Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google links being diverted to different websites

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google links being diverted to different websites

Unread postby rfeely » August 31st, 2012, 6:17 pm

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by RFEELY at 18:07:45 on 2012-08-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1520 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\vVX3000.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://emachines.msn.com
mDefault_Page_URL = hxxp://emachines.msn.com
mStart Page = hxxp://emachines.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
TCP: Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0} : DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 GREGService;GREGService;C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2010-1-8 23584]
R2 Live Updater Service;Live Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2011-3-31 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-26 378984]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-17 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-28 250568]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2012-3-2 21504]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-31 21:51:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-27 20:25:43 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-08-09 19:04:03 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
.
==================== Find3M ====================
.
2012-08-27 21:54:48 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-27 21:54:48 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-27 20:25:39 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 22:59:00 4328248 ----a-w- C:\Windows\SysWow64\GameMon.des
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
.
============= FINISH: 18:09:15.95 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/26/2012 9:58:06 AM
System Uptime: 8/31/2012 5:52:32 PM (1 hours ago)
.
Motherboard: eMachines | | EL1358G
Processor: AMD Athlon(tm) II X2 220 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 912 GiB total, 848.952 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP64: 8/4/2012 12:00:04 AM - Scheduled Checkpoint
RP65: 8/11/2012 12:11:24 AM - Scheduled Checkpoint
RP66: 8/18/2012 6:34:28 PM - Scheduled Checkpoint
RP67: 8/26/2012 12:00:04 AM - Scheduled Checkpoint
RP68: 8/27/2012 4:24:19 PM - Installed Java(TM) 6 Update 34
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Agatha Christie - 4:50 from Paddington
Amazon Send to Kindle
Apple Application Support
Apple Software Update
Bejeweled 2 Deluxe
Build-a-lot 2
Chuzzle Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
eBay Worldwide
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Final Drive: Nitro
FrostWire 5.3.4
Galerie de photos Windows Live
Garmin Communicator Plugin
Hotkey Utility
Identity Card
IncrediMail
IncrediMail 2.0
Java Auto Updater
Java(TM) 6 Update 34
Jewel Quest Heritage
Junk Mail filter update
Kobo
Mesh Runtime
Microsoft Office 2000 Professional
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars: PAC-MAN
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NOOK for PC
Norton Online Backup
NVIDIA ForceWare Network Access Manager
NVIDIA Stereoscopic 3D Driver
Pando Media Booster
Pangya (Ntreev USA)
Penguins!
Photo Notifier and Animation Creator
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Click to Call
Skype™ 5.5
Spybot - Search & Destroy
Torchlight
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Welcome Center
WildTangent Games App (eMachines Games)
WinAce Archiver
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WModem Driver Installer
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
8/31/2012 5:53:55 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/31/2012 5:53:55 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
8/31/2012 5:53:06 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
8/31/2012 5:53:06 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/31/2012 5:53:05 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/31/2012 5:53:03 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
.
==== End Of File ===========================


******
I ran tss and it came up clear the second time but still having the same problem.
Thank you in advance
rfeely
Active Member
 
Posts: 9
Joined: August 31st, 2012, 6:06 pm
Advertisement
Register to Remove

Re: Google links being diverted to different websites

Unread postby Gizzy » August 31st, 2012, 7:01 pm

Hello rfeely and Welcome to Malware Removal! :)
My name is Gizzy and I'll be glad to help you with your malware problems.

Please note the following while we work:
  • The fixes are specific to your problem and should only be used for this issue on this computer.
  • Perform all actions in the order given.
  • If you don't know or understand something stop and ask! Don't keep going on.
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please DO NOT run any tools or scans unless I ask you to.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use, Be assured, any links I give are safe.
  • The process is not instant, Please continue to respond to this thread until I give you the All Clean!. Absence of symptoms does not mean that everything is clear.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup your data - windows 7


I am checking your logs and will reply with further instructions soon.
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: Google links being diverted to different websites

Unread postby Gizzy » August 31st, 2012, 10:35 pm

Hi rfeely,

Your logs show signs of a Remote Access Infection on your computer.

LSP: mswsock.dll


This indicates you are infected with the Zero Access rootkit



Please take time to carefully read THIS topic, then let me know how you want to proceed.
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: Google links being diverted to different websites

Unread postby rfeely » September 1st, 2012, 5:15 pm

I think I will still shoot for the cleaning if it ok with you. I understand the risks but at this time I could not start with a totally repaved one unless absolutely my last choice.
rfeely
Active Member
 
Posts: 9
Joined: August 31st, 2012, 6:06 pm

Re: Google links being diverted to different websites

Unread postby Gizzy » September 2nd, 2012, 5:51 am

Hi rfeely,
I think I will still shoot for the cleaning if it ok with you.
I'll be happy to attempt to remove the malware. :)
Just understand, cleaning your computer will not guarantee that it will be secure.

I ran tss and it came up clear the second time but still having the same problem.

Did it detect something the first time? Please post the log, It can be located at C:\TDSSKiller.2.4.0.0_DD.MM.YYYY_HH.MM.SS_log.txt


UAC Advice
  • All applications I ask to be used will require to be run in Administrator mode. i.e. Right-click on and select Run as administrator.
  • The Operating System (Windows 7) in use comes with an inbuilt utility called User Account Control (UAC).
  • When prompted by this with anything I ask you to carry out please select the option Allow.


Disable Spybot TeaTimer
Spybot will interfere with fixes so will need to be disabled, You may re-enable it once we're finished.

  1. Open Spybot-S&D in Advanced Mode.
  2. If it is not already set to do this go to the Mode menu and select Advanced Mode.
  3. On the left hand side, click on Tools.
  4. Then click on the Resident Icon in the List.
  5. Uncheck Resident TeaTimer and OK any prompts.
  6. Restart your computer.


P2P Warning!
IMPORTANT: I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

FrostWire 5.3.4

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).
Also take note that remnants of the above program(s) and any other P2P program found will be removed when cleaning.


MGA Diagnostic Tool
Download MGA Diagnostic Tool to your Desktop.
  1. Right-click MGADiag.exe and select Run as administrator to launch the program.
  2. Click Continue and let the scan run.
  3. When finished it will have created a log.
  4. Click Copy.
  5. Next open Notepad.
    1. Click Start > Run type Notepad click OK.
    2. This will open an empty Notepad file.
    3. Right click in the empty file and choose Paste to copy the log from MGA Diagnostics into it.
    4. Save the file to your Desktop.
  6. Close MGA Diagnostic Tool.
  7. Copy/Paste the log in your next reply please.


