Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Happili redirect on web search

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Happili redirect on web search

Unread postby jet222 » May 2nd, 2012, 11:50 am

i have recently purchased a new computer, it is only about 3 weeks old. it is running windows 7 64-bit. i began installing all my programs, and when i was bascially complete, i had gotten a blue screen, and was now unable to start my computer at all (this was only after 2 days). since it was so new, and i really hadn't put any information on it yet, i used the dell recovery discs i had created when i first turned my computer on to bring it back to "out of the box" condition, and it seemed to be working fine. i started using my computer this morning, and i went to do a google search and i was redirected to "happili" on whatever link i clicked on. so i am guessing i have some sort of malware on my computer.

i am running trend micro maximum security 2012 on this computer and it has failed to stop the original problem and this one

please help, you have in the past

thanks
-------------------------------------------------------------------------------------

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Xps8300 at 11:38:22 on 2012-05-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8174.5772 [GMT -4:00]
.
AV: Trend Micro Titanium Maximum Security 2012 *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Users\Xps8300\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yankees.com/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Adobe] rundll32.exe "C:\Users\Xps8300\AppData\Local\ATI\Adobe\qrnoxrx.dll",DllRegisterServer
uRunOnce: [NeroControlCenter] "C:\Program Files (x86)\Nero\Nero 10\Nero ControlCenter\NCC.exe" STARTPAGE=UPDATE
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
StartupFolder: C:\Users\Xps8300\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DING!.lnk - C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
StartupFolder: C:\Users\Xps8300\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Xps8300\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: windowsymbols.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1 192.168.1.1 167.206.254.2 167.206.254.1
TCP: Interfaces\{A0220A9F-E4B0-42DF-96A8-00E52753CC6F} : DhcpNameServer = 167.206.254.2 167.206.254.1 192.168.1.1 167.206.254.2 167.206.254.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO-X64: Trend Micro Toolbar BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 Sahdad64;HDD Filter Driver;C:\Windows\system32\Drivers\Sahdad64.sys --> C:\Windows\system32\Drivers\Sahdad64.sys [?]
R0 Saibad64;Volume Filter Driver;C:\Windows\system32\Drivers\Saibad64.sys --> C:\Windows\system32\Drivers\Saibad64.sys [?]
R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\system32\Drivers\SaibVdAd64.sys --> C:\Windows\system32\Drivers\SaibVdAd64.sys [?]
R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-6-2 457200]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-4-10 275912]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-8-30 39408]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-3-8 166912]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-28 13592]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 tmeevw;tmeevw;C:\Windows\system32\DRIVERS\tmeevw.sys --> C:\Windows\system32\DRIVERS\tmeevw.sys [?]
R3 tmnciesc;tmnciesc;C:\Windows\system32\DRIVERS\tmnciesc.sys --> C:\Windows\system32\DRIVERS\tmnciesc.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-10 116648]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-7-16 354288]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-3-28 1691848]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 253088]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-4-10 1431888]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-10 116648]
S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]
S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-7-16 1099248]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-05-02 12:02:50 -------- d-----w- C:\Users\Xps8300\AppData\Local\{E698BBB0-499C-4535-B509-2B0743E65774}
2012-05-02 12:02:39 -------- d-----w- C:\Users\Xps8300\AppData\Local\{709DBE29-F5AA-4546-88D0-33F5E0596563}
2012-04-26 12:13:45 -------- d-----w- C:\Users\Xps8300\AppData\Local\{7EF5222D-6F24-444F-B7F9-FDAAB0821C9E}
2012-04-26 12:13:34 -------- d-----w- C:\Users\Xps8300\AppData\Local\{6056499F-D681-4B3E-8ED1-5BEC0B82BC50}
2012-04-25 12:15:16 -------- d-----w- C:\Users\Xps8300\AppData\Local\{B460BA99-8736-441E-AACB-4BE1E7967A3E}
2012-04-25 12:15:05 -------- d-----w- C:\Users\Xps8300\AppData\Local\{19A7B6A0-6CA9-45E3-A026-54661BB88201}
2012-04-24 15:16:57 -------- d-----w- C:\Users\Xps8300\AppData\Local\{73D962DE-FC0F-4D84-B3F5-3462E061DE53}
2012-04-24 15:16:47 -------- d-----w- C:\Users\Xps8300\AppData\Local\{26305F6D-9529-427B-AF1A-AE2896480ED6}
2012-04-24 14:08:10 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2012-04-24 14:07:00 -------- d-----w- C:\_AcroTemp
2012-04-24 13:49:53 52568 ----a-w- C:\Windows\System32\AdobePDF.dll
2012-04-24 03:16:21 -------- d-----w- C:\Users\Xps8300\AppData\Local\{D6E6C24D-7AE1-4BC2-B473-4ED3A6110D81}
2012-04-23 15:15:58 -------- d-----w- C:\Users\Xps8300\AppData\Local\{312904A9-1729-46E7-8C72-A237671565B4}
2012-04-23 03:15:33 -------- d-----w- C:\Users\Xps8300\AppData\Local\{F2DAF23A-2FAA-48ED-90F5-C57938791A9F}
2012-04-23 03:13:05 -------- d-----w- C:\Users\Xps8300\AppData\Local\{134DA933-5E9F-43EF-9D12-6EB4D4AB4CED}
2012-04-22 15:15:09 -------- d-----w- C:\Users\Xps8300\AppData\Local\{831C2649-87E7-4107-8187-368A0AD497AC}
2012-04-22 03:14:45 -------- d-----w- C:\Users\Xps8300\AppData\Local\{5D9B96DF-315B-4216-A09F-A503617D6951}
2012-04-21 15:14:23 -------- d-----w- C:\Users\Xps8300\AppData\Local\{D9C16B68-598F-4F87-9424-F7E2CF20C277}
2012-04-21 03:13:56 -------- d-----w- C:\Users\Xps8300\AppData\Local\{BA3E84E2-073F-452C-942A-A90562EFFE11}
2012-04-20 15:13:29 -------- d-----w- C:\Users\Xps8300\AppData\Local\{89191FA2-B99D-4D57-BDBC-D22BD114077F}
2012-04-20 15:13:18 -------- d-----w- C:\Users\Xps8300\AppData\Local\{3464DA97-0223-401D-B9BB-CC733CD870D0}
2012-04-19 12:00:59 -------- d-----w- C:\Users\Xps8300\AppData\Local\{DF192ABF-2BBB-493B-9565-88710CFADB3D}
2012-04-19 12:00:48 -------- d-----w- C:\Users\Xps8300\AppData\Local\{4F0380C4-FDFB-4FCE-ACD1-E6DBC142B6ED}
2012-04-18 12:10:07 -------- d-----w- C:\Users\Xps8300\AppData\Local\{A0C8A40D-A9DB-4936-8416-7F9183C86471}
2012-04-18 12:09:56 -------- d-----w- C:\Users\Xps8300\AppData\Local\{E3D9B7EE-F641-4A56-BE6D-15435F42E37A}
2012-04-17 15:06:24 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\REScheck
2012-04-17 12:08:36 -------- d-----w- C:\Users\Xps8300\AppData\Local\{66411AC6-4BF8-4BA4-8A18-70FC4B88E670}
2012-04-17 12:08:25 -------- d-----w- C:\Users\Xps8300\AppData\Local\{A7D0BBBB-C31D-4E48-95C2-AF69E3138A12}
2012-04-16 12:36:04 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-16 12:23:02 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-04-16 12:20:54 -------- d-----w- C:\Users\Xps8300\AppData\Local\{CA80D0CC-1AFF-4B3F-92DE-6EB421E3A2EE}
2012-04-16 12:20:36 -------- d-----w- C:\Users\Xps8300\AppData\Local\{13432EF8-E5E2-4B9B-9C6F-F6B0A063D897}
2012-04-16 12:18:08 -------- d-----w- C:\Windows\en
2012-04-16 12:17:08 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d7bd9d141cd1bca05\DSETUP.dll
2012-04-16 12:17:08 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d7bd9d141cd1bca05\DXSETUP.exe
2012-04-16 12:17:08 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d7bd9d141cd1bca05\dsetup32.dll
2012-04-16 12:17:08 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d7da2d971cd1bca06\MeshBetaRemover.exe
2012-04-16 12:09:30 -------- d-----w- C:\Users\Xps8300\AppData\Local\Windows Live
2012-04-16 12:09:13 -------- d-----w- C:\Users\Xps8300\AppData\Local\{8ED755A1-FEA0-4EBE-B92D-A2ED6889D9B2}
2012-04-12 19:43:58 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\Roxio Burn
2012-04-12 16:30:12 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\Macrovision
2012-04-12 16:29:46 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\Sonic Solutions
2012-04-12 16:29:41 -------- d-----w- C:\Users\Xps8300\AppData\Local\Sonic_Solutions
2012-04-12 16:28:39 -------- d-----w- C:\ProgramData\Uninstall
2012-04-12 16:28:32 -------- d-----w- C:\ProgramData\eSellerate
2012-04-12 16:28:21 27632 ------w- C:\Windows\System32\drivers\SaibVdAd64.sys
2012-04-12 16:28:21 27120 ------w- C:\Windows\System32\drivers\Sahdad64.sys
2012-04-12 16:28:21 19952 ------w- C:\Windows\System32\drivers\Saibad64.sys
2012-04-12 16:26:57 55856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2012-04-12 16:26:57 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2012-04-12 16:26:57 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2012-04-12 16:26:14 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2012-04-12 16:24:38 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\Roxio Log Files
2012-04-12 11:58:07 -------- d-----w- C:\Users\Xps8300\AppData\Local\{6063ED2B-26FE-4D62-BDDB-F37BC723B74E}
2012-04-11 12:07:59 -------- d-----w- C:\Users\Xps8300\AppData\Local\{12287284-431B-47C6-A06C-DF62E7B6B6D9}
2012-04-10 20:14:53 -------- d-----r- C:\Users\Xps8300\Dropbox
2012-04-10 20:14:03 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\Dropbox
2012-04-10 20:03:55 -------- d-----w- C:\Users\Xps8300\AppData\Local\Google
2012-04-10 19:58:52 -------- d-----w- C:\Windows\System32\appmgmt
2012-04-10 19:53:51 -------- d-----w- C:\Users\Xps8300\AppData\Local\Trend Micro
2012-04-10 19:53:03 67344 ----a-w- C:\Windows\System32\drivers\tmeevw.sys
2012-04-10 19:53:03 210704 ----a-w- C:\Windows\System32\drivers\tmnciesc.sys
2012-04-10 19:53:03 105744 ----a-w- C:\Windows\System32\drivers\tmtdi.sys
2012-04-10 19:53:01 70928 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2012-04-10 19:53:00 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2012-04-10 19:52:59 91920 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
2012-04-10 19:52:32 56 ----a-w- C:\Windows\System32\SupportTool.exe.bat
2012-04-10 19:52:17 -------- d-----w- C:\Program Files\Trend Micro
2012-04-10 19:51:57 -------- d-----w- C:\ProgramData\Trend Micro
2012-04-10 19:47:57 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-10 19:03:00 -------- d-----w- C:\Program Files\Dell Support Center
2012-04-10 19:00:27 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\PCDr
2012-04-10 19:00:03 -------- d-----w- C:\ProgramData\PCDr
2012-04-10 18:53:46 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-04-10 18:53:24 -------- d-----w- C:\Users\Xps8300\AppData\Local\Microsoft Help
2012-04-10 18:48:00 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\Southwest Airlines
2012-04-10 18:47:42 8192 ----a-r- C:\Users\Xps8300\AppData\Roaming\Microsoft\Installer\{84031A18-BA9A-4156-A74F-E05B52DDFCE2}\Icon84031A18.exe
2012-04-10 18:47:42 -------- d-----w- C:\Program Files (x86)\Southwest Airlines
2012-04-10 18:47:34 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-04-10 18:46:19 544656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-10 18:27:34 -------- d-----w- C:\Users\Xps8300\AppData\Local\cache
2012-04-10 18:24:10 -------- d-----w- C:\Users\Xps8300\My Backup Files
2012-04-10 18:20:43 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2012-04-10 18:13:04 -------- d-----w- C:\Users\Xps8300\AppData\Local\Autodesk
2012-04-10 18:13:04 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared
2012-04-10 18:13:04 -------- d-----w- C:\Program Files\Autodesk
2012-04-10 18:12:49 -------- d-----w- C:\Program Files (x86)\Autodesk
2012-04-10 18:12:19 -------- d-----w- C:\LIBRARY
2012-04-10 18:12:02 -------- d-----w- C:\Program Files (x86)\Common Files\Autodesk Shared
2012-04-10 18:11:53 285024 ----a-w- C:\Windows\System32\d3dx11_42.dll
2012-04-10 18:11:53 2582888 ----a-w- C:\Windows\System32\D3DCompiler_42.dll
2012-04-10 18:11:53 2475352 ----a-w- C:\Windows\System32\D3DX9_42.dll
2012-04-10 18:11:53 235344 ----a-w- C:\Windows\SysWow64\d3dx11_42.dll
2012-04-10 18:10:39 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\Autodesk
2012-04-10 18:06:15 -------- d-----w- C:\ProgramData\AMD
2012-04-10 18:06:14 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-04-10 18:06:13 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-04-10 18:06:09 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-04-10 18:04:21 -------- d-----w- C:\Program Files\ATI Technologies
2012-04-10 18:03:47 -------- d-----w- C:\AMD
2012-04-10 18:00:30 -------- d-----w- C:\Windows\SysWow64\Wat
2012-04-10 18:00:30 -------- d-----w- C:\Windows\System32\Wat
2012-04-10 17:59:00 -------- d-----w- C:\Users\Xps8300\AppData\Local\Check
2012-04-10 17:56:31 -------- d-----w- C:\Users\Xps8300\AppData\Local\{424BDF73-66FD-4397-A283-AFD25C0657BA}
2012-04-10 17:51:11 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-10 17:51:11 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-10 17:51:11 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-10 17:51:11 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-10 17:51:11 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-10 17:51:11 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-10 17:51:11 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-10 17:46:17 -------- d-----w- C:\Users\Xps8300\AppData\Local\Nero_AG
2012-04-10 17:46:06 -------- d-----w- C:\Users\Xps8300\AppData\Local\Nero
2012-04-10 17:42:33 -------- d-----w- C:\Users\Xps8300\Tracing
2012-04-10 17:36:17 244416 ----a-w- C:\Windows\SysWow64\MSFLXGRD.OCX
2012-04-10 17:36:17 -------- d-----w- C:\Program Files (x86)\Xerox Corporation
2012-04-10 17:36:11 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-04-10 17:36:11 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-04-10 17:36:11 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-04-10 17:36:11 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-04-10 17:36:11 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-04-10 17:36:10 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-04-10 17:36:10 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-04-10 17:34:09 -------- d-----w- C:\Users\Xps8300\AppData\Local\Adobe
2012-04-10 17:33:16 -------- d-----w- C:\Windows\SMINST
2012-04-10 17:04:27 89088 ----a-w- C:\Windows\System32\CNARLMNT.DLL
2012-04-10 17:01:07 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-10 17:00:17 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery
2012-04-10 16:55:41 -------- d-----w- C:\JET-ARCH
2012-04-10 16:52:02 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\Dell
2012-04-10 16:51:56 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\Fingertapps
2012-04-10 16:51:53 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\Intel Corporation
2012-04-10 16:51:52 -------- d-----w- C:\Users\Xps8300\AppData\Local\ATI
2012-04-10 16:51:41 -------- d-----r- C:\Users\Xps8300\Virtual Machines
2012-04-10 16:51:33 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-10 16:51:32 -------- d-----w- C:\Users\Xps8300\AppData\Local\VirtualStore
2012-04-10 16:50:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-10 16:50:32 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-10 16:50:32 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-10 16:50:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-10 16:50:32 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-10 16:50:32 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-10 16:50:32 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
.
==================== Find3M ====================
.
2012-04-16 12:36:09 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-28 09:38:37 0 ----a-w- C:\Windows\ativpsrm.bin
2012-03-28 09:32:58 163840 ----a-w- C:\Windows\System32\umpo.dll
2012-03-28 07:55:15 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2012-03-09 06:28:08 10857984 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-03-09 05:26:42 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-03-09 05:26:32 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-03-09 05:26:24 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-03-09 05:26:20 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-03-09 05:26:10 16507392 ----a-w- C:\Windows\System32\amdocl64.dll
2012-03-09 05:25:16 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-03-09 05:24:22 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-03-09 05:24:14 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-03-09 05:16:44 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-03-09 05:16:28 791552 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-03-09 05:14:42 958464 ----a-w- C:\Windows\System32\aticfx64.dll
2012-03-09 05:11:24 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-03-09 05:11:16 496128 ----a-w- C:\Windows\System32\atieclxx.exe
2012-03-09 05:10:20 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-03-09 05:08:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-03-09 05:08:02 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-03-09 05:07:56 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-03-09 05:07:50 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-03-09 05:04:18 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-03-09 05:03:40 26166784 ----a-w- C:\Windows\System32\atio6axx.dll
2012-03-09 04:45:00 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
2012-03-09 04:39:20 19739136 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-03-09 04:36:40 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-03-09 04:36:10 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-03-09 04:35:54 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-03-09 04:23:44 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-03-09 04:23:16 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-03-09 04:18:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-03-09 04:18:26 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-03-09 04:18:14 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-03-09 04:18:12 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-03-09 04:17:54 16069632 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-03-09 04:12:38 13715968 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-03-09 04:11:52 7552000 ----a-w- C:\Windows\System32\atiumd64.dll
2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-03-09 03:58:54 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-03-09 03:58:44 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-03-09 03:58:30 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-03-09 03:58:26 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-03-09 03:58:26 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-03-09 03:58:20 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2012-03-09 03:58:10 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-03-09 03:58:02 328704 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-03-09 03:57:04 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-03-09 03:56:56 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-03-09 03:56:48 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-03-09 03:56:38 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-03-09 03:55:58 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-03-09 03:47:22 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-03-08 22:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 11:38:51.16 ===============


--------------------------------------------------------------------------------------------------

attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/10/2012 12:48:43 PM
System Uptime: 4/24/2012 9:50:43 AM (194 hours ago)
.
Motherboard: Dell Inc. | | 0Y2MRG
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz | CPU 1 | 1598/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 915 GiB total, 856.209 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.1 - CPSID_83708
Adobe AIR
Adobe Reader X (10.1.3) MUI
Adobe Shockwave Player 11.6
Autodesk Content Service
Autodesk Material Library 2012
Autodesk Material Library Base Resolution Image Library 2012
BT-PlotAssistant
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
COMcheck 3.9.0.4 (Current User)
Consumer In-Home Service Agreement
Cozi
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Digital Delivery
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
DING!
DirectX 9 Runtime
Dropbox
FARO LS 1.1.406.58
Google Earth
Google Update Helper
High-Definition Video Playback
Intel(R) Control Center
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 7 Update 1
Junk Mail filter update
Mesh Runtime
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
PlayReady PC Runtime x86
Realtek High Definition Audio Driver
REScheck 4.4.3.0 (Current User)
Roxio BackOnTrack
Roxio Burn
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2011
Roxio Dell install Util
Roxio PhotoShow
Roxio Video Capture USB
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Skype™ 5.5
SmartSound Common Data
SmartSound Quicktracks 5
swMSM
SyncUP
THX TruStudio PC
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xerox Corporation Wide Format Scan Service
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
5/2/2012 8:28:03 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR8.
4/26/2012 4:31:05 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR7.
.
==== End Of File ===========================
jet222
Regular Member
 
