Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Happili Redirect issues (Protected Malware?)


  • This topic is locked This topic is locked
24 replies to this topic

#1 paice

paice

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 04 April 2012 - 10:20 AM

Hello,

A couple of days ago, I began getting intermittently redirected to a happili.com site when trying Google searches (mostly on Firefox, but I believe also on IE and Chrome.

As seen in the below link of the thread that I had started in the "Am I Infected?" sub forum, I've been instructed and proceeded to do multiple procedures.

http://www.bleepingcomputer.com/forums/topic448606.html

As far as I can tell, Firefox works ok now, though that may be because I disabled some Add on Extensions and that I still have whatever malware or the like on my pc (as Google Chrome is still frequently redireting me to happili.com and a couple of other redirected sites, the names of which I don't recall ... gimmeanswers.com, I think, was one of them).

Attached is the attach file. Below is the DDS log. I didn't run the GMER program for an ARK.txt file, as I have a 64-bit system:

Thanks

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Cos at 10:50:55 on 2012-04-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2862 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\splwow64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 167.206.245.130 167.206.245.129
TCP: Interfaces\{BBF9F091-EADE-4E1C-AB76-D5897FD5207B} : DhcpNameServer = 192.168.1.1 167.206.245.130 167.206.245.129
TCP: Interfaces\{D739A00B-9635-4EAB-B035-E5B71059EB9F} : DhcpNameServer = 192.168.1.1 167.206.245.130 167.206.245.129
TCP: Interfaces\{D739A00B-9635-4EAB-B035-E5B71059EB9F}\34963736F61413335343 : DhcpNameServer = 192.168.1.1 167.206.245.130 167.206.245.129
TCP: Interfaces\{D739A00B-9635-4EAB-B035-E5B71059EB9F}\95F657E67624561627 : DhcpNameServer = 192.168.1.1 167.206.245.130 167.206.245.129
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cos\AppData\Roaming\Mozilla\Firefox\Profiles\x6g2umi8.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Cos\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-8-20 92216]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-8-12 87040]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-1-26 1119768]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-21 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-21 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 SIVDRIVER;SIV Kernel Driver;\??\C:\Windows\system32\Drivers\SIVX64.sys --> C:\Windows\system32\Drivers\SIVX64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-04 00:52:25 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-04 00:52:25 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-04-03 17:52:19 -------- d-----w- C:\Program Files (x86)\ESET
2012-04-03 01:08:44 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-04-03 00:58:36 -------- d-----w- C:\ProgramData\Ask
2012-03-16 05:04:04 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-03-16 05:04:04 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-03-16 05:04:04 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-03-14 07:00:41 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 07:00:41 3957616 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:00:40 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 23:18:31 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 23:18:30 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-13 23:18:30 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-13 23:18:30 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-13 23:18:30 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-13 23:18:30 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-13 23:18:30 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-13 23:18:30 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 23:18:30 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-13 23:18:30 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 23:18:29 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-03-13 18:17:43 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 18:17:43 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 18:17:43 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 18:17:42 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 18:17:42 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 18:17:42 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 18:17:42 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
.
==================== Find3M ====================
.
2012-04-03 00:57:58 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 10:51:34.86 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:19 AM

Posted 05 April 2012 - 01:56 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 paice

paice
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 05 April 2012 - 01:18 PM

I guess this is where my computer illiteracy comes into play (I'm surprised I got through the few steps I did the last couple of days as smoothly as I did).

I can't figure out how to disable MBAM, even with the instructions link. Though, that link does specify "registered version only," and I don't have the pay version of MBAM, just the free one. It's not in my Systems Tray, so I just right clicked from the desktop icon, perused every tab and saw nothing about disabling the app. Any ideas?

I did notice that there were 3 files quarantined, so I deleted them (I thought I had already done that yesterday). Hopefully that doesn't mess anything up.

Anyway, I had disabled AVG antivirus for the 15 minutes and the time was used up trying to figure out MBAM, so it's now enabled again. I guess i'll just sit tight until you instruct me how to disable this MBAM (unless I don't even have to disable the free version. Perhaps that's why there's no apparent way to do so that I've found.

Sorry about this delay.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:19 AM

Posted 05 April 2012 - 01:35 PM

You don't need to turn off the free MBAM

go ahead and run combofix


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 paice

paice
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 05 April 2012 - 02:31 PM

Ran the ComboFix (it took 26 minutes. Seeing how the AVG enables itself after 15 minutes, I'm not sure if anything was negatively effected if it re-enabled itself during the ComboFix process)

Here's the ComboFix log

ComboFix 12-04-05.06 - Cos 04/05/2012 14:55:44.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2565 [GMT -4:00]
Running from: c:\users\Cos\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))
.
.
2012-04-05 19:03 . 2012-04-05 19:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-14 07:00 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 07:00 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:00 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 23:18 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:18 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:18 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 23:18 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 23:18 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 23:18 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 23:18 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 23:18 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-13 23:18 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-13 23:18 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-13 23:18 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-13 18:17 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 18:17 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 18:17 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 18:17 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 18:17 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 18:17 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 18:17 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 00:57 . 2011-12-29 05:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 08:02 . 2012-02-23 08:02 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-23 08:02 . 2012-02-23 08:02 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-23 08:02 . 2012-02-23 08:02 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-23 08:02 . 2012-02-23 08:02 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-23 08:02 . 2012-02-23 08:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-23 08:02 . 2012-02-23 08:02 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-23 08:02 . 2012-02-23 08:02 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-23 08:02 . 2012-02-23 08:02 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-23 08:02 . 2012-02-23 08:02 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-23 08:02 . 2012-02-23 08:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-23 08:02 . 2012-02-23 08:02 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-23 08:02 . 2012-02-23 08:02 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-23 08:02 . 2012-02-23 08:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-23 08:02 . 2012-02-23 08:02 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-23 08:02 . 2012-02-23 08:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 08:02 . 2012-02-23 08:02 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-23 08:02 . 2012-02-23 08:02 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-23 08:02 . 2012-02-23 08:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-23 08:02 . 2012-02-23 08:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-23 08:02 . 2012-02-23 08:02 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-23 08:02 . 2012-02-23 08:02 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-23 08:02 . 2012-02-23 08:02 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-23 08:02 . 2012-02-23 08:02 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-23 08:02 . 2012-02-23 08:02 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-23 08:02 . 2012-02-23 08:02 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-23 08:02 . 2012-02-23 08:02 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-23 08:02 . 2012-02-23 08:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-23 08:02 . 2012-02-23 08:02 448512 ----a-w- c:\windows\system32\html.iec
2012-02-23 08:02 . 2012-02-23 08:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 08:02 . 2012-02-23 08:02 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-02-23 08:02 . 2012-02-23 08:02 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-23 08:02 . 2012-02-23 08:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-23 08:02 . 2012-02-23 08:02 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-23 08:02 . 2012-02-23 08:02 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-23 08:02 . 2012-02-23 08:02 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-23 08:02 . 2012-02-23 08:02 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-23 08:02 . 2012-02-23 08:02 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-23 08:02 . 2012-02-23 08:02 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-23 08:02 . 2012-02-23 08:02 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-23 08:02 . 2012-02-23 08:02 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-23 08:02 . 2012-02-23 08:02 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-23 08:02 . 2012-02-23 08:02 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 20:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-14 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-08-21 92216]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 04:13]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 04:13]
.
2012-04-05 c:\windows\Tasks\HPCeeScheduleForCos.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-03-10 c:\windows\Tasks\HPCeeScheduleForVICTOR030$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1424896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 167.206.245.130 167.206.245.129
FF - ProfilePath - c:\users\Cos\AppData\Roaming\Mozilla\Firefox\Profiles\x6g2umi8.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-04-05 15:21:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-05 19:21
.
Pre-Run: 929,367,638,016 bytes free
Post-Run: 928,945,049,600 bytes free
.
- - End Of File - - 552AA7981BB4BE4B4D1EBF15457DF8FA

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:19 AM

Posted 05 April 2012 - 02:38 PM

Greetings

How are the redirects?

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 paice

paice
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 05 April 2012 - 02:50 PM

Do I use the desktop icons for TDSS and aswmbr that I did recently for the other thread, or delete them and start anew?


As for the redirects, they're the same as the beginning of this thread:

Chrome is a mess, re-directing me to a screen where whatever topic was googled and subsequently chosen is shown in different fonts (all blue) where the address line reads click.get-answers-fast.com (with a bunch of extensions that I won't post here, in case anyone else cuts n' pastes the link and gets "dirty" too. Firefox (likely because of the disabled add on extensions) and IE seem ok.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:19 AM

Posted 05 April 2012 - 03:02 PM

Download new ones



Uninstall chrome and firefox - if asked about user data or settings remove that also


then reinstall them and let me know if they still redirect


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 paice

paice
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 05 April 2012 - 04:48 PM

TDSS log

17:25:26.0844 4688 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
17:25:27.0083 4688 ============================================================
17:25:27.0083 4688 Current date / time: 2012/04/05 17:25:27.0083
17:25:27.0083 4688 SystemInfo:
17:25:27.0083 4688
17:25:27.0083 4688 OS Version: 6.1.7600 ServicePack: 0.0
17:25:27.0083 4688 Product type: Workstation
17:25:27.0084 4688 ComputerName: VICTOR030
17:25:27.0084 4688 UserName: Cos
17:25:27.0084 4688 Windows directory: C:\Windows
17:25:27.0084 4688 System windows directory: C:\Windows
17:25:27.0084 4688 Running under WOW64
17:25:27.0084 4688 Processor architecture: Intel x64
17:25:27.0084 4688 Number of processors: 4
17:25:27.0084 4688 Page size: 0x1000
17:25:27.0084 4688 Boot type: Normal boot
17:25:27.0084 4688 ============================================================
17:25:28.0154 4688 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:25:28.0176 4688 \Device\Harddisk0\DR0:
17:25:28.0176 4688 MBR used
17:25:28.0176 4688 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x35000
17:25:28.0176 4688 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x36E8E, BlocksNum 0x72B95182
17:25:28.0176 4688 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72BCC800, BlocksNum 0x1B39DB0
17:25:28.0228 4688 Initialize success
17:25:28.0228 4688 ============================================================
17:25:29.0655 3568 ============================================================
17:25:29.0655 3568 Scan started
17:25:29.0655 3568 Mode: Manual;
17:25:29.0655 3568 ============================================================
17:25:30.0460 3568 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
17:25:30.0465 3568 1394ohci - ok
17:25:30.0500 3568 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
17:25:30.0506 3568 ACPI - ok
17:25:30.0524 3568 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
17:25:30.0526 3568 AcpiPmi - ok
17:25:30.0615 3568 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:25:30.0617 3568 AdobeARMservice - ok
17:25:30.0656 3568 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:25:30.0664 3568 adp94xx - ok
17:25:30.0680 3568 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:25:30.0683 3568 adpahci - ok
17:25:30.0693 3568 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:25:30.0695 3568 adpu320 - ok
17:25:30.0720 3568 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:25:30.0721 3568 AeLookupSvc - ok
17:25:30.0776 3568 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
17:25:30.0785 3568 AFD - ok
17:25:30.0797 3568 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
17:25:30.0799 3568 agp440 - ok
17:25:30.0812 3568 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:25:30.0813 3568 ALG - ok
17:25:30.0834 3568 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
17:25:30.0835 3568 aliide - ok
17:25:30.0866 3568 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe
17:25:30.0870 3568 AMD External Events Utility - ok
17:25:30.0881 3568 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
17:25:30.0883 3568 amdide - ok
17:25:30.0896 3568 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:25:30.0897 3568 AmdK8 - ok
17:25:31.0036 3568 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
17:25:31.0068 3568 amdkmdag - ok
17:25:31.0079 3568 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
17:25:31.0080 3568 amdkmdap - ok
17:25:31.0097 3568 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:25:31.0098 3568 AmdPPM - ok
17:25:31.0138 3568 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
17:25:31.0139 3568 amdsata - ok
17:25:31.0149 3568 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:25:31.0151 3568 amdsbs - ok
17:25:31.0165 3568 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
17:25:31.0166 3568 amdxata - ok
17:25:31.0212 3568 amd_sata (8a2b4818215d8a6ff54dc3f0d63cbb2d) C:\Windows\system32\DRIVERS\amd_sata.sys
17:25:31.0215 3568 amd_sata - ok
17:25:31.0230 3568 amd_xata (a2d8977623e13591b15f6370c6cc37b0) C:\Windows\system32\DRIVERS\amd_xata.sys
17:25:31.0232 3568 amd_xata - ok
17:25:31.0245 3568 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
17:25:31.0247 3568 AppID - ok
17:25:31.0259 3568 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:25:31.0260 3568 AppIDSvc - ok
17:25:31.0273 3568 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
17:25:31.0274 3568 Appinfo - ok
17:25:31.0295 3568 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:25:31.0296 3568 arc - ok
17:25:31.0305 3568 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:25:31.0307 3568 arcsas - ok
17:25:31.0327 3568 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:25:31.0328 3568 AsyncMac - ok
17:25:31.0372 3568 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
17:25:31.0374 3568 atapi - ok
17:25:31.0428 3568 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
17:25:31.0430 3568 AtiPcie - ok
17:25:31.0474 3568 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:25:31.0485 3568 AudioEndpointBuilder - ok
17:25:31.0498 3568 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:25:31.0504 3568 AudioSrv - ok
17:25:31.0641 3568 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
17:25:31.0662 3568 AVGIDSAgent - ok
17:25:31.0692 3568 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
17:25:31.0693 3568 AVGIDSDriver - ok
17:25:31.0708 3568 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
17:25:31.0709 3568 AVGIDSEH - ok
17:25:31.0727 3568 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
17:25:31.0729 3568 AVGIDSFilter - ok
17:25:31.0791 3568 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
17:25:31.0796 3568 Avgldx64 - ok
17:25:31.0818 3568 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
17:25:31.0820 3568 Avgmfx64 - ok
17:25:31.0885 3568 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
17:25:31.0887 3568 Avgrkx64 - ok
17:25:31.0922 3568 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
17:25:31.0929 3568 Avgtdia - ok
17:25:31.0958 3568 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
17:25:31.0962 3568 avgwd - ok
17:25:31.0995 3568 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
17:25:31.0998 3568 AxInstSV - ok
17:25:32.0075 3568 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:25:32.0083 3568 b06bdrv - ok
17:25:32.0123 3568 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:25:32.0129 3568 b57nd60a - ok
17:25:32.0157 3568 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:25:32.0159 3568 BDESVC - ok
17:25:32.0170 3568 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:25:32.0171 3568 Beep - ok
17:25:32.0218 3568 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
17:25:32.0230 3568 BFE - ok
17:25:32.0274 3568 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
17:25:32.0290 3568 BITS - ok
17:25:32.0310 3568 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:25:32.0311 3568 blbdrive - ok
17:25:32.0338 3568 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
17:25:32.0340 3568 bowser - ok
17:25:32.0356 3568 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:25:32.0357 3568 BrFiltLo - ok
17:25:32.0370 3568 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:25:32.0370 3568 BrFiltUp - ok
17:25:32.0396 3568 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:25:32.0397 3568 BridgeMP - ok
17:25:32.0435 3568 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
17:25:32.0436 3568 Browser - ok
17:25:32.0447 3568 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:25:32.0450 3568 Brserid - ok
17:25:32.0459 3568 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:25:32.0460 3568 BrSerWdm - ok
17:25:32.0477 3568 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:25:32.0477 3568 BrUsbMdm - ok
17:25:32.0519 3568 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:25:32.0521 3568 BrUsbSer - ok
17:25:32.0533 3568 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:25:32.0536 3568 BTHMODEM - ok
17:25:32.0563 3568 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:25:32.0564 3568 bthserv - ok
17:25:32.0646 3568 catchme - ok
17:25:32.0695 3568 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:25:32.0697 3568 cdfs - ok
17:25:32.0787 3568 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
17:25:32.0790 3568 cdrom - ok
17:25:32.0814 3568 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:25:32.0817 3568 CertPropSvc - ok
17:25:32.0828 3568 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:25:32.0831 3568 circlass - ok
17:25:32.0861 3568 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:25:32.0865 3568 CLFS - ok
17:25:32.0915 3568 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:25:32.0917 3568 clr_optimization_v2.0.50727_32 - ok
17:25:32.0947 3568 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:25:32.0950 3568 clr_optimization_v2.0.50727_64 - ok
17:25:33.0009 3568 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:25:33.0013 3568 clr_optimization_v4.0.30319_32 - ok
17:25:33.0040 3568 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:25:33.0044 3568 clr_optimization_v4.0.30319_64 - ok
17:25:33.0068 3568 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:25:33.0070 3568 CmBatt - ok
17:25:33.0087 3568 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
17:25:33.0088 3568 cmdide - ok
17:25:33.0126 3568 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
17:25:33.0134 3568 CNG - ok
17:25:33.0157 3568 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:25:33.0159 3568 Compbatt - ok
17:25:33.0187 3568 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:25:33.0188 3568 CompositeBus - ok
17:25:33.0220 3568 COMSysApp - ok
17:25:33.0254 3568 CpqDfw (a398ed024f739e7be74ecffa8a713a89) C:\Windows\system32\drivers\CpqDfw.sys
17:25:33.0255 3568 CpqDfw - ok
17:25:33.0272 3568 cqcpu (10fb0ff62af6262bf88e3607e2ae2a69) C:\Windows\system32\drivers\cqcpu.sys
17:25:33.0273 3568 cqcpu - ok
17:25:33.0286 3568 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:25:33.0287 3568 crcdisk - ok
17:25:33.0317 3568 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
17:25:33.0319 3568 CryptSvc - ok
17:25:33.0345 3568 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:25:33.0351 3568 DcomLaunch - ok
17:25:33.0372 3568 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:25:33.0376 3568 defragsvc - ok
17:25:33.0401 3568 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
17:25:33.0403 3568 DfsC - ok
17:25:33.0430 3568 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
17:25:33.0433 3568 Dhcp - ok
17:25:33.0446 3568 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:25:33.0447 3568 discache - ok
17:25:33.0463 3568 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:25:33.0465 3568 Disk - ok
17:25:33.0501 3568 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
17:25:33.0506 3568 Dnscache - ok
17:25:33.0524 3568 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
17:25:33.0530 3568 dot3svc - ok
17:25:33.0549 3568 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
17:25:33.0551 3568 DPS - ok
17:25:33.0572 3568 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:25:33.0573 3568 drmkaud - ok
17:25:33.0611 3568 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
17:25:33.0618 3568 DXGKrnl - ok
17:25:33.0637 3568 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:25:33.0639 3568 EapHost - ok
17:25:33.0717 3568 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:25:33.0740 3568 ebdrv - ok
17:25:33.0768 3568 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
17:25:33.0769 3568 EFS - ok
17:25:33.0817 3568 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
17:25:33.0828 3568 ehRecvr - ok
17:25:33.0858 3568 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:25:33.0860 3568 ehSched - ok
17:25:33.0888 3568 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:25:33.0892 3568 elxstor - ok
17:25:33.0909 3568 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
17:25:33.0910 3568 ErrDev - ok
17:25:33.0944 3568 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:25:33.0948 3568 EventSystem - ok
17:25:33.0958 3568 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:25:33.0960 3568 exfat - ok
17:25:33.0978 3568 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:25:33.0980 3568 fastfat - ok
17:25:34.0016 3568 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
17:25:34.0022 3568 Fax - ok
17:25:34.0037 3568 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:25:34.0038 3568 fdc - ok
17:25:34.0053 3568 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:25:34.0054 3568 fdPHost - ok
17:25:34.0083 3568 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:25:34.0084 3568 FDResPub - ok
17:25:34.0097 3568 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:25:34.0098 3568 FileInfo - ok
17:25:34.0116 3568 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:25:34.0117 3568 Filetrace - ok
17:25:34.0126 3568 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:25:34.0127 3568 flpydisk - ok
17:25:34.0151 3568 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
17:25:34.0154 3568 FltMgr - ok
17:25:34.0209 3568 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
17:25:34.0224 3568 FontCache - ok
17:25:34.0269 3568 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:25:34.0271 3568 FontCache3.0.0.0 - ok
17:25:34.0292 3568 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:25:34.0294 3568 FsDepends - ok
17:25:34.0314 3568 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:25:34.0315 3568 Fs_Rec - ok
17:25:34.0338 3568 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:25:34.0340 3568 fvevol - ok
17:25:34.0353 3568 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:25:34.0354 3568 gagp30kx - ok
17:25:34.0419 3568 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
17:25:34.0424 3568 GameConsoleService - ok
17:25:34.0456 3568 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
17:25:34.0463 3568 gpsvc - ok
17:25:34.0527 3568 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:25:34.0530 3568 gupdate - ok
17:25:34.0540 3568 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:25:34.0543 3568 gupdatem - ok
17:25:34.0572 3568 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:25:34.0573 3568 gusvc - ok
17:25:34.0582 3568 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:25:34.0583 3568 hcw85cir - ok
17:25:34.0623 3568 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
17:25:34.0626 3568 HdAudAddService - ok
17:25:34.0660 3568 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:25:34.0662 3568 HDAudBus - ok
17:25:34.0689 3568 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:25:34.0690 3568 HidBatt - ok
17:25:34.0713 3568 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:25:34.0714 3568 HidBth - ok
17:25:34.0723 3568 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:25:34.0724 3568 HidIr - ok
17:25:34.0772 3568 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:25:34.0775 3568 hidserv - ok
17:25:34.0804 3568 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
17:25:34.0806 3568 HidUsb - ok
17:25:34.0839 3568 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
17:25:34.0844 3568 hkmsvc - ok
17:25:34.0873 3568 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
17:25:34.0879 3568 HomeGroupListener - ok
17:25:34.0909 3568 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
17:25:34.0912 3568 HomeGroupProvider - ok
17:25:34.0969 3568 HP Health Check Service (37965381364b2e106e1dd7d74cdcaa43) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
17:25:34.0972 3568 HP Health Check Service - ok
17:25:35.0010 3568 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
17:25:35.0016 3568 HPClientSvc - ok
17:25:35.0049 3568 HPDrvMntSvc.exe (a48a151d3fa7cb032a51453f087221c7) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:25:35.0052 3568 HPDrvMntSvc.exe - ok
17:25:35.0086 3568 hpqwmiex (71bd8a611e0677175d3938c9cea7339a) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
17:25:35.0098 3568 hpqwmiex - ok
17:25:35.0142 3568 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:25:35.0145 3568 HpSAMD - ok
17:25:35.0200 3568 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
17:25:35.0202 3568 HTCAND64 - ok
17:25:35.0253 3568 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
17:25:35.0255 3568 htcnprot - ok
17:25:35.0298 3568 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
17:25:35.0311 3568 HTTP - ok
17:25:35.0335 3568 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
17:25:35.0337 3568 hwpolicy - ok
17:25:35.0367 3568 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:25:35.0370 3568 i8042prt - ok
17:25:35.0402 3568 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
17:25:35.0410 3568 iaStorV - ok
17:25:35.0472 3568 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:25:35.0486 3568 idsvc - ok
17:25:35.0503 3568 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:25:35.0506 3568 iirsp - ok
17:25:35.0545 3568 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
17:25:35.0559 3568 IKEEXT - ok
17:25:35.0620 3568 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
17:25:35.0635 3568 IntcAzAudAddService - ok
17:25:35.0648 3568 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
17:25:35.0649 3568 intelide - ok
17:25:35.0668 3568 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:25:35.0669 3568 intelppm - ok
17:25:35.0685 3568 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:25:35.0686 3568 IPBusEnum - ok
17:25:35.0705 3568 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:25:35.0706 3568 IpFilterDriver - ok
17:25:35.0728 3568 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
17:25:35.0732 3568 iphlpsvc - ok
17:25:35.0750 3568 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:25:35.0751 3568 IPMIDRV - ok
17:25:35.0767 3568 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:25:35.0768 3568 IPNAT - ok
17:25:35.0803 3568 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:25:35.0804 3568 IRENUM - ok
17:25:35.0862 3568 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
17:25:35.0863 3568 isapnp - ok
17:25:35.0883 3568 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
17:25:35.0887 3568 iScsiPrt - ok
17:25:35.0910 3568 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:25:35.0913 3568 kbdclass - ok
17:25:35.0937 3568 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
17:25:35.0938 3568 kbdhid - ok
17:25:35.0965 3568 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:25:35.0967 3568 KeyIso - ok
17:25:36.0001 3568 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
17:25:36.0004 3568 KSecDD - ok
17:25:36.0039 3568 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
17:25:36.0043 3568 KSecPkg - ok
17:25:36.0065 3568 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:25:36.0067 3568 ksthunk - ok
17:25:36.0100 3568 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:25:36.0108 3568 KtmRm - ok
17:25:36.0149 3568 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
17:25:36.0156 3568 LanmanServer - ok
17:25:36.0184 3568 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
17:25:36.0191 3568 LanmanWorkstation - ok
17:25:36.0233 3568 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:25:36.0235 3568 LightScribeService - ok
17:25:36.0259 3568 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:25:36.0261 3568 lltdio - ok
17:25:36.0287 3568 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:25:36.0294 3568 lltdsvc - ok
17:25:36.0314 3568 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:25:36.0318 3568 lmhosts - ok
17:25:36.0344 3568 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:25:36.0347 3568 LSI_FC - ok
17:25:36.0372 3568 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:25:36.0373 3568 LSI_SAS - ok
17:25:36.0387 3568 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:25:36.0389 3568 LSI_SAS2 - ok
17:25:36.0399 3568 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:25:36.0400 3568 LSI_SCSI - ok
17:25:36.0416 3568 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:25:36.0417 3568 luafv - ok
17:25:36.0460 3568 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
17:25:36.0464 3568 Mcx2Svc - ok
17:25:36.0482 3568 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:25:36.0484 3568 megasas - ok
17:25:36.0516 3568 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:25:36.0522 3568 MegaSR - ok
17:25:36.0593 3568 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
17:25:36.0596 3568 Microsoft Office Groove Audit Service - ok
17:25:36.0626 3568 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:25:36.0630 3568 MMCSS - ok
17:25:36.0648 3568 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:25:36.0650 3568 Modem - ok
17:25:36.0691 3568 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:25:36.0693 3568 monitor - ok
17:25:36.0725 3568 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:25:36.0727 3568 mouclass - ok
17:25:36.0741 3568 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:25:36.0743 3568 mouhid - ok
17:25:36.0761 3568 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
17:25:36.0764 3568 mountmgr - ok
17:25:36.0798 3568 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
17:25:36.0800 3568 mpio - ok
17:25:36.0824 3568 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:25:36.0826 3568 mpsdrv - ok
17:25:36.0860 3568 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
17:25:36.0875 3568 MpsSvc - ok
17:25:36.0899 3568 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
17:25:36.0901 3568 MRxDAV - ok
17:25:36.0930 3568 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:25:36.0931 3568 mrxsmb - ok
17:25:36.0947 3568 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:25:36.0950 3568 mrxsmb10 - ok
17:25:36.0963 3568 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:25:36.0965 3568 mrxsmb20 - ok
17:25:36.0981 3568 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys
17:25:36.0982 3568 msahci - ok
17:25:37.0028 3568 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
17:25:37.0032 3568 msdsm - ok
17:25:37.0069 3568 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:25:37.0074 3568 MSDTC - ok
17:25:37.0115 3568 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:25:37.0117 3568 Msfs - ok
17:25:37.0134 3568 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:25:37.0136 3568 mshidkmdf - ok
17:25:37.0158 3568 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
17:25:37.0159 3568 msisadrv - ok
17:25:37.0179 3568 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:25:37.0181 3568 MSiSCSI - ok
17:25:37.0188 3568 msiserver - ok
17:25:37.0208 3568 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:25:37.0209 3568 MSKSSRV - ok
17:25:37.0252 3568 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:25:37.0254 3568 MSPCLOCK - ok
17:25:37.0283 3568 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:25:37.0284 3568 MSPQM - ok
17:25:37.0313 3568 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
17:25:37.0320 3568 MsRPC - ok
17:25:37.0346 3568 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:25:37.0348 3568 mssmbios - ok
17:25:37.0365 3568 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:25:37.0367 3568 MSTEE - ok
17:25:37.0405 3568 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:25:37.0407 3568 MTConfig - ok
17:25:37.0436 3568 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:25:37.0438 3568 Mup - ok
17:25:37.0494 3568 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
17:25:37.0504 3568 napagent - ok
17:25:37.0542 3568 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:25:37.0548 3568 NativeWifiP - ok
17:25:37.0582 3568 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
17:25:37.0597 3568 NDIS - ok
17:25:37.0627 3568 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:25:37.0628 3568 NdisCap - ok
17:25:37.0658 3568 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:25:37.0659 3568 NdisTapi - ok
17:25:37.0668 3568 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
17:25:37.0670 3568 Ndisuio - ok
17:25:37.0691 3568 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:25:37.0693 3568 NdisWan - ok
17:25:37.0705 3568 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
17:25:37.0707 3568 NDProxy - ok
17:25:37.0716 3568 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:25:37.0717 3568 NetBIOS - ok
17:25:37.0737 3568 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
17:25:37.0739 3568 NetBT - ok
17:25:37.0772 3568 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:25:37.0773 3568 Netlogon - ok
17:25:37.0859 3568 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:25:37.0868 3568 Netman - ok
17:25:37.0888 3568 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:25:37.0893 3568 netprofm - ok
17:25:37.0933 3568 netr28x (1982b291df9833fb3adc397ebd310a18) C:\Windows\system32\DRIVERS\netr28x.sys
17:25:37.0941 3568 netr28x - ok
17:25:37.0981 3568 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:25:37.0984 3568 NetTcpPortSharing - ok
17:25:38.0015 3568 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:25:38.0018 3568 nfrd960 - ok
17:25:38.0055 3568 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
17:25:38.0063 3568 NlaSvc - ok
17:25:38.0075 3568 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:25:38.0077 3568 Npfs - ok
17:25:38.0110 3568 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:25:38.0112 3568 nsi - ok
17:25:38.0121 3568 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:25:38.0122 3568 nsiproxy - ok
17:25:38.0192 3568 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
17:25:38.0213 3568 Ntfs - ok
17:25:38.0231 3568 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:25:38.0232 3568 Null - ok
17:25:38.0270 3568 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
17:25:38.0274 3568 nvraid - ok
17:25:38.0295 3568 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
17:25:38.0299 3568 nvstor - ok
17:25:38.0321 3568 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
17:25:38.0324 3568 nv_agp - ok
17:25:38.0393 3568 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:25:38.0400 3568 odserv - ok
17:25:38.0421 3568 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
17:25:38.0422 3568 ohci1394 - ok
17:25:38.0491 3568 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:25:38.0494 3568 ose - ok
17:25:38.0558 3568 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:25:38.0567 3568 p2pimsvc - ok
17:25:38.0596 3568 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:25:38.0606 3568 p2psvc - ok
17:25:38.0628 3568 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:25:38.0631 3568 Parport - ok
17:25:38.0650 3568 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
17:25:38.0652 3568 partmgr - ok
17:25:38.0719 3568 PassThru Service (68139940b5ac84affb7eb1b713be66e7) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
17:25:38.0721 3568 PassThru Service - ok
17:25:38.0748 3568 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:25:38.0754 3568 PcaSvc - ok
17:25:38.0772 3568 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
17:25:38.0776 3568 pci - ok
17:25:38.0793 3568 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
17:25:38.0795 3568 pciide - ok
17:25:38.0836 3568 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:25:38.0840 3568 pcmcia - ok
17:25:38.0855 3568 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:25:38.0856 3568 pcw - ok
17:25:38.0892 3568 pdfcDispatcher - ok
17:25:38.0920 3568 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:25:38.0924 3568 PEAUTH - ok
17:25:38.0954 3568 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:25:38.0955 3568 PerfHost - ok
17:25:39.0016 3568 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
17:25:39.0024 3568 pla - ok
17:25:39.0066 3568 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
17:25:39.0070 3568 PlugPlay - ok
17:25:39.0083 3568 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:25:39.0084 3568 PNRPAutoReg - ok
17:25:39.0105 3568 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:25:39.0108 3568 PNRPsvc - ok
17:25:39.0130 3568 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
17:25:39.0133 3568 PolicyAgent - ok
17:25:39.0156 3568 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:25:39.0158 3568 Power - ok
17:25:39.0190 3568 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
17:25:39.0195 3568 PptpMiniport - ok
17:25:39.0219 3568 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:25:39.0221 3568 Processor - ok
17:25:39.0263 3568 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
17:25:39.0270 3568 ProfSvc - ok
17:25:39.0304 3568 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:25:39.0307 3568 ProtectedStorage - ok
17:25:39.0331 3568 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
17:25:39.0334 3568 Psched - ok
17:25:39.0391 3568 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:25:39.0412 3568 ql2300 - ok
17:25:39.0439 3568 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:25:39.0441 3568 ql40xx - ok
17:25:39.0474 3568 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:25:39.0481 3568 QWAVE - ok
17:25:39.0500 3568 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:25:39.0503 3568 QWAVEdrv - ok
17:25:39.0521 3568 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:25:39.0523 3568 RasAcd - ok
17:25:39.0577 3568 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:25:39.0579 3568 RasAgileVpn - ok
17:25:39.0596 3568 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:25:39.0601 3568 RasAuto - ok
17:25:39.0625 3568 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:25:39.0627 3568 Rasl2tp - ok
17:25:39.0646 3568 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
17:25:39.0650 3568 RasMan - ok
17:25:39.0666 3568 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:25:39.0668 3568 RasPppoe - ok
17:25:39.0702 3568 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:25:39.0703 3568 RasSstp - ok
17:25:39.0721 3568 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
17:25:39.0724 3568 rdbss - ok
17:25:39.0744 3568 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:25:39.0745 3568 rdpbus - ok
17:25:39.0767 3568 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:25:39.0768 3568 RDPCDD - ok
17:25:39.0811 3568 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:25:39.0813 3568 RDPENCDD - ok
17:25:39.0841 3568 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:25:39.0843 3568 RDPREFMP - ok
17:25:39.0880 3568 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
17:25:39.0885 3568 RDPWD - ok
17:25:39.0901 3568 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
17:25:39.0905 3568 rdyboost - ok
17:25:39.0934 3568 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:25:39.0937 3568 RemoteAccess - ok
17:25:39.0954 3568 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:25:39.0957 3568 RemoteRegistry - ok
17:25:40.0021 3568 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
17:25:40.0028 3568 RoxioNow Service - ok
17:25:40.0048 3568 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:25:40.0053 3568 RpcEptMapper - ok
17:25:40.0082 3568 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:25:40.0085 3568 RpcLocator - ok
17:25:40.0117 3568 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:25:40.0128 3568 RpcSs - ok
17:25:40.0149 3568 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:25:40.0151 3568 rspndr - ok
17:25:40.0218 3568 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:25:40.0225 3568 RTL8167 - ok
17:25:40.0253 3568 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:25:40.0256 3568 SamSs - ok
17:25:40.0278 3568 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
17:25:40.0281 3568 sbp2port - ok
17:25:40.0304 3568 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:25:40.0311 3568 SCardSvr - ok
17:25:40.0327 3568 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
17:25:40.0329 3568 scfilter - ok
17:25:40.0402 3568 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
17:25:40.0422 3568 Schedule - ok
17:25:40.0447 3568 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:25:40.0449 3568 SCPolicySvc - ok
17:25:40.0468 3568 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
17:25:40.0471 3568 SDRSVC - ok
17:25:40.0486 3568 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:25:40.0487 3568 secdrv - ok
17:25:40.0515 3568 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
17:25:40.0517 3568 seclogon - ok
17:25:40.0529 3568 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:25:40.0531 3568 SENS - ok
17:25:40.0557 3568 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:25:40.0559 3568 SensrSvc - ok
17:25:40.0620 3568 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:25:40.0622 3568 Serenum - ok
17:25:40.0644 3568 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:25:40.0645 3568 Serial - ok
17:25:40.0654 3568 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:25:40.0655 3568 sermouse - ok
17:25:40.0702 3568 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
17:25:40.0708 3568 SessionEnv - ok
17:25:40.0730 3568 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:25:40.0732 3568 sffdisk - ok
17:25:40.0750 3568 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:25:40.0752 3568 sffp_mmc - ok
17:25:40.0796 3568 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:25:40.0797 3568 sffp_sd - ok
17:25:40.0823 3568 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:25:40.0825 3568 sfloppy - ok
17:25:40.0891 3568 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:25:40.0899 3568 SharedAccess - ok
17:25:40.0922 3568 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
17:25:40.0931 3568 ShellHWDetection - ok
17:25:40.0956 3568 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:25:40.0958 3568 SiSRaid2 - ok
17:25:40.0973 3568 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:25:40.0974 3568 SiSRaid4 - ok
17:25:41.0039 3568 SIVDRIVER (a0fd911feea045d4a4f5154666c76ec7) C:\Windows\system32\Drivers\SIVX64.sys
17:25:41.0041 3568 SIVDRIVER - ok
17:25:41.0070 3568 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:25:41.0073 3568 Smb - ok
17:25:41.0117 3568 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:25:41.0122 3568 SNMPTRAP - ok
17:25:41.0134 3568 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:25:41.0136 3568 spldr - ok
17:25:41.0167 3568 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
17:25:41.0173 3568 Spooler - ok
17:25:41.0271 3568 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
17:25:41.0292 3568 sppsvc - ok
17:25:41.0314 3568 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:25:41.0315 3568 sppuinotify - ok
17:25:41.0356 3568 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
17:25:41.0364 3568 srv - ok
17:25:41.0394 3568 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
17:25:41.0402 3568 srv2 - ok
17:25:41.0424 3568 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
17:25:41.0428 3568 srvnet - ok
17:25:41.0483 3568 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:25:41.0490 3568 SSDPSRV - ok
17:25:41.0507 3568 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:25:41.0511 3568 SstpSvc - ok
17:25:41.0553 3568 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:25:41.0555 3568 stexstor - ok
17:25:41.0599 3568 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
17:25:41.0612 3568 stisvc - ok
17:25:41.0627 3568 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:25:41.0629 3568 swenum - ok
17:25:41.0649 3568 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:25:41.0654 3568 swprv - ok
17:25:41.0694 3568 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
17:25:41.0709 3568 SysMain - ok
17:25:41.0724 3568 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
17:25:41.0726 3568 TabletInputService - ok
17:25:41.0773 3568 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
17:25:41.0782 3568 TapiSrv - ok
17:25:41.0801 3568 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:25:41.0806 3568 TBS - ok
17:25:41.0897 3568 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
17:25:41.0912 3568 Tcpip - ok
17:25:41.0956 3568 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
17:25:41.0965 3568 TCPIP6 - ok
17:25:41.0983 3568 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
17:25:41.0983 3568 tcpipreg - ok
17:25:42.0018 3568 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:25:42.0018 3568 TDPIPE - ok
17:25:42.0040 3568 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
17:25:42.0042 3568 TDTCP - ok
17:25:42.0073 3568 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
17:25:42.0075 3568 tdx - ok
17:25:42.0091 3568 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
17:25:42.0094 3568 TermDD - ok
17:25:42.0150 3568 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
17:25:42.0165 3568 TermService - ok
17:25:42.0183 3568 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:25:42.0185 3568 Themes - ok
17:25:42.0219 3568 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:25:42.0221 3568 THREADORDER - ok
17:25:42.0241 3568 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:25:42.0244 3568 TrkWks - ok
17:25:42.0264 3568 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
17:25:42.0266 3568 TrustedInstaller - ok
17:25:42.0289 3568 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:25:42.0290 3568 tssecsrv - ok
17:25:42.0317 3568 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
17:25:42.0318 3568 tunnel - ok
17:25:42.0354 3568 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:25:42.0355 3568 uagp35 - ok
17:25:42.0375 3568 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
17:25:42.0378 3568 udfs - ok
17:25:42.0398 3568 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:25:42.0400 3568 UI0Detect - ok
17:25:42.0427 3568 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:25:42.0428 3568 uliagpkx - ok
17:25:42.0437 3568 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
17:25:42.0439 3568 umbus - ok
17:25:42.0466 3568 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:25:42.0467 3568 UmPass - ok
17:25:42.0480 3568 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:25:42.0484 3568 upnphost - ok
17:25:42.0513 3568 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
17:25:42.0515 3568 usbccgp - ok
17:25:42.0537 3568 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
17:25:42.0539 3568 usbcir - ok
17:25:42.0555 3568 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
17:25:42.0556 3568 usbehci - ok
17:25:42.0605 3568 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
17:25:42.0607 3568 usbfilter - ok
17:25:42.0629 3568 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
17:25:42.0635 3568 usbhub - ok
17:25:42.0659 3568 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
17:25:42.0660 3568 usbohci - ok
17:25:42.0689 3568 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:25:42.0691 3568 usbprint - ok
17:25:42.0712 3568 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:25:42.0714 3568 usbscan - ok
17:25:42.0733 3568 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:25:42.0736 3568 USBSTOR - ok
17:25:42.0756 3568 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
17:25:42.0758 3568 usbuhci - ok
17:25:42.0780 3568 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:25:42.0785 3568 UxSms - ok
17:25:42.0833 3568 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:25:42.0836 3568 VaultSvc - ok
17:25:42.0860 3568 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:25:42.0862 3568 vdrvroot - ok
17:25:42.0895 3568 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
17:25:42.0907 3568 vds - ok
17:25:42.0931 3568 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:25:42.0932 3568 vga - ok
17:25:42.0950 3568 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:25:42.0951 3568 VgaSave - ok
17:25:42.0967 3568 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
17:25:42.0969 3568 vhdmp - ok
17:25:42.0987 3568 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
17:25:42.0988 3568 viaide - ok
17:25:43.0025 3568 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
17:25:43.0027 3568 volmgr - ok
17:25:43.0053 3568 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
17:25:43.0060 3568 volmgrx - ok
17:25:43.0079 3568 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
17:25:43.0085 3568 volsnap - ok
17:25:43.0134 3568 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:25:43.0137 3568 vsmraid - ok
17:25:43.0194 3568 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
17:25:43.0221 3568 VSS - ok
17:25:43.0240 3568 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:25:43.0241 3568 vwifibus - ok
17:25:43.0271 3568 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:25:43.0272 3568 vwififlt - ok
17:25:43.0309 3568 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:25:43.0311 3568 vwifimp - ok
17:25:43.0348 3568 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:25:43.0358 3568 W32Time - ok
17:25:43.0380 3568 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:25:43.0381 3568 WacomPen - ok
17:25:43.0415 3568 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:25:43.0416 3568 WANARP - ok
17:25:43.0421 3568 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:25:43.0423 3568 Wanarpv6 - ok
17:25:43.0473 3568 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:25:43.0491 3568 WatAdminSvc - ok
17:25:43.0530 3568 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
17:25:43.0540 3568 wbengine - ok
17:25:43.0558 3568 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:25:43.0560 3568 WbioSrvc - ok
17:25:43.0593 3568 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
17:25:43.0597 3568 wcncsvc - ok
17:25:43.0607 3568 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:25:43.0609 3568 WcsPlugInService - ok
17:25:43.0622 3568 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:25:43.0623 3568 Wd - ok
17:25:43.0649 3568 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:25:43.0653 3568 Wdf01000 - ok
17:25:43.0669 3568 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:25:43.0671 3568 WdiServiceHost - ok
17:25:43.0675 3568 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:25:43.0677 3568 WdiSystemHost - ok
17:25:43.0709 3568 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
17:25:43.0712 3568 WebClient - ok
17:25:43.0721 3568 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:25:43.0723 3568 Wecsvc - ok
17:25:43.0738 3568 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:25:43.0740 3568 wercplsupport - ok
17:25:43.0795 3568 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:25:43.0801 3568 WerSvc - ok
17:25:43.0829 3568 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:25:43.0831 3568 WfpLwf - ok
17:25:43.0864 3568 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:25:43.0866 3568 WIMMount - ok
17:25:43.0883 3568 WinDefend - ok
17:25:43.0898 3568 WinHttpAutoProxySvc - ok
17:25:43.0936 3568 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:25:43.0939 3568 Winmgmt - ok
17:25:43.0988 3568 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
17:25:44.0003 3568 WinRM - ok
17:25:44.0034 3568 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:25:44.0040 3568 Wlansvc - ok
17:25:44.0130 3568 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:25:44.0155 3568 wlidsvc - ok
17:25:44.0173 3568 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:25:44.0173 3568 WmiAcpi - ok
17:25:44.0196 3568 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:25:44.0198 3568 wmiApSrv - ok
17:25:44.0208 3568 WMPNetworkSvc - ok
17:25:44.0256 3568 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:25:44.0261 3568 WPCSvc - ok
17:25:44.0283 3568 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
17:25:44.0289 3568 WPDBusEnum - ok
17:25:44.0313 3568 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:25:44.0315 3568 ws2ifsl - ok
17:25:44.0347 3568 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
17:25:44.0353 3568 wscsvc - ok
17:25:44.0364 3568 WSearch - ok
17:25:44.0442 3568 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
17:25:44.0461 3568 wuauserv - ok
17:25:44.0475 3568 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
17:25:44.0476 3568 WudfPf - ok
17:25:44.0494 3568 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:25:44.0495 3568 WUDFRd - ok
17:25:44.0505 3568 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
17:25:44.0507 3568 wudfsvc - ok
17:25:44.0522 3568 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:25:44.0524 3568 WwanSvc - ok
17:25:44.0553 3568 MBR (0x1B8) (af00fc1920e1cf861b39b90a4375edf3) \Device\Harddisk0\DR0
17:25:44.0611 3568 \Device\Harddisk0\DR0 - ok
17:25:44.0627 3568 Boot (0x1200) (6a77ac194ac0b035dc34313033575c6f) \Device\Harddisk0\DR0\Partition0
17:25:44.0630 3568 \Device\Harddisk0\DR0\Partition0 - ok
17:25:44.0645 3568 Boot (0x1200) (1d9c33492d0e1e5ab12b72577abc5d1b) \Device\Harddisk0\DR0\Partition1
17:25:44.0648 3568 \Device\Harddisk0\DR0\Partition1 - ok
17:25:44.0676 3568 Boot (0x1200) (4fd9e226a9e5a524e0136d57c72fbf46) \Device\Harddisk0\DR0\Partition2
17:25:44.0677 3568 \Device\Harddisk0\DR0\Partition2 - ok
17:25:44.0678 3568 ============================================================
17:25:44.0678 3568 Scan finished
17:25:44.0678 3568 ============================================================
17:25:44.0690 4016 Detected object count: 0
17:25:44.0690 4016 Actual detected object count: 0


aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-05 17:29:12
-----------------------------
17:29:12.579 OS Version: Windows x64 6.1.7600
17:29:12.579 Number of processors: 4 586 0x503
17:29:12.580 ComputerName: VICTOR030 UserName: Cos
17:29:15.573 Initialize success
17:29:57.530 AVAST engine defs: 12040501
17:31:33.585 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
17:31:33.590 Disk 0 Vendor: ST310005 HP35 Size: 953869MB BusType: 11
17:31:33.604 Disk 0 MBR read successfully
17:31:33.607 Disk 0 MBR scan
17:31:33.612 Disk 0 Windows 7 default MBR code
17:31:33.619 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 106 MB offset 2048
17:31:33.629 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 939818 MB offset 224910
17:31:33.660 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13939 MB offset 1924974592
17:31:33.698 Disk 0 scanning C:\Windows\system32\drivers
17:31:41.482 Service scanning
17:31:55.129 Modules scanning
17:31:55.146 Disk 0 trace - called modules:
17:31:55.163 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
17:31:55.170 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046f2790]
17:31:55.176 3 CLASSPNP.SYS[fffff88000c1743f] -> nt!IofCallDriver -> [0xfffffa80045bbac0]
17:31:55.182 5 amd_xata.sys[fffff880010d08b4] -> nt!IofCallDriver -> \Device\00000058[0xfffffa80045b49c0]
17:32:01.425 AVAST engine scan C:\Windows
17:32:04.695 AVAST engine scan C:\Windows\system32
17:34:53.608 AVAST engine scan C:\Windows\system32\drivers
17:35:03.859 AVAST engine scan C:\Users\Cos
17:35:05.358 File: C:\Users\Cos\AppData\Local\Google\Chrome\Application\18.0.1025.142\Installer\setup.exe **INFECTED** Win32:Malware-gen
17:35:34.337 File: C:\Users\Cos\AppData\Local\Temp\11AE.tmp **INFECTED** Win32:Malware-gen
17:35:47.380 File: C:\Users\Cos\AppData\Roaming\WildTangent\WildTangent\tceskqa.dll **INFECTED** Win32:Trojan-gen

17:36:12.817 AVAST engine scan C:\ProgramData
17:37:38.908 Scan finished successfully
17:39:18.186 Disk 0 MBR has been saved successfully to "C:\Users\Cos\Desktop\MBR.dat"
17:39:18.395 The log file has been saved successfully to "C:\Users\Cos\Desktop\aswMBRb.txt"

Thanks for your help

* The "Fix" tab wasn't an option when this scan finished. Only the "FixMBR" tab was available. Should I proceed with that, even though there's a pop up warning about doing so? I'll leave it minimiized on my pc until you give me permission on what to do.

A couple of notes:

I removed the old versions of Chrome and Firefox before running the latest TDSS & aswMBR programs (so that dirty Chrome hit in red above is presumably from the new download)

The Wild Tangent hit in red above is the same as the 3rd hit I got back on the aswMBR scan from April 3rd. The other two hits above are different from the first two hits on April 3rd (those original ones read as trojan-gens, not malware-gens, as these two here do, if that means anything)

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:19 AM

Posted 05 April 2012 - 04:59 PM

Are you still getting redirected?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 paice

paice
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 05 April 2012 - 05:30 PM

Through about 20 or so searches each on IE, Firefox and Chrome, I have had zero redirects.

The only slight thing (but maybe this is me looking too hard) was a pop up bar at the bottom of the IE screen that read "Internet Explorer has modified this page to help prevent cross-site scripting" when perusing a local newspaper article, if that means anything.

What are your thoughts? We're good or further actions are required? What about the 3 in the mswMBR log ... do I click on "Fix MBR" to rectify them or leave it be?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:19 AM

Posted 05 April 2012 - 06:55 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files (x86)\Ask.com

File::
C:\Users\Cos\AppData\Local\Google\Chrome\Application\18.0.1025.142\Installer\setup.exe
C:\Users\Cos\AppData\Local\Temp\11AE.tmp
C:\Users\Cos\AppData\Roaming\WildTangent\WildTangent\tceskqa.dll

Firefox::
FF - ProfilePath - c:\users\Cos\AppData\Roaming\Mozilla\Firefox\Profiles\x6g2umi8.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 paice

paice
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 05 April 2012 - 07:28 PM

Here's the ComboFix log:

ComboFix 12-04-05.06 - Cos 04/05/2012 20:07:44.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2891 [GMT -4:00]
Running from: c:\users\Cos\Desktop\ComboFix.exe
Command switches used :: c:\users\Cos\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Cos\AppData\Local\Google\Chrome\Application\18.0.1025.142\Installer\setup.exe"
"c:\users\Cos\AppData\Local\Temp\11AE.tmp"
"c:\users\Cos\AppData\Roaming\WildTangent\WildTangent\tceskqa.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Cos\AppData\Local\Google\Chrome\Application\18.0.1025.142\Installer\setup.exe
c:\users\Cos\AppData\Roaming\WildTangent\WildTangent\tceskqa.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 00:11 . 2012-04-06 00:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 00:11 . 2012-04-06 00:11 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-04-03 17:52 . 2012-04-03 17:52 -------- d-----w- c:\program files (x86)\ESET
2012-04-03 00:59 . 2012-04-03 00:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-03 00:58 . 2012-04-03 00:58 -------- d-----w- c:\programdata\Ask
2012-04-03 00:57 . 2012-04-03 00:57 -------- d-----w- c:\program files (x86)\Java
2012-03-14 07:00 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 07:00 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:00 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 23:18 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:18 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:18 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 23:18 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 23:18 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 23:18 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 23:18 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 23:18 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-13 23:18 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-13 23:18 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-13 23:18 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-13 18:17 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 18:17 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 18:17 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 18:17 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 18:17 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 18:17 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 18:17 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 00:57 . 2011-12-29 05:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 08:02 . 2012-02-23 08:02 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-23 08:02 . 2012-02-23 08:02 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-23 08:02 . 2012-02-23 08:02 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-23 08:02 . 2012-02-23 08:02 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-23 08:02 . 2012-02-23 08:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-23 08:02 . 2012-02-23 08:02 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-23 08:02 . 2012-02-23 08:02 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-23 08:02 . 2012-02-23 08:02 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-23 08:02 . 2012-02-23 08:02 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-23 08:02 . 2012-02-23 08:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-23 08:02 . 2012-02-23 08:02 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-23 08:02 . 2012-02-23 08:02 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-23 08:02 . 2012-02-23 08:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-23 08:02 . 2012-02-23 08:02 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-23 08:02 . 2012-02-23 08:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 08:02 . 2012-02-23 08:02 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-23 08:02 . 2012-02-23 08:02 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-23 08:02 . 2012-02-23 08:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-23 08:02 . 2012-02-23 08:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-23 08:02 . 2012-02-23 08:02 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-23 08:02 . 2012-02-23 08:02 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-23 08:02 . 2012-02-23 08:02 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-23 08:02 . 2012-02-23 08:02 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-23 08:02 . 2012-02-23 08:02 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-23 08:02 . 2012-02-23 08:02 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-23 08:02 . 2012-02-23 08:02 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-23 08:02 . 2012-02-23 08:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-23 08:02 . 2012-02-23 08:02 448512 ----a-w- c:\windows\system32\html.iec
2012-02-23 08:02 . 2012-02-23 08:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 08:02 . 2012-02-23 08:02 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-02-23 08:02 . 2012-02-23 08:02 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-23 08:02 . 2012-02-23 08:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-23 08:02 . 2012-02-23 08:02 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-23 08:02 . 2012-02-23 08:02 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-23 08:02 . 2012-02-23 08:02 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-23 08:02 . 2012-02-23 08:02 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-23 08:02 . 2012-02-23 08:02 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-23 08:02 . 2012-02-23 08:02 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-23 08:02 . 2012-02-23 08:02 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-23 08:02 . 2012-02-23 08:02 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-23 08:02 . 2012-02-23 08:02 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-23 08:02 . 2012-02-23 08:02 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-05_19.07.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-08 21:34 . 2012-04-05 19:08 28928 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-05 19:08 35574 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-01-27 05:48 . 2012-04-02 20:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-27 05:48 . 2012-04-05 19:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-27 05:48 . 2012-04-05 19:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-27 05:48 . 2012-04-02 20:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-02 20:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-05 19:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-08 21:34 . 2012-04-05 19:08 6040 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1150851785-1504264999-4271647266-1000_UserData.bin
+ 2012-04-06 00:12 . 2012-04-06 00:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-05 19:05 . 2012-04-05 19:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-09 00:14 . 2012-04-05 23:48 282106 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-04-05 19:09 623940 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-04 13:27 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-05 19:09 106316 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-04 13:27 106316 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2012-04-02 20:14 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-04-05 19:13 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-04-06 00:11 395600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-05 19:04 395600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-22 23:39 . 2012-04-06 00:11 629960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1150851785-1504264999-4271647266-1000-12288.dat
- 2011-09-22 23:39 . 2012-04-05 19:04 629960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1150851785-1504264999-4271647266-1000-12288.dat
+ 2011-09-08 21:23 . 2012-04-06 00:11 4418318 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1150851785-1504264999-4271647266-1000-8192.dat
- 2009-07-14 02:34 . 2012-04-05 17:47 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-04-05 19:18 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-14 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-08-21 92216]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 04:13]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 04:13]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1150851785-1504264999-4271647266-1000Core.job
- c:\users\Cos\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-05 04:39]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1150851785-1504264999-4271647266-1000UA.job
- c:\users\Cos\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-05 04:39]
.
2012-04-05 c:\windows\Tasks\HPCeeScheduleForCos.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-03-10 c:\windows\Tasks\HPCeeScheduleForVICTOR030$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1424896]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 167.206.245.130 167.206.245.129
FF - ProfilePath - c:\users\Cos\AppData\Roaming\Mozilla\Firefox\Profiles\hdyttryn.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Google Chrome - c:\users\Cos\AppData\Local\Google\Chrome\Application\18.0.1025.142\Installer\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-04-05 20:14:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-06 00:14
ComboFix2.txt 2012-04-05 19:21
.
Pre-Run: 929,093,275,648 bytes free
Post-Run: 929,073,713,152 bytes free
.
- - End Of File - - F0D8A75586FCB15C69E5A4203B60A3FA


Still no redirects (after an additional 10 Google searches in IE, Chrome & FF)

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:19 AM

Posted 05 April 2012 - 08:39 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Ask Toolbar
Ask Toolbar Updater
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 paice

paice
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 05 April 2012 - 09:17 PM

When I click on the "Free Java Download" button, it tells me " Congratulations! You have the recommended Java installed (Version 6 Update 31)."

Oddly enough, this very same update I finally manually accepted on 4/2, the same day I began getting the Happili redirects (which had me thinking that I shouldn't have even clicked "yes" on that blinking Java upgrade button that was on the right side of my task bar for the past few weeks.

What do I do? Uninstall it and then click on your link again (or leave it be and assume I do have the right one and move on to your next step?) ?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users