Solved Google Search Results Redirected

January 4, 2013 at 14:42:25
Specs: Windows Vista

About a third of the time when I google something and click on a result, I briefly get a blank page and what looks like an IP address in the top tab, then a page loads that is completely different from the one that should have. Often it's a page that's completely blank except for a list of "search results" similar to what I originally searched. I tried using Bing, out of curiosity, but with that the results are always redirected.
I already ran a scan with Malwarebytes and deleted what it found, then restarted. (Before I did that, my google results were redirected all the time, so at least it did some good.)

See More: Google Search Results Redirected

Report •


#1
January 4, 2013 at 15:13:58

Try the procedure on this link:
http://www.makeuseof.com/tag/step-s...

As you already have MS Malicious Software Removal Tool already on your system (updated monthly) you might as well run this too. Just type mrt.exe in Search then left click this entry when it appears and do a scan. It is intended to fix well known "nasties".

Always pop back and let us know the outcome - thanks


Report •

#2
January 4, 2013 at 16:54:55

Tried both the procedures from the link, and the MS tool. None of them found anything, and the problem persists.

Report •

#3
January 4, 2013 at 17:59:14
✔ Best Answer

Gotta go, 2am here in UK.

In the meantime try response #1 on here:
http://www.computing.net/answers/se...

I appreciate that you have already run tdss killer and Malwarebytes but there is a difference. This time rkill is used in an attempt to stop this nasty in its tracks while you run the other two again. Stick rigidly to the sequence given.

If you need to repeat it from Safe Mode you tap F8 key while you are booting up. You then select Safe Mode from the list. When the screen arrives it will look a tad odd but you will still be able to run the procedure in the same way.

If it doesn't help then you need more specialist attention.

Always pop back and let us know the outcome - thanks


Report •

Related Solutions

#4
January 4, 2013 at 19:14:12

After trying #3, post the logs please.

Report •

#5
January 5, 2013 at 10:11:44

Looks like the problem is solved!

Rkill log:

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 01/05/2013 12:19:27 PM in x86 mode.
Windows Version: Windows Vista (TM) Home Basic Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost
46.4.179.109 facebook.com

Program finished at: 01/05/2013 12:19:55 PM
Execution time: 0 hours(s), 0 minute(s), and 27 seconds(s)


Report •

#6
January 5, 2013 at 10:13:56

Tdss killer log:

12:23:33.0981 5012 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:23:34.0882 5012 ============================================================
12:23:34.0882 5012 Current date / time: 2013/01/05 12:23:34.0882
12:23:34.0882 5012 SystemInfo:
12:23:34.0882 5012
12:23:34.0882 5012 OS Version: 6.0.6002 ServicePack: 2.0
12:23:34.0882 5012 Product type: Workstation
12:23:34.0882 5012 ComputerName: JOMARCH
12:23:34.0883 5012 UserName: Bethany
12:23:34.0883 5012 Windows directory: C:\Windows
12:23:34.0883 5012 System windows directory: C:\Windows
12:23:34.0883 5012 Processor architecture: Intel x86
12:23:34.0883 5012 Number of processors: 1
12:23:34.0883 5012 Page size: 0x1000
12:23:34.0883 5012 Boot type: Normal boot
12:23:34.0883 5012 ============================================================
12:23:36.0038 5012 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:23:36.0040 5012 ============================================================
12:23:36.0040 5012 \Device\Harddisk0\DR0:
12:23:36.0040 5012 MBR partitions:
12:23:36.0040 5012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x118BC800
12:23:36.0040 5012 ============================================================
12:23:36.0096 5012 C: <-> \Device\Harddisk0\DR0\Partition1
12:23:36.0096 5012 ============================================================
12:23:36.0096 5012 Initialize success
12:23:36.0096 5012 ============================================================
12:23:37.0818 5712 ============================================================
12:23:37.0818 5712 Scan started
12:23:37.0818 5712 Mode: Manual;
12:23:37.0818 5712 ============================================================
12:23:40.0930 5712 ================ Scan system memory ========================
12:23:40.0930 5712 System memory - ok
12:23:40.0931 5712 ================ Scan services =============================
12:23:41.0091 5712 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:23:41.0161 5712 !SASCORE - ok
12:23:41.0387 5712 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
12:23:41.0389 5712 ACPI - ok
12:23:41.0450 5712 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:23:41.0454 5712 AdobeFlashPlayerUpdateSvc - ok
12:23:41.0527 5712 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:23:41.0560 5712 adp94xx - ok
12:23:41.0652 5712 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:23:41.0751 5712 adpahci - ok
12:23:41.0822 5712 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
12:23:41.0865 5712 adpu160m - ok
12:23:41.0885 5712 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:23:41.0910 5712 adpu320 - ok
12:23:41.0982 5712 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:23:41.0995 5712 AeLookupSvc - ok
12:23:42.0068 5712 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
12:23:42.0071 5712 AFD - ok
12:23:42.0106 5712 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
12:23:42.0106 5712 AgereModemAudio - ok
12:23:42.0180 5712 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
12:23:42.0301 5712 AgereSoftModem - ok
12:23:42.0339 5712 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:23:42.0340 5712 agp440 - ok
12:23:42.0376 5712 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
12:23:42.0419 5712 aic78xx - ok
12:23:42.0476 5712 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
12:23:42.0479 5712 ALG - ok
12:23:42.0505 5712 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
12:23:42.0529 5712 aliide - ok
12:23:42.0554 5712 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:23:42.0569 5712 amdagp - ok
12:23:42.0578 5712 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
12:23:42.0633 5712 amdide - ok
12:23:42.0639 5712 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
12:23:42.0640 5712 AmdK7 - ok
12:23:42.0692 5712 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:23:42.0735 5712 AmdK8 - ok
12:23:42.0828 5712 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
12:23:42.0874 5712 Appinfo - ok
12:23:43.0006 5712 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:23:43.0023 5712 Apple Mobile Device - ok
12:23:43.0073 5712 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
12:23:43.0120 5712 arc - ok
12:23:43.0188 5712 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:23:43.0226 5712 arcsas - ok
12:23:43.0267 5712 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:23:43.0267 5712 AsyncMac - ok
12:23:43.0299 5712 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
12:23:43.0299 5712 atapi - ok
12:23:43.0367 5712 [ 8BE56F8300E1C37B578DA23C71816B7A ] athr C:\Windows\system32\DRIVERS\athr.sys
12:23:43.0436 5712 athr - ok
12:23:43.0498 5712 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:23:43.0531 5712 AudioEndpointBuilder - ok
12:23:43.0564 5712 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:23:43.0566 5712 Audiosrv - ok
12:23:43.0645 5712 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
12:23:43.0645 5712 Beep - ok
12:23:43.0697 5712 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
12:23:43.0701 5712 BFE - ok
12:23:43.0758 5712 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
12:23:43.0779 5712 BITS - ok
12:23:43.0813 5712 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
12:23:43.0837 5712 blbdrive - ok
12:23:43.0901 5712 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:23:44.0054 5712 Bonjour Service - ok
12:23:44.0092 5712 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:23:44.0106 5712 bowser - ok
12:23:44.0181 5712 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
12:23:44.0221 5712 BrFiltLo - ok
12:23:44.0227 5712 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
12:23:44.0247 5712 BrFiltUp - ok
12:23:44.0293 5712 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
12:23:44.0294 5712 Browser - ok
12:23:44.0345 5712 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
12:23:44.0420 5712 Brserid - ok
12:23:44.0427 5712 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
12:23:44.0458 5712 BrSerWdm - ok
12:23:44.0485 5712 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
12:23:44.0507 5712 BrUsbMdm - ok
12:23:44.0516 5712 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
12:23:44.0538 5712 BrUsbSer - ok
12:23:44.0572 5712 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:23:44.0590 5712 BTHMODEM - ok
12:23:44.0650 5712 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:23:44.0651 5712 cdfs - ok
12:23:44.0725 5712 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:23:44.0726 5712 cdrom - ok
12:23:44.0773 5712 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
12:23:44.0785 5712 CertPropSvc - ok
12:23:44.0848 5712 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
12:23:44.0863 5712 circlass - ok
12:23:44.0892 5712 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
12:23:44.0942 5712 CLFS - ok
12:23:45.0014 5712 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:23:45.0106 5712 clr_optimization_v2.0.50727_32 - ok
12:23:45.0217 5712 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:23:45.0856 5712 clr_optimization_v4.0.30319_32 - ok
12:23:45.0928 5712 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:23:45.0929 5712 CmBatt - ok
12:23:45.0951 5712 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:23:45.0972 5712 cmdide - ok
12:23:46.0006 5712 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:23:46.0007 5712 Compbatt - ok
12:23:46.0052 5712 [ 216F2C5CD4B5858D9A80A09A5479562B ] CompFilter C:\Windows\system32\DRIVERS\lvbusflt.sys
12:23:46.0106 5712 CompFilter - ok
12:23:46.0112 5712 COMSysApp - ok
12:23:46.0193 5712 [ D10D01B2DFCD8D2F32A32ED29E8DA1C2 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
12:23:46.0225 5712 ConfigFree Service - ok
12:23:46.0245 5712 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:23:46.0248 5712 crcdisk - ok
12:23:46.0257 5712 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
12:23:46.0258 5712 Crusoe - ok
12:23:46.0342 5712 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:23:46.0346 5712 CryptSvc - ok
12:23:46.0411 5712 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:23:46.0432 5712 DcomLaunch - ok
12:23:46.0557 5712 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
12:23:46.0787 5712 DFSR - ok
12:23:46.0866 5712 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
12:23:46.0871 5712 Dhcp - ok
12:23:46.0909 5712 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
12:23:46.0909 5712 disk - ok
12:23:46.0948 5712 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:23:46.0952 5712 Dnscache - ok
12:23:46.0994 5712 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:23:47.0000 5712 dot3svc - ok
12:23:47.0035 5712 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
12:23:47.0039 5712 DPS - ok
12:23:47.0084 5712 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:23:47.0084 5712 drmkaud - ok
12:23:47.0121 5712 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:23:47.0163 5712 DXGKrnl - ok
12:23:47.0190 5712 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
12:23:47.0232 5712 E1G60 - ok
12:23:47.0274 5712 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
12:23:47.0277 5712 EapHost - ok
12:23:47.0313 5712 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
12:23:47.0318 5712 Ecache - ok
12:23:47.0387 5712 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:23:47.0420 5712 elxstor - ok
12:23:47.0467 5712 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
12:23:47.0488 5712 EMDMgmt - ok
12:23:47.0495 5712 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:23:47.0513 5712 ErrDev - ok
12:23:47.0557 5712 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
12:23:47.0562 5712 EventSystem - ok
12:23:47.0591 5712 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
12:23:47.0606 5712 exfat - ok
12:23:47.0659 5712 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:23:47.0661 5712 fastfat - ok
12:23:47.0705 5712 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:23:47.0705 5712 fdc - ok
12:23:47.0736 5712 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
12:23:47.0750 5712 fdPHost - ok
12:23:47.0758 5712 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
12:23:47.0761 5712 FDResPub - ok
12:23:47.0789 5712 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:23:47.0792 5712 FileInfo - ok
12:23:47.0799 5712 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:23:47.0855 5712 Filetrace - ok
12:23:47.0865 5712 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:23:47.0865 5712 flpydisk - ok
12:23:47.0917 5712 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:23:47.0919 5712 FltMgr - ok
12:23:47.0985 5712 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
12:23:48.0020 5712 FontCache - ok
12:23:48.0095 5712 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:23:48.0096 5712 FontCache3.0.0.0 - ok
12:23:48.0121 5712 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:23:48.0121 5712 Fs_Rec - ok
12:23:48.0151 5712 [ CBC22823628544735625B280665E434E ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
12:23:48.0163 5712 FwLnk - ok
12:23:48.0200 5712 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:23:48.0218 5712 gagp30kx - ok
12:23:48.0325 5712 [ 9DCF7DFE5FDBB0A47F8EE01FE13C2876 ] GameConsoleService C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
12:23:48.0378 5712 GameConsoleService - ok
12:23:48.0423 5712 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:23:48.0451 5712 GEARAspiWDM - ok
12:23:48.0541 5712 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
12:23:48.0542 5712 GoogleDesktopManager-051210-111108 - ok
12:23:48.0593 5712 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
12:23:48.0685 5712 gpsvc - ok
12:23:48.0743 5712 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:23:48.0837 5712 gupdate - ok
12:23:48.0866 5712 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:23:48.0867 5712 gupdatem - ok
12:23:48.0914 5712 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:23:48.0988 5712 gusvc - ok
12:23:49.0042 5712 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:23:49.0128 5712 HdAudAddService - ok
12:23:49.0183 5712 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:23:49.0207 5712 HDAudBus - ok
12:23:49.0247 5712 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:23:49.0260 5712 HidBth - ok
12:23:49.0272 5712 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
12:23:49.0296 5712 HidIr - ok
12:23:49.0338 5712 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
12:23:49.0342 5712 hidserv - ok
12:23:49.0351 5712 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:23:49.0351 5712 HidUsb - ok
12:23:49.0391 5712 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:23:49.0395 5712 hkmsvc - ok
12:23:49.0402 5712 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
12:23:49.0421 5712 HpCISSs - ok
12:23:49.0453 5712 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:23:49.0457 5712 HTTP - ok
12:23:49.0480 5712 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
12:23:49.0498 5712 i2omp - ok
12:23:49.0531 5712 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:23:49.0531 5712 i8042prt - ok
12:23:49.0622 5712 [ CB686F44BF955EA02520710A56874FA4 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:23:49.0677 5712 IAANTMON - ok
12:23:49.0756 5712 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:23:49.0759 5712 iaStor - ok
12:23:49.0787 5712 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
12:23:49.0816 5712 iaStorV - ok
12:23:49.0877 5712 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
12:23:50.0006 5712 IDriverT - ok
12:23:50.0086 5712 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:23:50.0262 5712 idsvc - ok
12:23:50.0374 5712 [ 6FB1858D1F0923D122B0331865695041 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
12:23:50.0526 5712 igfx - ok
12:23:50.0563 5712 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:23:50.0601 5712 iirsp - ok
12:23:50.0654 5712 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
12:23:50.0689 5712 IKEEXT - ok
12:23:50.0798 5712 [ B9CBD3DEA7CA02868621173BF7A2AF9F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:23:51.0005 5712 IntcAzAudAddService - ok
12:23:51.0020 5712 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
12:23:51.0021 5712 intelide - ok
12:23:51.0042 5712 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:23:51.0043 5712 intelppm - ok
12:23:51.0079 5712 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:23:51.0095 5712 IPBusEnum - ok
12:23:51.0114 5712 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:23:51.0114 5712 IpFilterDriver - ok
12:23:51.0148 5712 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:23:51.0168 5712 iphlpsvc - ok
12:23:51.0174 5712 IpInIp - ok
12:23:51.0186 5712 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
12:23:51.0203 5712 IPMIDRV - ok
12:23:51.0215 5712 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
12:23:51.0216 5712 IPNAT - ok
12:23:51.0284 5712 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:23:51.0302 5712 iPod Service - ok
12:23:51.0308 5712 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:23:51.0311 5712 IRENUM - ok
12:23:51.0333 5712 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:23:51.0334 5712 isapnp - ok
12:23:51.0365 5712 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:23:51.0385 5712 iScsiPrt - ok
12:23:51.0412 5712 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
12:23:51.0430 5712 iteatapi - ok
12:23:51.0448 5712 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
12:23:51.0465 5712 iteraid - ok
12:23:51.0563 5712 [ FE1A970E7CE330BB844E333C374C6599 ] iWinTrusted C:\Program Files\iWin Games\iWinTrusted.exe
12:23:51.0611 5712 iWinTrusted - ok
12:23:51.0694 5712 [ 957135960E7533EA5C7EA0BFB34F8EFD ] jswpsapi C:\Program Files\Jumpstart\jswpsapi.exe
12:23:51.0778 5712 jswpsapi - ok
12:23:51.0809 5712 [ 11AD410F41AF42BA12E63187E3EC141A ] jswpslwf C:\Windows\system32\DRIVERS\jswpslwf.sys
12:23:51.0848 5712 jswpslwf - ok
12:23:51.0863 5712 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:23:51.0864 5712 kbdclass - ok
12:23:51.0883 5712 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:23:51.0896 5712 kbdhid - ok
12:23:51.0932 5712 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
12:23:51.0934 5712 KeyIso - ok
12:23:52.0076 5712 [ 775C6D5D60146D7DB08A01CB596D7EC6 ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
12:23:52.0561 5712 Kodak AiO Network Discovery Service - ok
12:23:52.0653 5712 [ 17AFF68AB32F8671BC46612D35351099 ] Kodak AiO Status Monitor Service C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
12:23:52.0673 5712 Kodak AiO Status Monitor Service - ok
12:23:52.0684 5712 [ E8CA038F51F7761BD6E3A3B0B8014263 ] KR10I C:\Windows\system32\drivers\kr10i.sys
12:23:52.0861 5712 KR10I - ok
12:23:52.0898 5712 [ 6A4ADB9186DD0E114E623DAF57E42B31 ] KR10N C:\Windows\system32\drivers\kr10n.sys
12:23:53.0003 5712 KR10N - ok
12:23:53.0037 5712 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:23:53.0040 5712 KSecDD - ok
12:23:53.0088 5712 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
12:23:53.0143 5712 KtmRm - ok
12:23:53.0172 5712 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
12:23:53.0179 5712 LanmanServer - ok
12:23:53.0230 5712 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:23:53.0236 5712 LanmanWorkstation - ok
12:23:53.0260 5712 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:23:53.0264 5712 lltdio - ok
12:23:53.0294 5712 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:23:53.0321 5712 lltdsvc - ok
12:23:53.0355 5712 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:23:53.0358 5712 lmhosts - ok
12:23:53.0411 5712 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:23:53.0438 5712 LSI_FC - ok
12:23:53.0446 5712 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:23:53.0499 5712 LSI_SAS - ok
12:23:53.0529 5712 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:23:53.0559 5712 LSI_SCSI - ok
12:23:53.0605 5712 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
12:23:53.0609 5712 luafv - ok
12:23:53.0645 5712 [ 8BE71D7EDB8C7494913722059F760DD0 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
12:23:53.0648 5712 LVPr2Mon - ok
12:23:53.0708 5712 [ 2333057542C91AE8228BDCCC2E5F2632 ] LVPrcSrv C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
12:23:53.0711 5712 LVPrcSrv - ok
12:23:53.0759 5712 [ A1857FBB9B4930EEB2FD92386C45C529 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
12:23:54.0047 5712 LVRS - ok
12:23:54.0229 5712 [ 3703406AF0726BADD24C5E552493E5B1 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
12:23:55.0242 5712 LVUVC - ok
12:23:55.0324 5712 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:23:55.0356 5712 MBAMProtector - ok
12:23:55.0434 5712 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:23:55.0479 5712 MBAMScheduler - ok
12:23:55.0535 5712 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:23:55.0587 5712 MBAMService - ok
12:23:55.0669 5712 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
12:23:55.0685 5712 megasas - ok
12:23:55.0710 5712 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
12:23:55.0743 5712 MegaSR - ok
12:23:55.0778 5712 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
12:23:55.0794 5712 MMCSS - ok
12:23:55.0822 5712 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
12:23:55.0822 5712 Modem - ok
12:23:55.0834 5712 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:23:55.0886 5712 monitor - ok
12:23:55.0908 5712 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:23:55.0909 5712 mouclass - ok
12:23:55.0936 5712 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:23:55.0937 5712 mouhid - ok
12:23:55.0972 5712 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
12:23:55.0972 5712 MountMgr - ok
12:23:55.0988 5712 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
12:23:56.0006 5712 mpio - ok
12:23:56.0030 5712 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:23:56.0044 5712 mpsdrv - ok
12:23:56.0086 5712 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
12:23:56.0124 5712 MpsSvc - ok
12:23:56.0145 5712 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
12:23:56.0162 5712 Mraid35x - ok
12:23:56.0210 5712 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:23:56.0211 5712 MRxDAV - ok
12:23:56.0285 5712 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:23:56.0286 5712 mrxsmb - ok
12:23:56.0296 5712 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:23:56.0365 5712 mrxsmb10 - ok
12:23:56.0373 5712 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:23:56.0390 5712 mrxsmb20 - ok
12:23:56.0418 5712 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
12:23:56.0433 5712 msahci - ok
12:23:56.0455 5712 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:23:56.0472 5712 msdsm - ok
12:23:56.0499 5712 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
12:23:56.0506 5712 MSDTC - ok
12:23:56.0532 5712 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:23:56.0533 5712 Msfs - ok
12:23:56.0573 5712 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:23:56.0576 5712 msisadrv - ok
12:23:56.0609 5712 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:23:56.0626 5712 MSiSCSI - ok
12:23:56.0632 5712 msiserver - ok
12:23:56.0673 5712 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:23:56.0673 5712 MSKSSRV - ok
12:23:56.0686 5712 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:23:56.0686 5712 MSPCLOCK - ok
12:23:56.0698 5712 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:23:56.0698 5712 MSPQM - ok
12:23:56.0739 5712 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:23:56.0776 5712 MsRPC - ok
12:23:56.0806 5712 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:23:56.0808 5712 mssmbios - ok
12:23:56.0825 5712 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:23:56.0848 5712 MSTEE - ok
12:23:56.0880 5712 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
12:23:56.0880 5712 Mup - ok
12:23:56.0924 5712 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
12:23:56.0932 5712 napagent - ok
12:23:56.0970 5712 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:23:56.0985 5712 NativeWifiP - ok
12:23:57.0034 5712 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:23:57.0038 5712 NDIS - ok
12:23:57.0077 5712 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:23:57.0078 5712 NdisTapi - ok
12:23:57.0094 5712 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:23:57.0095 5712 Ndisuio - ok
12:23:57.0102 5712 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:23:57.0104 5712 NdisWan - ok
12:23:57.0122 5712 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:23:57.0126 5712 NDProxy - ok
12:23:57.0139 5712 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:23:57.0142 5712 NetBIOS - ok
12:23:57.0160 5712 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
12:23:57.0162 5712 netbt - ok
12:23:57.0180 5712 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
12:23:57.0181 5712 Netlogon - ok
12:23:57.0212 5712 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
12:23:57.0219 5712 Netman - ok
12:23:57.0235 5712 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
12:23:57.0244 5712 netprofm - ok
12:23:57.0275 5712 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:23:57.0421 5712 NetTcpPortSharing - ok
12:23:57.0466 5712 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:23:57.0483 5712 nfrd960 - ok
12:23:57.0503 5712 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:23:57.0510 5712 NlaSvc - ok
12:23:57.0540 5712 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:23:57.0541 5712 Npfs - ok
12:23:57.0552 5712 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
12:23:57.0554 5712 nsi - ok
12:23:57.0574 5712 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:23:57.0579 5712 nsiproxy - ok
12:23:57.0662 5712 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:23:57.0697 5712 Ntfs - ok
12:23:57.0735 5712 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
12:23:57.0753 5712 ntrigdigi - ok
12:23:57.0769 5712 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
12:23:57.0770 5712 Null - ok
12:23:57.0798 5712 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:23:57.0815 5712 nvraid - ok
12:23:57.0824 5712 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:23:57.0843 5712 nvstor - ok
12:23:57.0871 5712 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:23:57.0888 5712 nv_agp - ok
12:23:57.0897 5712 NwlnkFlt - ok
12:23:57.0906 5712 NwlnkFwd - ok
12:23:57.0938 5712 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:23:57.0961 5712 ohci1394 - ok
12:23:58.0054 5712 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:23:58.0082 5712 ose - ok
12:23:58.0298 5712 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:23:58.0768 5712 osppsvc - ok
12:23:58.0847 5712 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
12:23:58.0871 5712 p2pimsvc - ok
12:23:58.0888 5712 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
12:23:58.0894 5712 p2psvc - ok
12:23:58.0925 5712 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
12:23:58.0926 5712 Parport - ok
12:23:58.0958 5712 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:23:58.0959 5712 partmgr - ok
12:23:58.0968 5712 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
12:23:58.0969 5712 Parvdm - ok
12:23:59.0007 5712 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
12:23:59.0022 5712 PcaSvc - ok
12:23:59.0032 5712 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
12:23:59.0036 5712 pci - ok
12:23:59.0045 5712 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\DRIVERS\pciide.sys
12:23:59.0048 5712 pciide - ok
12:23:59.0077 5712 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:23:59.0079 5712 pcmcia - ok
12:23:59.0127 5712 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:23:59.0151 5712 PEAUTH - ok
12:23:59.0231 5712 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
12:23:59.0350 5712 pla - ok
12:23:59.0390 5712 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:23:59.0394 5712 PlugPlay - ok
12:23:59.0426 5712 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
12:23:59.0432 5712 PNRPAutoReg - ok
12:23:59.0459 5712 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
12:23:59.0465 5712 PNRPsvc - ok
12:23:59.0503 5712 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:23:59.0506 5712 PolicyAgent - ok
12:23:59.0539 5712 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:23:59.0540 5712 PptpMiniport - ok
12:23:59.0612 5712 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
12:23:59.0612 5712 Processor - ok
12:23:59.0640 5712 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
12:23:59.0656 5712 ProfSvc - ok
12:23:59.0704 5712 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
12:23:59.0705 5712 ProtectedStorage - ok
12:23:59.0740 5712 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
12:23:59.0743 5712 PSched - ok
12:23:59.0764 5712 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
12:23:59.0788 5712 PxHelp20 - ok
12:23:59.0870 5712 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:23:59.0954 5712 ql2300 - ok
12:23:59.0980 5712 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:24:00.0009 5712 ql40xx - ok
12:24:00.0052 5712 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
12:24:00.0082 5712 QWAVE - ok
12:24:00.0108 5712 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:24:00.0123 5712 QWAVEdrv - ok
12:24:00.0134 5712 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:24:00.0134 5712 RasAcd - ok
12:24:00.0154 5712 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
12:24:00.0163 5712 RasAuto - ok
12:24:00.0178 5712 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:24:00.0179 5712 Rasl2tp - ok
12:24:00.0210 5712 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
12:24:00.0219 5712 RasMan - ok
12:24:00.0252 5712 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:24:00.0252 5712 RasPppoe - ok
12:24:00.0260 5712 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:24:00.0275 5712 RasSstp - ok
12:24:00.0315 5712 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:24:00.0317 5712 rdbss - ok
12:24:00.0326 5712 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:24:00.0327 5712 RDPCDD - ok
12:24:00.0375 5712 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
12:24:00.0377 5712 rdpdr - ok
12:24:00.0384 5712 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:24:00.0387 5712 RDPENCDD - ok
12:24:00.0434 5712 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:24:00.0436 5712 RDPWD - ok


Report •

#7
January 5, 2013 at 10:14:16

Tdss killer log continued:

12:24:00.0542 5712 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
12:24:00.0590 5712 RealNetworks Downloader Resolver Service - ok
12:24:00.0692 5712 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:24:00.0696 5712 RemoteAccess - ok
12:24:00.0712 5712 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:24:00.0715 5712 RemoteRegistry - ok
12:24:00.0740 5712 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
12:24:00.0743 5712 RpcLocator - ok
12:24:00.0775 5712 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
12:24:00.0796 5712 RpcSs - ok
12:24:00.0829 5712 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:24:00.0833 5712 rspndr - ok
12:24:00.0867 5712 [ 7157E70A90CCE49DEB8885D23A073A39 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
12:24:00.0880 5712 RTL8169 - ok
12:24:00.0924 5712 [ 9FF7D9CF3A5F296613588B0E8DB83AFE ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
12:24:00.0940 5712 RTSTOR - ok
12:24:00.0949 5712 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
12:24:00.0950 5712 SamSs - ok
12:24:01.0006 5712 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:24:01.0036 5712 SASDIFSV - ok
12:24:01.0053 5712 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:24:01.0111 5712 SASKUTIL - ok
12:24:01.0244 5712 [ 26A05F8833938BD989199E8681B53B86 ] SAVAdminService C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
12:24:01.0281 5712 SAVAdminService - ok
12:24:01.0334 5712 [ E2C05310219E327E232291543C348B73 ] SAVOnAccess C:\Windows\system32\DRIVERS\savonaccess.sys
12:24:01.0339 5712 SAVOnAccess - ok
12:24:01.0391 5712 [ B8A272D4E91EFB366E16BEA0FA42D7EE ] SAVService C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
12:24:01.0410 5712 SAVService - ok
12:24:01.0432 5712 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:24:01.0449 5712 sbp2port - ok
12:24:01.0505 5712 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:24:01.0553 5712 SCardSvr - ok
12:24:01.0616 5712 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
12:24:01.0640 5712 Schedule - ok
12:24:01.0672 5712 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:24:01.0672 5712 SCPolicySvc - ok
12:24:01.0729 5712 [ 4F21774E1259A546B992D9EAACDFD778 ] sdcfilter C:\Windows\system32\DRIVERS\sdcfilter.sys
12:24:01.0787 5712 sdcfilter - ok
12:24:01.0823 5712 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:24:01.0840 5712 SDRSVC - ok
12:24:01.0864 5712 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:24:01.0880 5712 secdrv - ok
12:24:01.0895 5712 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
12:24:01.0902 5712 seclogon - ok
12:24:01.0913 5712 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
12:24:01.0919 5712 SENS - ok
12:24:01.0926 5712 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
12:24:01.0926 5712 Serenum - ok
12:24:01.0954 5712 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
12:24:01.0955 5712 Serial - ok
12:24:01.0962 5712 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:24:01.0977 5712 sermouse - ok
12:24:02.0025 5712 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
12:24:02.0030 5712 SessionEnv - ok
12:24:02.0037 5712 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:24:02.0037 5712 sffdisk - ok
12:24:02.0046 5712 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:24:02.0063 5712 sffp_mmc - ok
12:24:02.0073 5712 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:24:02.0073 5712 sffp_sd - ok
12:24:02.0084 5712 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:24:02.0086 5712 sfloppy - ok
12:24:02.0115 5712 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:24:02.0123 5712 SharedAccess - ok
12:24:02.0159 5712 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:24:02.0163 5712 ShellHWDetection - ok
12:24:02.0171 5712 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:24:02.0189 5712 sisagp - ok
12:24:02.0205 5712 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
12:24:02.0228 5712 SiSRaid2 - ok
12:24:02.0239 5712 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:24:02.0269 5712 SiSRaid4 - ok
12:24:02.0302 5712 [ E407A8EEA2FD4BF560C05C0EBF1793B3 ] SKMScan C:\Windows\system32\DRIVERS\skmscan.sys
12:24:02.0343 5712 SKMScan - ok
12:24:02.0385 5712 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:24:02.0744 5712 SkypeUpdate - ok
12:24:02.0885 5712 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
12:24:02.0910 5712 slsvc - ok
12:24:02.0949 5712 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
12:24:02.0965 5712 SLUINotify - ok
12:24:02.0985 5712 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:24:02.0991 5712 Smb - ok
12:24:03.0036 5712 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:24:03.0038 5712 SNMPTRAP - ok
12:24:03.0097 5712 [ 3068CF091B4334B998380E9C877F5549 ] Sophos Agent C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
12:24:03.0103 5712 Sophos Agent - ok
12:24:03.0166 5712 [ 8A12AB5DE877B8F97D5EE70E16A5C9B2 ] Sophos AutoUpdate Service C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
12:24:03.0170 5712 Sophos AutoUpdate Service - ok
12:24:03.0299 5712 [ 1C3D8A4B93A97E3C46B3D01F6F321DC4 ] Sophos Message Router C:\Program Files\Sophos\Remote Management System\RouterNT.exe
12:24:03.0322 5712 Sophos Message Router - ok
12:24:03.0434 5712 [ BD03374253F79CE7A716A870DC85BD84 ] Sophos Web Control Service C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
12:24:03.0441 5712 Sophos Web Control Service - ok
12:24:03.0488 5712 [ F2B7BD04146B3E6A895A1919E1F5DA89 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
12:24:03.0493 5712 SophosBootDriver - ok
12:24:03.0524 5712 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
12:24:03.0538 5712 spldr - ok
12:24:03.0566 5712 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
12:24:03.0571 5712 Spooler - ok
12:24:03.0595 5712 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:24:03.0597 5712 srv - ok
12:24:03.0679 5712 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:24:03.0693 5712 srv2 - ok
12:24:03.0724 5712 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:24:03.0738 5712 srvnet - ok
12:24:03.0769 5712 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:24:03.0772 5712 SSDPSRV - ok
12:24:03.0794 5712 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:24:03.0799 5712 SstpSvc - ok
12:24:03.0844 5712 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
12:24:03.0849 5712 stisvc - ok
12:24:03.0877 5712 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:24:03.0878 5712 swenum - ok
12:24:04.0099 5712 [ B3379659D773BFDD3B631F5FEE2FF2B3 ] swi_service C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
12:24:04.0167 5712 swi_service - ok
12:24:04.0325 5712 [ BD8684D96EB9436EB145A6E03D693A45 ] swi_update C:\ProgramData\Sophos\Web Intelligence\swi_update.exe
12:24:04.0369 5712 swi_update - ok
12:24:04.0426 5712 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
12:24:04.0456 5712 swprv - ok
12:24:04.0503 5712 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
12:24:04.0523 5712 Symc8xx - ok
12:24:04.0548 5712 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
12:24:04.0566 5712 Sym_hi - ok
12:24:04.0572 5712 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
12:24:04.0592 5712 Sym_u3 - ok
12:24:04.0645 5712 [ 55F6E55CC2430CA8713387106FA79817 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:24:04.0681 5712 SynTP - ok
12:24:04.0713 5712 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
12:24:04.0748 5712 SysMain - ok
12:24:04.0782 5712 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:24:04.0798 5712 TabletInputService - ok
12:24:04.0834 5712 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:24:04.0838 5712 TapiSrv - ok
12:24:04.0850 5712 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
12:24:04.0869 5712 TBS - ok
12:24:04.0920 5712 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:24:04.0926 5712 Tcpip - ok
12:24:04.0986 5712 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
12:24:04.0993 5712 Tcpip6 - ok
12:24:05.0024 5712 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:24:05.0027 5712 tcpipreg - ok
12:24:05.0051 5712 [ 6FDFBA25002CE4BAC463AC866AE71405 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
12:24:05.0067 5712 tdcmdpst - ok
12:24:05.0101 5712 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:24:05.0102 5712 TDPIPE - ok
12:24:05.0109 5712 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:24:05.0109 5712 TDTCP - ok
12:24:05.0145 5712 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:24:05.0146 5712 tdx - ok
12:24:05.0155 5712 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:24:05.0156 5712 TermDD - ok
12:24:05.0180 5712 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
12:24:05.0188 5712 TermService - ok
12:24:05.0228 5712 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
12:24:05.0232 5712 Themes - ok
12:24:05.0251 5712 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
12:24:05.0254 5712 THREADORDER - ok
12:24:05.0324 5712 [ E09CAAFB2B323A6FF120CEFB96DA0A44 ] TMachInfo C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
12:24:05.0411 5712 TMachInfo - ok
12:24:05.0497 5712 [ 89F74C86523F5E334628DBCE66E6D165 ] TNaviSrv C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
12:24:05.0624 5712 TNaviSrv - ok
12:24:05.0672 5712 [ C5AC715B65B01788ABC22D10749DDDD8 ] TODDSrv C:\Windows\system32\TODDSrv.exe
12:24:05.0675 5712 TODDSrv - ok
12:24:05.0730 5712 [ 44DBAC611B11646683B5B066A049B8E4 ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
12:24:05.0765 5712 TosCoSrv - ok
12:24:05.0796 5712 [ 22690DFFC7F2A18279A7A0489AA02BAC ] TOSHIBA SMART Log Service C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
12:24:05.0821 5712 TOSHIBA SMART Log Service - ok
12:24:05.0856 5712 [ 4399A9BF7D8F49991A07FD86590A1619 ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys
12:24:05.0923 5712 tos_sps32 - ok
12:24:05.0962 5712 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
12:24:05.0968 5712 TrkWks - ok
12:24:06.0018 5712 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:24:06.0066 5712 TrustedInstaller - ok
12:24:06.0107 5712 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:24:06.0122 5712 tssecsrv - ok
12:24:06.0153 5712 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
12:24:06.0154 5712 tunmp - ok
12:24:06.0195 5712 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:24:06.0210 5712 tunnel - ok
12:24:06.0275 5712 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
12:24:06.0340 5712 TVALZ - ok
12:24:06.0348 5712 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:24:06.0366 5712 uagp35 - ok
12:24:06.0420 5712 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:24:06.0422 5712 udfs - ok
12:24:06.0451 5712 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:24:06.0471 5712 UI0Detect - ok
12:24:06.0520 5712 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
12:24:06.0554 5712 UleadBurningHelper - ok
12:24:06.0621 5712 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:24:06.0637 5712 uliagpkx - ok
12:24:06.0655 5712 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
12:24:06.0714 5712 uliahci - ok
12:24:06.0726 5712 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
12:24:06.0753 5712 UlSata - ok
12:24:06.0782 5712 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
12:24:06.0811 5712 ulsata2 - ok
12:24:06.0841 5712 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:24:06.0857 5712 umbus - ok
12:24:06.0885 5712 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
12:24:06.0891 5712 upnphost - ok
12:24:06.0932 5712 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
12:24:06.0945 5712 USBAAPL - ok
12:24:06.0997 5712 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:24:07.0001 5712 usbaudio - ok
12:24:07.0038 5712 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:24:07.0039 5712 usbccgp - ok
12:24:07.0047 5712 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:24:07.0064 5712 usbcir - ok
12:24:07.0127 5712 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:24:07.0128 5712 usbehci - ok
12:24:07.0167 5712 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:24:07.0169 5712 usbhub - ok
12:24:07.0192 5712 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:24:07.0208 5712 usbohci - ok
12:24:07.0256 5712 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:24:07.0269 5712 usbprint - ok
12:24:07.0302 5712 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:24:07.0315 5712 usbscan - ok
12:24:07.0377 5712 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:24:07.0378 5712 USBSTOR - ok
12:24:07.0405 5712 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:24:07.0405 5712 usbuhci - ok
12:24:07.0437 5712 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:24:07.0457 5712 usbvideo - ok
12:24:07.0480 5712 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
12:24:07.0497 5712 UxSms - ok
12:24:07.0531 5712 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
12:24:07.0589 5712 vds - ok
12:24:07.0599 5712 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:24:07.0612 5712 vga - ok
12:24:07.0647 5712 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
12:24:07.0647 5712 VgaSave - ok
12:24:07.0655 5712 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:24:07.0673 5712 viaagp - ok
12:24:07.0685 5712 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
12:24:07.0710 5712 ViaC7 - ok
12:24:07.0721 5712 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
12:24:07.0738 5712 viaide - ok
12:24:07.0768 5712 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:24:07.0772 5712 volmgr - ok
12:24:07.0794 5712 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:24:07.0804 5712 volmgrx - ok
12:24:07.0845 5712 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:24:07.0850 5712 volsnap - ok
12:24:07.0877 5712 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:24:07.0909 5712 vsmraid - ok
12:24:07.0959 5712 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
12:24:07.0995 5712 VSS - ok
12:24:08.0026 5712 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
12:24:08.0030 5712 W32Time - ok
12:24:08.0041 5712 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:24:08.0078 5712 WacomPen - ok
12:24:08.0101 5712 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
12:24:08.0102 5712 Wanarp - ok
12:24:08.0108 5712 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:24:08.0109 5712 Wanarpv6 - ok
12:24:08.0152 5712 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:24:08.0186 5712 wcncsvc - ok
12:24:08.0222 5712 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:24:08.0238 5712 WcsPlugInService - ok
12:24:08.0246 5712 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
12:24:08.0265 5712 Wd - ok
12:24:08.0309 5712 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:24:08.0367 5712 Wdf01000 - ok
12:24:08.0390 5712 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:24:08.0395 5712 WdiServiceHost - ok
12:24:08.0403 5712 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:24:08.0406 5712 WdiSystemHost - ok
12:24:08.0448 5712 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
12:24:08.0458 5712 WebClient - ok
12:24:08.0480 5712 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:24:08.0524 5712 Wecsvc - ok
12:24:08.0548 5712 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:24:08.0569 5712 wercplsupport - ok
12:24:08.0620 5712 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
12:24:08.0639 5712 WerSvc - ok
12:24:08.0702 5712 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:24:08.0734 5712 WinDefend - ok
12:24:08.0744 5712 WinHttpAutoProxySvc - ok
12:24:08.0817 5712 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:24:08.0820 5712 Winmgmt - ok
12:24:08.0878 5712 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
12:24:09.0018 5712 WinRM - ok
12:24:09.0082 5712 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:24:09.0105 5712 Wlansvc - ok
12:24:09.0146 5712 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:24:09.0159 5712 WmiAcpi - ok
12:24:09.0195 5712 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:24:09.0237 5712 wmiApSrv - ok
12:24:09.0332 5712 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:24:09.0406 5712 WMPNetworkSvc - ok
12:24:09.0432 5712 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:24:09.0452 5712 WPCSvc - ok
12:24:09.0499 5712 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:24:09.0541 5712 WPDBusEnum - ok
12:24:09.0579 5712 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
12:24:09.0592 5712 WpdUsb - ok
12:24:09.0729 5712 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:24:09.0794 5712 WPFFontCache_v0400 - ok
12:24:09.0836 5712 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:24:09.0836 5712 ws2ifsl - ok
12:24:09.0853 5712 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
12:24:09.0857 5712 wscsvc - ok
12:24:09.0866 5712 WSearch - ok
12:24:09.0963 5712 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:24:10.0019 5712 wuauserv - ok
12:24:10.0053 5712 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:24:10.0069 5712 WudfPf - ok
12:24:10.0099 5712 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:24:10.0137 5712 WUDFRd - ok
12:24:10.0185 5712 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:24:10.0207 5712 wudfsvc - ok
12:24:10.0242 5712 ================ Scan global ===============================
12:24:10.0284 5712 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
12:24:10.0319 5712 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:24:10.0341 5712 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:24:10.0388 5712 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
12:24:10.0395 5712 [Global] - ok
12:24:10.0396 5712 ================ Scan MBR ==================================
12:24:10.0415 5712 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
12:24:10.0691 5712 \Device\Harddisk0\DR0 - ok
12:24:10.0691 5712 ================ Scan VBR ==================================
12:24:10.0697 5712 [ FAFFFDB6422AC890EEC5603614913B97 ] \Device\Harddisk0\DR0\Partition1
12:24:10.0699 5712 \Device\Harddisk0\DR0\Partition1 - ok
12:24:10.0701 5712 ============================================================
12:24:10.0701 5712 Scan finished
12:24:10.0701 5712 ============================================================
12:24:10.0717 7312 Detected object count: 0
12:24:10.0717 7312 Actual detected object count: 0


Report •

#8
January 5, 2013 at 10:15:25

Malwarebytes log:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.30.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Bethany :: JOMARCH [administrator]

1/5/2013 12:27:11 PM
mbam-log-2013-01-05 (12-27-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231959
Time elapsed: 12 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Report •

#9
January 5, 2013 at 10:27:52

"Looks like the problem is solved!"
I will be very surprised if it is, nothing has been found or fixed yet.

Run Hitman Pro & post the log please.
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://www.surfright.nl/en/HitmanPro
http://www.surfright.nl/en/hitmanpro/
Unlimited free scanning and free 30-day version to remove detected malware.
Download now (32-bit)
http://dl.surfright.nl/HitmanPro35.exe
Download now (64-bit)
http://dl.surfright.nl/HitmanPro35_...
Review
http://www.youtube.com/watch?v=WmPQ...


Report •

#10
January 5, 2013 at 15:25:54

It did look that way to me...but the fact that my search results aren't being redirected anymore is hard to deny.
If there is something still lurking I definitely want to get rid of it. Downloading Hitman now.

Report •

#11
January 5, 2013 at 15:34:56

"my search results aren't being redirected"
Have you rebooted?

"If there is something still lurking"
I suspect there is.



Report •

#12
January 5, 2013 at 15:48:07

Hitman log:

[code]
HitmanPro 3.7.0.185
www.hitmanpro.com

Computer name . . . . : JOMARCH
Windows . . . . . . . : 6.0.2.6002.X86/1
User name . . . . . . : JoMarch\Bethany
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free

Scan date . . . . . . : 2013-01-05 18:29:33
Scan mode . . . . . . : Normal
Scan duration . . . . : 9m 6s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 45

Objects scanned . . . : 1,724,726
Files scanned . . . . : 66,523
Remnants scanned . . : 450,592 files / 1,207,611 keys

Potential Unwanted Programs _________________________________________________

HKU\S-1-5-21-2462475022-2414754247-1404185560-1000\Software\Softonic\ (Softonic)

Cookies _____________________________________________________________________

C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:a1.interclick.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:matcher.realmedia.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:network.realmedia.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:t.pointroll.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
C:\Users\Bethany\AppData\Roaming\Microsoft\Windows\Cookies\0HSX3AVP.txt
C:\Users\Bethany\AppData\Roaming\Microsoft\Windows\Cookies\3PQ5I4T1.txt
C:\Users\Bethany\AppData\Roaming\Microsoft\Windows\Cookies\6F0OH43H.txt
C:\Users\Bethany\AppData\Roaming\Microsoft\Windows\Cookies\8689UR4Y.txt
C:\Users\Bethany\AppData\Roaming\Microsoft\Windows\Cookies\9DLHN1VO.txt
C:\Users\Bethany\AppData\Roaming\Microsoft\Windows\Cookies\D2PW8Y2J.txt
C:\Users\Bethany\AppData\Roaming\Microsoft\Windows\Cookies\DZ744122.txt
C:\Users\Bethany\AppData\Roaming\Microsoft\Windows\Cookies\M31BAFY9.txt
C:\Users\Bethany\AppData\Roaming\Microsoft\Windows\Cookies\OBI58XG7.txt
C:\Users\Bethany\AppData\Roaming\Microsoft\Windows\Cookies\QCTJCXIA.txt
C:\Users\Bethany\AppData\Roaming\Microsoft\Windows\Cookies\QVOV62TP.txt
C:\Users\Bethany\AppData\Roaming\Microsoft\Windows\Cookies\S3C3KS03.txt
C:\Users\Bethany\AppData\Roaming\Microsoft\Windows\Cookies\SB1CBD1A.txt
C:\Users\Bethany\AppData\Roaming\Microsoft\Windows\Cookies\W4SJSSZ0.txt


[/code]


Report •

#13
January 5, 2013 at 15:49:26

After Malwarebytes I rebooted, as directed. Haven't yet after Hitman; was waiting for instructions.

Report •

#14
January 5, 2013 at 15:52:59

Ok, you can reboot & run both of these please.

Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://general-changelog-team.fr/en...
http://www.raymond.cc/blog/adwclean...
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Run Junkware Removal Tool
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...


Report •

#15
January 5, 2013 at 16:25:33

AdwCleaner log

# AdwCleaner v2.104 - Logfile created 01/05/2013 at 19:19:30
# Updated 29/12/2012 by Xplode
# Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# User : Bethany - JOMARCH
# Boot Mode : Normal
# Running from : C:\Users\Bethany\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Free Offers from Freeze.com

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1187 octets] - [05/01/2013 19:19:31]

########## EOF - C:\AdwCleaner[S1].txt - [1247 octets] ##########


Report •

#16
January 5, 2013 at 17:33:54

Have you run Junkware Removal Tool?
If so, log file please.

Also, from your original post, can I have the Malwarebytes log please.



Report •

#17
January 6, 2013 at 11:31:31

Sophos blocks the sites that you linked for Junkware Removal Tool. I was a little concerned about disabling Sophos.

Original Malwarebytes log (the one that found malware):

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.30.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Bethany :: JOMARCH [administrator]

12/29/2012 8:11:29 PM
mbam-log-2012-12-29 (20-11-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231985
Time elapsed: 14 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Bethany\AppData\Local\Temp\0.45144984648010344 (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Bethany\AppData\Local\Temp\0.4964703722881225 (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Users\Bethany\AppData\Local\Temp\0.8632061872848689 (Trojan.Happili) -> Quarantined and deleted successfully.

(end)


Report •

#18
January 6, 2013 at 13:31:44

Thanks for the log BeeNicole.

"Sophos blocks the sites that you linked for Junkware Removal Tool. I was a little concerned about disabling Sophos"
Bleepingcomputer is one of the most respected sites around for fixing malware, you can add it as a safe site in your Sophos settings or maybe it is in it's exclusions.

In any case, I have zipped it up & it is here.

http://www.load.to/lyiYOY2m3S/BeeNi...


Report •

#19
January 6, 2013 at 18:16:41

Thanks very much.

JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.1 (01.06.2013:2)
OS: Windows Vista (TM) Home Basic x86
Ran by Bethany on Sun 01/06/2013 at 21:08:43.87
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2462475022-2414754247-1404185560-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Chrome

Dumping contents of C:\Users\Bethany\appdata\local\Google\Chrome\User Data\Default\Default

Successfully deleted: [Folder] C:\Users\Bethany\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/06/2013 at 21:13:19.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#20
January 6, 2013 at 18:21:13

So you can get an idea what has been involved in getting your searches redirected, have a look at what my programs have removed/deleted.

A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom.


Report •

#21
January 6, 2013 at 18:21:59

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://www.sur-la-toile.com/RogueKi...
http://www.sur-la-toile.com/RogueKi...
RogueKiller tutorial
http://en.kioskea.net/faq/11626-rog...
•Please quit all programs
•Right-click the RogueKiller file and select "Run as Administrator'
•Press: SCAN
•On the RogueKiller console, click the Registry tab.
•Make sure the entries there are checked.
•Then, press the [Delete] button.
An RKreport (Mode: Delete) is created on the Desktop.
Please provide the RKreport (Mode: Delete) in your reply.
Restart the computer.

Report •

#22
January 6, 2013 at 18:31:40

How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
Sophos Anti-virus
Please refer to these Post #28 instructions.
http://www.bleepingcomputer.com/for...

Report •


Ask Question