Run CKScanner
  1. Please download CKScanner from Here - Important: Save it to your desktop.
  2. Right-click CKScanner.exe and select Run as administrator then click Search For Files.
  3. After a very short time, when the cursor hourglass disappears, Click Save List To File.
  4. A message box will verify the file saved.
  5. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Please reply with:
  • TDSSKiller log
  • MGA Diagnostic log
  • CKScanner log
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: Google links being diverted to different websites

Unread postby Gizzy » September 4th, 2012, 7:31 am

Hi rfeely,

Do you still require assistance?
If you do not reply to this topic within 24 hours of this post, it will be closed due to inactivity.
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: Google links being diverted to different websites

Unread postby rfeely » September 4th, 2012, 11:56 am

For some reason it didnt post...hold on I'll try again
rfeely
Active Member
 
Posts: 9
Joined: August 31st, 2012, 6:06 pm

Re: Google links being diverted to different websites

Unread postby rfeely » September 4th, 2012, 11:59 am

17:51:14.0807 12828 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
17:51:15.0126 12828 ============================================================
17:51:15.0126 12828 Current date / time: 2012/08/31 17:51:15.0126
17:51:15.0126 12828 SystemInfo:
17:51:15.0126 12828
17:51:15.0126 12828 OS Version: 6.1.7601 ServicePack: 1.0
17:51:15.0126 12828 Product type: Workstation
17:51:15.0126 12828 ComputerName: RFEELY-PC
17:51:15.0126 12828 UserName: RFEELY
17:51:15.0126 12828 Windows directory: C:\Windows
17:51:15.0126 12828 System windows directory: C:\Windows
17:51:15.0126 12828 Running under WOW64
17:51:15.0127 12828 Processor architecture: Intel x64
17:51:15.0127 12828 Number of processors: 2
17:51:15.0127 12828 Page size: 0x1000
17:51:15.0127 12828 Boot type: Normal boot
17:51:15.0127 12828 ============================================================
17:51:16.0336 12828 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:51:16.0356 12828 ============================================================
17:51:16.0356 12828 \Device\Harddisk0\DR0:
17:51:16.0361 12828 MBR partitions:
17:51:16.0362 12828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2710800, BlocksNum 0x32000
17:51:16.0362 12828 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2742800, BlocksNum 0x71FC3DB0
17:51:16.0362 12828 ============================================================
17:51:16.0384 12828 C: <-> \Device\Harddisk0\DR0\Partition2
17:51:16.0384 12828 ============================================================
17:51:16.0384 12828 Initialize success
17:51:16.0384 12828 ============================================================
17:51:18.0484 14896 ============================================================
17:51:18.0485 14896 Scan started
17:51:18.0485 14896 Mode: Manual;
17:51:18.0485 14896 ============================================================
17:51:23.0244 14896 ================ Scan system memory ========================
17:51:23.0244 14896 System memory - ok
17:51:23.0249 14896 ================ Scan services =============================
17:51:23.0493 14896 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:51:23.0496 14896 1394ohci - ok
17:51:23.0513 14896 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:51:23.0517 14896 ACPI - ok
17:51:23.0533 14896 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:51:23.0535 14896 AcpiPmi - ok
17:51:23.0575 14896 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:51:23.0577 14896 AdobeARMservice - ok
17:51:23.0688 14896 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:51:23.0694 14896 AdobeFlashPlayerUpdateSvc - ok
17:51:23.0714 14896 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:51:23.0731 14896 adp94xx - ok
17:51:23.0742 14896 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:51:23.0749 14896 adpahci - ok
17:51:23.0757 14896 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:51:23.0760 14896 adpu320 - ok
17:51:23.0778 14896 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:51:23.0780 14896 AeLookupSvc - ok
17:51:23.0814 14896 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:51:23.0819 14896 AFD - ok
17:51:23.0836 14896 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:51:23.0838 14896 agp440 - ok
17:51:23.0853 14896 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:51:23.0855 14896 ALG - ok
17:51:23.0868 14896 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:51:23.0869 14896 aliide - ok
17:51:23.0881 14896 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:51:23.0896 14896 amdide - ok
17:51:23.0915 14896 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:51:23.0917 14896 AmdK8 - ok
17:51:23.0932 14896 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:51:23.0933 14896 AmdPPM - ok
17:51:23.0961 14896 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:51:23.0963 14896 amdsata - ok
17:51:23.0975 14896 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:51:23.0978 14896 amdsbs - ok
17:51:23.0990 14896 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:51:23.0990 14896 amdxata - ok
17:51:24.0012 14896 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:51:24.0014 14896 AppID - ok
17:51:24.0018 14896 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:51:24.0021 14896 AppIDSvc - ok
17:51:24.0026 14896 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:51:24.0027 14896 Appinfo - ok
17:51:24.0070 14896 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:51:24.0072 14896 Apple Mobile Device - ok
17:51:24.0085 14896 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
17:51:24.0086 14896 arc - ok
17:51:24.0102 14896 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:51:24.0103 14896 arcsas - ok
17:51:24.0113 14896 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:51:24.0115 14896 AsyncMac - ok
17:51:24.0131 14896 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:51:24.0132 14896 atapi - ok
17:51:24.0154 14896 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:51:24.0161 14896 AudioEndpointBuilder - ok
17:51:24.0171 14896 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:51:24.0174 14896 AudioSrv - ok
17:51:24.0206 14896 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:51:24.0208 14896 AxInstSV - ok
17:51:24.0222 14896 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:51:24.0227 14896 b06bdrv - ok
17:51:24.0246 14896 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:51:24.0252 14896 b57nd60a - ok
17:51:24.0266 14896 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:51:24.0268 14896 BDESVC - ok
17:51:24.0277 14896 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:51:24.0279 14896 Beep - ok
17:51:24.0294 14896 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:51:24.0295 14896 blbdrive - ok
17:51:24.0341 14896 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:51:24.0344 14896 Bonjour Service - ok
17:51:24.0372 14896 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:51:24.0379 14896 bowser - ok
17:51:24.0397 14896 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:51:24.0398 14896 BrFiltLo - ok
17:51:24.0406 14896 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:51:24.0408 14896 BrFiltUp - ok
17:51:24.0426 14896 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
17:51:24.0428 14896 Browser - ok
17:51:24.0449 14896 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:51:24.0453 14896 Brserid - ok
17:51:24.0465 14896 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:51:24.0466 14896 BrSerWdm - ok
17:51:24.0476 14896 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:51:24.0478 14896 BrUsbMdm - ok
17:51:24.0484 14896 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:51:24.0486 14896 BrUsbSer - ok
17:51:24.0497 14896 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:51:24.0499 14896 BTHMODEM - ok
17:51:24.0517 14896 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:51:24.0518 14896 bthserv - ok
17:51:24.0528 14896 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:51:24.0529 14896 cdfs - ok
17:51:24.0537 14896 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:51:24.0539 14896 cdrom - ok
17:51:24.0552 14896 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:51:24.0554 14896 CertPropSvc - ok
17:51:24.0566 14896 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
17:51:24.0568 14896 circlass - ok
17:51:24.0583 14896 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:51:24.0587 14896 CLFS - ok
17:51:24.0636 14896 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:51:24.0640 14896 clr_optimization_v2.0.50727_32 - ok
17:51:24.0685 14896 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:51:24.0687 14896 clr_optimization_v2.0.50727_64 - ok
17:51:24.0756 14896 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:51:24.0760 14896 clr_optimization_v4.0.30319_32 - ok
17:51:24.0793 14896 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:51:24.0795 14896 clr_optimization_v4.0.30319_64 - ok
17:51:24.0816 14896 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
17:51:24.0818 14896 CmBatt - ok
17:51:24.0832 14896 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:51:24.0841 14896 cmdide - ok
17:51:24.0884 14896 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:51:24.0890 14896 CNG - ok
17:51:24.0917 14896 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:51:24.0919 14896 Compbatt - ok
17:51:24.0937 14896 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:51:24.0938 14896 CompositeBus - ok
17:51:24.0943 14896 COMSysApp - ok
17:51:24.0953 14896 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:51:24.0955 14896 crcdisk - ok
17:51:25.0006 14896 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:51:25.0009 14896 CryptSvc - ok
17:51:25.0037 14896 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:51:25.0043 14896 DcomLaunch - ok
17:51:25.0080 14896 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:51:25.0088 14896 defragsvc - ok
17:51:25.0107 14896 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:51:25.0109 14896 DfsC - ok
17:51:25.0129 14896 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:51:25.0134 14896 Dhcp - ok
17:51:25.0140 14896 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:51:25.0141 14896 discache - ok
17:51:25.0160 14896 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
17:51:25.0162 14896 Disk - ok
17:51:25.0190 14896 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:51:25.0192 14896 Dnscache - ok
17:51:25.0206 14896 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:51:25.0210 14896 dot3svc - ok
17:51:25.0227 14896 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:51:25.0229 14896 DPS - ok
17:51:25.0248 14896 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:51:25.0249 14896 drmkaud - ok
17:51:25.0275 14896 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:51:25.0285 14896 DXGKrnl - ok
17:51:25.0297 14896 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:51:25.0299 14896 EapHost - ok
17:51:25.0354 14896 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
17:51:25.0398 14896 ebdrv - ok
17:51:25.0448 14896 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:51:25.0450 14896 EFS - ok
17:51:25.0484 14896 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:51:25.0492 14896 ehRecvr - ok
17:51:25.0506 14896 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:51:25.0508 14896 ehSched - ok
17:51:25.0529 14896 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:51:25.0535 14896 elxstor - ok
17:51:25.0548 14896 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:51:25.0549 14896 ErrDev - ok
17:51:25.0570 14896 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:51:25.0576 14896 EventSystem - ok
17:51:25.0594 14896 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:51:25.0596 14896 exfat - ok
17:51:25.0603 14896 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:51:25.0606 14896 fastfat - ok
17:51:25.0635 14896 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:51:25.0643 14896 Fax - ok
17:51:25.0659 14896 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
17:51:25.0660 14896 fdc - ok
17:51:25.0685 14896 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:51:25.0687 14896 fdPHost - ok
17:51:25.0692 14896 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:51:25.0693 14896 FDResPub - ok
17:51:25.0701 14896 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:51:25.0703 14896 FileInfo - ok
17:51:25.0711 14896 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:51:25.0713 14896 Filetrace - ok
17:51:25.0723 14896 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:51:25.0724 14896 flpydisk - ok
17:51:25.0743 14896 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:51:25.0747 14896 FltMgr - ok
17:51:25.0787 14896 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:51:25.0805 14896 FontCache - ok
17:51:25.0850 14896 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:51:25.0852 14896 FontCache3.0.0.0 - ok
17:51:25.0929 14896 [ 52B58A46BEEFB238C580B69FD051CB5B ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
17:51:25.0943 14896 ForceWare Intelligent Application Manager (IAM) - ok
17:51:25.0952 14896 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:51:25.0953 14896 FsDepends - ok
17:51:25.0974 14896 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:51:25.0976 14896 Fs_Rec - ok
17:51:25.0985 14896 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:51:25.0988 14896 fvevol - ok
17:51:26.0013 14896 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:51:26.0015 14896 gagp30kx - ok
17:51:26.0058 14896 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:51:26.0061 14896 GamesAppService - ok
17:51:26.0084 14896 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:51:26.0086 14896 GEARAspiWDM - ok
17:51:26.0114 14896 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:51:26.0122 14896 gpsvc - ok
17:51:26.0166 14896 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
17:51:26.0167 14896 GREGService - ok
17:51:26.0179 14896 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:51:26.0180 14896 hcw85cir - ok
17:51:26.0209 14896 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:51:26.0215 14896 HdAudAddService - ok
17:51:26.0227 14896 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:51:26.0230 14896 HDAudBus - ok
17:51:26.0245 14896 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:51:26.0247 14896 HidBatt - ok
17:51:26.0260 14896 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:51:26.0262 14896 HidBth - ok
17:51:26.0273 14896 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
17:51:26.0275 14896 HidIr - ok
17:51:26.0292 14896 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:51:26.0294 14896 hidserv - ok
17:51:26.0320 14896 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
17:51:26.0322 14896 HidUsb - ok
17:51:26.0335 14896 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:51:26.0337 14896 hkmsvc - ok
17:51:26.0346 14896 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:51:26.0354 14896 HomeGroupListener - ok
17:51:26.0377 14896 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:51:26.0380 14896 HomeGroupProvider - ok
17:51:26.0393 14896 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:51:26.0395 14896 HpSAMD - ok
17:51:26.0414 14896 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:51:26.0421 14896 HTTP - ok
17:51:26.0437 14896 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:51:26.0437 14896 hwpolicy - ok
17:51:26.0443 14896 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:51:26.0445 14896 i8042prt - ok
17:51:26.0464 14896 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:51:26.0469 14896 iaStorV - ok
17:51:26.0514 14896 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:51:26.0524 14896 idsvc - ok
17:51:26.0541 14896 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:51:26.0544 14896 iirsp - ok
17:51:26.0576 14896 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:51:26.0585 14896 IKEEXT - ok
17:51:26.0648 14896 [ 2E3B99E8C23BE2BF32EBE1DB5261F275 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:51:26.0683 14896 IntcAzAudAddService - ok
17:51:26.0710 14896 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:51:26.0712 14896 intelide - ok
17:51:26.0723 14896 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
17:51:26.0725 14896 intelppm - ok
17:51:26.0737 14896 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:51:26.0739 14896 IPBusEnum - ok
17:51:26.0748 14896 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:51:26.0750 14896 IpFilterDriver - ok
17:51:26.0758 14896 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:51:26.0762 14896 IPMIDRV - ok
17:51:26.0775 14896 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:51:26.0777 14896 IPNAT - ok
17:51:26.0819 14896 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:51:26.0828 14896 iPod Service - ok
17:51:26.0832 14896 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:51:26.0834 14896 IRENUM - ok
17:51:26.0850 14896 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:51:26.0852 14896 isapnp - ok
17:51:26.0864 14896 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:51:26.0867 14896 iScsiPrt - ok
17:51:26.0872 14896 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:51:26.0874 14896 kbdclass - ok
17:51:26.0889 14896 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:51:26.0891 14896 kbdhid - ok
17:51:26.0905 14896 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:51:26.0906 14896 KeyIso - ok
17:51:26.0943 14896 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:51:26.0945 14896 KSecDD - ok
17:51:26.0961 14896 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:51:26.0963 14896 KSecPkg - ok
17:51:26.0968 14896 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:51:26.0969 14896 ksthunk - ok
17:51:26.0991 14896 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:51:26.0995 14896 KtmRm - ok
17:51:27.0021 14896 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:51:27.0025 14896 LanmanServer - ok
17:51:27.0036 14896 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:51:27.0039 14896 LanmanWorkstation - ok
17:51:27.0078 14896 [ ACEC35F181075B20A5EF4A71958B13DF ] libusb0 C:\Windows\system32\drivers\libusb0.sys
17:51:27.0080 14896 libusb0 - ok
17:51:27.0119 14896 [ 6BCEE9C766815BFFF89DE7D81AF34CE1 ] Live Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
17:51:27.0122 14896 Live Updater Service - ok
17:51:27.0127 14896 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:51:27.0128 14896 lltdio - ok
17:51:27.0144 14896 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:51:27.0149 14896 lltdsvc - ok
17:51:27.0161 14896 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:51:27.0163 14896 lmhosts - ok
17:51:27.0182 14896 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:51:27.0185 14896 LSI_FC - ok
17:51:27.0195 14896 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:51:27.0197 14896 LSI_SAS - ok
17:51:27.0208 14896 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:51:27.0210 14896 LSI_SAS2 - ok
17:51:27.0226 14896 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:51:27.0228 14896 LSI_SCSI - ok
17:51:27.0234 14896 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:51:27.0236 14896 luafv - ok
17:51:27.0249 14896 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:51:27.0252 14896 Mcx2Svc - ok
17:51:27.0259 14896 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
17:51:27.0261 14896 megasas - ok
17:51:27.0302 14896 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:51:27.0306 14896 MegaSR - ok
17:51:27.0320 14896 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:51:27.0322 14896 MMCSS - ok
17:51:27.0335 14896 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:51:27.0337 14896 Modem - ok
17:51:27.0352 14896 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:51:27.0353 14896 monitor - ok
17:51:27.0358 14896 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:51:27.0361 14896 mouclass - ok
17:51:27.0374 14896 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
17:51:27.0377 14896 mouhid - ok
17:51:27.0392 14896 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:51:27.0394 14896 mountmgr - ok
17:51:27.0405 14896 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:51:27.0408 14896 mpio - ok
17:51:27.0413 14896 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:51:27.0414 14896 mpsdrv - ok
17:51:27.0427 14896 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:51:27.0429 14896 MRxDAV - ok
17:51:27.0453 14896 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:51:27.0454 14896 mrxsmb - ok
17:51:27.0470 14896 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:51:27.0473 14896 mrxsmb10 - ok
17:51:27.0503 14896 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:51:27.0505 14896 mrxsmb20 - ok
17:51:27.0515 14896 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:51:27.0517 14896 msahci - ok
17:51:27.0528 14896 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:51:27.0530 14896 msdsm - ok
17:51:27.0544 14896 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:51:27.0547 14896 MSDTC - ok
17:51:27.0561 14896 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:51:27.0562 14896 Msfs - ok
17:51:27.0573 14896 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:51:27.0575 14896 mshidkmdf - ok
17:51:27.0584 14896 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:51:27.0584 14896 msisadrv - ok
17:51:27.0613 14896 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:51:27.0616 14896 MSiSCSI - ok
17:51:27.0623 14896 msiserver - ok
17:51:27.0642 14896 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:51:27.0644 14896 MSKSSRV - ok
17:51:27.0652 14896 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:51:27.0654 14896 MSPCLOCK - ok
17:51:27.0669 14896 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:51:27.0670 14896 MSPQM - ok
17:51:27.0684 14896 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:51:27.0688 14896 MsRPC - ok
17:51:27.0701 14896 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:51:27.0703 14896 mssmbios - ok
17:51:27.0719 14896 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:51:27.0721 14896 MSTEE - ok
17:51:27.0738 14896 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:51:27.0740 14896 MTConfig - ok
17:51:27.0754 14896 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:51:27.0754 14896 Mup - ok
17:51:27.0782 14896 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:51:27.0788 14896 napagent - ok
17:51:27.0809 14896 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:51:27.0813 14896 NativeWifiP - ok
17:51:27.0849 14896 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
17:51:27.0854 14896 NAUpdate - ok
17:51:27.0872 14896 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
17:51:27.0890 14896 NDIS - ok
17:51:27.0913 14896 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:51:27.0915 14896 NdisCap - ok
17:51:27.0923 14896 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:51:27.0924 14896 NdisTapi - ok
17:51:27.0932 14896 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:51:27.0933 14896 Ndisuio - ok
17:51:27.0943 14896 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:51:27.0946 14896 NdisWan - ok
17:51:27.0951 14896 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:51:27.0952 14896 NDProxy - ok
17:51:27.0966 14896 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:51:27.0967 14896 NetBIOS - ok
17:51:27.0975 14896 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:51:27.0978 14896 NetBT - ok
17:51:27.0988 14896 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:51:27.0989 14896 Netlogon - ok
17:51:28.0010 14896 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:51:28.0015 14896 Netman - ok
17:51:28.0038 14896 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:51:28.0044 14896 netprofm - ok
17:51:28.0067 14896 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:51:28.0070 14896 NetTcpPortSharing - ok
17:51:28.0082 14896 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:51:28.0084 14896 nfrd960 - ok
17:51:28.0103 14896 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:51:28.0107 14896 NlaSvc - ok
17:51:28.0174 14896 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
17:51:28.0217 14896 NOBU - ok
17:51:28.0234 14896 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:51:28.0234 14896 Npfs - ok
17:51:28.0254 14896 npggsvc - ok
17:51:28.0262 14896 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:51:28.0264 14896 nsi - ok
17:51:28.0268 14896 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:51:28.0269 14896 nsiproxy - ok
17:51:28.0301 14896 [ 20E179A7FE78B37A02D30C4D34C870E7 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
17:51:28.0304 14896 nSvcIp - ok
17:51:28.0372 14896 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:51:28.0406 14896 Ntfs - ok
17:51:28.0428 14896 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:51:28.0430 14896 Null - ok
17:51:28.0461 14896 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
17:51:28.0706 14896 NVENETFD - ok
17:51:29.0086 14896 [ 4628FA8F0CC0D509BC14A223E99D36F3 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:51:29.0283 14896 nvlddmkm - ok
17:51:29.0313 14896 [ 909EEDCBD365BB81027D8E742E6B3416 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
17:51:29.0317 14896 NVNET - ok
17:51:29.0349 14896 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:51:29.0352 14896 nvraid - ok
17:51:29.0366 14896 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:51:29.0369 14896 nvstor - ok
17:51:29.0398 14896 [ 1E45F96342429D63DC30E0D9117DA3D8 ] nvstor64 C:\Windows\system32\drivers\nvstor64.sys
17:51:29.0399 14896 nvstor64 - ok
17:51:29.0430 14896 [ 703F996312202D84663F7C8584ACAF55 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:51:29.0433 14896 nvsvc - ok
17:51:29.0452 14896 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:51:29.0454 14896 nv_agp - ok
17:51:29.0460 14896 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:51:29.0461 14896 ohci1394 - ok
17:51:29.0490 14896 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:51:29.0494 14896 p2pimsvc - ok
17:51:29.0518 14896 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:51:29.0524 14896 p2psvc - ok
17:51:29.0531 14896 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
17:51:29.0533 14896 Parport - ok
17:51:29.0549 14896 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:51:29.0550 14896 partmgr - ok
17:51:29.0567 14896 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:51:29.0569 14896 PcaSvc - ok
17:51:29.0586 14896 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:51:29.0588 14896 pci - ok
17:51:29.0597 14896 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:51:29.0597 14896 pciide - ok
17:51:29.0605 14896 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:51:29.0608 14896 pcmcia - ok
17:51:29.0621 14896 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:51:29.0621 14896 pcw - ok
17:51:29.0642 14896 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:51:29.0648 14896 PEAUTH - ok
17:51:29.0696 14896 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:51:29.0697 14896 PerfHost - ok
17:51:29.0734 14896 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:51:29.0760 14896 pla - ok
17:51:29.0803 14896 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:51:29.0809 14896 PlugPlay - ok
17:51:29.0821 14896 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:51:29.0823 14896 PNRPAutoReg - ok
17:51:29.0832 14896 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:51:29.0834 14896 PNRPsvc - ok
17:51:29.0855 14896 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:51:29.0862 14896 PolicyAgent - ok
17:51:29.0880 14896 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:51:29.0883 14896 Power - ok
17:51:29.0889 14896 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:51:29.0891 14896 PptpMiniport - ok
17:51:29.0901 14896 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
17:51:29.0902 14896 Processor - ok
17:51:29.0934 14896 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:51:29.0937 14896 ProfSvc - ok
17:51:29.0953 14896 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:51:29.0955 14896 ProtectedStorage - ok
17:51:29.0981 14896 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:51:29.0983 14896 Psched - ok
17:51:30.0019 14896 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:51:30.0046 14896 ql2300 - ok
17:51:30.0056 14896 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:51:30.0059 14896 ql40xx - ok
17:51:30.0077 14896 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:51:30.0081 14896 QWAVE - ok
17:51:30.0087 14896 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:51:30.0088 14896 QWAVEdrv - ok
17:51:30.0102 14896 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:51:30.0104 14896 RasAcd - ok
17:51:30.0122 14896 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:51:30.0123 14896 RasAgileVpn - ok
17:51:30.0130 14896 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:51:30.0132 14896 RasAuto - ok
17:51:30.0138 14896 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:51:30.0140 14896 Rasl2tp - ok
17:51:30.0148 14896 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:51:30.0152 14896 RasMan - ok
17:51:30.0159 14896 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:51:30.0160 14896 RasPppoe - ok
17:51:30.0165 14896 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:51:30.0167 14896 RasSstp - ok
17:51:30.0181 14896 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:51:30.0184 14896 rdbss - ok
17:51:30.0194 14896 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
17:51:30.0195 14896 rdpbus - ok
17:51:30.0209 14896 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:51:30.0210 14896 RDPCDD - ok
17:51:30.0243 14896 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:51:30.0243 14896 RDPENCDD - ok
17:51:30.0250 14896 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:51:30.0251 14896 RDPREFMP - ok
17:51:30.0280 14896 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:51:30.0283 14896 RDPWD - ok
17:51:30.0302 14896 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:51:30.0304 14896 rdyboost - ok
17:51:30.0321 14896 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:51:30.0323 14896 RemoteAccess - ok
17:51:30.0346 14896 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:51:30.0349 14896 RemoteRegistry - ok
17:51:30.0366 14896 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:51:30.0368 14896 RpcEptMapper - ok
17:51:30.0381 14896 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:51:30.0383 14896 RpcLocator - ok
17:51:30.0399 14896 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:51:30.0403 14896 RpcSs - ok
17:51:30.0414 14896 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:51:30.0415 14896 rspndr - ok
17:51:30.0427 14896 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:51:30.0428 14896 SamSs - ok
17:51:30.0447 14896 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:51:30.0449 14896 sbp2port - ok
17:51:30.0520 14896 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
17:51:30.0528 14896 SBSDWSCService - ok
17:51:30.0536 14896 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:51:30.0540 14896 SCardSvr - ok
17:51:30.0545 14896 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:51:30.0546 14896 scfilter - ok
17:51:30.0571 14896 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:51:30.0589 14896 Schedule - ok
17:51:30.0605 14896 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:51:30.0605 14896 SCPolicySvc - ok
17:51:30.0622 14896 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:51:30.0625 14896 SDRSVC - ok
17:51:30.0630 14896 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:51:30.0631 14896 secdrv - ok
17:51:30.0636 14896 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:51:30.0638 14896 seclogon - ok
17:51:30.0650 14896 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:51:30.0652 14896 SENS - ok
17:51:30.0658 14896 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:51:30.0660 14896 SensrSvc - ok
17:51:30.0673 14896 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
17:51:30.0674 14896 Serenum - ok
17:51:30.0695 14896 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
17:51:30.0697 14896 Serial - ok
17:51:30.0701 14896 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:51:30.0702 14896 sermouse - ok
17:51:30.0716 14896 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:51:30.0718 14896 SessionEnv - ok
17:51:30.0733 14896 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:51:30.0734 14896 sffdisk - ok
17:51:30.0744 14896 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:51:30.0745 14896 sffp_mmc - ok
17:51:30.0750 14896 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:51:30.0751 14896 sffp_sd - ok
17:51:30.0766 14896 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:51:30.0767 14896 sfloppy - ok
17:51:30.0791 14896 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:51:30.0796 14896 ShellHWDetection - ok
17:51:30.0813 14896 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:51:30.0815 14896 SiSRaid2 - ok
17:51:30.0826 14896 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:51:30.0828 14896 SiSRaid4 - ok
17:51:30.0856 14896 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:51:30.0858 14896 Smb - ok
17:51:30.0875 14896 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:51:30.0876 14896 SNMPTRAP - ok
17:51:30.0885 14896 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:51:30.0886 14896 spldr - ok
17:51:30.0902 14896 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
17:51:30.0909 14896 Spooler - ok
17:51:30.0967 14896 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:51:31.0029 14896 sppsvc - ok
17:51:31.0045 14896 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:51:31.0047 14896 sppuinotify - ok
17:51:31.0082 14896 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:51:31.0087 14896 srv - ok
17:51:31.0105 14896 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:51:31.0110 14896 srv2 - ok
17:51:31.0123 14896 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:51:31.0125 14896 srvnet - ok
17:51:31.0135 14896 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:51:31.0139 14896 SSDPSRV - ok
17:51:31.0144 14896 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:51:31.0147 14896 SstpSvc - ok
17:51:31.0188 14896 [ A52DDA7F28FF685AD63D77FE0549707E ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:51:31.0192 14896 Stereo Service - ok
17:51:31.0212 14896 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:51:31.0214 14896 stexstor - ok
17:51:31.0248 14896 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:51:31.0255 14896 stisvc - ok
17:51:31.0271 14896 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:51:31.0273 14896 swenum - ok
17:51:31.0300 14896 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:51:31.0307 14896 swprv - ok
17:51:31.0338 14896 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:51:31.0364 14896 SysMain - ok
17:51:31.0373 14896 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:51:31.0376 14896 TabletInputService - ok
17:51:31.0390 14896 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:51:31.0394 14896 TapiSrv - ok
17:51:31.0404 14896 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:51:31.0407 14896 TBS - ok
17:51:31.0449 14896 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:51:31.0484 14896 Tcpip - ok
17:51:31.0532 14896 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:51:31.0542 14896 TCPIP6 - ok
17:51:31.0551 14896 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:51:31.0553 14896 tcpipreg - ok
17:51:31.0569 14896 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:51:31.0570 14896 TDPIPE - ok
17:51:31.0595 14896 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:51:31.0597 14896 TDTCP - ok
17:51:31.0602 14896 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:51:31.0604 14896 tdx - ok
17:51:31.0614 14896 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:51:31.0616 14896 TermDD - ok
17:51:31.0633 14896 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:51:31.0650 14896 TermService - ok
17:51:31.0665 14896 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:51:31.0668 14896 Themes - ok
17:51:31.0682 14896 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:51:31.0684 14896 THREADORDER - ok
17:51:31.0693 14896 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:51:31.0697 14896 TrkWks - ok
17:51:31.0733 14896 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:51:31.0735 14896 TrustedInstaller - ok
17:51:31.0749 14896 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:51:31.0751 14896 tssecsrv - ok
17:51:31.0775 14896 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:51:31.0777 14896 TsUsbFlt - ok
17:51:31.0784 14896 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
17:51:31.0788 14896 TsUsbGD - ok
17:51:31.0815 14896 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:51:31.0817 14896 tunnel - ok
17:51:31.0828 14896 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:51:31.0830 14896 uagp35 - ok
17:51:31.0844 14896 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:51:31.0849 14896 udfs - ok
17:51:31.0862 14896 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:51:31.0864 14896 UI0Detect - ok
17:51:31.0883 14896 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:51:31.0885 14896 uliagpkx - ok
17:51:31.0890 14896 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:51:31.0891 14896 umbus - ok
17:51:31.0902 14896 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
17:51:31.0903 14896 UmPass - ok
17:51:31.0919 14896 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:51:31.0924 14896 upnphost - ok
17:51:31.0944 14896 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:51:31.0946 14896 USBAAPL64 - ok
17:51:31.0973 14896 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:51:31.0990 14896 usbaudio - ok
17:51:32.0022 14896 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:51:32.0026 14896 usbccgp - ok
17:51:32.0047 14896 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:51:32.0049 14896 usbcir - ok
17:51:32.0062 14896 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:51:32.0064 14896 usbehci - ok
17:51:32.0087 14896 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:51:32.0091 14896 usbhub - ok
17:51:32.0103 14896 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:51:32.0105 14896 usbohci - ok
17:51:32.0114 14896 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:51:32.0115 14896 usbprint - ok
17:51:32.0137 14896 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:51:32.0139 14896 usbscan - ok
17:51:32.0157 14896 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:51:32.0159 14896 USBSTOR - ok
17:51:32.0172 14896 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:51:32.0174 14896 usbuhci - ok
17:51:32.0187 14896 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:51:32.0190 14896 UxSms - ok
17:51:32.0200 14896 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:51:32.0201 14896 VaultSvc - ok
17:51:32.0209 14896 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:51:32.0211 14896 vdrvroot - ok
17:51:32.0232 14896 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:51:32.0239 14896 vds - ok
17:51:32.0248 14896 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:51:32.0250 14896 vga - ok
17:51:32.0256 14896 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:51:32.0257 14896 VgaSave - ok
17:51:32.0269 14896 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:51:32.0272 14896 vhdmp - ok
17:51:32.0277 14896 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:51:32.0279 14896 viaide - ok
17:51:32.0296 14896 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:51:32.0298 14896 volmgr - ok
17:51:32.0310 14896 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:51:32.0314 14896 volmgrx - ok
17:51:32.0322 14896 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:51:32.0325 14896 volsnap - ok
17:51:32.0345 14896 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:51:32.0347 14896 vsmraid - ok
17:51:32.0378 14896 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:51:32.0404 14896 VSS - ok
17:51:32.0409 14896 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:51:32.0410 14896 vwifibus - ok
17:51:32.0470 14896 [ E13B31E0ADA64CF1513D993F436CA39D ] VX3000 C:\Windows\system32\DRIVERS\VX3000.sys
17:51:32.0505 14896 VX3000 - ok
17:51:32.0527 14896 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:51:32.0531 14896 W32Time - ok
17:51:32.0539 14896 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:51:32.0541 14896 WacomPen - ok
17:51:32.0573 14896 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:51:32.0575 14896 WANARP - ok
17:51:32.0578 14896 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:51:32.0579 14896 Wanarpv6 - ok
17:51:32.0624 14896 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:51:32.0650 14896 WatAdminSvc - ok
17:51:32.0688 14896 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:51:32.0715 14896 wbengine - ok
17:51:32.0722 14896 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:51:32.0726 14896 WbioSrvc - ok
17:51:32.0733 14896 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:51:32.0738 14896 wcncsvc - ok
17:51:32.0744 14896 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:51:32.0746 14896 WcsPlugInService - ok
17:51:32.0751 14896 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
17:51:32.0752 14896 Wd - ok
17:51:32.0763 14896 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:51:32.0770 14896 Wdf01000 - ok
17:51:32.0782 14896 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:51:32.0785 14896 WdiServiceHost - ok
17:51:32.0789 14896 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:51:32.0790 14896 WdiSystemHost - ok
17:51:32.0808 14896 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:51:32.0814 14896 WebClient - ok
17:51:32.0826 14896 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:51:32.0830 14896 Wecsvc - ok
17:51:32.0844 14896 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:51:32.0847 14896 wercplsupport - ok
17:51:32.0866 14896 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:51:32.0869 14896 WerSvc - ok
17:51:32.0873 14896 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:51:32.0874 14896 WfpLwf - ok
17:51:32.0886 14896 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:51:32.0887 14896 WIMMount - ok
17:51:32.0892 14896 WinHttpAutoProxySvc - ok
17:51:32.0936 14896 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:51:32.0941 14896 Winmgmt - ok
17:51:33.0000 14896 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:51:33.0042 14896 WinRM - ok
17:51:33.0077 14896 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:51:33.0079 14896 WinUsb - ok
17:51:33.0103 14896 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:51:33.0112 14896 Wlansvc - ok
17:51:33.0145 14896 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:51:33.0148 14896 wlcrasvc - ok
17:51:33.0240 14896 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:51:33.0321 14896 wlidsvc - ok
17:51:33.0341 14896 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:51:33.0343 14896 WmiAcpi - ok
17:51:33.0374 14896 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:51:33.0382 14896 wmiApSrv - ok
17:51:33.0405 14896 WMPNetworkSvc - ok
17:51:33.0432 14896 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:51:33.0436 14896 WPCSvc - ok
17:51:33.0457 14896 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:51:33.0462 14896 WPDBusEnum - ok
17:51:33.0478 14896 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:51:33.0480 14896 ws2ifsl - ok
17:51:33.0486 14896 WSearch - ok
17:51:33.0501 14896 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:51:33.0503 14896 WudfPf - ok
17:51:33.0530 14896 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:51:33.0532 14896 WUDFRd - ok
17:51:33.0558 14896 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:51:33.0561 14896 wudfsvc - ok
17:51:33.0575 14896 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:51:33.0578 14896 WwanSvc - ok
17:51:33.0584 14896 ================ Scan global ===============================
17:51:33.0599 14896 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:51:33.0630 14896 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:51:33.0647 14896 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:51:33.0674 14896 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:51:33.0710 14896 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
17:51:33.0717 14896 [Global] - ok
17:51:33.0721 14896 ================ Scan MBR ==================================
17:51:33.0736 14896 [ 70E629B51C16B3C007730C6AE57144C9 ] \Device\Harddisk0\DR0
17:51:33.0737 14896 Suspicious mbr (Forged): \Device\Harddisk0\DR0
17:51:33.0792 14896 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
17:51:33.0793 14896 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
17:51:33.0793 14896 ================ Scan VBR ==================================
17:51:33.0800 14896 [ B7CAEC7C8BC77644351F08C502C2CB2A ] \Device\Harddisk0\DR0\Partition1
17:51:33.0804 14896 \Device\Harddisk0\DR0\Partition1 - ok
17:51:33.0820 14896 [ 80CE2CD362B2AC67F67980991AB1F004 ] \Device\Harddisk0\DR0\Partition2
17:51:33.0827 14896 \Device\Harddisk0\DR0\Partition2 - ok
17:51:33.0827 14896 ============================================================
17:51:33.0828 14896 Scan finished
17:51:33.0828 14896 ============================================================
17:51:33.0844 5188 Detected object count: 1
17:51:33.0844 5188 Actual detected object count: 1
17:51:44.0713 5188 \Device\Harddisk0\DR0\# - copied to quarantine
17:51:44.0715 5188 \Device\Harddisk0\DR0 - copied to quarantine
17:51:44.0784 5188 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
17:51:44.0786 5188 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
17:51:44.0791 5188 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:51:44.0796 5188 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:51:44.0810 5188 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:51:44.0818 5188 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:51:44.0819 5188 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
17:51:44.0820 5188 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:51:44.0822 5188 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
17:51:44.0824 5188 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:51:44.0826 5188 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:51:44.0827 5188 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
17:51:44.0828 5188 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
17:51:44.0829 5188 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
17:51:44.0832 5188 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
17:51:44.0833 5188 \Device\Harddisk0\DR0 - ok
17:51:45.0228 5188 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
17:51:49.0783 10872 Deinitialize success


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/26/2012 9:58:06 AM
System Uptime: 8/31/2012 5:52:32 PM (1 hours ago)
.
Motherboard: eMachines | | EL1358G
Processor: AMD Athlon(tm) II X2 220 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 912 GiB total, 848.952 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP64: 8/4/2012 12:00:04 AM - Scheduled Checkpoint
RP65: 8/11/2012 12:11:24 AM - Scheduled Checkpoint
RP66: 8/18/2012 6:34:28 PM - Scheduled Checkpoint
RP67: 8/26/2012 12:00:04 AM - Scheduled Checkpoint
RP68: 8/27/2012 4:24:19 PM - Installed Java(TM) 6 Update 34
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Agatha Christie - 4:50 from Paddington
Amazon Send to Kindle
Apple Application Support
Apple Software Update
Bejeweled 2 Deluxe
Build-a-lot 2
Chuzzle Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
eBay Worldwide
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Final Drive: Nitro
FrostWire 5.3.4
Galerie de photos Windows Live
Garmin Communicator Plugin
Hotkey Utility
Identity Card
IncrediMail
IncrediMail 2.0
Java Auto Updater
Java(TM) 6 Update 34
Jewel Quest Heritage
Junk Mail filter update
Kobo
Mesh Runtime
Microsoft Office 2000 Professional
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars: PAC-MAN
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NOOK for PC
Norton Online Backup
NVIDIA ForceWare Network Access Manager
NVIDIA Stereoscopic 3D Driver
Pando Media Booster
Pangya (Ntreev USA)

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.QDNADE
----- EOF -----

Penguins!
Photo Notifier and Animation Creator
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Click to Call
Skype™ 5.5
Spybot - Search & Destroy
Torchlight
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Welcome Center
WildTangent Games App (eMachines Games)
WinAce Archiver
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WModem Driver Installer
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
8/31/2012 5:53:55 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/31/2012 5:53:55 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
8/31/2012 5:53:06 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
8/31/2012 5:53:06 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/31/2012 5:53:05 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/31/2012 5:53:03 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
.
==== End Of File ===========================


I think I got everything
rfeely
Active Member
 
Posts: 9
Joined: August 31st, 2012, 6:06 pm

Re: Google links being diverted to different websites

Unread postby Gizzy » September 5th, 2012, 4:40 am

Hi rfeely,
You didn't post the MGA Diagnostic log, Please post it in your next reply along with fresh DDS logs.

Run DDS
Image

  1. Disable any script blocker, Then right-click the dds file and select Run as administrator to run the tool, A command window will appear, This is normal
  2. Once DDS has finished, Two logs will appear:
    • DDS.txt
    • Attach.txt
  3. A window will open instructing you save & post the logs
  4. Save the logs to a convenient place such as your desktop
  5. Copy & paste the contents of both logs in your next reply



Please reply with:
  • MGA Diagnostic log
  • New DDS logs
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: Google links being diverted to different websites

Unread postby rfeely » September 5th, 2012, 6:52 pm

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by RFEELY at 18:07:45 on 2012-08-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1520 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\vVX3000.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://emachines.msn.com
mDefault_Page_URL = hxxp://emachines.msn.com
mStart Page = hxxp://emachines.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
TCP: Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0} : DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 GREGService;GREGService;C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2010-1-8 23584]
R2 Live Updater Service;Live Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2011-3-31 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-26 378984]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-17 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-28 250568]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2012-3-2 21504]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-31 21:51:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-27 20:25:43 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-08-09 19:04:03 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
.
==================== Find3M ====================
.
2012-08-27 21:54:48 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-27 21:54:48 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-27 20:25:39 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 22:59:00 4328248 ----a-w- C:\Windows\SysWow64\GameMon.des
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
.
============= FINISH: 18:09:15.95 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/26/2012 9:58:06 AM
System Uptime: 8/31/2012 5:52:32 PM (1 hours ago)
.
Motherboard: eMachines | | EL1358G
Processor: AMD Athlon(tm) II X2 220 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 912 GiB total, 848.952 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP64: 8/4/2012 12:00:04 AM - Scheduled Checkpoint
RP65: 8/11/2012 12:11:24 AM - Scheduled Checkpoint
RP66: 8/18/2012 6:34:28 PM - Scheduled Checkpoint
RP67: 8/26/2012 12:00:04 AM - Scheduled Checkpoint
RP68: 8/27/2012 4:24:19 PM - Installed Java(TM) 6 Update 34
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Agatha Christie - 4:50 from Paddington
Amazon Send to Kindle
Apple Application Support
Apple Software Update
Bejeweled 2 Deluxe
Build-a-lot 2
Chuzzle Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
eBay Worldwide
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Final Drive: Nitro
FrostWire 5.3.4
Galerie de photos Windows Live
Garmin Communicator Plugin
Hotkey Utility
Identity Card
IncrediMail
IncrediMail 2.0
Java Auto Updater
Java(TM) 6 Update 34
Jewel Quest Heritage
Junk Mail filter update
Kobo
Mesh Runtime
Microsoft Office 2000 Professional
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars: PAC-MAN
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NOOK for PC
Norton Online Backup
NVIDIA ForceWare Network Access Manager
NVIDIA Stereoscopic 3D Driver
Pando Media Booster
Pangya (Ntreev USA)
Penguins!
Photo Notifier and Animation Creator
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Click to Call
Skype™ 5.5
Spybot - Search & Destroy
Torchlight
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Welcome Center
WildTangent Games App (eMachines Games)
WinAce Archiver
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WModem Driver Installer
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
8/31/2012 5:53:55 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/31/2012 5:53:55 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
8/31/2012 5:53:06 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
8/31/2012 5:53:06 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/31/2012 5:53:05 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/31/2012 5:53:03 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
.
==== End Of File ===========================

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
Windows Product ID: 00359-OEM-8992687-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {CB48CA6A-1D86-43B1-9A28-D6F9843CE224}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120503-2030
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{CB48CA6A-1D86-43B1-9A28-D6F9843CE224}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-2042329685-3866254691-3987848263</SID><SYSTEM><Manufacturer>eMachines</Manufacturer><Model>EL1358G</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P01-B3</Version><SMBIOSVersion major="2" minor="6"/><Date>20110801000000.000000+000</Date></BIOS><HWID>A1873607018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800006-02-1033-7601.0000-0902011
Installation ID: 013913457263208521701300512035770183224222233876233971
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 7QJB7
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 9/2/2012 3:30:24 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 8:6:2012 15:17
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: KgAAAAEAAQABAAEAAAABAAAAAQABAAEAeqjIiPyyajyyLPbd8gDsdhh5

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 080111 APIC1518
FACP 080111 FACP1518
HPET 080111 OEMHPET0
MCFG 080111 OEMMCFG
WDRT 080111 NV-WDRT
SLIC ACRSYS ACRPRDCT
OEMB 080111 OEMB1518
AWMI 080111 OEMB1518
SSDT A M I POWERNOW


............

These are the files you stated I think. I don't know what you mean about the script blocker....also if you need more than this with the dds you need to explaing about the picture you posted. Not super computer literate...lol
rfeely
Active Member
 
Posts: 9
Joined: August 31st, 2012, 6:06 pm

Re: Google links being diverted to different websites

Unread postby rfeely » September 5th, 2012, 6:53 pm

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by RFEELY at 18:07:45 on 2012-08-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1520 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\vVX3000.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://emachines.msn.com
mDefault_Page_URL = hxxp://emachines.msn.com
mStart Page = hxxp://emachines.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
TCP: Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0} : DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 GREGService;GREGService;C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2010-1-8 23584]
R2 Live Updater Service;Live Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2011-3-31 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-26 378984]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-17 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-28 250568]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2012-3-2 21504]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-31 21:51:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-27 20:25:43 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-08-09 19:04:03 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
.
==================== Find3M ====================
.
2012-08-27 21:54:48 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-27 21:54:48 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-27 20:25:39 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 22:59:00 4328248 ----a-w- C:\Windows\SysWow64\GameMon.des
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
.
============= FINISH: 18:09:15.95 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/26/2012 9:58:06 AM
System Uptime: 8/31/2012 5:52:32 PM (1 hours ago)
.
Motherboard: eMachines | | EL1358G
Processor: AMD Athlon(tm) II X2 220 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 912 GiB total, 848.952 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP64: 8/4/2012 12:00:04 AM - Scheduled Checkpoint
RP65: 8/11/2012 12:11:24 AM - Scheduled Checkpoint
RP66: 8/18/2012 6:34:28 PM - Scheduled Checkpoint
RP67: 8/26/2012 12:00:04 AM - Scheduled Checkpoint
RP68: 8/27/2012 4:24:19 PM - Installed Java(TM) 6 Update 34
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Agatha Christie - 4:50 from Paddington
Amazon Send to Kindle
Apple Application Support
Apple Software Update
Bejeweled 2 Deluxe
Build-a-lot 2
Chuzzle Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
eBay Worldwide
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Final Drive: Nitro
FrostWire 5.3.4
Galerie de photos Windows Live
Garmin Communicator Plugin
Hotkey Utility
Identity Card
IncrediMail
IncrediMail 2.0
Java Auto Updater
Java(TM) 6 Update 34
Jewel Quest Heritage
Junk Mail filter update
Kobo
Mesh Runtime
Microsoft Office 2000 Professional
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars: PAC-MAN
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NOOK for PC
Norton Online Backup
NVIDIA ForceWare Network Access Manager
NVIDIA Stereoscopic 3D Driver
Pando Media Booster
Pangya (Ntreev USA)
Penguins!
Photo Notifier and Animation Creator
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Click to Call
Skype™ 5.5
Spybot - Search & Destroy
Torchlight
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Welcome Center
WildTangent Games App (eMachines Games)
WinAce Archiver
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WModem Driver Installer
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
8/31/2012 5:53:55 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/31/2012 5:53:55 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
8/31/2012 5:53:06 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
8/31/2012 5:53:06 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/31/2012 5:53:05 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/31/2012 5:53:03 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
.
==== End Of File ===========================

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
Windows Product ID: 00359-OEM-8992687-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {CB48CA6A-1D86-43B1-9A28-D6F9843CE224}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120503-2030
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{CB48CA6A-1D86-43B1-9A28-D6F9843CE224}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-2042329685-3866254691-3987848263</SID><SYSTEM><Manufacturer>eMachines</Manufacturer><Model>EL1358G</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P01-B3</Version><SMBIOSVersion major="2" minor="6"/><Date>20110801000000.000000+000</Date></BIOS><HWID>A1873607018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800006-02-1033-7601.0000-0902011
Installation ID: 013913457263208521701300512035770183224222233876233971
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 7QJB7
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 9/2/2012 3:30:24 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 8:6:2012 15:17
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: KgAAAAEAAQABAAEAAAABAAAAAQABAAEAeqjIiPyyajyyLPbd8gDsdhh5

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 080111 APIC1518
FACP 080111 FACP1518
HPET 080111 OEMHPET0
MCFG 080111 OEMMCFG
WDRT 080111 NV-WDRT
SLIC ACRSYS ACRPRDCT
OEMB 080111 OEMB1518
AWMI 080111 OEMB1518
SSDT A M I POWERNOW


............

These are the files you stated I think. I don't know what you mean about the script blocker....also if you need more than this with the dds you need to explaing about the picture you posted. Not super computer literate...lol
rfeely
Active Member
 
Posts: 9
Joined: August 31st, 2012, 6:06 pm

Re: Google links being diverted to different websites

Unread postby Gizzy » September 6th, 2012, 7:35 am

Hi rfeely,


Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.
  • If you need help to disable your protection programs see here.
  • Right-click on ComboFix.exe and select Run as administrator then follow the prompts.
  • When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


You aren't running Anti-virus Software
Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software (for personal use), from one these excellent vendors:


After installing an Anti-virus remember to update it to be protected from the newest malware.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


Please reply with:
  • Combofix log
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: Google links being diverted to different websites

Unread postby rfeely » September 7th, 2012, 8:01 pm

ok I ran it twice thinking I was doing something wrong and I can't find the log anywhere. I even searched for the file on "computer" and c: with no luck.
rfeely
Active Member
 
Posts: 9
Joined: August 31st, 2012, 6:06 pm

Re: Google links being diverted to different websites

Unread postby Gizzy » September 7th, 2012, 9:40 pm

Hi rfeely,
Did it appear to run? A window opened saying it was scanning your computer?

You should be able to find it by doing the following,
Click Start > Computer > C: > ComboFix.txt

If it's not there, Please check in the folders C:\qoobox and C:\QooBox\LastRun for any logs and post them in your next reply.
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: Google links being diverted to different websites

Unread postby rfeely » September 8th, 2012, 5:59 pm

It did appear to run. The only thing in that folder is d-delA.dat and d-delB.dat
rfeely
Active Member
 
Posts: 9
Joined: August 31st, 2012, 6:06 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 135 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware