Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect, 0x8000ffff, and no restore


  • Please log in to reply
14 replies to this topic

#1 Lgreg

Lgreg

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 05 April 2012 - 02:43 PM

Hello All,
My first time here. I hope you can help me.
A few days ago I noticed google searches being redirected to happili and others. Tried a system restore and it seemed to work. Then got a blue screen and system restore failed with an error 0x8000ffff. Now the computer seems to shut down on its own at random times.
Will greatly appreciate any help.
Regards, Greg

BC AdBot (Login to Remove)

 


#2 Lgreg

Lgreg
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 05 April 2012 - 02:45 PM

Also - I ran Malwarebytes and it picked up 2 trojans - one a file and the other a memory process. Am afraid to run Combofix without assistance.

#3 Lgreg

Lgreg
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 05 April 2012 - 03:11 PM

I'm running Windows 7. Apologies for not mentioning this earlier.
Saw others with the same problem were advised to run TDSSkiller. I ran it and the log is below.

15:58:29.0527 2624 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
15:58:30.0021 2624 ============================================================
15:58:30.0021 2624 Current date / time: 2012/04/05 15:58:30.0021
15:58:30.0021 2624 SystemInfo:
15:58:30.0021 2624
15:58:30.0021 2624 OS Version: 6.1.7601 ServicePack: 1.0
15:58:30.0021 2624 Product type: Workstation
15:58:30.0021 2624 ComputerName: COMPUTRON
15:58:30.0021 2624 UserName: Owner
15:58:30.0021 2624 Windows directory: C:\Windows
15:58:30.0021 2624 System windows directory: C:\Windows
15:58:30.0021 2624 Running under WOW64
15:58:30.0021 2624 Processor architecture: Intel x64
15:58:30.0021 2624 Number of processors: 2
15:58:30.0021 2624 Page size: 0x1000
15:58:30.0021 2624 Boot type: Normal boot
15:58:30.0021 2624 ============================================================
15:58:31.0330 2624 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
15:58:31.0335 2624 \Device\Harddisk0\DR0:
15:58:31.0335 2624 MBR used
15:58:31.0335 2624 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:58:31.0335 2624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4907E800
15:58:31.0335 2624 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x490B1000, BlocksNum 0x17A6800
15:58:31.0410 2624 Initialize success
15:58:31.0410 2624 ============================================================
15:59:21.0321 2408 ============================================================
15:59:21.0321 2408 Scan started
15:59:21.0321 2408 Mode: Manual;
15:59:21.0321 2408 ============================================================
15:59:23.0639 2408 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:59:23.0643 2408 1394ohci - ok
15:59:23.0685 2408 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:59:23.0690 2408 ACPI - ok
15:59:23.0725 2408 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:59:23.0727 2408 AcpiPmi - ok
15:59:23.0794 2408 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:59:23.0801 2408 adp94xx - ok
15:59:23.0848 2408 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:59:23.0852 2408 adpahci - ok
15:59:23.0900 2408 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:59:23.0905 2408 adpu320 - ok
15:59:23.0963 2408 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:59:23.0968 2408 AeLookupSvc - ok
15:59:24.0068 2408 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:59:24.0086 2408 AFD - ok
15:59:24.0185 2408 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
15:59:24.0190 2408 AgereModemAudio - ok
15:59:24.0277 2408 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\Windows\system32\DRIVERS\agrsm64.sys
15:59:24.0290 2408 AgereSoftModem - ok
15:59:24.0363 2408 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:59:24.0365 2408 agp440 - ok
15:59:24.0399 2408 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:59:24.0399 2408 ALG - ok
15:59:24.0476 2408 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:59:24.0476 2408 aliide - ok
15:59:24.0511 2408 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:59:24.0522 2408 amdide - ok
15:59:24.0602 2408 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:59:24.0605 2408 AmdK8 - ok
15:59:24.0645 2408 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:59:24.0646 2408 AmdPPM - ok
15:59:24.0708 2408 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:59:24.0713 2408 amdsata - ok
15:59:24.0775 2408 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:59:24.0780 2408 amdsbs - ok
15:59:24.0825 2408 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:59:24.0826 2408 amdxata - ok
15:59:24.0902 2408 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:59:24.0907 2408 AppID - ok
15:59:24.0967 2408 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:59:24.0969 2408 AppIDSvc - ok
15:59:25.0048 2408 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:59:25.0049 2408 Appinfo - ok
15:59:25.0106 2408 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:59:25.0106 2408 arc - ok
15:59:25.0168 2408 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:59:25.0171 2408 arcsas - ok
15:59:25.0247 2408 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:59:25.0248 2408 AsyncMac - ok
15:59:25.0287 2408 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:59:25.0288 2408 atapi - ok
15:59:25.0364 2408 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:59:25.0372 2408 AudioEndpointBuilder - ok
15:59:25.0389 2408 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:59:25.0393 2408 AudioSrv - ok
15:59:25.0489 2408 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:59:25.0491 2408 AxInstSV - ok
15:59:25.0610 2408 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:59:25.0625 2408 b06bdrv - ok
15:59:25.0727 2408 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:59:25.0731 2408 b57nd60a - ok
15:59:25.0841 2408 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:59:25.0843 2408 BDESVC - ok
15:59:25.0888 2408 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:59:25.0889 2408 Beep - ok
15:59:26.0031 2408 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:59:26.0044 2408 BFE - ok
15:59:26.0120 2408 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:59:26.0140 2408 BITS - ok
15:59:26.0230 2408 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:59:26.0231 2408 blbdrive - ok
15:59:26.0286 2408 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:59:26.0287 2408 bowser - ok
15:59:26.0371 2408 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:59:26.0372 2408 BrFiltLo - ok
15:59:26.0416 2408 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:59:26.0422 2408 BrFiltUp - ok
15:59:26.0488 2408 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:59:26.0491 2408 Browser - ok
15:59:26.0544 2408 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:59:26.0548 2408 Brserid - ok
15:59:26.0635 2408 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:59:26.0639 2408 BrSerWdm - ok
15:59:26.0681 2408 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:59:26.0682 2408 BrUsbMdm - ok
15:59:26.0712 2408 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:59:26.0713 2408 BrUsbSer - ok
15:59:26.0754 2408 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:59:26.0756 2408 BTHMODEM - ok
15:59:26.0849 2408 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:59:26.0855 2408 bthserv - ok
15:59:26.0952 2408 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:59:26.0954 2408 cdfs - ok
15:59:27.0026 2408 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:59:27.0029 2408 cdrom - ok
15:59:27.0097 2408 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:59:27.0097 2408 CertPropSvc - ok
15:59:27.0171 2408 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:59:27.0172 2408 circlass - ok
15:59:27.0244 2408 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:59:27.0249 2408 CLFS - ok
15:59:27.0309 2408 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:59:27.0309 2408 clr_optimization_v2.0.50727_32 - ok
15:59:27.0372 2408 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:59:27.0374 2408 clr_optimization_v2.0.50727_64 - ok
15:59:27.0481 2408 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:59:27.0486 2408 clr_optimization_v4.0.30319_32 - ok
15:59:27.0512 2408 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:59:27.0514 2408 clr_optimization_v4.0.30319_64 - ok
15:59:27.0628 2408 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:59:27.0628 2408 CmBatt - ok
15:59:27.0706 2408 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:59:27.0707 2408 cmdide - ok
15:59:27.0758 2408 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:59:27.0763 2408 CNG - ok
15:59:27.0791 2408 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:59:27.0793 2408 Compbatt - ok
15:59:27.0860 2408 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:59:27.0860 2408 CompositeBus - ok
15:59:27.0890 2408 COMSysApp - ok
15:59:28.0038 2408 CouponAlert_2pService (750cab43e36e8d950ee11effa94324b0) C:\PROGRA~2\COUPON~2\bar\2.bin\2pbarsvc.exe
15:59:28.0039 2408 CouponAlert_2pService - ok
15:59:28.0078 2408 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:59:28.0079 2408 crcdisk - ok
15:59:28.0157 2408 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:59:28.0160 2408 CryptSvc - ok
15:59:28.0221 2408 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:59:28.0230 2408 DcomLaunch - ok
15:59:28.0274 2408 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:59:28.0279 2408 defragsvc - ok
15:59:28.0337 2408 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:59:28.0362 2408 DfsC - ok
15:59:28.0431 2408 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:59:28.0438 2408 Dhcp - ok
15:59:28.0649 2408 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:59:28.0650 2408 discache - ok
15:59:28.0802 2408 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:59:28.0805 2408 Disk - ok
15:59:28.0858 2408 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:59:28.0861 2408 Dnscache - ok
15:59:28.0901 2408 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:59:28.0906 2408 dot3svc - ok
15:59:28.0984 2408 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
15:59:28.0991 2408 Dot4 - ok
15:59:29.0085 2408 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
15:59:29.0104 2408 Dot4Print - ok
15:59:29.0149 2408 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
15:59:29.0151 2408 dot4usb - ok
15:59:29.0201 2408 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:59:29.0207 2408 DPS - ok
15:59:29.0272 2408 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:59:29.0273 2408 drmkaud - ok
15:59:29.0346 2408 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:59:29.0357 2408 DXGKrnl - ok
15:59:29.0401 2408 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:59:29.0411 2408 EapHost - ok
15:59:29.0518 2408 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:59:29.0554 2408 ebdrv - ok
15:59:29.0617 2408 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:59:29.0621 2408 EFS - ok
15:59:29.0720 2408 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:59:29.0731 2408 ehRecvr - ok
15:59:29.0758 2408 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:59:29.0764 2408 ehSched - ok
15:59:29.0880 2408 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:59:29.0888 2408 elxstor - ok
15:59:29.0948 2408 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:59:29.0949 2408 ErrDev - ok
15:59:30.0072 2408 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:59:30.0105 2408 EventSystem - ok
15:59:30.0150 2408 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:59:30.0154 2408 exfat - ok
15:59:30.0194 2408 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:59:30.0197 2408 fastfat - ok
15:59:30.0317 2408 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:59:30.0331 2408 Fax - ok
15:59:30.0369 2408 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:59:30.0371 2408 fdc - ok
15:59:30.0469 2408 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:59:30.0470 2408 fdPHost - ok
15:59:30.0516 2408 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:59:30.0517 2408 FDResPub - ok
15:59:30.0554 2408 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:59:30.0557 2408 FileInfo - ok
15:59:30.0594 2408 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:59:30.0597 2408 Filetrace - ok
15:59:30.0661 2408 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:59:30.0663 2408 flpydisk - ok
15:59:30.0733 2408 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:59:30.0737 2408 FltMgr - ok
15:59:30.0826 2408 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:59:30.0841 2408 FontCache - ok
15:59:30.0946 2408 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:59:30.0946 2408 FontCache3.0.0.0 - ok
15:59:30.0998 2408 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:59:30.0999 2408 FsDepends - ok
15:59:31.0051 2408 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:59:31.0053 2408 Fs_Rec - ok
15:59:31.0134 2408 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:59:31.0142 2408 fvevol - ok
15:59:31.0214 2408 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:59:31.0216 2408 gagp30kx - ok
15:59:31.0333 2408 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
15:59:31.0336 2408 GameConsoleService - ok
15:59:31.0519 2408 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
15:59:31.0520 2408 GoogleDesktopManager-051210-111108 - ok
15:59:31.0606 2408 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:59:31.0620 2408 gpsvc - ok
15:59:31.0691 2408 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:59:31.0693 2408 hcw85cir - ok
15:59:31.0737 2408 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:59:31.0741 2408 HDAudBus - ok
15:59:31.0767 2408 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:59:31.0768 2408 HidBatt - ok
15:59:31.0831 2408 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:59:31.0833 2408 HidBth - ok
15:59:31.0866 2408 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:59:31.0867 2408 HidIr - ok
15:59:31.0911 2408 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:59:31.0913 2408 hidserv - ok
15:59:31.0976 2408 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:59:31.0977 2408 HidUsb - ok
15:59:32.0030 2408 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:59:32.0030 2408 hkmsvc - ok
15:59:32.0081 2408 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:59:32.0085 2408 HomeGroupListener - ok
15:59:32.0149 2408 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:59:32.0152 2408 HomeGroupProvider - ok
15:59:32.0297 2408 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:59:32.0297 2408 HP Support Assistant Service - ok
15:59:32.0427 2408 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:59:32.0428 2408 HPDrvMntSvc.exe - ok
15:59:32.0514 2408 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
15:59:32.0514 2408 hpqcxs08 - ok
15:59:32.0602 2408 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
15:59:32.0603 2408 hpqddsvc - ok
15:59:32.0744 2408 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
15:59:32.0754 2408 hpqwmiex - ok
15:59:32.0901 2408 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:59:32.0903 2408 HpSAMD - ok
15:59:32.0999 2408 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
15:59:33.0012 2408 HPSLPSVC - ok
15:59:33.0084 2408 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:59:33.0105 2408 HTTP - ok
15:59:33.0183 2408 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:59:33.0184 2408 hwpolicy - ok
15:59:33.0275 2408 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:59:33.0280 2408 i8042prt - ok
15:59:33.0372 2408 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:59:33.0377 2408 iaStorV - ok
15:59:33.0441 2408 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:59:33.0452 2408 idsvc - ok
15:59:33.0654 2408 igfx (89b99e3e988dfa20abb58ff1930add21) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:59:33.0735 2408 igfx - ok
15:59:33.0874 2408 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:59:33.0880 2408 iirsp - ok
15:59:33.0956 2408 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:59:33.0968 2408 IKEEXT - ok
15:59:34.0086 2408 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
15:59:34.0103 2408 IntcAzAudAddService - ok
15:59:34.0165 2408 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:59:34.0168 2408 intelide - ok
15:59:34.0235 2408 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:59:34.0236 2408 intelppm - ok
15:59:34.0274 2408 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:59:34.0279 2408 IPBusEnum - ok
15:59:34.0329 2408 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:59:34.0361 2408 IpFilterDriver - ok
15:59:34.0431 2408 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:59:34.0437 2408 iphlpsvc - ok
15:59:34.0483 2408 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:59:34.0487 2408 IPMIDRV - ok
15:59:34.0544 2408 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:59:34.0550 2408 IPNAT - ok
15:59:34.0611 2408 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:59:34.0611 2408 IRENUM - ok
15:59:34.0661 2408 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:59:34.0662 2408 isapnp - ok
15:59:34.0718 2408 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:59:34.0722 2408 iScsiPrt - ok
15:59:34.0788 2408 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:59:34.0788 2408 kbdclass - ok
15:59:34.0863 2408 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:59:34.0863 2408 kbdhid - ok
15:59:34.0918 2408 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:59:34.0923 2408 KeyIso - ok
15:59:34.0952 2408 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:59:34.0956 2408 KSecDD - ok
15:59:34.0987 2408 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:59:34.0990 2408 KSecPkg - ok
15:59:35.0029 2408 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:59:35.0033 2408 ksthunk - ok
15:59:35.0085 2408 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:59:35.0095 2408 KtmRm - ok
15:59:35.0160 2408 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:59:35.0160 2408 LanmanServer - ok
15:59:35.0215 2408 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:59:35.0220 2408 LanmanWorkstation - ok
15:59:35.0357 2408 LightScribeService (108333981c841eb0ff198aa5dfcf3d3b) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:59:35.0357 2408 LightScribeService - ok
15:59:35.0412 2408 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:59:35.0417 2408 lltdio - ok
15:59:35.0475 2408 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:59:35.0480 2408 lltdsvc - ok
15:59:35.0519 2408 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:59:35.0529 2408 lmhosts - ok
15:59:35.0589 2408 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:59:35.0589 2408 LSI_FC - ok
15:59:35.0636 2408 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:59:35.0642 2408 LSI_SAS - ok
15:59:35.0686 2408 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:59:35.0687 2408 LSI_SAS2 - ok
15:59:35.0791 2408 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:59:35.0803 2408 LSI_SCSI - ok
15:59:35.0841 2408 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:59:35.0847 2408 luafv - ok
15:59:35.0966 2408 McComponentHostService (fd3ad5e1ecdaa94a89d6697f5c5465d6) C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
15:59:35.0971 2408 McComponentHostService - ok
15:59:36.0011 2408 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:59:36.0016 2408 Mcx2Svc - ok
15:59:36.0056 2408 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:59:36.0056 2408 megasas - ok
15:59:36.0101 2408 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:59:36.0106 2408 MegaSR - ok
15:59:36.0181 2408 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:59:36.0181 2408 MMCSS - ok
15:59:36.0221 2408 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:59:36.0221 2408 Modem - ok
15:59:36.0286 2408 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:59:36.0286 2408 monitor - ok
15:59:36.0376 2408 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:59:36.0376 2408 mouclass - ok
15:59:36.0446 2408 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:59:36.0451 2408 mouhid - ok
15:59:36.0491 2408 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:59:36.0491 2408 mountmgr - ok
15:59:36.0541 2408 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:59:36.0546 2408 mpio - ok
15:59:36.0581 2408 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:59:36.0581 2408 mpsdrv - ok
15:59:36.0643 2408 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:59:36.0653 2408 MpsSvc - ok
15:59:36.0708 2408 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:59:36.0713 2408 MRxDAV - ok
15:59:36.0781 2408 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:59:36.0807 2408 mrxsmb - ok
15:59:36.0865 2408 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:59:36.0870 2408 mrxsmb10 - ok
15:59:36.0919 2408 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:59:36.0921 2408 mrxsmb20 - ok
15:59:36.0952 2408 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:59:36.0953 2408 msahci - ok
15:59:36.0998 2408 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:59:37.0003 2408 msdsm - ok
15:59:37.0058 2408 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:59:37.0064 2408 MSDTC - ok
15:59:37.0124 2408 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:59:37.0125 2408 Msfs - ok
15:59:37.0181 2408 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:59:37.0182 2408 mshidkmdf - ok
15:59:37.0220 2408 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:59:37.0221 2408 msisadrv - ok
15:59:37.0289 2408 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:59:37.0292 2408 MSiSCSI - ok
15:59:37.0322 2408 msiserver - ok
15:59:37.0403 2408 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:59:37.0404 2408 MSKSSRV - ok
15:59:37.0453 2408 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:59:37.0454 2408 MSPCLOCK - ok
15:59:37.0493 2408 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:59:37.0501 2408 MSPQM - ok
15:59:37.0565 2408 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:59:37.0570 2408 MsRPC - ok
15:59:37.0634 2408 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:59:37.0634 2408 mssmbios - ok
15:59:37.0687 2408 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:59:37.0688 2408 MSTEE - ok
15:59:37.0768 2408 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:59:37.0769 2408 MTConfig - ok
15:59:37.0823 2408 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:59:37.0825 2408 Mup - ok
15:59:37.0876 2408 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:59:37.0883 2408 napagent - ok
15:59:37.0940 2408 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:59:37.0944 2408 NativeWifiP - ok
15:59:38.0026 2408 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:59:38.0041 2408 NDIS - ok
15:59:38.0115 2408 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:59:38.0118 2408 NdisCap - ok
15:59:38.0200 2408 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:59:38.0201 2408 NdisTapi - ok
15:59:38.0264 2408 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:59:38.0266 2408 Ndisuio - ok
15:59:38.0346 2408 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:59:38.0349 2408 NdisWan - ok
15:59:38.0418 2408 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:59:38.0419 2408 NDProxy - ok
15:59:38.0567 2408 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
15:59:38.0568 2408 Net Driver HPZ12 - ok
15:59:38.0669 2408 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:59:38.0670 2408 NetBIOS - ok
15:59:38.0789 2408 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:59:38.0792 2408 NetBT - ok
15:59:38.0852 2408 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:59:38.0854 2408 Netlogon - ok
15:59:39.0228 2408 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:59:39.0233 2408 Netman - ok
15:59:39.0288 2408 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:59:39.0294 2408 netprofm - ok
15:59:39.0378 2408 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:59:39.0380 2408 NetTcpPortSharing - ok
15:59:39.0491 2408 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:59:39.0492 2408 nfrd960 - ok
15:59:39.0581 2408 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:59:39.0587 2408 NlaSvc - ok
15:59:39.0664 2408 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:59:39.0668 2408 Npfs - ok
15:59:39.0700 2408 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:59:39.0702 2408 nsi - ok
15:59:39.0736 2408 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:59:39.0736 2408 nsiproxy - ok
15:59:39.0827 2408 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:59:39.0845 2408 Ntfs - ok
15:59:39.0874 2408 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:59:39.0877 2408 Null - ok
15:59:39.0955 2408 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:59:39.0963 2408 nvraid - ok
15:59:40.0021 2408 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:59:40.0024 2408 nvstor - ok
15:59:40.0054 2408 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:59:40.0057 2408 nv_agp - ok
15:59:40.0119 2408 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:59:40.0123 2408 ohci1394 - ok
15:59:40.0258 2408 OryteRadio_4eService (54fcb52e02a77102c2faffeda7dd61fd) C:\PROGRA~2\ORYTER~2\bar\1.bin\4ebarsvc.exe
15:59:40.0259 2408 OryteRadio_4eService - ok
15:59:40.0308 2408 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:59:40.0312 2408 p2pimsvc - ok
15:59:40.0411 2408 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:59:40.0476 2408 p2psvc - ok
15:59:40.0512 2408 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:59:40.0513 2408 Parport - ok
15:59:40.0588 2408 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:59:40.0589 2408 partmgr - ok
15:59:40.0610 2408 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:59:40.0614 2408 PcaSvc - ok
15:59:40.0652 2408 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:59:40.0655 2408 pci - ok
15:59:40.0686 2408 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:59:40.0687 2408 pciide - ok
15:59:40.0721 2408 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:59:40.0724 2408 pcmcia - ok
15:59:40.0770 2408 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:59:40.0771 2408 pcw - ok
15:59:40.0831 2408 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:59:40.0838 2408 PEAUTH - ok
15:59:40.0948 2408 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:59:40.0949 2408 PerfHost - ok
15:59:41.0027 2408 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:59:41.0042 2408 pla - ok
15:59:41.0117 2408 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:59:41.0127 2408 PlugPlay - ok
15:59:41.0222 2408 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
15:59:41.0224 2408 Pml Driver HPZ12 - ok
15:59:41.0263 2408 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:59:41.0265 2408 PNRPAutoReg - ok
15:59:41.0303 2408 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:59:41.0306 2408 PNRPsvc - ok
15:59:41.0364 2408 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:59:41.0378 2408 PolicyAgent - ok
15:59:41.0436 2408 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:59:41.0439 2408 Power - ok
15:59:41.0519 2408 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:59:41.0521 2408 PptpMiniport - ok
15:59:41.0547 2408 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:59:41.0549 2408 Processor - ok
15:59:41.0624 2408 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:59:41.0629 2408 ProfSvc - ok
15:59:41.0682 2408 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:59:41.0683 2408 ProtectedStorage - ok
15:59:41.0761 2408 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:59:41.0761 2408 Psched - ok
15:59:41.0846 2408 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:59:41.0863 2408 ql2300 - ok
15:59:41.0905 2408 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:59:41.0907 2408 ql40xx - ok
15:59:41.0963 2408 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:59:41.0970 2408 QWAVE - ok
15:59:42.0016 2408 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:59:42.0021 2408 QWAVEdrv - ok
15:59:42.0049 2408 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:59:42.0052 2408 RasAcd - ok
15:59:42.0102 2408 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:59:42.0107 2408 RasAgileVpn - ok
15:59:42.0144 2408 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:59:42.0148 2408 RasAuto - ok
15:59:42.0203 2408 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:59:42.0206 2408 Rasl2tp - ok
15:59:42.0258 2408 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:59:42.0264 2408 RasMan - ok
15:59:42.0296 2408 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:59:42.0297 2408 RasPppoe - ok
15:59:42.0357 2408 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:59:42.0358 2408 RasSstp - ok
15:59:42.0394 2408 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:59:42.0399 2408 rdbss - ok
15:59:42.0471 2408 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:59:42.0472 2408 rdpbus - ok
15:59:42.0491 2408 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:59:42.0491 2408 RDPCDD - ok
15:59:42.0555 2408 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:59:42.0556 2408 RDPENCDD - ok
15:59:42.0580 2408 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:59:42.0580 2408 RDPREFMP - ok
15:59:42.0614 2408 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:59:42.0617 2408 RDPWD - ok
15:59:42.0652 2408 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:59:42.0656 2408 rdyboost - ok
15:59:42.0692 2408 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:59:42.0695 2408 RemoteAccess - ok
15:59:42.0744 2408 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:59:42.0748 2408 RemoteRegistry - ok
15:59:42.0810 2408 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:59:42.0819 2408 RpcEptMapper - ok
15:59:42.0861 2408 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:59:42.0871 2408 RpcLocator - ok
15:59:42.0938 2408 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:59:42.0943 2408 RpcSs - ok
15:59:42.0998 2408 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:59:42.0998 2408 rspndr - ok
15:59:43.0044 2408 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:59:43.0047 2408 RTL8167 - ok
15:59:43.0091 2408 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:59:43.0093 2408 SamSs - ok
15:59:43.0152 2408 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:59:43.0154 2408 sbp2port - ok
15:59:43.0195 2408 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:59:43.0199 2408 SCardSvr - ok
15:59:43.0240 2408 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:59:43.0240 2408 scfilter - ok
15:59:43.0275 2408 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:59:43.0290 2408 Schedule - ok
15:59:43.0335 2408 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:59:43.0340 2408 SCPolicySvc - ok
15:59:43.0397 2408 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:59:43.0402 2408 SDRSVC - ok
15:59:43.0482 2408 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:59:43.0487 2408 secdrv - ok
15:59:43.0502 2408 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:59:43.0507 2408 seclogon - ok
15:59:43.0567 2408 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:59:43.0571 2408 SENS - ok
15:59:43.0624 2408 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:59:43.0629 2408 SensrSvc - ok
15:59:43.0676 2408 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:59:43.0676 2408 Serenum - ok
15:59:43.0738 2408 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:59:43.0743 2408 Serial - ok
15:59:43.0798 2408 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:59:43.0799 2408 sermouse - ok
15:59:43.0871 2408 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:59:43.0874 2408 SessionEnv - ok
15:59:43.0907 2408 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:59:43.0917 2408 sffdisk - ok
15:59:43.0959 2408 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:59:43.0960 2408 sffp_mmc - ok
15:59:44.0001 2408 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:59:44.0004 2408 sffp_sd - ok
15:59:44.0032 2408 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:59:44.0033 2408 sfloppy - ok
15:59:44.0089 2408 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:59:44.0094 2408 SharedAccess - ok
15:59:44.0146 2408 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:59:44.0151 2408 ShellHWDetection - ok
15:59:44.0211 2408 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:59:44.0211 2408 SiSRaid2 - ok
15:59:44.0341 2408 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:59:44.0351 2408 SiSRaid4 - ok
15:59:44.0421 2408 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:59:44.0431 2408 Smb - ok
15:59:44.0503 2408 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:59:44.0508 2408 SNMPTRAP - ok
15:59:44.0533 2408 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:59:44.0533 2408 spldr - ok
15:59:44.0573 2408 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:59:44.0583 2408 Spooler - ok
15:59:44.0713 2408 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:59:44.0760 2408 sppsvc - ok
15:59:44.0800 2408 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:59:44.0805 2408 sppuinotify - ok
15:59:44.0877 2408 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:59:44.0882 2408 srv - ok
15:59:44.0947 2408 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:59:44.0957 2408 srv2 - ok
15:59:45.0002 2408 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:59:45.0002 2408 srvnet - ok
15:59:45.0092 2408 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:59:45.0097 2408 SSDPSRV - ok
15:59:45.0122 2408 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:59:45.0127 2408 SstpSvc - ok
15:59:45.0157 2408 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:59:45.0157 2408 stexstor - ok
15:59:45.0257 2408 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:59:45.0267 2408 stisvc - ok
15:59:45.0302 2408 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:59:45.0307 2408 swenum - ok
15:59:45.0352 2408 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:59:45.0357 2408 swprv - ok
15:59:45.0447 2408 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:59:45.0462 2408 SysMain - ok
15:59:45.0514 2408 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:59:45.0514 2408 TabletInputService - ok
15:59:45.0548 2408 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:59:45.0553 2408 TapiSrv - ok
15:59:45.0596 2408 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:59:45.0601 2408 TBS - ok
15:59:45.0713 2408 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:59:45.0733 2408 Tcpip - ok
15:59:45.0798 2408 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:59:45.0810 2408 TCPIP6 - ok
15:59:45.0910 2408 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:59:45.0915 2408 tcpipreg - ok
15:59:45.0960 2408 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:59:45.0961 2408 TDPIPE - ok
15:59:45.0982 2408 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:59:45.0982 2408 TDTCP - ok
15:59:46.0047 2408 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:59:46.0047 2408 tdx - ok
15:59:46.0211 2408 TeamViewer6 (fe559178000347d2ca1b7847f0379749) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
15:59:46.0225 2408 TeamViewer6 - ok
15:59:46.0269 2408 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:59:46.0269 2408 TermDD - ok
15:59:46.0313 2408 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:59:46.0326 2408 TermService - ok
15:59:46.0371 2408 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:59:46.0371 2408 Themes - ok
15:59:46.0426 2408 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:59:46.0426 2408 THREADORDER - ok
15:59:46.0466 2408 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:59:46.0466 2408 TrkWks - ok
15:59:46.0531 2408 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:59:46.0531 2408 TrustedInstaller - ok
15:59:46.0568 2408 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:59:46.0573 2408 tssecsrv - ok
15:59:46.0645 2408 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:59:46.0645 2408 TsUsbFlt - ok
15:59:46.0734 2408 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:59:46.0735 2408 tunnel - ok
15:59:46.0782 2408 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:59:46.0787 2408 uagp35 - ok
15:59:46.0827 2408 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:59:46.0832 2408 udfs - ok
15:59:46.0893 2408 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:59:46.0909 2408 UI0Detect - ok
15:59:46.0964 2408 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:59:46.0964 2408 uliagpkx - ok
15:59:47.0024 2408 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:59:47.0029 2408 umbus - ok
15:59:47.0076 2408 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:59:47.0076 2408 UmPass - ok
15:59:47.0121 2408 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:59:47.0126 2408 upnphost - ok
15:59:47.0156 2408 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:59:47.0156 2408 usbccgp - ok
15:59:47.0206 2408 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:59:47.0206 2408 usbcir - ok
15:59:47.0226 2408 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:59:47.0231 2408 usbehci - ok
15:59:47.0266 2408 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:59:47.0276 2408 usbhub - ok
15:59:47.0296 2408 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:59:47.0301 2408 usbohci - ok
15:59:47.0341 2408 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:59:47.0341 2408 usbprint - ok
15:59:47.0381 2408 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:59:47.0381 2408 usbscan - ok
15:59:47.0426 2408 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
15:59:47.0426 2408 USBSTOR - ok
15:59:47.0451 2408 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:59:47.0451 2408 usbuhci - ok
15:59:47.0493 2408 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:59:47.0495 2408 UxSms - ok
15:59:47.0543 2408 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:59:47.0543 2408 VaultSvc - ok
15:59:47.0563 2408 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:59:47.0578 2408 vdrvroot - ok
15:59:47.0628 2408 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:59:47.0633 2408 vds - ok
15:59:47.0703 2408 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:59:47.0703 2408 vga - ok
15:59:47.0723 2408 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:59:47.0723 2408 VgaSave - ok
15:59:47.0763 2408 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:59:47.0768 2408 vhdmp - ok
15:59:47.0793 2408 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:59:47.0793 2408 viaide - ok
15:59:47.0818 2408 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:59:47.0828 2408 volmgr - ok
15:59:47.0878 2408 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:59:47.0883 2408 volmgrx - ok
15:59:47.0958 2408 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:59:47.0963 2408 volsnap - ok
15:59:48.0023 2408 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:59:48.0033 2408 vsmraid - ok
15:59:48.0108 2408 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:59:48.0128 2408 VSS - ok
15:59:48.0180 2408 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:59:48.0180 2408 vwifibus - ok
15:59:48.0252 2408 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:59:48.0257 2408 W32Time - ok
15:59:48.0324 2408 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:59:48.0329 2408 WacomPen - ok
15:59:48.0414 2408 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:59:48.0414 2408 WANARP - ok
15:59:48.0419 2408 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:59:48.0429 2408 Wanarpv6 - ok
15:59:48.0479 2408 wanatw - ok
15:59:48.0611 2408 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:59:48.0631 2408 WatAdminSvc - ok
15:59:48.0686 2408 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:59:48.0696 2408 wbengine - ok
15:59:48.0758 2408 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:59:48.0763 2408 WbioSrvc - ok
15:59:48.0813 2408 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:59:48.0818 2408 wcncsvc - ok
15:59:48.0853 2408 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:59:48.0853 2408 WcsPlugInService - ok
15:59:48.0923 2408 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:59:48.0923 2408 Wd - ok
15:59:48.0993 2408 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:59:49.0003 2408 Wdf01000 - ok
15:59:49.0043 2408 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:59:49.0043 2408 WdiServiceHost - ok
15:59:49.0048 2408 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:59:49.0053 2408 WdiSystemHost - ok
15:59:49.0103 2408 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:59:49.0118 2408 WebClient - ok
15:59:49.0158 2408 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:59:49.0163 2408 Wecsvc - ok
15:59:49.0193 2408 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:59:49.0198 2408 wercplsupport - ok
15:59:49.0263 2408 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:59:49.0263 2408 WerSvc - ok
15:59:49.0313 2408 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:59:49.0318 2408 WfpLwf - ok
15:59:49.0453 2408 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:59:49.0458 2408 WIMMount - ok
15:59:49.0518 2408 WinDefend - ok
15:59:49.0528 2408 WinHttpAutoProxySvc - ok
15:59:49.0593 2408 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:59:49.0598 2408 Winmgmt - ok
15:59:49.0678 2408 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:59:49.0703 2408 WinRM - ok
15:59:49.0758 2408 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:59:49.0771 2408 Wlansvc - ok
15:59:49.0815 2408 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:59:49.0815 2408 WmiAcpi - ok
15:59:49.0870 2408 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:59:49.0870 2408 wmiApSrv - ok
15:59:49.0920 2408 WMPNetworkSvc - ok
15:59:49.0975 2408 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:59:49.0975 2408 WPCSvc - ok
15:59:50.0025 2408 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:59:50.0030 2408 WPDBusEnum - ok
15:59:50.0065 2408 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:59:50.0065 2408 ws2ifsl - ok
15:59:50.0095 2408 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:59:50.0095 2408 wscsvc - ok
15:59:50.0120 2408 WSearch - ok
15:59:50.0195 2408 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:59:50.0225 2408 wuauserv - ok
15:59:50.0280 2408 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:59:50.0280 2408 WudfPf - ok
15:59:50.0330 2408 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:59:50.0350 2408 WUDFRd - ok
15:59:50.0395 2408 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:59:50.0400 2408 wudfsvc - ok
15:59:50.0440 2408 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:59:50.0450 2408 WwanSvc - ok
15:59:50.0470 2408 MBR (0x1B8) (22a989b08cd088728d4e9fc470755d79) \Device\Harddisk0\DR0
15:59:50.0495 2408 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
15:59:50.0495 2408 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
15:59:50.0525 2408 Boot (0x1200) (8d7bfea1f392dca9982975787dcd7ca6) \Device\Harddisk0\DR0\Partition0
15:59:50.0530 2408 \Device\Harddisk0\DR0\Partition0 - ok
15:59:50.0545 2408 Boot (0x1200) (e725138ed5e3db7ddadb1584f0820c9a) \Device\Harddisk0\DR0\Partition1
15:59:50.0550 2408 \Device\Harddisk0\DR0\Partition1 - ok
15:59:50.0580 2408 Boot (0x1200) (26f476a94c95bcefd5bc3e655271c27f) \Device\Harddisk0\DR0\Partition2
15:59:50.0585 2408 \Device\Harddisk0\DR0\Partition2 - ok
15:59:50.0585 2408 ============================================================
15:59:50.0585 2408 Scan finished
15:59:50.0585 2408 ============================================================
15:59:50.0605 4860 Detected object count: 1
15:59:50.0605 4860 Actual detected object count: 1
16:00:28.0169 4860 \Device\Harddisk0\DR0\# - copied to quarantine
16:00:28.0169 4860 \Device\Harddisk0\DR0 - copied to quarantine
16:00:28.0211 4860 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
16:00:28.0213 4860 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
16:00:28.0216 4860 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
16:00:28.0220 4860 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
16:00:28.0243 4860 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
16:00:28.0257 4860 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
16:00:28.0258 4860 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
16:00:28.0259 4860 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
16:00:28.0260 4860 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
16:00:28.0261 4860 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
16:00:28.0263 4860 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
16:00:28.0264 4860 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
16:00:28.0298 4860 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
16:00:28.0299 4860 \Device\Harddisk0\DR0 - ok
16:00:29.0013 4860 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
16:00:58.0230 5840 Deinitialize success

#4 Lgreg

Lgreg
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 05 April 2012 - 03:38 PM

Google redirect seems to be gone after running TDSS killer. Ran Malwarebytes again, log is below.
Please let me know if I'm in the clear as I really don't know what the heck I'm doing. :) Thanks, Greg

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.05.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: COMPUTRON [administrator]

4/5/2012 4:19:10 PM
mbam-log-2012-04-05 (16-19-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195562
Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pbrmon.exe (PUP.MyWebSearch) -> 2256 -> Delete on reboot.

Memory Modules Detected: 4
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pSrcAs.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pauxstb.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pdlghk.dll (PUP.MyWebSearch) -> Delete on reboot.

Registry Keys Detected: 100
HKCR\CLSID\{1948934a-1c68-4b2b-9a1f-d12e2a062a1a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7CE22AF-CCB3-423F-84D5-4D77152181F3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponAlert_2pbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.ToolbarPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.ToolbarPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{1f0a2185-da7e-4614-91c0-dd5f4a76cb1b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{16fe2505-f2a0-4782-b035-af0e5188c02c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{79583de9-d0c2-44ef-ae0d-cbfa16c2a785} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{23b38049-323f-443d-9732-f454e5b15b72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23B38049-323F-443D-9732-F454E5B15B72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3462c343-be19-4143-af70-cefb56f46fc6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{60e91567-ef8a-4520-bce2-83aba5256799} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7717f4b3-397f-4ce5-9192-6effde3ac999} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{4d8eacbc-e293-4462-b91e-42ea5b54b743} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.Radio.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.Radio (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3276E8A8-A233-449B-A7EB-FCEE21246018} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{cf9d6d4e-5496-438e-ba24-5a580a59f5a3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.DataControl (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.DataControl.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\CouponAlert_2p (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MozillaPlugins\@CouponAlert_2p.com/Plugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\CouponAlert_2pService (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{411b1946-3277-4a7f-9f60-745266360613} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{ebaf2b4f-510a-47c7-86ba-e7d94d1162f6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{411B1946-3277-4A7F-9F60-745266360613} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{84576f6e-0660-4b4f-8918-bc6c975044d4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{60fc9013-4a5a-4306-9695-fce0a6617f22} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{86d02bcf-0e0e-444f-8a8d-2d5c4a9e6578} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{2d205adf-c992-4eda-99c3-096e13f38ab4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{20bcce5a-c687-46ff-8dd2-ad8235f5f2b4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{0bdf6c42-132c-45f5-92de-dc13f40c6dab} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{a4116f8c-a634-4536-b9ef-6b9ebcc5bae1} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{65D8E17B-312E-4E12-913B-A841A8631143} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{457a4cb8-0391-409d-98b4-c4ccb2849670} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{7924fd2b-877c-4395-a063-a88ab887ea6d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{def07acd-bcea-4269-933a-4087d20842bb} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{c2df3856-676c-41dc-a73b-facbdf8e81e9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8542e415-0e53-4261-8be4-0d1598229d90} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ebbc4e43-292a-40df-88e3-3262b7521460} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{8867ac9b-4426-44a2-a693-c95850d3405c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{53ca18e7-5223-4358-9fd9-97c62c66c5bd} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{23b0ae65-17d2-4491-98e5-b1aa6228dda2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 8
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Data: CÃb4¾CA¯pÎûVôoÆ -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3462c343-be19-4143-af70-cefb56f46fc6} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CouponAlert_2p Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\COUPON~2\bar\2.bin\2pbrmon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|2pffxtbr@CouponAlert_2p.com (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\CouponAlert_2p\bar\2.bin -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 3
C:\Program Files (x86)\CouponAlert_2p (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\CouponAlert_2p\bar (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin (PUP.MyWebSearch) -> Delete on reboot.

Files Detected: 31
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pbar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pskin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pSrcAs.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pradio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pbrmon.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pbarsvc.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pauxstb.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pdatact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pdlghk.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pdyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pfeedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2phighin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2phtml.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2phtmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2phttpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pidle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pimpipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pmedint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pmlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pmsg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pPlugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pregfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pregiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pscript.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2pskplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2ptpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\2puabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\2.bin\NP2pStub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

(end)

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:16 AM

Posted 05 April 2012 - 03:49 PM

Hello,please run these and let me know how it is after.
YOu did a reboot of the machine after the TDSS scan ,Yes?

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.





Now I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Lgreg

Lgreg
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 05 April 2012 - 03:59 PM

Thanks for the reply. Yes, I rebooted after the TDSS. Ran the Minitoolbox and log is below.

MiniToolBox by Farbar Version: 18-01-2012
Ran by Owner (administrator) on 05-04-2012 at 16:57:45
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Computron
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-24-21-E7-AE-51
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::54ea:2c8b:34ab:8e0d%10(Preferred)
IPv4 Address. . . . . . . . . . . : 24.197.140.133(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Lease Obtained. . . . . . . . . . : Thursday, April 05, 2012 4:27:22 PM
Lease Expires . . . . . . . . . . : Thursday, April 05, 2012 10:58:34 PM
Default Gateway . . . . . . . . . : 24.197.128.1
DHCP Server . . . . . . . . . . . : 68.114.38.82
DHCPv6 IAID . . . . . . . . . . . : 234890273
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-29-5F-8C-00-24-21-E7-AE-51
DNS Servers . . . . . . . . . . . : 24.178.162.3
66.189.0.100
24.217.201.67
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{647DD392-1F31-4C98-A988-41E9D286944E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:18c5:8c85::18c5:8c85(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 24.178.162.3
66.189.0.100
24.217.201.67
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3402:2103:e73a:737a(Preferred)
Link-local IPv6 Address . . . . . : fe80::3402:2103:e73a:737a%11(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: vip01spbgsc.spbg.sc.charter.com
Address: 24.178.162.3

Name: google.com
Addresses: 74.125.65.113
74.125.65.102
74.125.65.100
74.125.65.139
74.125.65.101
74.125.65.138


Pinging google.com [74.125.159.101] with 32 bytes of data:
Reply from 74.125.159.101: bytes=32 time=15ms TTL=50
Reply from 74.125.159.101: bytes=32 time=15ms TTL=50

Ping statistics for 74.125.159.101:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 15ms, Average = 15ms
Server: vip01spbgsc.spbg.sc.charter.com
Address: 24.178.162.3

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=118ms TTL=47
Reply from 98.139.183.24: bytes=32 time=68ms TTL=47

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 68ms, Maximum = 118ms, Average = 93ms
Server: vip01spbgsc.spbg.sc.charter.com
Address: 24.178.162.3

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...00 24 21 e7 ae 51 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 24.197.128.1 24.197.140.133 20
24.197.128.0 255.255.240.0 On-link 24.197.140.133 276
24.197.140.133 255.255.255.255 On-link 24.197.140.133 276
24.197.143.255 255.255.255.255 On-link 24.197.140.133 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 24.197.140.133 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 24.197.140.133 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 1125 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:4137:9e76:3402:2103:e73a:737a/128
On-link
13 1025 2002::/16 On-link
13 281 2002:18c5:8c85::18c5:8c85/128
On-link
10 276 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::3402:2103:e73a:737a/128
On-link
10 276 fe80::54ea:2c8b:34ab:8e0d/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/05/2012 03:34:02 PM) (Source: System Restore) (User: )
Description: The restore point selected was damaged or deleted during the restore (Windows Update).

Error: (04/05/2012 11:29:39 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x88e5b370
Faulting process id: 0x3d0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (04/05/2012 07:09:47 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x46613245
Faulting process id: 0x10a4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (04/05/2012 05:51:45 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0x1ba0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (04/05/2012 05:43:52 AM) (Source: Microsoft-Windows-RestartManager) (User: Owner)Owner
Description: Application or service 'Internet Explorer' could not be shut down.

Error: (04/04/2012 06:43:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x13147084
Faulting process id: 0x500
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (04/04/2012 00:28:17 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: MSHTML.dll, version: 9.0.8112.16441, time stamp: 0x4ee81830
Exception code: 0xc0000005
Fault offset: 0x001d9686
Faulting process id: 0xdc0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (04/03/2012 08:11:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (04/03/2012 05:21:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x120870bc
Faulting process id: 0xc38
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (04/03/2012 00:24:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x47477634
Faulting process id: 0xdb0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (04/05/2012 03:15:43 PM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/05/2012 02:59:14 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (04/05/2012 02:59:14 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (04/05/2012 02:59:12 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/05/2012 02:58:42 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/05/2012 02:58:35 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
discache
spldr
Wanarpv6

Error: (04/05/2012 02:58:31 PM) (Source: BugCheck) (User: )
Description: 0x00000050 (0xfffffffffffffff1, 0x0000000000000000, 0xfffff80002c0ddd3, 0x0000000000000000)C:\Windows\MEMORY.DMP040512-25942-01

Error: (04/05/2012 02:58:31 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:55:53 PM on ?4/?5/?2012 was unexpected.

Error: (04/05/2012 02:50:16 PM) (Source: BugCheck) (User: )
Description: 0x0000000a (0x00000002000000ec, 0x0000000000000002, 0x0000000000000001, 0xfffff80002b13045)C:\Windows\MEMORY.DMP040512-30700-01

Error: (04/05/2012 11:09:24 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.


Microsoft Office Sessions:
=========================
Error: (04/05/2012 03:34:02 PM) (Source: System Restore)(User: )
Description: Windows Update

Error: (04/05/2012 11:29:39 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5unknown0.0.0.000000000c000000588e5b3703d001cd131cb0cc6b2b\\.\globalroot\systemroot\svchost.exeunknown281bd478-7f34-11e1-8565-002421e7ae51

Error: (04/05/2012 07:09:47 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5unknown0.0.0.000000000c00000054661324510a401cd131a1f94395e\\.\globalroot\systemroot\svchost.exeunknownda9562bf-7f0f-11e1-8565-002421e7ae51

Error: (04/05/2012 05:51:45 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c31ba001cd12b49dd735dc\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\ntdll.dllf3fca402-7f04-11e1-8565-002421e7ae51

Error: (04/05/2012 05:43:52 AM) (Source: Microsoft-Windows-RestartManager)(User: Owner)Owner
Description: 1C:\Program Files (x86)\Internet Explorer\iexplore.exeInternet Explorer0111758920

Error: (04/04/2012 06:43:25 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5unknown0.0.0.000000000c00000051314708450001cd12846ef1d2e9\\.\globalroot\systemroot\svchost.exeunknown966cf43a-7ea7-11e1-8565-002421e7ae51

Error: (04/04/2012 00:28:17 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5MSHTML.dll9.0.8112.164414ee81830c0000005001d9686dc001cd127f49515403\\.\globalroot\systemroot\svchost.exeC:\Windows\system32\MSHTML.dll2eaa7d34-7e73-11e1-8565-002421e7ae51

Error: (04/03/2012 08:11:15 PM) (Source: SideBySide)(User: )
Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10

Error: (04/03/2012 05:21:26 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5unknown0.0.0.000000000c0000005120870bcc3801cd11b64f84d99c\\.\globalroot\systemroot\svchost.exeunknownf83e792c-7dd2-11e1-95a0-002421e7ae51

Error: (04/03/2012 00:24:22 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5unknown0.0.0.000000000c000000547477634db001cd11afbef4f337\\.\globalroot\systemroot\svchost.exeunknown7806e5ae-7da9-11e1-95a0-002421e7ae51


=========================== Installed Programs ============================

1400 (Version: 130.0.365.000)
1400_Help (Version: 82.0.242.000)
1400Trb (Version: 82.0.242.000)
64 Bit HP CIO Components Installer (Version: 7.2.8)
Activate Norton Online Backup (Version: 1.1.20.0)
Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 10 Plugin (Version: 10.0.32.18)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
AIO_CDB_ProductContext (Version: 130.0.365.000)
AIO_CDB_Software (Version: 130.0.365.000)
AIO_Scan (Version: 130.0.421.000)
Ask Toolbar (Version: 1.14.1.0)
Ask Toolbar Updater (Version: 1.2.0.20007)
Breakit4 (Version: 1.1.1)
BufferChm (Version: 130.0.331.000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Copy (Version: 130.0.428.000)
Coupon Printer for Windows (Version: 5.0.0.0)
CouponBar
CyberLink DVD Suite Deluxe (Version: 6.0.3101)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 130.0.465.000)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
DocProc (Version: 13.0.0.0)
Download Updater (AOL LLC)
Fax (Version: 130.0.418.000)
Foxit Reader (Version: 3.1.3.1030)
Google Chrome (Version: 17.0.963.79)
Google Desktop (Version: 5.9.1005.12335)
Google Gmail Notifier
Google Talk Plugin (Version: 2.7.5.6365)
GoToMeeting 4.5.0.452
GPBaseService2 (Version: 130.0.371.000)
Hardware Diagnostic Tools (Version: 6.0.5434.08)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
Homepage Protection (Version: )
HP Advisor (Version: 3.2.8946.3086)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Games (Version: 1.0.0.71)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP MediaSmart Demo (Version: 1.00.0000)
HP MediaSmart DVD (Version: 3.0.3123)
HP MediaSmart Movie Themes (Version: 3.0.3102)
HP MediaSmart Music/Photo/Video (Version: 3.0.3205)
HP MediaSmart SmartMenu (Version: 3.0.28.2)
HP Odometer (Version: 2.10.0000)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0)
HP Remote Solution (Version: 1.1.9.0)
HP Setup (Version: 1.2.3220.3079)
HP Solution Center 13.0 (Version: 13.0)
HP Support Assistant (Version: 6.1.12.1)
HP Support Information (Version: 10.1.0002)
HP Update (Version: 5.001.000.014)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1912)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
LabelPrint (Version: 2.5.1901)
LightScribe System Software (Version: 1.18.5.1)
LSI PCI-SV92EX Soft Modem (Version: 2.2.98)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
McAfee Security Scan Plus (Version: 2.1.121.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Live Search Toolbar (Version: 3.0.560.0)
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox (3.5.5) (Version: 3.5.5 (en-US))
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network64 (Version: 130.0.572.000)
Network64 (Version: 140.0.221.000)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Oryte Radio
PictureMover (Version: 3.3.1.19)
Power2Go (Version: 6.0.3101)
PowerDirector (Version: 7.0.3101)
PowerRecover (Version: 5.5.1923)
Realtek High Definition Audio Driver (Version: 6.0.1.5910)
Scan (Version: 140.0.80.000)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.469.000)
TeamViewer 6 (Version: 6.0.10194)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
Uninstall AOL Emergency Connect Utility 1.0
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Viewpoint Media Player
WebReg (Version: 130.0.132.017)
Zip2 GT Toolbar (Version: 1.514)

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 4085.18 MB
Available physical RAM: 2902.19 MB
Total Pagefile: 8168.55 MB
Available Pagefile: 6937.8 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.5 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:584.25 GB) (Free:537.35 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.83 GB) (Free:2.16 GB) NTFS

========================= Users: ========================================

User accounts for \\COMPUTRON

Administrator Guest Owner


**** End of log ****

#7 Lgreg

Lgreg
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 05 April 2012 - 04:03 PM

Here's the aswmbr log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-05 17:01:10
-----------------------------
17:01:10.564 OS Version: Windows x64 6.1.7601 Service Pack 1
17:01:10.564 Number of processors: 2 586 0x170A
17:01:10.564 ComputerName: COMPUTRON UserName: Owner
17:01:11.515 Initialize success
17:01:22.499 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:01:22.499 Disk 0 Vendor: SAMSUNG_HD642JJ 1AA01117 Size: 610480MB BusType: 3
17:01:22.515 Disk 0 MBR read successfully
17:01:22.515 Disk 0 MBR scan
17:01:22.530 Disk 0 unknown MBR code
17:01:22.530 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:01:22.546 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 598269 MB offset 206848
17:01:22.562 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12109 MB offset 1225461760
17:01:22.577 Disk 0 scanning C:\Windows\system32\drivers
17:01:27.975 Service scanning
17:01:39.768 Modules scanning
17:01:39.768 Disk 0 trace - called modules:
17:01:39.800 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys
17:01:39.800 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048db060]
17:01:39.815 3 CLASSPNP.SYS[fffff8800198443f] -> nt!IofCallDriver -> [0xfffffa800396ce40]
17:01:39.815 5 ACPI.sys[fffff88000f017a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800447f060]
17:01:39.831 Scan finished successfully
17:01:54.120 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Documents\MBR.dat"
17:01:54.120 The log file has been saved successfully to "C:\Users\Owner\Documents\aswMBR.txt"
17:02:18.990 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
17:02:19.006 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

#8 Lgreg

Lgreg
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 05 April 2012 - 07:23 PM

Here's the ESET scan file:

C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\14EIPlug.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\14EZSETP.dll a variant of Win32/Toolbar.MyWebSearch.Q application cleaned by deleting - quarantined
C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISb.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\3F92.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\3F93.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.04.2012_15.58.30\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.04.2012_15.58.30\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.04.2012_15.58.30\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.04.2012_15.58.30\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.04.2012_15.58.30\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KS trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.04.2012_15.58.30\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.04.2012_15.58.30\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.04.2012_15.58.30\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\CouponAlertAuto.exe probably a variant of Win32/Toolbar.MyWebSearch.L application deleted - quarantined
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X60D100R\u8itsm1w[1].htm JS/Agent.NEY trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\jar_cache5013766760029401515.tmp a variant of Java/Exploit.CVE-2011-3544.AV trojan deleted - quarantined
C:\Users\Owner\AppData\Local\Temp\Low\CouponsBar.dll probably a variant of Win32/Adware.Softomate.AD application cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\OryteRadio_4e\bar\setups\RadioPI Installer(01282792).exe a variant of Win32/AdInstaller application deleted - quarantined
C:\Users\Owner\AppData\LocalLow\OryteRadio_4e\bar\setups\RadioPI Installer(014c29f3).exe a variant of Win32/AdInstaller application deleted - quarantined
C:\Users\Owner\AppData\LocalLow\OryteRadio_4e\bar\setups\RadioPI Installer(05370883).exe a variant of Win32/AdInstaller application deleted - quarantined
C:\Users\Owner\AppData\LocalLow\OryteRadio_4e\bar\setups\RadioPI Installer(0783d59d).exe a variant of Win32/AdInstaller application deleted - quarantined
C:\Users\Owner\AppData\LocalLow\OryteRadio_4e\bar\setups\RadioPI Installer(0a8dd436).exe a variant of Win32/AdInstaller application deleted - quarantined
C:\Users\Owner\AppData\LocalLow\OryteRadio_4e\bar\setups\RadioPI Installer(0c6abcba).exe a variant of Win32/AdInstaller application deleted - quarantined
C:\Users\Owner\AppData\LocalLow\OryteRadio_4e\bar\setups\RadioPI Installer(0f33c254).exe a variant of Win32/AdInstaller application deleted - quarantined
C:\Users\Owner\AppData\LocalLow\OryteRadio_4e\bar\setups\RadioPI Installer(118bb42d).exe a variant of Win32/AdInstaller application deleted - quarantined
C:\Users\Owner\AppData\LocalLow\OryteRadio_4e\bar\setups\RadioPI Installer(15155658).exe a variant of Win32/AdInstaller application deleted - quarantined
C:\Users\Owner\AppData\LocalLow\OryteRadio_4e\bar\setups\RadioPI Installer(15c1167e).exe a variant of Win32/AdInstaller application deleted - quarantined
C:\Users\Owner\AppData\LocalLow\OryteRadio_4e\bar\setups\RadioPI Installer(1c26bdc6).exe a variant of Win32/AdInstaller application deleted - quarantined
C:\Users\Owner\AppData\LocalLow\OryteRadio_4e\bar\setups\RadioPI Installer(1fef746b).exe a variant of Win32/AdInstaller application deleted - quarantined
C:\Users\Owner\AppData\LocalLow\OryteRadio_4e\bar\setups\RadioPI Installer(25408b8f).exe a variant of Win32/AdInstaller application deleted - quarantined
C:\Users\Owner\AppData\LocalLow\OryteRadio_4e\bar\setups\RadioPI Installer(2b46b695).exe a variant of Win32/AdInstaller application deleted - quarantined
C:\Users\Owner\AppData\LocalLow\OryteRadio_4e\bar\setups\RadioPI Installer(811c9f9f).exe a variant of Win32/AdInstaller application deleted - quarantined
C:\Users\Owner\AppData\LocalLow\OryteRadio_4e\bar\setups\RadioPIAuto.exe a variant of Win32/AdInstaller application deleted - quarantined
C:\Users\Owner\AppData\LocalLow\OryteRadio_4eEI\Installr\Cache\00028D6F.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\1f45ed15-45bac9e1 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\154d9fe9-68d17cd8 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\69c2abb4-19b7e2f0 a variant of Java/Exploit.CVE-2011-3544.AV trojan deleted - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\3efb53a-234af51b a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\3c07c907-6de302c7 multiple threats deleted - quarantined

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:16 AM

Posted 05 April 2012 - 07:47 PM

We removed a lot of real junk. How is it now?

Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Lgreg

Lgreg
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 06 April 2012 - 11:57 AM

Google redirect is gone and loads are faster; all seems to be well. Thanks so much for the assistance!
Stupid question: Should I run some of these, like TFC, on a regular basis?
Thanks again, Greg

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:16 AM

Posted 06 April 2012 - 12:11 PM

I run my AV,monthly, The antimalware every week (MBAM and or SAS) TFC month or two when I do an online scan also(ESET).

SAS we did not run yet and we will as it clears tracking cookies well also.

Now in the MINI log under =========================== Installed Programs ============================

You have toolbars you should remove thru Remove programs.



You also need to update to Java 7.. and we will be done.

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u3-windows-i586.exe (or jre-7u3-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Lgreg

Lgreg
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 06 April 2012 - 01:03 PM

I have Java 6 Update 29 and it will not uninstall. When I try to uninstall I get a box that says "The applications listed are currently running and must be closed to allow the install to proceed." There are no applications listed. At the bottom are two buttons - RETRY and CANCEL. RETRY does nothing and CANCEL closes the box. I've tried several times and am not sure what I'm doing wrong.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:16 AM

Posted 06 April 2012 - 02:27 PM

Try shutting everything else down. Or try Rebooting into Safe Mode with Networking
How to start Windows 7 in Safe Mode

Edited by boopme, 06 April 2012 - 02:27 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Lgreg

Lgreg
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 06 April 2012 - 03:58 PM

Thanks. Java 6 is uninstalled and Java 7 is in place. There was no option for Java Quick Starter. Also, when I installed the Java two other programs seem to have been installed at the same time - Compatibility Pack for the 2007 Office system and Microsoft Office Powerpoint viewer 2007 (English). Both look legit but are they supposed to be there?
Thanks, Greg

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:16 AM

Posted 06 April 2012 - 06:47 PM

Those 2 are in the Mini log above, Legitimate MSFT products,probablt when you installed this. Microsoft Office Home and Student 60 day trial. So they were there.

Here's SAS
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users