Posts: 32
Joined: November 11th, 2009, 2:30 pm
Advertisement
Register to Remove

Re: Happili redirect on web search

Unread postby Scolabar » May 4th, 2012, 2:03 am

Hi jet222,

Firstly, welcome to the Malware Removal Forum. :)
My name is Scolabar, and I'll be helping you with your malware problems.
Logs can take a while to research, so please be patient.
If you no longer require help I would be grateful if you would let me know.

Please note the following important guidelines before proceeding:
  1. The instructions that will be provided are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable
    !
  2. If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
  3. Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  4. Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
    Absence of symptoms does not necessarily mean that everything is clear.
  5. DO NOT run any other fix or removal tools unless instructed to do so!
  6. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  7. Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Please Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Windows 7 Advice:
Please Note: The programs I ask you to use will need to be run in Administrator Mode.
In order to do this Right-click on the program file and select the Run as Administrator option.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
If prompted, please click on the Allow button.
Reference: User Account Control (UAC) and Running as Administrator

Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.


If you follow these guidelines, things should proceed smoothly. :)
I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Happili redirect on web search

Unread postby Scolabar » May 4th, 2012, 2:31 am

Hi jet222,

Thank you again for your patience. :)

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before proceeding please make sure any open programs are closed.

Step 1:
Business Use Computer?

Entries in the log you have provided lead me to believe that this computer may be being used for business purposes.
Please could you confirm whether or not this is the case? If not, please proceed with Step 2 and clarify for what purposes this computer is used in your next post.

Step 2:
MGA Diagnostics

  1. Please download this tool from Microsoft and Save it to your Desktop.
  2. Right-click on MGADiag.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
  3. Click on the Continue button to proceed.
  4. The program will now run. It will take a short while to complete its diagnosis, please be patient.
  5. When it has finished click on the Copy button.
  6. Click on Start and then click on the Start Search box in the Start Menu.
  7. Copy and Paste the following value into the open text entry box:

      notepad

  8. Then click on the magnifying glass symbol or press Enter.
  9. This will open an empty Notepad file.
  10. Paste the copied contents into the new Notepad window and Save the file as mgadiag.txt to your Desktop.
  11. Click on the OK button to exit the MGA Diagnostics program.
  12. Then Copy and Paste the entire contents of mgadiag.txt into your next reply.

Step 3:
WVCheck

  1. Please download WVCheck and Save it to your Desktop.
  2. Right-click on WVCheck.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
  3. Read the comments on the screen and then press Enter.
    The scan can take a while depending on the size of your hard drive.
  4. Once the program is finished, a scan report named WVCheck_hhmm_dd-mm-yyyy.txt will automatically saved to your Desktop and opened in Notepad.
  5. Please Copy and Paste the entire contents of WVCheck_hhmm_dd-mm-yyyy.txt into your next reply.

Step 4:
CKScanner

  1. Please download CKScanner and Save it to your Desktop.
    Make sure that CKScanner.exe is on your Desktop before running the application!
  2. Right-click on CKScanner.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
  3. Then click on the Search For Files button.
  4. When the scan has finished (- the hourglass cursor will disappear when the scan has completed) click on the Save List To File button.
    A text file will be created on your Desktop named ckfiles.txt. A message box will verify the file saved.
    Note: Please run the program ONCE only.
  5. Click on the Exit button to close the program.
  6. Double-click on the ckfiles.txt file to open it.
  7. Then Copy and Paste the entire contents of the file into your next reply.

Step 5:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. Is this computer used for business purposes? If not, please clarify for what purposes the computer is used.
  3. mgadiag.txt.
  4. WVCheck_hhmm_dd-mm-yyyy.txt.
  5. ckfiles.txt.
  6. Do you have original Windows installation media for your PC?

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Happili redirect on web search

Unread postby jet222 » May 5th, 2012, 9:24 pm

i am currently out of town, i will be returning monday evening, so i will post my logs for you on tuesday morning.

to be perfectly honest with you, this is a home computer that i do bring work home to do, that is why i have win 7 professional, as well as many business programs that i have installed. but this is my personal PC.
jet222
Regular Member
 
Posts: 32
Joined: November 11th, 2009, 2:30 pm

Re: Happili redirect on web search

Unread postby Wingman » May 6th, 2012, 6:03 am

Business Use / Business Networked Computer
It appears you are using your computer for business purposes or connecting to a business network.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why we do not offer help for such computers. Thank you for your understanding.


This topic is now closed.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14117
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 74 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware