2011-11-30 00:08:53 -------- d-----w- C:\Users\chibikarla\AppData\Local\{487A6193-6E0E-423B-A81F-F2E26DD07407}
2011-11-30 00:08:33 -------- d-----w- C:\Users\chibikarla\AppData\Local\{0C3EA901-7F3A-45E6-AAC7-0E19F2FB4CFC}
2011-11-29 20:30:27 -------- d-sh--w- C:\found.002
2011-11-29 12:07:55 -------- d-----w- C:\Users\chibikarla\AppData\Local\{3783453E-B3F9-4BAE-91EA-152B8AC373B4}
2011-11-29 12:07:24 -------- d-----w- C:\Users\chibikarla\AppData\Local\{31F6A072-20EA-4122-BC32-D3F79CE76AC8}
2011-11-29 00:05:24 -------- d-----w- C:\Users\chibikarla\AppData\Local\{08C1DB4A-DCE4-4B84-94C0-CE1A214896D1}
2011-11-29 00:05:01 -------- d-----w- C:\Users\chibikarla\AppData\Local\{F403B178-B3BE-4F8F-AD41-B3F7C122127C}
2011-11-28 22:02:17 -------- d-----w- C:\Program Files (x86)\TuneUpMedia
2011-11-28 22:02:08 -------- d-----w- C:\Users\chibikarla\AppData\Roaming\TuneUpMedia
2011-11-28 22:01:58 -------- d-----w- C:\ProgramData\TuneUpMedia
2011-11-28 22:01:08 -------- d-----w- C:\Users\chibikarla\AppData\Roaming\ProgSense
2011-11-28 22:00:46 -------- d-----w- C:\Users\chibikarla\AppData\Roaming\OpenCandy
2011-11-28 22:00:46 -------- d-----w- C:\Program Files (x86)\Orbitdownloader
.
==================== Find3M ====================
.
2011-12-08 20:01:12 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-03 00:32:42 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-05 05:47:42 546256 ----a-r- C:\Windows\SysWow64\SZComp5.dll
2011-11-05 05:47:42 480720 ----a-r- C:\Windows\SysWow64\SZBase5.dll
2011-11-05 05:47:42 22992 ----a-r- C:\Windows\SysWow64\SZIO5.dll
2011-11-05 05:47:42 132560 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
2011-11-05 05:47:40 99792 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
2011-11-05 05:47:40 738768 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
2011-11-05 05:47:40 67024 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
2011-11-05 05:47:40 456144 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
2011-11-05 05:47:40 390608 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
2011-11-05 05:47:40 28624 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
2011-11-05 05:47:40 230864 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
2011-11-05 05:47:40 103888 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-11-01 01:23:30 4022504 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-15 06:31:56 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-15 05:38:59 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
.
============= FINISH: 14:54:17.77 ===============

Here is the Attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/31/2011 5:14:16 PM
System Uptime: 12/28/2011 2:28:19 PM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Maureen
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | CPU 1 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 321.292 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 2.024 GiB free.
E: is CDROM ()
F: is Removable
H: is Removable
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Windows Firewall Authorization Driver
Device ID: ROOT\LEGACY_MPSDRV\0000
Manufacturer:
Name: Windows Firewall Authorization Driver
PNP Device ID: ROOT\LEGACY_MPSDRV\0000
Service: mpsdrv
.
==== System Restore Points ===================
.
RP80: 12/9/2011 4:41:17 PM - Windows Update
RP82: 12/13/2011 7:02:30 AM - Windows Update
RP84: 12/13/2011 4:41:51 PM - Removed MiMedia
RP86: 12/14/2011 7:54:24 AM - Windows Update
RP88: 12/20/2011 3:14:42 PM - Windows Update
RP90: 12/27/2011 1:07:47 PM - Windows Update
RP92: 12/28/2011 2:46:03 PM - Removed MiMedia
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
AIM 7
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Amazon MP3 Downloader 1.0.12
AOL Messaging Toolbar
Apple Application Support
Apple Software Update
Audacity 1.3.14 (Unicode)
Boilsoft Video Splitter 6.32
BufferChm
C5100
c5100_Help
CameraHelperMsi
CDex - Open Source Digital Audio CD Extractor
Click to Call with Skype
Copy
D3DX10
dBpoweramp DSP Effects
dBpoweramp Music Converter
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DocProc
Download Updater (AOL LLC)
DownVision
Easy Video Splitter 1.28
erLT
Fax
FlashGet 3.7
Google Chrome
GPBaseService2
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
HyperCam 2
Hyperionics DB Toolbar
ImgBurn
IrfanView (remove only)
Java(TM) 6 Update 3
Junk Mail filter update
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 7.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Origin
Pando Media Booster
Pepakura Designer 3
Pepakura Viewer 3
QuickTime
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Skype™ 5.5
SmartWebPrinting
SolutionCenter
Status
Tag&Rename 3.5.7
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Create a Sim
The Sims™ 3 Fast Lane Stuff
The Sims™ 3 Generations
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Late Night
The Sims™ 3 Outdoor Living Stuff
The Sims™ 3 Town Life Stuff
The Sims™ 3 World Adventures
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VirtualCloneDrive
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
xrecode II 1.0.0.181
.
==== Event Viewer Messages From Past Week ========
.
12/28/2011 2:43:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
12/28/2011 2:30:15 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
12/28/2011 2:29:07 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\System Volume Information\Syscache.hve' was corrupted and it has been recovered. Some data might have been lost.
12/28/2011 2:28:43 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
12/28/2011 2:28:43 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
12/28/2011 2:12:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Pml Driver HPZ12 service to connect.
12/28/2011 2:12:27 PM, Error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/28/2011 10:08:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
12/21/2011 8:05:58 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{9C3B4FB8-4E50-40E0-8B23-4E3ED25A5B24} because another computer on the network has the same name. The server could not start.
12/21/2011 3:00:22 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
.
==== End Of File ===========================
chibikarla
Active Member
 
Posts: 1
Joined: December 28th, 2011, 3:57 pm
Advertisement
Register to Remove

Re: Virus that keeps redirecting me

Unread postby deltalima » December 28th, 2011, 6:20 pm

The version of Microsoft Office Professional installed on this computer is only available via Volume Licensing and therefore it cannot be installed on a home computer.

Business Use / Business Networked Computer
It appears you are using your computer for business purposes or connecting to a business network.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why we do not offer help for such computers. Thank you for your understanding.


This topic is now closed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 60 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware