Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yet another- Google redirect to Easy A-Z and other sites


  • This topic is locked This topic is locked
19 replies to this topic

#1 MarcC

MarcC

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 20 May 2012 - 09:16 AM

Hi all,

I'm running Vista SP2 32bit, Firefox
Had no luck with Spybot/ Malwarebytes
As I've said, it's not constant and it's not Easy A-Z every time.

Please note I work away during the week and may not have internet access where I'm staying so I may be a bit slow to reply, sorry about this.
Any help would be much appreciated.


Here's The Securitycheck report:


Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Spybot - Search & Destroy
CCleaner
Java™ 6 Update 31
Adobe Flash Player 11.2.202.235
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````


And Here's the DDS Report:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Jello at 13:48:00 on 2012-05-20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2812.1439 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WacomTouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\AVG\AVG2012\avgcfgex.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\digitalpersona\bin\DpOtsPluginIe8.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge]
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\jello\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{55828796-F73A-4BC8-BD00-E4B2A7B9D44E} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{55828796-F73A-4BC8-BD00-E4B2A7B9D44E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5AF0C8F7-F9D5-4865-85FA-076549FDDFCA} : DhcpNameServer = 192.168.1.2 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
LSA: Notification Packages = scecli DPPWDFLT
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jello\appdata\roaming\mozilla\firefox\profiles\zljrbtrm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - component: c:\program files\digitalpersona\bin\firefoxext\components\dpffcli.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-22 361808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-4-2 1153368]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-11-14 1369384]
R2 WacomTouchService;Wacom Touch Service;c:\windows\system32\WacomTouchService.exe [2010-11-14 95528]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
R3 Wacomhidfilter;Wacom HID Filter;c:\windows\system32\drivers\wacomhidfilter.sys [2007-11-5 10536]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2007-2-22 11312]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 257696]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-5-4 193840]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-5 129976]
S3 S2usbser;S2 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\S2usbser.sys [2012-1-21 103680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-05-20 12:12:57 -------- d-----w- c:\users\jello\appdata\local\ElevatedDiagnostics
2012-05-19 12:30:47 -------- d--h--w- C:\$AVG
2012-05-14 12:28:30 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-14 12:23:13 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-05-14 12:23:13 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-14 12:23:12 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-14 12:23:11 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-14 12:23:11 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-14 12:23:10 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe
2012-05-14 12:10:56 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-14 10:39:28 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-14 10:39:28 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-14 10:39:27 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-14 10:39:27 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-14 10:39:27 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-14 10:21:18 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-14 10:21:18 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-14 10:21:17 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-04 23:48:13 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-04 23:48:10 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-04 23:48:10 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-05-04 19:23:43 -------- d-----w- c:\users\jello\appdata\roaming\OpenDNS Updater
2012-05-04 19:23:41 -------- d-----w- c:\program files\OpenDNS Updater
.
==================== Find3M ====================
.
2012-05-04 18:39:31 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 18:39:31 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-19 03:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 15:39:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-19 04:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-22 04:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 13:49:28.46 ===============


And the GMER Log:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-20 15:08:33
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1652GSX rev.LV011C
Running: hz70izns.exe; Driver: C:\Users\Jello\AppData\Local\Temp\ugloypod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xAD5EA004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xAD5EA0D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAD5E9D76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAD5E9E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAD5E9EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAD5E9F56]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3BD 822C3A80 8 Bytes [04, A0, 5E, AD, D4, A0, 5E, ...] {ADD AL, 0xa0; POP ESI; LODSD ; AAM 0xa0; POP ESI; LODSD }
.text ntkrnlpa.exe!KeSetEvent + 3F1 822C3AB4 4 Bytes [76, 9D, 5E, AD] {JBE 0xffffffffffffff9f; POP ESI; LODSD }
.text ntkrnlpa.exe!KeSetEvent + 621 822C3CE4 8 Bytes [1E, 9E, 5E, AD, BA, 9E, 5E, ...]
.text ntkrnlpa.exe!KeSetEvent + 681 822C3D44 4 Bytes [56, 9F, 5E, AD] {PUSH ESI; LAHF ; POP ESI; LODSD }
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9EE0E000, 0x1FA4DA, 0xE8000020]
? C:\Users\Jello\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4220] USER32.dll!SetWindowLongA 76EDE7CD 5 Bytes JMP 641D5EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4220] USER32.dll!SetWindowLongW 76EE13B4 5 Bytes JMP 641D5E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4220] USER32.dll!GetWindowInfo 76EE428E 5 Bytes JMP 63FC4822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4220] USER32.dll!TrackPopupMenu 76EF14F3 5 Bytes JMP 63FC4DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4660] ntdll.dll!LdrLoadDll 779C9378 5 Bytes JMP 63E4C930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4660] kernel32.dll!MapViewOfFile 75A06B10 5 Bytes JMP 6407E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4660] kernel32.dll!VirtualAlloc 75A0AF75 5 Bytes JMP 6407E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4660] GDI32.dll!CreateDIBSection 76AD7461 5 Bytes JMP 6407E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LazyCheckPointUpdateInterval 604800

---- EOF - GMER 1.0.15 ----




Once again, thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:12:37 AM

Posted 20 May 2012 - 03:44 PM

Hello MarcC, and welcome to Bleeping Computer!! :thumbsup:

My name is bloopie and I'll be helping you with your problems as best I can!

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • Please tell me if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps I have recommended please try one more time and if unsuccessful alert us of such and I will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • Use the 'Add Reply' and add the new log to this thread.
  • And finally, please make no further changes to your machine unless instructed to do so, as this could hamper the cleaning process!!

==========

:step1:
Going over your logs I noticed that you have µTorrent and uTorrentBar Toolbar installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall both µTorrent products, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

==========

:step2:
I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.

I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  • Do the same for each Viewpoint component.

==========

:step3:
Please refrain from using CCleaner's registry cleaner as one mistake made in the registry can render your machine unbootable!! Those programs are not foolproof!

==========

:step4:
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

bloopie

Edited by bloopie, 21 May 2012 - 10:15 AM.


#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:12:37 AM

Posted 21 May 2012 - 10:16 AM

Just a note, I have edited my previous post.

bloopie

#4 MarcC

MarcC
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 21 May 2012 - 05:39 PM

Hi Bloopie,

Windows image is on a partition on HD.

Removed Viewpoint software. Thanks for pointing it out, I hadn't spotted it.

Ran TDSSKiller but no threats found.

Cheers

Marc

#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:12:37 AM

Posted 22 May 2012 - 07:06 AM

Hi Marc!

Removed Viewpoint software.

Thanks for that! :thumbup2: Would you still like to keep µTorrent software? If not, I'd advise removing that as well, but it's up to you.

==========

Could you please provide the log from TDSSKiller? Instructions found in step 4 of Post#2. :)

==========

Now, lets continue with ComboFix:

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

==========

Please include both the TDSSKiller and ComboFix logs in your next reply, and let me know how your computer is running now!

  • If you are unable to post both logs in the same reply, you can separate them into 2 posts. :thumbup2:

bloopie

#6 MarcC

MarcC
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 22 May 2012 - 04:25 PM

Hi,

I think I would like to keep µTorrent, but I wont be using it for now.

I left Combofix running and when I came back my laptop had rebooted and an AVG pop-up was asking if I wanted to quarantine Combofix.exe.
Obviously I allowed Combofix. Cfix finished and Windows completed booting. AVG was disabled.

I've just done about 20 or so Google searches and clicked on plenty of links. No redirects. I'll keep checking and let you know.



Here's the TDSSkiller report:


23:08:51.0021 2092 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
23:08:51.0305 2092 ============================================================
23:08:51.0305 2092 Current date / time: 2012/05/21 23:08:51.0305
23:08:51.0305 2092 SystemInfo:
23:08:51.0305 2092
23:08:51.0305 2092 OS Version: 6.0.6002 ServicePack: 2.0
23:08:51.0305 2092 Product type: Workstation
23:08:51.0305 2092 ComputerName: JELLO-PC
23:08:51.0306 2092 UserName: Jello
23:08:51.0306 2092 Windows directory: C:\Windows
23:08:51.0307 2092 System windows directory: C:\Windows
23:08:51.0307 2092 Processor architecture: Intel x86
23:08:51.0307 2092 Number of processors: 2
23:08:51.0307 2092 Page size: 0x1000
23:08:51.0307 2092 Boot type: Normal boot
23:08:51.0307 2092 ============================================================
23:08:52.0785 2092 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:08:52.0790 2092 ============================================================
23:08:52.0790 2092 \Device\Harddisk0\DR0:
23:08:52.0791 2092 MBR partitions:
23:08:52.0791 2092 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x117D17C1
23:08:52.0791 2092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x117D1800, BlocksNum 0x1246800
23:08:52.0791 2092 ============================================================
23:08:52.0812 2092 C: <-> \Device\Harddisk0\DR0\Partition0
23:08:52.0870 2092 D: <-> \Device\Harddisk0\DR0\Partition1
23:08:52.0871 2092 ============================================================
23:08:52.0871 2092 Initialize success
23:08:52.0871 2092 ============================================================
23:09:32.0693 3892 ============================================================
23:09:32.0693 3892 Scan started
23:09:32.0693 3892 Mode: Manual;
23:09:32.0693 3892 ============================================================
23:09:33.0786 3892 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:09:33.0817 3892 ACPI - ok
23:09:33.0895 3892 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys
23:09:33.0926 3892 adfs - ok
23:09:34.0035 3892 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:09:34.0035 3892 AdobeFlashPlayerUpdateSvc - ok
23:09:34.0129 3892 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
23:09:34.0144 3892 adp94xx - ok
23:09:34.0191 3892 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
23:09:34.0191 3892 adpahci - ok
23:09:34.0222 3892 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
23:09:34.0238 3892 adpu160m - ok
23:09:34.0269 3892 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
23:09:34.0269 3892 adpu320 - ok
23:09:34.0332 3892 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
23:09:34.0332 3892 AeLookupSvc - ok
23:09:34.0394 3892 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:09:34.0410 3892 AFD - ok
23:09:34.0472 3892 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
23:09:34.0472 3892 agp440 - ok
23:09:34.0519 3892 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:09:34.0519 3892 aic78xx - ok
23:09:34.0534 3892 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
23:09:34.0534 3892 ALG - ok
23:09:34.0550 3892 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
23:09:34.0550 3892 aliide - ok
23:09:34.0581 3892 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
23:09:34.0581 3892 amdagp - ok
23:09:34.0612 3892 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
23:09:34.0612 3892 amdide - ok
23:09:34.0644 3892 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
23:09:34.0644 3892 AmdK7 - ok
23:09:34.0675 3892 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
23:09:34.0675 3892 AmdK8 - ok
23:09:34.0753 3892 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
23:09:34.0753 3892 Appinfo - ok
23:09:34.0768 3892 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
23:09:34.0768 3892 arc - ok
23:09:34.0815 3892 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
23:09:34.0815 3892 arcsas - ok
23:09:34.0924 3892 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:09:34.0971 3892 aspnet_state - ok
23:09:35.0018 3892 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:09:35.0018 3892 AsyncMac - ok
23:09:35.0049 3892 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
23:09:35.0049 3892 atapi - ok
23:09:35.0174 3892 Ati External Event Utility (a8f308d79950de33b478a3e5e026add9) C:\Windows\system32\Ati2evxx.exe
23:09:35.0205 3892 Ati External Event Utility - ok
23:09:36.0329 3892 atikmdag (5000e60040e45b3e72791b19e1ced1e9) C:\Windows\system32\DRIVERS\atikmdag.sys
23:09:36.0453 3892 atikmdag - ok
23:09:36.0672 3892 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
23:09:36.0672 3892 AtiPcie - ok
23:09:36.0750 3892 ATSWPDRV (69e65a2ce11619f0c868967ca9540b80) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
23:09:36.0750 3892 ATSWPDRV - ok
23:09:36.0875 3892 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
23:09:36.0875 3892 AudioEndpointBuilder - ok
23:09:36.0890 3892 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
23:09:36.0906 3892 Audiosrv - ok
23:09:37.0046 3892 Autodesk Content Service (1992c2a1867d95aa3a0802539358d162) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
23:09:37.0093 3892 Autodesk Content Service - ok
23:09:37.0889 3892 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
23:09:38.0029 3892 AVGIDSAgent - ok
23:09:38.0248 3892 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
23:09:38.0279 3892 AVGIDSDriver - ok
23:09:38.0310 3892 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
23:09:38.0341 3892 AVGIDSFilter - ok
23:09:38.0372 3892 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
23:09:38.0404 3892 AVGIDSHX - ok
23:09:38.0466 3892 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
23:09:38.0497 3892 AVGIDSShim - ok
23:09:38.0544 3892 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
23:09:38.0560 3892 Avgldx86 - ok
23:09:38.0606 3892 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
23:09:38.0622 3892 Avgmfx86 - ok
23:09:38.0638 3892 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
23:09:38.0669 3892 Avgrkx86 - ok
23:09:38.0809 3892 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
23:09:38.0825 3892 Avgtdix - ok
23:09:38.0981 3892 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
23:09:38.0981 3892 avgwd - ok
23:09:39.0246 3892 BCM43XV (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
23:09:39.0308 3892 BCM43XV - ok
23:09:39.0324 3892 BCM43XX (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
23:09:39.0340 3892 BCM43XX - ok
23:09:39.0574 3892 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:09:39.0574 3892 Beep - ok
23:09:39.0730 3892 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
23:09:39.0745 3892 BFE - ok
23:09:39.0933 3892 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
23:09:39.0948 3892 BITS - ok
23:09:40.0011 3892 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
23:09:40.0011 3892 blbdrive - ok
23:09:40.0073 3892 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:09:40.0089 3892 bowser - ok
23:09:40.0120 3892 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:09:40.0120 3892 BrFiltLo - ok
23:09:40.0135 3892 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:09:40.0135 3892 BrFiltUp - ok
23:09:40.0167 3892 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
23:09:40.0182 3892 Browser - ok
23:09:40.0213 3892 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:09:40.0213 3892 Brserid - ok
23:09:40.0229 3892 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:09:40.0229 3892 BrSerWdm - ok
23:09:40.0260 3892 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:09:40.0260 3892 BrUsbMdm - ok
23:09:40.0291 3892 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:09:40.0291 3892 BrUsbSer - ok
23:09:40.0338 3892 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:09:40.0338 3892 BTHMODEM - ok
23:09:40.0385 3892 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:09:40.0385 3892 cdfs - ok
23:09:40.0447 3892 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
23:09:40.0447 3892 cdrom - ok
23:09:40.0525 3892 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
23:09:40.0525 3892 CertPropSvc - ok
23:09:40.0557 3892 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
23:09:40.0557 3892 circlass - ok
23:09:40.0619 3892 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:09:40.0619 3892 CLFS - ok
23:09:40.0713 3892 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:09:40.0713 3892 clr_optimization_v2.0.50727_32 - ok
23:09:40.0884 3892 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:09:40.0900 3892 clr_optimization_v4.0.30319_32 - ok
23:09:40.0931 3892 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
23:09:40.0931 3892 CmBatt - ok
23:09:40.0962 3892 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
23:09:40.0962 3892 cmdide - ok
23:09:41.0056 3892 Com4QLBEx (a94146208170d78906c93ee39cebdd9f) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
23:09:41.0071 3892 Com4QLBEx - ok
23:09:41.0087 3892 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
23:09:41.0087 3892 Compbatt - ok
23:09:41.0087 3892 COMSysApp - ok
23:09:41.0118 3892 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
23:09:41.0118 3892 crcdisk - ok
23:09:41.0134 3892 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
23:09:41.0149 3892 Crusoe - ok
23:09:41.0212 3892 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
23:09:41.0227 3892 CryptSvc - ok
23:09:41.0337 3892 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
23:09:41.0337 3892 DcomLaunch - ok
23:09:41.0399 3892 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:09:41.0399 3892 DfsC - ok
23:09:41.0649 3892 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
23:09:41.0695 3892 DFSR - ok
23:09:41.0945 3892 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
23:09:41.0945 3892 Dhcp - ok
23:09:42.0007 3892 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:09:42.0039 3892 disk - ok
23:09:42.0117 3892 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
23:09:42.0117 3892 Dnscache - ok
23:09:42.0179 3892 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
23:09:42.0179 3892 dot3svc - ok
23:09:42.0273 3892 DpHost (5bc1d876dfd53c31c5fc65d2e9614015) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
23:09:42.0273 3892 DpHost - ok
23:09:42.0320 3892 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
23:09:42.0320 3892 DPS - ok
23:09:42.0382 3892 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:09:42.0382 3892 drmkaud - ok
23:09:42.0491 3892 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:09:42.0507 3892 DXGKrnl - ok
23:09:42.0538 3892 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:09:42.0538 3892 E1G60 - ok
23:09:42.0585 3892 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
23:09:42.0585 3892 EapHost - ok
23:09:42.0647 3892 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:09:42.0647 3892 Ecache - ok
23:09:42.0725 3892 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
23:09:42.0725 3892 ehRecvr - ok
23:09:42.0756 3892 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
23:09:42.0756 3892 ehSched - ok
23:09:42.0803 3892 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
23:09:42.0803 3892 ehstart - ok
23:09:42.0897 3892 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
23:09:42.0897 3892 elxstor - ok
23:09:43.0022 3892 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
23:09:43.0022 3892 EMDMgmt - ok
23:09:43.0084 3892 enecir (4cd6b056c5fd9e97c06fe74c81479517) C:\Windows\system32\DRIVERS\enecir.sys
23:09:43.0084 3892 enecir - ok
23:09:43.0131 3892 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
23:09:43.0131 3892 ErrDev - ok
23:09:43.0224 3892 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
23:09:43.0224 3892 EventSystem - ok
23:09:43.0302 3892 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:09:43.0302 3892 exfat - ok
23:09:43.0365 3892 ezSharedSvc (42f721c52eef2d6df9372a53813a83ef) C:\Windows\System32\ezsvc7.dll
23:09:43.0412 3892 ezSharedSvc - ok
23:09:43.0458 3892 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:09:43.0474 3892 fastfat - ok
23:09:43.0521 3892 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
23:09:43.0521 3892 fdc - ok
23:09:43.0568 3892 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
23:09:43.0568 3892 fdPHost - ok
23:09:43.0583 3892 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
23:09:43.0583 3892 FDResPub - ok
23:09:43.0630 3892 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:09:43.0630 3892 FileInfo - ok
23:09:43.0630 3892 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:09:43.0646 3892 Filetrace - ok
23:09:44.0004 3892 FLEXnet Licensing Service (73081cf28f0ae20a52ca4f67cee6e6b0) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:09:44.0036 3892 FLEXnet Licensing Service - ok
23:09:44.0067 3892 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:09:44.0067 3892 flpydisk - ok
23:09:44.0145 3892 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:09:44.0145 3892 FltMgr - ok
23:09:44.0301 3892 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
23:09:44.0301 3892 FontCache - ok
23:09:44.0504 3892 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:09:44.0504 3892 FontCache3.0.0.0 - ok
23:09:44.0535 3892 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
23:09:44.0566 3892 Fs_Rec - ok
23:09:44.0597 3892 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
23:09:44.0597 3892 gagp30kx - ok
23:09:44.0707 3892 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
23:09:44.0707 3892 gpsvc - ok
23:09:44.0785 3892 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
23:09:44.0800 3892 HdAudAddService - ok
23:09:44.0956 3892 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:09:44.0972 3892 HDAudBus - ok
23:09:45.0003 3892 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:09:45.0003 3892 HidBth - ok
23:09:45.0034 3892 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
23:09:45.0034 3892 HidIr - ok
23:09:45.0112 3892 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
23:09:45.0112 3892 hidserv - ok
23:09:45.0143 3892 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
23:09:45.0143 3892 HidUsb - ok
23:09:45.0159 3892 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
23:09:45.0175 3892 hkmsvc - ok
23:09:45.0253 3892 HP Health Check Service (bf3d12f55ae6a5e87f7e451ece6ddc2f) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
23:09:45.0268 3892 HP Health Check Service - ok
23:09:45.0299 3892 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
23:09:45.0299 3892 HpCISSs - ok
23:09:45.0331 3892 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
23:09:45.0331 3892 HpqKbFiltr - ok
23:09:45.0362 3892 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
23:09:45.0362 3892 HpqRemHid - ok
23:09:45.0424 3892 hpqwmiex (d50fdad1e57aa60f1973cfc77d905f0e) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
23:09:45.0424 3892 hpqwmiex - ok
23:09:45.0487 3892 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:09:45.0487 3892 HSFHWAZL - ok
23:09:45.0658 3892 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
23:09:45.0674 3892 HSF_DPV - ok
23:09:45.0767 3892 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
23:09:45.0814 3892 HTTP - ok
23:09:45.0845 3892 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
23:09:45.0845 3892 i2omp - ok
23:09:45.0923 3892 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:09:45.0923 3892 i8042prt - ok
23:09:45.0970 3892 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
23:09:45.0970 3892 iaStorV - ok
23:09:46.0064 3892 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:09:46.0079 3892 IDriverT - ok
23:09:46.0298 3892 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:09:46.0329 3892 idsvc - ok
23:09:46.0360 3892 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:09:46.0360 3892 iirsp - ok
23:09:46.0579 3892 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
23:09:46.0610 3892 IKEEXT - ok
23:09:46.0891 3892 IntcAzAudAddService (98fb74ec7f46e25ec082f1925eef39cd) C:\Windows\system32\drivers\RTKVHDA.sys
23:09:46.0969 3892 IntcAzAudAddService - ok
23:09:47.0156 3892 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
23:09:47.0156 3892 intelide - ok
23:09:47.0187 3892 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:09:47.0187 3892 intelppm - ok
23:09:47.0218 3892 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
23:09:47.0218 3892 IPBusEnum - ok
23:09:47.0234 3892 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:09:47.0250 3892 IpFilterDriver - ok
23:09:47.0281 3892 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
23:09:47.0296 3892 iphlpsvc - ok
23:09:47.0296 3892 IpInIp - ok
23:09:47.0328 3892 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
23:09:47.0328 3892 IPMIDRV - ok
23:09:47.0343 3892 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:09:47.0359 3892 IPNAT - ok
23:09:47.0374 3892 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:09:47.0374 3892 IRENUM - ok
23:09:47.0406 3892 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
23:09:47.0406 3892 isapnp - ok
23:09:47.0484 3892 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
23:09:47.0499 3892 iScsiPrt - ok
23:09:47.0515 3892 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:09:47.0515 3892 iteatapi - ok
23:09:47.0546 3892 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:09:47.0546 3892 iteraid - ok
23:09:47.0577 3892 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:09:47.0577 3892 kbdclass - ok
23:09:47.0624 3892 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
23:09:47.0624 3892 kbdhid - ok
23:09:47.0671 3892 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:09:47.0686 3892 KeyIso - ok
23:09:47.0749 3892 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
23:09:47.0749 3892 KSecDD - ok
23:09:47.0827 3892 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
23:09:47.0842 3892 KtmRm - ok
23:09:47.0905 3892 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
23:09:47.0905 3892 LanmanServer - ok
23:09:47.0967 3892 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
23:09:47.0967 3892 LanmanWorkstation - ok
23:09:48.0108 3892 LightScribeService (984ecb68ed2a2b2e6a544e87e24fba2d) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23:09:48.0123 3892 LightScribeService - ok
23:09:48.0154 3892 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:09:48.0170 3892 lltdio - ok
23:09:48.0217 3892 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
23:09:48.0217 3892 lltdsvc - ok
23:09:48.0248 3892 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
23:09:48.0248 3892 lmhosts - ok
23:09:48.0279 3892 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
23:09:48.0279 3892 LSI_FC - ok
23:09:48.0295 3892 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
23:09:48.0295 3892 LSI_SAS - ok
23:09:48.0310 3892 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
23:09:48.0310 3892 LSI_SCSI - ok
23:09:48.0326 3892 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:09:48.0326 3892 luafv - ok
23:09:48.0342 3892 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
23:09:48.0357 3892 Mcx2Svc - ok
23:09:48.0388 3892 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
23:09:48.0388 3892 megasas - ok
23:09:48.0451 3892 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
23:09:48.0466 3892 MegaSR - ok
23:09:48.0560 3892 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:09:48.0560 3892 Microsoft Office Groove Audit Service - ok
23:09:48.0607 3892 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
23:09:48.0607 3892 MMCSS - ok
23:09:48.0638 3892 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:09:48.0638 3892 Modem - ok
23:09:48.0669 3892 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
23:09:48.0685 3892 MODEMCSA - ok
23:09:48.0716 3892 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:09:48.0716 3892 monitor - ok
23:09:48.0732 3892 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:09:48.0732 3892 mouclass - ok
23:09:48.0747 3892 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:09:48.0747 3892 mouhid - ok
23:09:48.0763 3892 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:09:48.0763 3892 MountMgr - ok
23:09:48.0825 3892 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:09:48.0825 3892 MozillaMaintenance - ok
23:09:48.0841 3892 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
23:09:48.0841 3892 mpio - ok
23:09:48.0872 3892 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:09:48.0872 3892 mpsdrv - ok
23:09:48.0981 3892 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
23:09:48.0981 3892 MpsSvc - ok
23:09:48.0997 3892 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:09:48.0997 3892 Mraid35x - ok
23:09:49.0044 3892 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:09:49.0044 3892 MRxDAV - ok
23:09:49.0091 3892 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:09:49.0106 3892 mrxsmb - ok
23:09:49.0169 3892 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:09:49.0200 3892 mrxsmb10 - ok
23:09:49.0231 3892 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:09:49.0231 3892 mrxsmb20 - ok
23:09:49.0309 3892 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
23:09:49.0309 3892 msahci - ok
23:09:49.0340 3892 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
23:09:49.0340 3892 msdsm - ok
23:09:49.0371 3892 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
23:09:49.0387 3892 MSDTC - ok
23:09:49.0403 3892 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:09:49.0418 3892 Msfs - ok
23:09:49.0434 3892 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:09:49.0434 3892 msisadrv - ok
23:09:49.0481 3892 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
23:09:49.0481 3892 MSiSCSI - ok
23:09:49.0481 3892 msiserver - ok
23:09:49.0527 3892 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:09:49.0543 3892 MSKSSRV - ok
23:09:49.0590 3892 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:09:49.0590 3892 MSPCLOCK - ok
23:09:49.0605 3892 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:09:49.0621 3892 MSPQM - ok
23:09:49.0683 3892 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:09:49.0683 3892 MsRPC - ok
23:09:49.0715 3892 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:09:49.0715 3892 mssmbios - ok
23:09:49.0730 3892 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:09:49.0730 3892 MSTEE - ok
23:09:49.0746 3892 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:09:49.0746 3892 Mup - ok
23:09:49.0824 3892 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
23:09:49.0839 3892 napagent - ok
23:09:49.0902 3892 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:09:49.0917 3892 NativeWifiP - ok
23:09:50.0073 3892 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:09:50.0089 3892 NDIS - ok
23:09:50.0151 3892 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:09:50.0151 3892 NdisTapi - ok
23:09:50.0167 3892 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:09:50.0167 3892 Ndisuio - ok
23:09:50.0245 3892 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:09:50.0245 3892 NdisWan - ok
23:09:50.0261 3892 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:09:50.0261 3892 NDProxy - ok
23:09:50.0292 3892 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:09:50.0292 3892 NetBIOS - ok
23:09:50.0354 3892 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:09:50.0354 3892 netbt - ok
23:09:50.0401 3892 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:09:50.0401 3892 Netlogon - ok
23:09:50.0479 3892 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
23:09:50.0479 3892 Netman - ok
23:09:50.0619 3892 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:09:50.0619 3892 NetMsmqActivator - ok
23:09:50.0635 3892 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:09:50.0635 3892 NetPipeActivator - ok
23:09:50.0697 3892 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
23:09:50.0697 3892 netprofm - ok
23:09:50.0697 3892 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:09:50.0713 3892 NetTcpActivator - ok
23:09:50.0713 3892 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:09:50.0713 3892 NetTcpPortSharing - ok
23:09:50.0744 3892 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:09:50.0744 3892 nfrd960 - ok
23:09:50.0775 3892 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
23:09:50.0791 3892 NlaSvc - ok
23:09:50.0853 3892 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:09:50.0869 3892 Npfs - ok
23:09:50.0916 3892 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
23:09:50.0931 3892 nsi - ok
23:09:50.0963 3892 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:09:50.0963 3892 nsiproxy - ok
23:09:51.0431 3892 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:09:51.0478 3892 Ntfs - ok
23:09:51.0509 3892 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:09:51.0509 3892 ntrigdigi - ok
23:09:51.0540 3892 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:09:51.0540 3892 Null - ok
23:09:51.0602 3892 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
23:09:51.0602 3892 NVENETFD - ok
23:09:51.0649 3892 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
23:09:51.0649 3892 nvraid - ok
23:09:51.0680 3892 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
23:09:51.0680 3892 nvstor - ok
23:09:51.0712 3892 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
23:09:51.0712 3892 nv_agp - ok
23:09:51.0712 3892 NwlnkFlt - ok
23:09:51.0727 3892 NwlnkFwd - ok
23:09:51.0852 3892 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:09:51.0852 3892 odserv - ok
23:09:51.0914 3892 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
23:09:51.0914 3892 ohci1394 - ok
23:09:52.0086 3892 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:09:52.0148 3892 ose - ok
23:09:52.0351 3892 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:09:52.0382 3892 p2pimsvc - ok
23:09:52.0382 3892 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:09:52.0398 3892 p2psvc - ok
23:09:52.0429 3892 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:09:52.0445 3892 Parport - ok
23:09:52.0492 3892 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
23:09:52.0507 3892 partmgr - ok
23:09:52.0507 3892 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:09:52.0523 3892 Parvdm - ok
23:09:52.0554 3892 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
23:09:52.0570 3892 PcaSvc - ok
23:09:52.0616 3892 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:09:52.0616 3892 pci - ok
23:09:52.0663 3892 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
23:09:52.0663 3892 pciide - ok
23:09:52.0694 3892 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:09:52.0710 3892 pcmcia - ok
23:09:52.0819 3892 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:09:52.0850 3892 PEAUTH - ok
23:09:53.0162 3892 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
23:09:53.0225 3892 pla - ok
23:09:53.0615 3892 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
23:09:53.0631 3892 PlugPlay - ok
23:09:53.0818 3892 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:09:53.0818 3892 PNRPAutoReg - ok
23:09:53.0833 3892 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:09:53.0849 3892 PNRPsvc - ok
23:09:53.0943 3892 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
23:09:53.0958 3892 PolicyAgent - ok
23:09:54.0021 3892 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:09:54.0036 3892 PptpMiniport - ok
23:09:54.0083 3892 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
23:09:54.0083 3892 Processor - ok
23:09:54.0145 3892 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
23:09:54.0145 3892 ProfSvc - ok
23:09:54.0208 3892 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:09:54.0208 3892 ProtectedStorage - ok
23:09:54.0286 3892 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:09:54.0286 3892 PSched - ok
23:09:54.0426 3892 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
23:09:54.0426 3892 PxHelp20 - ok
23:09:54.0629 3892 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
23:09:54.0676 3892 ql2300 - ok
23:09:54.0707 3892 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:09:54.0707 3892 ql40xx - ok
23:09:54.0863 3892 QPCapSvc (397e97c8e0f72d914a53ab1be45c7495) C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
23:09:54.0894 3892 QPCapSvc - ok
23:09:54.0957 3892 QPSched (1781b80d094158c97b35262add59da88) C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
23:09:54.0957 3892 QPSched - ok
23:09:55.0019 3892 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
23:09:55.0019 3892 QWAVE - ok
23:09:55.0066 3892 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:09:55.0066 3892 QWAVEdrv - ok
23:09:55.0144 3892 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:09:55.0144 3892 RasAcd - ok
23:09:55.0191 3892 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
23:09:55.0191 3892 RasAuto - ok
23:09:55.0222 3892 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:09:55.0222 3892 Rasl2tp - ok
23:09:55.0300 3892 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
23:09:55.0300 3892 RasMan - ok
23:09:55.0393 3892 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:09:55.0393 3892 RasPppoe - ok
23:09:55.0456 3892 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:09:55.0472 3892 RasSstp - ok
23:09:55.0534 3892 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:09:55.0534 3892 rdbss - ok
23:09:55.0565 3892 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:09:55.0565 3892 RDPCDD - ok
23:09:55.0612 3892 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
23:09:55.0612 3892 rdpdr - ok
23:09:55.0628 3892 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:09:55.0628 3892 RDPENCDD - ok
23:09:55.0706 3892 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
23:09:55.0721 3892 RDPWD - ok
23:09:55.0924 3892 Recovery Service for Windows (70f79e7ac307a98b70d0b34fe7f5c35d) C:\Windows\SMINST\BLService.exe
23:09:55.0971 3892 Recovery Service for Windows - ok
23:09:56.0033 3892 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
23:09:56.0033 3892 RemoteAccess - ok
23:09:56.0111 3892 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
23:09:56.0111 3892 RemoteRegistry - ok
23:09:56.0267 3892 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
23:09:56.0298 3892 RichVideo - ok
23:09:56.0345 3892 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
23:09:56.0345 3892 RimUsb - ok
23:09:56.0408 3892 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
23:09:56.0408 3892 RimVSerPort - ok
23:09:56.0454 3892 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
23:09:56.0454 3892 ROOTMODEM - ok
23:09:56.0470 3892 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
23:09:56.0486 3892 RpcLocator - ok
23:09:56.0626 3892 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
23:09:56.0642 3892 RpcSs - ok
23:09:56.0657 3892 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:09:56.0657 3892 rspndr - ok
23:09:56.0735 3892 RTL8169 (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys
23:09:56.0735 3892 RTL8169 - ok
23:09:56.0782 3892 RTSTOR (7a4f79df3793160b280cde152b61fe33) C:\Windows\system32\drivers\RTSTOR.SYS
23:09:56.0782 3892 RTSTOR - ok
23:09:56.0876 3892 S2usbser (2f0caec1079a0c1a153129a696e449f8) C:\Windows\system32\DRIVERS\S2usbser.sys
23:09:56.0922 3892 S2usbser - ok
23:09:56.0969 3892 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:09:56.0969 3892 SamSs - ok
23:09:57.0016 3892 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:09:57.0078 3892 sbp2port - ok
23:09:57.0359 3892 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
23:09:57.0422 3892 SBSDWSCService - ok
23:09:57.0484 3892 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
23:09:57.0484 3892 SCardSvr - ok
23:09:57.0671 3892 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
23:09:57.0687 3892 Schedule - ok
23:09:57.0734 3892 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
23:09:57.0734 3892 SCPolicySvc - ok
23:09:57.0827 3892 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
23:09:57.0843 3892 SDRSVC - ok
23:09:57.0983 3892 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:09:57.0983 3892 secdrv - ok
23:09:58.0015 3892 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
23:09:58.0015 3892 seclogon - ok
23:09:58.0046 3892 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
23:09:58.0046 3892 SENS - ok
23:09:58.0077 3892 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:09:58.0077 3892 Serenum - ok
23:09:58.0186 3892 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:09:58.0186 3892 Serial - ok
23:09:58.0217 3892 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:09:58.0217 3892 sermouse - ok
23:09:58.0280 3892 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
23:09:58.0280 3892 SessionEnv - ok
23:09:58.0295 3892 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
23:09:58.0295 3892 sffdisk - ok
23:09:58.0342 3892 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
23:09:58.0342 3892 sffp_mmc - ok
23:09:58.0373 3892 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
23:09:58.0373 3892 sffp_sd - ok
23:09:58.0420 3892 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:09:58.0420 3892 sfloppy - ok
23:09:58.0483 3892 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
23:09:58.0483 3892 SharedAccess - ok
23:09:58.0561 3892 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
23:09:58.0561 3892 ShellHWDetection - ok
23:09:58.0639 3892 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
23:09:58.0639 3892 sisagp - ok
23:09:58.0685 3892 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
23:09:58.0685 3892 SiSRaid2 - ok
23:09:58.0748 3892 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
23:09:58.0748 3892 SiSRaid4 - ok
23:09:59.0528 3892 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
23:09:59.0559 3892 slsvc - ok
23:09:59.0887 3892 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
23:09:59.0887 3892 SLUINotify - ok
23:10:00.0074 3892 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:10:00.0090 3892 Smb - ok
23:10:00.0339 3892 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
23:10:00.0417 3892 smserial - ok
23:10:00.0480 3892 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
23:10:00.0495 3892 SNMPTRAP - ok
23:10:00.0526 3892 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:10:00.0526 3892 spldr - ok
23:10:00.0620 3892 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
23:10:00.0667 3892 Spooler - ok
23:10:00.0745 3892 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:10:00.0776 3892 srv - ok
23:10:00.0807 3892 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:10:00.0854 3892 srv2 - ok
23:10:00.0870 3892 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:10:00.0870 3892 srvnet - ok
23:10:00.0901 3892 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
23:10:00.0916 3892 SSDPSRV - ok
23:10:00.0963 3892 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
23:10:00.0963 3892 SstpSvc - ok
23:10:01.0088 3892 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
23:10:01.0104 3892 stisvc - ok
23:10:01.0135 3892 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:10:01.0135 3892 swenum - ok
23:10:01.0228 3892 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
23:10:01.0228 3892 swprv - ok
23:10:01.0244 3892 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:10:01.0244 3892 Symc8xx - ok
23:10:01.0275 3892 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:10:01.0275 3892 Sym_hi - ok
23:10:01.0291 3892 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:10:01.0291 3892 Sym_u3 - ok
23:10:01.0369 3892 SynTP (6dd49e1a5fa0f01824652f1a0a8866fb) C:\Windows\system32\DRIVERS\SynTP.sys
23:10:01.0416 3892 SynTP - ok
23:10:01.0509 3892 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
23:10:01.0525 3892 SysMain - ok
23:10:01.0556 3892 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
23:10:01.0556 3892 TabletInputService - ok
23:10:01.0774 3892 TabletServicePen (7adb2a289309627c517da3fa57917fd5) C:\Windows\system32\Pen_Tablet.exe
23:10:01.0852 3892 TabletServicePen - ok
23:10:01.0915 3892 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
23:10:01.0915 3892 TapiSrv - ok
23:10:02.0008 3892 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
23:10:02.0008 3892 TBS - ok
23:10:02.0274 3892 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
23:10:02.0367 3892 Tcpip - ok
23:10:02.0383 3892 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
23:10:02.0399 3892 Tcpip6 - ok
23:10:02.0492 3892 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
23:10:02.0508 3892 tcpipreg - ok
23:10:02.0570 3892 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:10:02.0586 3892 TDPIPE - ok
23:10:02.0601 3892 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:10:02.0601 3892 TDTCP - ok
23:10:02.0679 3892 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
23:10:02.0679 3892 tdx - ok
23:10:02.0742 3892 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
23:10:02.0789 3892 TermDD - ok
23:10:02.0929 3892 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
23:10:02.0929 3892 TermService - ok
23:10:03.0085 3892 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
23:10:03.0085 3892 Themes - ok
23:10:03.0163 3892 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
23:10:03.0163 3892 THREADORDER - ok
23:10:03.0303 3892 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
23:10:03.0319 3892 TrkWks - ok
23:10:03.0522 3892 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
23:10:03.0522 3892 TrustedInstaller - ok
23:10:03.0569 3892 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:10:03.0569 3892 tssecsrv - ok
23:10:03.0615 3892 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:10:03.0631 3892 tunmp - ok
23:10:03.0662 3892 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:10:03.0678 3892 tunnel - ok
23:10:03.0709 3892 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
23:10:03.0725 3892 uagp35 - ok
23:10:03.0803 3892 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:10:03.0803 3892 udfs - ok
23:10:03.0849 3892 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
23:10:03.0865 3892 UI0Detect - ok
23:10:03.0896 3892 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
23:10:03.0896 3892 uliagpkx - ok
23:10:03.0943 3892 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
23:10:03.0959 3892 uliahci - ok
23:10:03.0990 3892 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:10:03.0990 3892 UlSata - ok
23:10:04.0037 3892 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:10:04.0037 3892 ulsata2 - ok
23:10:04.0083 3892 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:10:04.0083 3892 umbus - ok
23:10:04.0193 3892 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
23:10:04.0208 3892 upnphost - ok
23:10:04.0271 3892 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:10:04.0271 3892 usbccgp - ok
23:10:04.0302 3892 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:10:04.0302 3892 usbcir - ok
23:10:04.0364 3892 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:10:04.0364 3892 usbehci - ok
23:10:04.0411 3892 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:10:04.0427 3892 usbhub - ok
23:10:04.0442 3892 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
23:10:04.0442 3892 usbohci - ok
23:10:04.0489 3892 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:10:04.0505 3892 usbprint - ok
23:10:04.0552 3892 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
23:10:04.0567 3892 usbscan - ok
23:10:04.0630 3892 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:10:04.0645 3892 USBSTOR - ok
23:10:04.0676 3892 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:10:04.0676 3892 usbuhci - ok
23:10:04.0723 3892 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
23:10:04.0739 3892 usbvideo - ok
23:10:04.0786 3892 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
23:10:04.0801 3892 UxSms - ok
23:10:04.0895 3892 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
23:10:04.0910 3892 vds - ok
23:10:04.0957 3892 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
23:10:04.0957 3892 vga - ok
23:10:04.0988 3892 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:10:04.0988 3892 VgaSave - ok
23:10:05.0020 3892 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
23:10:05.0035 3892 viaagp - ok
23:10:05.0051 3892 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
23:10:05.0051 3892 ViaC7 - ok
23:10:05.0082 3892 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
23:10:05.0082 3892 viaide - ok
23:10:05.0144 3892 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:10:05.0144 3892 volmgr - ok
23:10:05.0269 3892 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:10:05.0316 3892 volmgrx - ok
23:10:05.0394 3892 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:10:05.0394 3892 volsnap - ok
23:10:05.0441 3892 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
23:10:05.0456 3892 vsmraid - ok
23:10:05.0722 3892 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
23:10:05.0784 3892 VSS - ok
23:10:05.0862 3892 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
23:10:05.0878 3892 W32Time - ok
23:10:05.0956 3892 Wacomhidfilter (b5247e92c74df3e2c1158f33db958ff8) C:\Windows\system32\DRIVERS\wacomhidfilter.sys
23:10:05.0956 3892 Wacomhidfilter - ok
23:10:06.0002 3892 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
23:10:06.0002 3892 wacommousefilter - ok
23:10:06.0049 3892 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:10:06.0049 3892 WacomPen - ok
23:10:06.0096 3892 WacomTouchService (69eb6448a8223bcf589e901d859d2879) C:\Windows\system32\WacomTouchService.exe
23:10:06.0096 3892 WacomTouchService - ok
23:10:06.0143 3892 wacomvhid (7e8d79b7ad49db189ebcc54160942723) C:\Windows\system32\DRIVERS\wacomvhid.sys
23:10:06.0143 3892 wacomvhid - ok
23:10:06.0158 3892 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\Windows\system32\DRIVERS\WacomVKHid.sys
23:10:06.0174 3892 WacomVKHid - ok
23:10:06.0174 3892 WacomVTHid (423abf94d9d0a2ea1ad104e3519d4fea) C:\Windows\system32\DRIVERS\WacomVTHid.sys
23:10:06.0174 3892 WacomVTHid - ok
23:10:06.0221 3892 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:10:06.0221 3892 Wanarp - ok
23:10:06.0221 3892 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:10:06.0236 3892 Wanarpv6 - ok
23:10:06.0361 3892 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
23:10:06.0377 3892 wcncsvc - ok
23:10:06.0408 3892 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
23:10:06.0424 3892 WcsPlugInService - ok
23:10:06.0470 3892 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
23:10:06.0470 3892 Wd - ok
23:10:06.0627 3892 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:10:06.0642 3892 Wdf01000 - ok
23:10:06.0689 3892 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
23:10:06.0705 3892 WdiServiceHost - ok
23:10:06.0705 3892 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
23:10:06.0720 3892 WdiSystemHost - ok
23:10:06.0798 3892 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
23:10:06.0798 3892 WebClient - ok
23:10:06.0861 3892 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
23:10:06.0861 3892 Wecsvc - ok
23:10:06.0892 3892 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
23:10:06.0907 3892 wercplsupport - ok
23:10:06.0970 3892 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
23:10:06.0970 3892 WerSvc - ok
23:10:07.0079 3892 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
23:10:07.0095 3892 winachsf - ok
23:10:07.0235 3892 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
23:10:07.0266 3892 WinDefend - ok
23:10:07.0297 3892 WinHttpAutoProxySvc - ok
23:10:07.0407 3892 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
23:10:07.0407 3892 Winmgmt - ok
23:10:07.0594 3892 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
23:10:07.0625 3892 WinRM - ok
23:10:07.0906 3892 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
23:10:07.0921 3892 Wlansvc - ok
23:10:07.0984 3892 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:10:07.0999 3892 WmiAcpi - ok
23:10:08.0249 3892 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
23:10:08.0265 3892 wmiApSrv - ok
23:10:08.0514 3892 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:10:08.0561 3892 WMPNetworkSvc - ok
23:10:08.0623 3892 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
23:10:08.0639 3892 WPCSvc - ok
23:10:08.0701 3892 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
23:10:08.0701 3892 WPDBusEnum - ok
23:10:08.0795 3892 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
23:10:08.0826 3892 WpdUsb - ok
23:10:09.0357 3892 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:10:09.0419 3892 WPFFontCache_v0400 - ok
23:10:09.0466 3892 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:10:09.0466 3892 ws2ifsl - ok
23:10:09.0513 3892 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
23:10:09.0528 3892 wscsvc - ok
23:10:09.0591 3892 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
23:10:09.0622 3892 WSDPrintDevice - ok
23:10:09.0622 3892 WSearch - ok
23:10:10.0542 3892 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
23:10:10.0620 3892 wuauserv - ok
23:10:10.0917 3892 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:10:10.0932 3892 WUDFRd - ok
23:10:10.0979 3892 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
23:10:10.0995 3892 wudfsvc - ok
23:10:11.0073 3892 MBR (0x1B8) (85d751f0e41b8e520aee8c07a8da777b) \Device\Harddisk0\DR0
23:10:12.0149 3892 \Device\Harddisk0\DR0 - ok
23:10:12.0274 3892 Boot (0x1200) (b8eba548ad4cf257ec562a62d67f1116) \Device\Harddisk0\DR0\Partition0
23:10:12.0274 3892 \Device\Harddisk0\DR0\Partition0 - ok
23:10:12.0337 3892 Boot (0x1200) (bc98e1d528a3b5272975c9b26ddef0fc) \Device\Harddisk0\DR0\Partition1
23:10:12.0337 3892 \Device\Harddisk0\DR0\Partition1 - ok
23:10:12.0337 3892 ============================================================
23:10:12.0337 3892 Scan finished
23:10:12.0337 3892 ============================================================
23:10:12.0368 3580 Detected object count: 0
23:10:12.0368 3580 Actual detected object count: 0



And here's the Combofix log:



ComboFix 12-05-22.02 - Jello 22/05/2012 18:29:28.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2812.1502 [GMT 1:00]
Running from: c:\users\Jello\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
.
.
2012-05-22 18:19 . 2012-05-22 20:16 -------- d-----w- c:\users\Jello\AppData\Local\temp
2012-05-22 18:19 . 2012-05-22 18:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-21 17:44 . 2012-05-21 17:44 -------- d-----w- c:\users\Jello\AppData\Roaming\Apple Computer
2012-05-20 20:31 . 2012-05-20 20:31 -------- d-----w- c:\programdata\Apple Computer
2012-05-20 20:28 . 2012-05-20 20:28 -------- d-----w- c:\program files\Common Files\Apple
2012-05-20 20:28 . 2012-05-20 20:28 -------- d-----w- c:\users\Jello\AppData\Local\Apple
2012-05-20 20:27 . 2012-05-20 20:27 -------- d-----w- c:\program files\Apple Software Update
2012-05-20 20:27 . 2012-05-20 20:27 -------- d-----w- c:\programdata\Apple
2012-05-20 12:12 . 2012-05-20 12:12 -------- d-----w- c:\users\Jello\AppData\Local\ElevatedDiagnostics
2012-05-19 12:30 . 2012-05-19 12:30 -------- d-----w- C:\$AVG
2012-05-14 12:28 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-14 12:23 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-14 12:23 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-14 12:23 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-14 12:23 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-14 12:23 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-14 12:23 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-05-14 12:10 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-14 10:39 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-14 10:39 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-14 10:39 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-14 10:39 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-14 10:39 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-14 10:21 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-14 10:21 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-14 10:21 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-04 23:48 . 2012-05-04 23:48 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-04 23:48 . 2012-05-04 23:48 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-04 23:48 . 2012-05-04 23:48 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-04 19:23 . 2012-05-04 19:23 -------- d-----w- c:\users\Jello\AppData\Roaming\OpenDNS Updater
2012-05-04 19:23 . 2012-05-04 19:23 -------- d-----w- c:\program files\OpenDNS Updater
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 18:39 . 2012-04-02 15:38 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 18:39 . 2011-05-22 15:19 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 03:50 . 2012-04-19 03:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 14:56 . 2012-04-14 09:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 15:39 . 2010-12-16 11:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-19 04:17 . 2012-03-19 04:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-29 15:11 . 2012-04-11 17:42 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-11 17:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-11 17:42 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-11 17:42 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-11 17:42 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-11 17:42 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 17:42 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-11 17:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-04 23:48 . 2012-02-12 22:11 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 15:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-11-29 15:26 3908192 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-28 6144000]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-02 468264]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-08 611712]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\users\Jello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-02-26 22:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-03-14 15:45 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-05-14 15:02 880496 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 97210268
*Deregistered* - 97210268
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 22:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{55828796-F73A-4BC8-BD00-E4B2A7B9D44E}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Jello\AppData\Roaming\Mozilla\Firefox\Profiles\zljrbtrm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-isCfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe
MSConfigStartUp-SysVer - c:\users\Jello\AppData\Local\MSRebar\SysVer\SysVer.exe
AddRemove-SysVer - c:\users\Jello\AppData\Local\MSRebar\SysVer\SysVer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-22 21:16
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\DPPWDFLT.dll
.
Completion time: 2012-05-22 21:20:47
ComboFix-quarantined-files.txt 2012-05-22 20:20
.
Pre-Run: 9,663,787,008 bytes free
Post-Run: 8,759,066,624 bytes free
.
- - End Of File - - 5DBB805FB22AB5AC53147717825A3B66



Marc

#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:12:37 AM

Posted 23 May 2012 - 09:36 AM

Hi Marc,

Glad your machine seems to be running better! :thumbup2:

I see you have Malwarebytes Anti-Malware installed on your computer. I'd like you to update the program, run a full system scan and post the log here.

==========

Now, I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

==========

Please post both the MBAM and ESET logs in your next reply!
Any remaining issues you'd like me to know about?

bloopie

#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:12:37 AM

Posted 26 May 2012 - 03:15 PM

Hello again,

This is a 3-Day Bump! If you still wish to receive help please follow the instructions in my last post.

If you do not respond in another 48 hours, we will be forced to close this topic!

bloopie

#9 MarcC

MarcC
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 27 May 2012 - 06:10 AM

Hi Bloopie,

Sorry about the slow reply, just haven't hed the time to do the Eset scan.

Here are the Logs.

MBAM:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.23.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Jello :: JELLO-PC [administrator]

23/05/2012 18:18:41
mbam-log-2012-05-23 (18-18-41).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 427422
Time elapsed: 2 hour(s), 31 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESET:


C:\Users\Jello\AppData\Local\{BF16C8E9-7B45-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Users\Jello\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\f0c3701-1c6de8d2 multiple threats deleted - quarantined
C:\Users\Jello\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\31c9be72-7af52171 Java/TrojanDownloader.Agent.NDR trojan deleted - quarantined

I was going to say I'd spoken too soon about the redirects as I had another one since my last post. I thought I'd run ESET then get back to you about it. ESET seems to have picked something up though, so I'll keep trying google searches and let you know whether it's still happening.

Cheers

Marc

#10 MarcC

MarcC
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 27 May 2012 - 06:30 AM

Bad news. Just got redirected again.

#11 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:12:37 AM

Posted 27 May 2012 - 01:05 PM

Hi Marc,

Could you describe a bit about your redirects? What sites are you being redirected to? Is this with all internet browsers or only one?

I think we should tackle the detections found in your online scan now.

==========

Run A ComboFix Script

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Folder::
C:\Users\Jello\AppData\Local\{BF16C8E9-7B45-11E1-826D-B8AC6F996F26}

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

How is your computer running now? Are you still being redirected?

bloopie

#12 MarcC

MarcC
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 30 May 2012 - 04:57 PM

Hi bloopie,

Here's the Combofix log:

ComboFix 12-05-30.02 - Jello 30/05/2012 7:37.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2812.1479 [GMT 1:00]
Running from: c:\users\Jello\Documents\Google redirect issue\ComboFix.exe
Command switches used :: c:\users\Jello\Documents\Google redirect issue\CFscript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jello\AppData\Local\{BF16C8E9-7B45-11E1-826D-B8AC6F996F26}
c:\users\Jello\AppData\Local\{BF16C8E9-7B45-11E1-826D-B8AC6F996F26}\chrome.manifest
c:\users\Jello\AppData\Local\{BF16C8E9-7B45-11E1-826D-B8AC6F996F26}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))
.
.
2012-05-30 17:07 . 2012-05-30 17:07 -------- d-----w- c:\users\Jello\AppData\Local\temp
2012-05-30 17:07 . 2012-05-30 17:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-24 23:07 . 2012-05-24 23:07 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-05-24 17:18 . 2012-05-24 17:18 -------- d-----w- c:\users\Jello\AppData\Roaming\Template
2012-05-23 17:15 . 2012-05-23 17:15 -------- d-----w- c:\windows\Sun
2012-05-21 17:44 . 2012-05-21 17:44 -------- d-----w- c:\users\Jello\AppData\Roaming\Apple Computer
2012-05-20 20:31 . 2012-05-20 20:31 -------- d-----w- c:\programdata\Apple Computer
2012-05-20 20:28 . 2012-05-20 20:28 -------- d-----w- c:\program files\Common Files\Apple
2012-05-20 20:28 . 2012-05-20 20:28 -------- d-----w- c:\users\Jello\AppData\Local\Apple
2012-05-20 20:27 . 2012-05-20 20:27 -------- d-----w- c:\program files\Apple Software Update
2012-05-20 20:27 . 2012-05-20 20:27 -------- d-----w- c:\programdata\Apple
2012-05-20 12:12 . 2012-05-20 12:12 -------- d-----w- c:\users\Jello\AppData\Local\ElevatedDiagnostics
2012-05-19 12:30 . 2012-05-19 12:30 -------- d-----w- C:\$AVG
2012-05-14 12:28 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-14 12:23 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-14 12:23 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-14 12:23 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-14 12:23 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-14 12:23 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-14 12:23 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-05-14 12:10 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-14 10:39 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-14 10:39 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-14 10:39 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-14 10:39 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-14 10:39 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-14 10:21 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-14 10:21 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-14 10:21 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-04 23:48 . 2012-05-04 23:48 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-04 23:48 . 2012-05-04 23:48 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-04 23:48 . 2012-05-04 23:48 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-04 19:23 . 2012-05-04 19:23 -------- d-----w- c:\users\Jello\AppData\Roaming\OpenDNS Updater
2012-05-04 19:23 . 2012-05-04 19:23 -------- d-----w- c:\program files\OpenDNS Updater
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 18:39 . 2012-04-02 15:38 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 18:39 . 2011-05-22 15:19 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 03:50 . 2012-04-19 03:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 14:56 . 2012-04-14 09:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 15:39 . 2010-12-16 11:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-19 04:17 . 2012-03-19 04:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-05-04 23:48 . 2012-02-12 22:11 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 15:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-11-29 15:26 3908192 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-28 6144000]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-02 468264]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-08 611712]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\users\Jello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-02-26 22:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-03-14 15:45 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-05-14 15:02 880496 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 22:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{55828796-F73A-4BC8-BD00-E4B2A7B9D44E}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Jello\AppData\Roaming\Mozilla\Firefox\Profiles\zljrbtrm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-30 18:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(928)
c:\windows\system32\DPPWDFLT.dll
.
Completion time: 2012-05-30 18:13:24
ComboFix-quarantined-files.txt 2012-05-30 17:13
ComboFix2.txt 2012-05-22 20:20
.
Pre-Run: 3,941,326,848 bytes free
Post-Run: 3,597,361,152 bytes free
.
- - End Of File - - 5EB33E851590491AF72088D6F2689CE6


At the moment I don't seem to be getting any redirects. Had been running searches on other browsers but with no redirects, and since running latest Cfix scan, don't seem to be getting any.

I'll keep trying and let you know how I'm getting on.

Cheers

Marc

#13 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:12:37 AM

Posted 31 May 2012 - 09:35 AM

Hi Marc,

Good to hear no more redirects so far! Let me know if there are any changes in the next day or two! :thumbup2:

Other than that, does your computer run well right now?

If so, there are a couple of minor steps yet to do, so please let me know! :thumbsup:

bloopie

#14 MarcC

MarcC
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 02 June 2012 - 01:16 PM

Hi

Other than the redirects my computer's doing okay.

What do you want me to do next?

Marc

#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:12:37 AM

Posted 02 June 2012 - 01:19 PM

Hi Marc,

Other than the redirects my computer's doing okay.

So you are still getting redirected? To what sites?

bloopie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users