cubswild
-
Posts
17 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by cubswild
-
Okay, I've tried a bunch of times now, and when clicking links in Google from Google Chrome, I'm no longer redirected--I think the problem has been solved! Do you think that the trojan was only attached to Chrome, or should I worry that it's still hidden somewhere in the computer? What do you think my next steps should be to make sure the computer isn't infected and that we never get infected again? Thanks again for all of your time!
-
Also, sorry for the multiple posts--but when you said "delete them for now," what exactly should I be deleting? The three programs that Trend Micro found? If so, it stopped them from installing, and I can't find where the ComboFix is since I deleted it before. I can uninstall OTL, I believe.
-
I'm happy to do this again--but this was the 24 hour one that just completed today. Should I do the same scan?
-
Trend micro just alerted me that it stopped suspicious software from installing itself (I believe the j:/ one is the autorun flashdrive software, but I swear I deleted ComboFix, and I can't find the program in the location it says it exists. Should I uninstall OTL yet?) Date/Time Name From Response ######## C:\Users\Alex\Downloads\ComboFix.exe <abbr title="Unknown" oncopy="event.clipboardData.setData('text/plain' 'Unknown');event.preventDefault();" >Unknown</abbr> Terminated ######## C:\Users\Alex\Desktop\OTL.exe <abbr title="Unknown" oncopy="event.clipboardData.setData('text/plain' 'Unknown');event.preventDefault();" >Unknown</abbr> Terminated ######## j:\install.bat <abbr title="Unknown" oncopy="event.clipboardData.setData('text/plain' 'Unknown');event.preventDefault();" >Unknown</abbr> Denied
-
Wait--unfortunately, I just found that it's still taking me to a new website when I check different links (Don't click on it, obviously, but this is one of the sites it's trying to take me to that is being blocked by Trend Micro: http://64.15.72.104/click.php?go=aHR0cDovL2NsaWNrLkdldC1BbnN3ZXJzLUZhc3QuY29tL2Fkcy1jbGlja3RyYWNrL2NsaWNrL2p1bXAxLmRvP3NpZD1CWnJBQUM0cFZXdm9WQ1EyaEZvODFUM01IazYlMkJleTNxNk9jOGVnUlN5ZDAlM0QmYWZmaWxpYXRlPTQ2MzU1JnN1YmlkPTg5MDlfMTIzMyZyYz0wJnRlcm1zPWxvcyBwb2xsaXRvcyBkaWNlbiBzb25n&b=MC4wMjg=&aff=8909&subaff=1233&time=1340387575&searcher_ip=67.149.143.234&cnt=21843&qq=los+pollitos+dicen+song&mode=&seid=fzwfj8M/33Q3TJfi+H2xwrq900gJ9R/Tluo1RgG0&se=YWJjc2VhcmNo&sid=9&pos=1) Now what do you think we should do? Should I maybe delete Chrome since IE doesn't seem to have the problem?
-
All right--the newest version of Java is running! I've done a few searches in Chrome using Google and it all of the links I click on take me to pages that I am choosing to go to. Do you think that this is the end of the trojan? Let me know if there are any other additional steps I need to be taking to ensure that the problem has ended--and to ensure that it doesn't occur again! (I currently use Trend Micro Titanium Internet security to prevent viruses, but obviously, it didn't work perfectly.)
-
Status: Disinfected (events: 9) 6/21/2012 9:23:15 AM Disinfected Trojan program Exploit.OSX.Smid.b C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4 High 6/21/2012 9:23:15 AM Disinfected Trojan program Exploit.OSX.Smid.b C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4/AppletX.class High 6/21/2012 9:23:16 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128 High 6/21/2012 9:23:16 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128/mz1/my/CL.class High 6/21/2012 9:23:15 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce High 6/21/2012 9:23:15 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce/mz1/my/CL.class High 6/21/2012 9:23:16 AM Disinfected Trojan program Trojan-Downloader.Java.OpenStream.af C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076 High 6/21/2012 9:23:16 AM Disinfected Trojan program Exploit.Java.Agent.f C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/AppletX.class High 6/21/2012 9:23:16 AM Disinfected Trojan program Trojan-Downloader.Java.OpenStream.af C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/LoaderX.class High
-
Not sure why it's showing html--let me know if this is a problem.
-
<p>For some reason that last post was showing html. Let me try this again:</p> <p> </p> <p> </p> <div>Status: Disinfected (events: 9)<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.OSX.Smid.b<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.OSX.Smid.b<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4/AppletX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128/mz1/my/CL.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce/mz1/my/CL.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.OpenStream.af<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.Java.Agent.f<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/AppletX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.OpenStream.af<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/LoaderX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div> </div>
-
<p>All right--after 24 hours of scanning, below is the Detected Threats report!:</p> <p> </p> <p> </p> <div>Status: Disinfected (events: 9)<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.OSX.Smid.b<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.OSX.Smid.b<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4/AppletX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128/mz1/my/CL.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce/mz1/my/CL.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.OpenStream.af<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.Java.Agent.f<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/AppletX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.OpenStream.af<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/LoaderX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div> </div> <div> </div> <div>Let me know what my next steps should be! As always, I appreciate the time you're spending on this.</div>
-
The Kaspersky virus scan is still plugging along (it's been going for 13 hours now). I'll let you know when it has completed!
-
Hi, I ran the program successfully, but the text file you spoke of did not appear to exist. I found the Eset folder under C:\programfiles(x86)\eset\esteonlinescanner, but the only txt file in there was a setup file. I was able to create a text file of the quarantined files, though, so hopefully that is what you were looking for: C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToOLbar32.dll.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\7dad89f5-1d7d67a1 a variant of Win32/Kryptik.WDX trojan cleaned by deleting - quarantined Let me know if you need me to look for something else. Again, I really appreciate all the help!
-
Also, not sure it means anything, but there are a bunch of transparent temp files of old Microsoft Word documents that have now appeared on my desktop for some reason...
-
Hi again, I ran it again in safe mode (once with networking, once in just pure safe mode). Both times returned the error code 23 I copied above.
-
Thanks again for the assistance. I followed the steps above (I actually deleted Freecorder altogether besides just deleting the toolbar), and then StartNow said it was already deleted once I had done that. OTL appeared to work, but at the end of the whole process when it was creating logs, it got to what appeared was almost done, and then the following error window came up: "Win32 Error. Code: 23. Data error (cyclic redundancy check)" Any idea what this is or how to get the log files if they didn't pop up automatically? I know it was supposed to be a short process for OTL to scan, but it was almost 15 minutes. It took an ESPECIALLY long time when it was scanning Google Chrome. (Note that in my original problem with the opening random webpages from Google, this only seems to occur in Chrome right now, not in IE). Thanks!
-
Hello, Thanks so much for the prompt assistance! Below are the log files you requested: TDSSKiller Log: 23:17:01.0331 6940 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31 23:17:01.0659 6940 ============================================================ 23:17:01.0659 6940 Current date / time: 2012/06/19 23:17:01.0659 23:17:01.0659 6940 SystemInfo: 23:17:01.0659 6940 23:17:01.0659 6940 OS Version: 6.0.6002 ServicePack: 2.0 23:17:01.0659 6940 Product type: Workstation 23:17:01.0659 6940 ComputerName: STATHAKIS-PC 23:17:01.0659 6940 UserName: Alex 23:17:01.0659 6940 Windows directory: C:\Windows 23:17:01.0659 6940 System windows directory: C:\Windows 23:17:01.0659 6940 Running under WOW64 23:17:01.0659 6940 Processor architecture: Intel x64 23:17:01.0659 6940 Number of processors: 4 23:17:01.0659 6940 Page size: 0x1000 23:17:01.0659 6940 Boot type: Normal boot 23:17:01.0659 6940 ============================================================ 23:17:03.0172 6940 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 23:17:03.0219 6940 ============================================================ 23:17:03.0219 6940 \Device\Harddisk0\DR0: 23:17:03.0219 6940 MBR partitions: 23:17:03.0219 6940 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x400000 23:17:03.0219 6940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x41B800, BlocksNum 0x4A43C000 23:17:03.0219 6940 ============================================================ 23:17:03.0266 6940 C: <-> \Device\Harddisk0\DR0\Partition1 23:17:03.0375 6940 D: <-> \Device\Harddisk0\DR0\Partition0 23:17:03.0375 6940 ============================================================ 23:17:03.0375 6940 Initialize success 23:17:03.0375 6940 ============================================================ 23:17:29.0458 6904 ============================================================ 23:17:29.0458 6904 Scan started 23:17:29.0458 6904 Mode: Manual; SigCheck; TDLFS; 23:17:29.0458 6904 ============================================================ 23:17:33.0519 6904 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys 23:17:33.0675 6904 ACPI - ok 23:17:34.0423 6904 Adobe Version Cue CS3 (14c23516c990dcd6052152cf034dde40) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe 23:17:34.0455 6904 Adobe Version Cue CS3 - ok 23:17:34.0579 6904 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 23:17:34.0611 6904 AdobeARMservice - ok 23:17:34.0813 6904 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys 23:17:34.0876 6904 adp94xx - ok 23:17:35.0079 6904 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys 23:17:35.0110 6904 adpahci - ok 23:17:35.0188 6904 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys 23:17:35.0203 6904 adpu160m - ok 23:17:35.0422 6904 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys 23:17:35.0469 6904 adpu320 - ok 23:17:35.0656 6904 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll 23:17:35.0718 6904 AeLookupSvc - ok 23:17:36.0342 6904 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys 23:17:36.0467 6904 AFD - ok 23:17:36.0561 6904 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys 23:17:36.0576 6904 agp440 - ok 23:17:36.0732 6904 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys 23:17:36.0763 6904 aic78xx - ok 23:17:36.0857 6904 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe 23:17:36.0904 6904 ALG - ok 23:17:36.0982 6904 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys 23:17:37.0013 6904 aliide - ok 23:17:37.0855 6904 AllShare (aaa1f9d4cf4c976c21bca8afa2bae6a4) C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe 23:17:38.0542 6904 AllShare ( UnsignedFile.Multi.Generic ) - warning 23:17:38.0542 6904 AllShare - detected UnsignedFile.Multi.Generic (1) 23:17:38.0682 6904 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys 23:17:38.0698 6904 amdide - ok 23:17:38.0745 6904 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys 23:17:38.0776 6904 AmdK8 - ok 23:17:38.0963 6904 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe 23:17:38.0979 6904 Amsp - ok 23:17:39.0057 6904 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll 23:17:39.0072 6904 Appinfo - ok 23:17:39.0166 6904 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 23:17:39.0181 6904 Apple Mobile Device - ok 23:17:39.0228 6904 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys 23:17:39.0259 6904 arc - ok 23:17:39.0291 6904 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys 23:17:39.0306 6904 arcsas - ok 23:17:39.0337 6904 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys 23:17:39.0384 6904 AsyncMac - ok 23:17:39.0431 6904 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys 23:17:39.0447 6904 atapi - ok 23:17:39.0587 6904 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll 23:17:39.0634 6904 AudioEndpointBuilder - ok 23:17:39.0649 6904 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll 23:17:39.0696 6904 AudioSrv - ok 23:17:39.0790 6904 Automatic LiveUpdate Scheduler (de220dcea74e13e659ff6192c3afe49c) C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe 23:17:39.0805 6904 Automatic LiveUpdate Scheduler - ok 23:17:39.0805 6904 Beep - ok 23:17:39.0883 6904 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll 23:17:39.0930 6904 BFE - ok 23:17:40.0024 6904 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll 23:17:40.0102 6904 BITS - ok 23:17:40.0180 6904 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys 23:17:40.0211 6904 blbdrive - ok 23:17:40.0336 6904 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 23:17:40.0383 6904 Bonjour Service - ok 23:17:40.0445 6904 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys 23:17:40.0507 6904 bowser - ok 23:17:40.0539 6904 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys 23:17:40.0570 6904 BrFiltLo - ok 23:17:40.0585 6904 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys 23:17:40.0617 6904 BrFiltUp - ok 23:17:40.0663 6904 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll 23:17:40.0695 6904 Browser - ok 23:17:40.0741 6904 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys 23:17:40.0788 6904 Brserid - ok 23:17:40.0804 6904 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys 23:17:40.0851 6904 BrSerWdm - ok 23:17:40.0897 6904 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys 23:17:40.0944 6904 BrUsbMdm - ok 23:17:40.0991 6904 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys 23:17:41.0053 6904 BrUsbSer - ok 23:17:41.0085 6904 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys 23:17:41.0147 6904 BTHMODEM - ok 23:17:41.0272 6904 catchme - ok 23:17:41.0334 6904 CAXHWBS2 (84e556e7f7c00c22e300d78200fc6c44) C:\Windows\system32\DRIVERS\CAXHWBS2.sys 23:17:41.0381 6904 CAXHWBS2 - ok 23:17:41.0428 6904 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys 23:17:41.0490 6904 cdfs - ok 23:17:41.0553 6904 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys 23:17:41.0599 6904 cdrom - ok 23:17:41.0631 6904 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll 23:17:41.0677 6904 CertPropSvc - ok 23:17:41.0693 6904 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys 23:17:41.0740 6904 circlass - ok 23:17:42.0114 6904 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys 23:17:42.0255 6904 CLFS - ok 23:17:42.0660 6904 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:17:42.0707 6904 clr_optimization_v2.0.50727_32 - ok 23:17:42.0910 6904 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 23:17:42.0941 6904 clr_optimization_v2.0.50727_64 - ok 23:17:43.0269 6904 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 23:17:43.0284 6904 clr_optimization_v4.0.30319_32 - ok 23:17:43.0549 6904 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 23:17:43.0565 6904 clr_optimization_v4.0.30319_64 - ok 23:17:43.0643 6904 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys 23:17:43.0674 6904 cmdide - ok 23:17:43.0721 6904 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys 23:17:43.0752 6904 Compbatt - ok 23:17:43.0752 6904 COMSysApp - ok 23:17:43.0815 6904 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys 23:17:43.0846 6904 crcdisk - ok 23:17:44.0142 6904 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll 23:17:44.0173 6904 CryptSvc - ok 23:17:45.0172 6904 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll 23:17:45.0265 6904 DcomLaunch - ok 23:17:45.0484 6904 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys 23:17:45.0531 6904 DfsC - ok 23:17:48.0198 6904 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe 23:17:49.0119 6904 DFSR - ok 23:17:50.0913 6904 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll 23:17:51.0053 6904 Dhcp - ok 23:17:51.0271 6904 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys 23:17:51.0318 6904 disk - ok 23:17:51.0849 6904 DMService (4ac7157b62f876fcae60fd692086ceb9) C:\Windows\DOWNLO~1\DMService.exe 23:17:52.0005 6904 DMService - ok 23:17:52.0239 6904 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll 23:17:52.0301 6904 Dnscache - ok 23:17:52.0551 6904 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll 23:17:52.0597 6904 dot3svc - ok 23:17:52.0816 6904 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll 23:17:52.0925 6904 DPS - ok 23:17:53.0097 6904 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys 23:17:53.0159 6904 drmkaud - ok 23:17:53.0892 6904 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys 23:17:54.0017 6904 DXGKrnl - ok 23:17:54.0407 6904 e1express (a458e7d986f51c827640f5d1f1e886e4) C:\Windows\system32\DRIVERS\e1e6032e.sys 23:17:54.0423 6904 e1express - ok 23:17:54.0641 6904 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys 23:17:54.0688 6904 E1G60 - ok 23:17:54.0844 6904 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll 23:17:54.0875 6904 EapHost - ok 23:17:55.0047 6904 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys 23:17:55.0062 6904 Ecache - ok 23:17:55.0842 6904 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe 23:17:55.0936 6904 ehRecvr - ok 23:17:56.0263 6904 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe 23:17:56.0295 6904 ehSched - ok 23:17:56.0357 6904 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll 23:17:56.0388 6904 ehstart - ok 23:17:56.0981 6904 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys 23:17:57.0137 6904 elxstor - ok 23:17:57.0714 6904 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll 23:17:57.0839 6904 EMDMgmt - ok 23:17:57.0964 6904 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys 23:17:58.0011 6904 ErrDev - ok 23:17:58.0432 6904 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll 23:17:58.0494 6904 EventSystem - ok 23:17:58.0728 6904 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys 23:17:58.0791 6904 exfat - ok 23:17:59.0149 6904 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys 23:17:59.0227 6904 fastfat - ok 23:17:59.0383 6904 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys 23:17:59.0446 6904 fdc - ok 23:17:59.0539 6904 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll 23:17:59.0602 6904 fdPHost - ok 23:17:59.0633 6904 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll 23:17:59.0711 6904 FDResPub - ok 23:17:59.0836 6904 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys 23:17:59.0851 6904 FileInfo - ok 23:17:59.0914 6904 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys 23:17:59.0976 6904 Filetrace - ok 23:18:01.0723 6904 Fitbit (d4c0e5c287aad7ff3176731a310ab2af) C:\Program Files (x86)\Fitbit\fitbit.exe 23:18:01.0973 6904 Fitbit - ok 23:18:02.0441 6904 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 23:18:02.0472 6904 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning 23:18:02.0472 6904 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1) 23:18:03.0143 6904 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 23:18:03.0252 6904 flpydisk - ok 23:18:03.0720 6904 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys 23:18:03.0783 6904 FltMgr - ok 23:18:05.0077 6904 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll 23:18:05.0717 6904 FontCache - ok 23:18:06.0029 6904 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 23:18:06.0045 6904 FontCache3.0.0.0 - ok 23:18:06.0232 6904 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys 23:18:06.0279 6904 Fs_Rec - ok 23:18:06.0528 6904 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys 23:18:06.0559 6904 gagp30kx - ok 23:18:06.0669 6904 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys 23:18:06.0700 6904 GEARAspiWDM - ok 23:18:07.0464 6904 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll 23:18:07.0761 6904 gpsvc - ok 23:18:08.0041 6904 gupdate1c98b1ccc2f0af0 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 23:18:08.0057 6904 gupdate1c98b1ccc2f0af0 - ok 23:18:08.0088 6904 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 23:18:08.0104 6904 gupdatem - ok 23:18:08.0291 6904 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 23:18:08.0307 6904 gusvc - ok 23:18:09.0430 6904 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys 23:18:09.0726 6904 HDAudBus - ok 23:18:09.0804 6904 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys 23:18:09.0882 6904 HidBth - ok 23:18:09.0945 6904 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys 23:18:10.0023 6904 HidIr - ok 23:18:10.0054 6904 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll 23:18:10.0085 6904 hidserv - ok 23:18:10.0163 6904 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys 23:18:10.0194 6904 HidUsb - ok 23:18:10.0381 6904 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll 23:18:10.0444 6904 hkmsvc - ok 23:18:10.0584 6904 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys 23:18:10.0631 6904 HpCISSs - ok 23:18:12.0675 6904 HSF_DPV (8774d021a3fffe44150f8510381deee6) C:\Windows\system32\DRIVERS\CAX_DPV.sys 23:18:13.0330 6904 HSF_DPV - ok 23:18:14.0203 6904 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys 23:18:14.0328 6904 HTTP - ok 23:18:14.0359 6904 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys 23:18:14.0375 6904 i2omp - ok 23:18:14.0437 6904 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys 23:18:14.0469 6904 i8042prt - ok 23:18:14.0500 6904 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys 23:18:14.0515 6904 iaStorV - ok 23:18:14.0640 6904 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 23:18:14.0734 6904 idsvc - ok 23:18:15.0124 6904 igfx (50f15f9aee2e7692dfe58917e2d40498) C:\Windows\system32\DRIVERS\igdkmd64.sys 23:18:15.0654 6904 igfx - ok 23:18:15.0857 6904 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys 23:18:15.0873 6904 iirsp - ok 23:18:15.0997 6904 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll 23:18:16.0091 6904 IKEEXT - ok 23:18:16.0200 6904 IntcAzAudAddService (04c6489a44e340574daae64a6062541c) C:\Windows\system32\drivers\RTKVHD64.sys 23:18:16.0434 6904 IntcAzAudAddService - ok 23:18:16.0512 6904 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys 23:18:16.0528 6904 intelide - ok 23:18:16.0559 6904 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys 23:18:16.0606 6904 intelppm - ok 23:18:16.0777 6904 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe 23:18:16.0793 6904 IntuitUpdateService - ok 23:18:16.0918 6904 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe 23:18:16.0933 6904 IntuitUpdateServiceV4 - ok 23:18:17.0043 6904 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll 23:18:17.0121 6904 IPBusEnum - ok 23:18:17.0214 6904 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys 23:18:17.0277 6904 IpFilterDriver - ok 23:18:17.0370 6904 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll 23:18:17.0386 6904 iphlpsvc - ok 23:18:17.0401 6904 IpInIp - ok 23:18:17.0433 6904 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys 23:18:17.0464 6904 IPMIDRV - ok 23:18:17.0495 6904 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys 23:18:17.0526 6904 IPNAT - ok 23:18:17.0635 6904 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe 23:18:17.0667 6904 iPod Service - ok 23:18:17.0698 6904 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys 23:18:17.0729 6904 IRENUM - ok 23:18:17.0776 6904 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys 23:18:17.0791 6904 isapnp - ok 23:18:17.0854 6904 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys 23:18:17.0885 6904 iScsiPrt - ok 23:18:17.0901 6904 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys 23:18:17.0916 6904 iteatapi - ok 23:18:17.0947 6904 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys 23:18:17.0963 6904 iteraid - ok 23:18:17.0979 6904 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys 23:18:17.0994 6904 kbdclass - ok 23:18:18.0057 6904 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys 23:18:18.0072 6904 kbdhid - ok 23:18:18.0135 6904 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 23:18:18.0166 6904 KeyIso - ok 23:18:18.0228 6904 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys 23:18:18.0259 6904 KSecDD - ok 23:18:18.0306 6904 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys 23:18:18.0353 6904 ksthunk - ok 23:18:18.0431 6904 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll 23:18:18.0509 6904 KtmRm - ok 23:18:18.0556 6904 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll 23:18:18.0587 6904 LanmanServer - ok 23:18:18.0618 6904 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll 23:18:18.0649 6904 LanmanWorkstation - ok 23:18:18.0852 6904 LiveUpdate (63ed50a6ed61829c2def5b733d258a05) C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE 23:18:18.0946 6904 LiveUpdate - ok 23:18:19.0024 6904 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys 23:18:19.0055 6904 lltdio - ok 23:18:19.0102 6904 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll 23:18:19.0149 6904 lltdsvc - ok 23:18:19.0227 6904 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll 23:18:19.0258 6904 lmhosts - ok 23:18:19.0429 6904 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys 23:18:19.0445 6904 LSI_FC - ok 23:18:19.0648 6904 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys 23:18:19.0679 6904 LSI_SAS - ok 23:18:19.0851 6904 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys 23:18:19.0882 6904 LSI_SCSI - ok 23:18:20.0007 6904 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys 23:18:20.0053 6904 luafv - ok 23:18:20.0194 6904 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll 23:18:20.0209 6904 Mcx2Svc - ok 23:18:20.0287 6904 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys 23:18:20.0319 6904 mdmxsdk - ok 23:18:20.0397 6904 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys 23:18:20.0428 6904 megasas - ok 23:18:20.0537 6904 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys 23:18:20.0568 6904 MegaSR - ok 23:18:20.0615 6904 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll 23:18:20.0662 6904 MMCSS - ok 23:18:20.0724 6904 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys 23:18:20.0755 6904 Modem - ok 23:18:20.0865 6904 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys 23:18:20.0896 6904 monitor - ok 23:18:20.0943 6904 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys 23:18:20.0958 6904 mouclass - ok 23:18:21.0036 6904 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys 23:18:21.0099 6904 mouhid - ok 23:18:21.0208 6904 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys 23:18:21.0270 6904 MountMgr - ok 23:18:21.0364 6904 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys 23:18:21.0395 6904 mpio - ok 23:18:21.0535 6904 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys 23:18:21.0582 6904 mpsdrv - ok 23:18:22.0425 6904 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll 23:18:22.0549 6904 MpsSvc - ok 23:18:22.0627 6904 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys 23:18:22.0659 6904 Mraid35x - ok 23:18:22.0924 6904 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys 23:18:22.0986 6904 MRxDAV - ok 23:18:23.0205 6904 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys 23:18:23.0267 6904 mrxsmb - ok 23:18:23.0610 6904 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys 23:18:23.0641 6904 mrxsmb10 - ok 23:18:23.0891 6904 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys 23:18:23.0938 6904 mrxsmb20 - ok 23:18:24.0063 6904 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys 23:18:24.0094 6904 msahci - ok 23:18:24.0172 6904 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys 23:18:24.0187 6904 msdsm - ok 23:18:24.0343 6904 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe 23:18:24.0406 6904 MSDTC - ok 23:18:24.0468 6904 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys 23:18:24.0515 6904 Msfs - ok 23:18:24.0640 6904 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys 23:18:24.0655 6904 msisadrv - ok 23:18:24.0858 6904 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll 23:18:24.0936 6904 MSiSCSI - ok 23:18:24.0936 6904 msiserver - ok 23:18:25.0014 6904 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys 23:18:25.0061 6904 MSKSSRV - ok 23:18:25.0123 6904 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys 23:18:25.0186 6904 MSPCLOCK - ok 23:18:25.0248 6904 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys 23:18:25.0311 6904 MSPQM - ok 23:18:25.0841 6904 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys 23:18:25.0888 6904 MsRPC - ok 23:18:25.0997 6904 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys 23:18:26.0013 6904 mssmbios - ok 23:18:26.0091 6904 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys 23:18:26.0153 6904 MSTEE - ok 23:18:26.0278 6904 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys 23:18:26.0293 6904 Mup - ok 23:18:26.0730 6904 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll 23:18:26.0902 6904 napagent - ok 23:18:27.0323 6904 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys 23:18:27.0370 6904 NativeWifiP - ok 23:18:28.0056 6904 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys 23:18:28.0119 6904 NDIS - ok 23:18:28.0197 6904 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys 23:18:28.0243 6904 NdisTapi - ok 23:18:28.0290 6904 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys 23:18:28.0337 6904 Ndisuio - ok 23:18:28.0493 6904 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys 23:18:28.0540 6904 NdisWan - ok 23:18:28.0649 6904 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys 23:18:28.0680 6904 NDProxy - ok 23:18:28.0774 6904 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys 23:18:28.0821 6904 NetBIOS - ok 23:18:29.0101 6904 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys 23:18:29.0164 6904 netbt - ok 23:18:29.0257 6904 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 23:18:29.0289 6904 Netlogon - ok 23:18:29.0835 6904 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll 23:18:29.0897 6904 Netman - ok 23:18:30.0334 6904 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll 23:18:30.0412 6904 netprofm - ok 23:18:30.0786 6904 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 23:18:30.0833 6904 NetTcpPortSharing - ok 23:18:30.0942 6904 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys 23:18:30.0973 6904 nfrd960 - ok 23:18:31.0285 6904 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll 23:18:31.0363 6904 NlaSvc - ok 23:18:31.0519 6904 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys 23:18:31.0566 6904 Npfs - ok 23:18:31.0644 6904 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll 23:18:31.0691 6904 nsi - ok 23:18:31.0769 6904 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys 23:18:31.0816 6904 nsiproxy - ok 23:18:33.0516 6904 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys 23:18:33.0875 6904 Ntfs - ok 23:18:34.0421 6904 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys 23:18:34.0468 6904 Null - ok 23:18:34.0593 6904 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys 23:18:34.0624 6904 nvraid - ok 23:18:34.0686 6904 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys 23:18:34.0717 6904 nvstor - ok 23:18:34.0873 6904 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys 23:18:34.0905 6904 nv_agp - ok 23:18:34.0905 6904 NwlnkFlt - ok 23:18:34.0920 6904 NwlnkFwd - ok 23:18:35.0497 6904 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 23:18:35.0591 6904 odserv - ok 23:18:35.0778 6904 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys 23:18:35.0856 6904 ohci1394 - ok 23:18:35.0997 6904 OKI OPHC DCS Loader (b9c8dd896fa7646edcc69c2c51f95254) C:\Windows\system32\spool\DRIVERS\x64\3\OPHCLDCS.EXE 23:18:35.0997 6904 OKI OPHC DCS Loader ( UnsignedFile.Multi.Generic ) - warning 23:18:35.0997 6904 OKI OPHC DCS Loader - detected UnsignedFile.Multi.Generic (1) 23:18:36.0137 6904 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 23:18:36.0153 6904 ose - ok 23:18:36.0886 6904 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 23:18:37.0120 6904 p2pimsvc - ok 23:18:37.0135 6904 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 23:18:37.0260 6904 p2psvc - ok 23:18:37.0385 6904 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys 23:18:37.0479 6904 Parport - ok 23:18:37.0603 6904 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys 23:18:37.0619 6904 partmgr - ok 23:18:37.0822 6904 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll 23:18:37.0853 6904 PcaSvc - ok 23:18:38.0602 6904 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys 23:18:38.0695 6904 pci - ok 23:18:38.0867 6904 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys 23:18:38.0883 6904 pciide - ok 23:18:39.0148 6904 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys 23:18:39.0195 6904 pcmcia - ok 23:18:40.0209 6904 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys 23:18:40.0443 6904 PEAUTH - ok 23:18:40.0755 6904 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe 23:18:40.0833 6904 PerfHost - ok 23:18:40.0864 6904 pfc - ok 23:18:41.0316 6904 PID_0928 (b47dee29b5e6e1939567a926c7a3e6a4) C:\Windows\system32\DRIVERS\LV561V64.SYS 23:18:41.0394 6904 PID_0928 - ok 23:18:42.0424 6904 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll 23:18:42.0751 6904 pla - ok 23:18:42.0907 6904 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll 23:18:42.0954 6904 PlugPlay - ok 23:18:43.0765 6904 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 23:18:44.0062 6904 PNRPAutoReg - ok 23:18:44.0077 6904 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 23:18:44.0140 6904 PNRPsvc - ok 23:18:44.0467 6904 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll 23:18:44.0545 6904 PolicyAgent - ok 23:18:44.0889 6904 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys 23:18:44.0951 6904 PptpMiniport - ok 23:18:45.0029 6904 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys 23:18:45.0076 6904 Processor - ok 23:18:45.0310 6904 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll 23:18:45.0357 6904 ProfSvc - ok 23:18:45.0450 6904 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 23:18:45.0481 6904 ProtectedStorage - ok 23:18:45.0622 6904 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys 23:18:45.0669 6904 PSched - ok 23:18:45.0825 6904 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys 23:18:45.0856 6904 PxHlpa64 - ok 23:18:46.0839 6904 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys 23:18:47.0307 6904 ql2300 - ok 23:18:47.0463 6904 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys 23:18:47.0494 6904 ql40xx - ok 23:18:47.0806 6904 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll 23:18:47.0853 6904 QWAVE - ok 23:18:47.0899 6904 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys 23:18:47.0946 6904 QWAVEdrv - ok 23:18:49.0210 6904 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys 23:18:49.0818 6904 R300 - ok 23:18:50.0848 6904 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys 23:18:50.0879 6904 RasAcd - ok 23:18:51.0004 6904 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll 23:18:51.0051 6904 RasAuto - ok 23:18:51.0097 6904 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys 23:18:51.0129 6904 Rasl2tp - ok 23:18:51.0144 6904 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll 23:18:51.0175 6904 RasMan - ok 23:18:51.0207 6904 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys 23:18:51.0222 6904 RasPppoe - ok 23:18:51.0238 6904 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys 23:18:51.0253 6904 RasSstp - ok 23:18:51.0300 6904 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys 23:18:51.0331 6904 rdbss - ok 23:18:51.0347 6904 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys 23:18:51.0378 6904 RDPCDD - ok 23:18:51.0409 6904 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys 23:18:51.0456 6904 rdpdr - ok 23:18:51.0456 6904 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys 23:18:51.0487 6904 RDPENCDD - ok 23:18:51.0534 6904 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys 23:18:51.0581 6904 RDPWD - ok 23:18:51.0612 6904 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll 23:18:51.0643 6904 RemoteAccess - ok 23:18:51.0706 6904 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll 23:18:51.0737 6904 RemoteRegistry - ok 23:18:51.0753 6904 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe 23:18:51.0784 6904 RpcLocator - ok 23:18:51.0862 6904 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll 23:18:51.0909 6904 RpcSs - ok 23:18:51.0971 6904 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys 23:18:52.0018 6904 rspndr - ok 23:18:52.0065 6904 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 23:18:52.0096 6904 SamSs - ok 23:18:52.0127 6904 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys 23:18:52.0143 6904 sbp2port - ok 23:18:52.0158 6904 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll 23:18:52.0189 6904 SCardSvr - ok 23:18:52.0252 6904 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll 23:18:52.0299 6904 Schedule - ok 23:18:52.0345 6904 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll 23:18:52.0377 6904 SCPolicySvc - ok 23:18:52.0392 6904 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll 23:18:52.0408 6904 SDRSVC - ok 23:18:52.0423 6904 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 23:18:52.0470 6904 secdrv - ok 23:18:52.0486 6904 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll 23:18:52.0517 6904 seclogon - ok 23:18:52.0517 6904 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll 23:18:52.0564 6904 SENS - ok 23:18:52.0579 6904 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys 23:18:52.0626 6904 Serenum - ok 23:18:52.0657 6904 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys 23:18:52.0735 6904 Serial - ok 23:18:52.0751 6904 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys 23:18:52.0782 6904 sermouse - ok 23:18:52.0798 6904 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll 23:18:52.0829 6904 SessionEnv - ok 23:18:52.0845 6904 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys 23:18:52.0876 6904 sffdisk - ok 23:18:52.0876 6904 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys 23:18:52.0923 6904 sffp_mmc - ok 23:18:52.0938 6904 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys 23:18:52.0969 6904 sffp_sd - ok 23:18:52.0985 6904 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys 23:18:53.0032 6904 sfloppy - ok 23:18:53.0047 6904 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll 23:18:53.0094 6904 SharedAccess - ok 23:18:53.0141 6904 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll 23:18:53.0172 6904 ShellHWDetection - ok 23:18:53.0188 6904 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys 23:18:53.0203 6904 SiSRaid2 - ok 23:18:53.0219 6904 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys 23:18:53.0235 6904 SiSRaid4 - ok 23:18:53.0297 6904 SIUSBXP (4c9f8e72f87f50a6125aaa31b63b2d18) C:\Windows\system32\drivers\SiUSBXp.sys 23:18:53.0313 6904 SIUSBXP - ok 23:18:53.0469 6904 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe 23:18:53.0578 6904 slsvc - ok 23:18:53.0656 6904 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll 23:18:53.0687 6904 SLUINotify - ok 23:18:53.0781 6904 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys 23:18:53.0812 6904 Smb - ok 23:18:53.0843 6904 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe 23:18:53.0859 6904 SNMPTRAP - ok 23:18:53.0921 6904 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys 23:18:53.0937 6904 spldr - ok 23:18:53.0983 6904 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe 23:18:53.0999 6904 Spooler - ok 23:18:54.0061 6904 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys 23:18:54.0155 6904 srv - ok 23:18:54.0233 6904 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys 23:18:54.0264 6904 srv2 - ok 23:18:54.0327 6904 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys 23:18:54.0358 6904 srvnet - ok 23:18:54.0358 6904 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll 23:18:54.0420 6904 SSDPSRV - ok 23:18:54.0483 6904 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll 23:18:54.0514 6904 SstpSvc - ok 23:18:54.0561 6904 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll 23:18:54.0607 6904 stisvc - ok 23:18:54.0717 6904 stllssvr (7489520e98a119b5a9a00857f4f87d16) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 23:18:54.0732 6904 stllssvr - ok 23:18:54.0763 6904 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys 23:18:54.0779 6904 swenum - ok 23:18:54.0841 6904 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll 23:18:54.0888 6904 swprv - ok 23:18:54.0904 6904 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys 23:18:54.0919 6904 Symc8xx - ok 23:18:54.0919 6904 SymIM - ok 23:18:54.0919 6904 SymIMMP - ok 23:18:54.0951 6904 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys 23:18:54.0966 6904 Sym_hi - ok 23:18:54.0982 6904 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys 23:18:54.0997 6904 Sym_u3 - ok 23:18:55.0044 6904 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll 23:18:55.0122 6904 SysMain - ok 23:18:55.0169 6904 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll 23:18:55.0200 6904 TabletInputService - ok 23:18:55.0231 6904 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll 23:18:55.0278 6904 TapiSrv - ok 23:18:55.0278 6904 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll 23:18:55.0309 6904 TBS - ok 23:18:55.0419 6904 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys 23:18:55.0512 6904 Tcpip - ok 23:18:55.0528 6904 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys 23:18:55.0637 6904 Tcpip6 - ok 23:18:55.0715 6904 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys 23:18:55.0731 6904 tcpipreg - ok 23:18:55.0746 6904 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys 23:18:55.0777 6904 TDPIPE - ok 23:18:55.0793 6904 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys 23:18:55.0840 6904 TDTCP - ok 23:18:55.0871 6904 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys 23:18:55.0902 6904 tdx - ok 23:18:55.0949 6904 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys 23:18:55.0965 6904 TermDD - ok 23:18:55.0996 6904 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll 23:18:56.0058 6904 TermService - ok 23:18:56.0121 6904 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll 23:18:56.0136 6904 Themes - ok 23:18:56.0167 6904 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll 23:18:56.0214 6904 THREADORDER - ok 23:18:56.0245 6904 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys 23:18:56.0261 6904 tmactmon - ok 23:18:56.0323 6904 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys 23:18:56.0339 6904 tmcomm - ok 23:18:56.0370 6904 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys 23:18:56.0401 6904 tmevtmgr - ok 23:18:56.0417 6904 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys 23:18:56.0433 6904 tmtdi - ok 23:18:56.0464 6904 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll 23:18:56.0511 6904 TrkWks - ok 23:18:56.0542 6904 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe 23:18:56.0573 6904 TrustedInstaller - ok 23:18:56.0604 6904 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys 23:18:56.0635 6904 tssecsrv - ok 23:18:56.0682 6904 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys 23:18:56.0698 6904 tunmp - ok 23:18:56.0745 6904 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys 23:18:56.0760 6904 tunnel - ok 23:18:56.0776 6904 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys 23:18:56.0791 6904 uagp35 - ok 23:18:57.0291 6904 uagqecsvc (90ea2f8a920ee567029089b6a3c05c96) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe 23:18:57.0306 6904 uagqecsvc - ok 23:18:57.0649 6904 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys 23:18:57.0712 6904 udfs - ok 23:18:57.0759 6904 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe 23:18:57.0821 6904 UI0Detect - ok 23:18:57.0883 6904 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys 23:18:57.0915 6904 uliagpkx - ok 23:18:57.0993 6904 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys 23:18:58.0039 6904 uliahci - ok 23:18:58.0336 6904 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys 23:18:58.0367 6904 UlSata - ok 23:18:58.0398 6904 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys 23:18:58.0429 6904 ulsata2 - ok 23:18:58.0461 6904 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys 23:18:58.0507 6904 umbus - ok 23:18:58.0539 6904 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll 23:18:58.0585 6904 upnphost - ok 23:18:58.0648 6904 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 23:18:58.0679 6904 USBAAPL64 - ok 23:18:58.0741 6904 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys 23:18:58.0788 6904 usbaudio - ok 23:18:58.0835 6904 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys 23:18:58.0866 6904 usbccgp - ok 23:18:59.0069 6904 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys 23:18:59.0163 6904 usbcir - ok 23:18:59.0241 6904 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys 23:18:59.0272 6904 usbehci - ok 23:18:59.0365 6904 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys 23:18:59.0428 6904 usbhub - ok 23:18:59.0506 6904 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys 23:18:59.0599 6904 usbohci - ok 23:18:59.0646 6904 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys 23:18:59.0693 6904 usbprint - ok 23:18:59.0771 6904 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys 23:18:59.0802 6904 usbscan - ok 23:18:59.0865 6904 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS 23:18:59.0911 6904 USBSTOR - ok 23:18:59.0927 6904 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys 23:18:59.0958 6904 usbuhci - ok 23:19:00.0021 6904 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll 23:19:00.0067 6904 UxSms - ok 23:19:00.0114 6904 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe 23:19:00.0192 6904 vds - ok 23:19:00.0223 6904 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys 23:19:00.0270 6904 vga - ok 23:19:00.0301 6904 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys 23:19:00.0348 6904 VgaSave - ok 23:19:00.0395 6904 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys 23:19:00.0426 6904 viaide - ok 23:19:00.0489 6904 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys 23:19:00.0504 6904 volmgr - ok 23:19:00.0629 6904 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys 23:19:00.0660 6904 volmgrx - ok 23:19:00.0723 6904 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys 23:19:00.0754 6904 volsnap - ok 23:19:00.0816 6904 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys 23:19:00.0847 6904 vsmraid - ok 23:19:01.0612 6904 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe 23:19:01.0737 6904 VSS - ok 23:19:01.0861 6904 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll 23:19:01.0908 6904 W32Time - ok 23:19:01.0955 6904 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys 23:19:02.0033 6904 WacomPen - ok 23:19:02.0127 6904 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 23:19:02.0158 6904 Wanarp - ok 23:19:02.0158 6904 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 23:19:02.0189 6904 Wanarpv6 - ok 23:19:02.0782 6904 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll 23:19:02.0844 6904 wcncsvc - ok 23:19:02.0860 6904 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll 23:19:02.0907 6904 WcsPlugInService - ok 23:19:03.0016 6904 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys 23:19:03.0063 6904 Wd - ok 23:19:03.0359 6904 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys 23:19:03.0453 6904 Wdf01000 - ok 23:19:03.0468 6904 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll 23:19:03.0515 6904 WdiServiceHost - ok 23:19:03.0515 6904 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll 23:19:03.0577 6904 WdiSystemHost - ok 23:19:03.0687 6904 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll 23:19:03.0702 6904 WebClient - ok 23:19:03.0749 6904 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll 23:19:03.0796 6904 Wecsvc - ok 23:19:03.0796 6904 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll 23:19:03.0827 6904 wercplsupport - ok 23:19:03.0827 6904 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll 23:19:03.0858 6904 WerSvc - ok 23:19:04.0451 6904 winachsf (47e8fe123d0a99dc0e172f89425b9342) C:\Windows\system32\DRIVERS\CAX_CNXT.sys 23:19:04.0513 6904 winachsf - ok 23:19:04.0545 6904 WinDefend - ok 23:19:04.0545 6904 WinHttpAutoProxySvc - ok 23:19:04.0825 6904 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll 23:19:04.0872 6904 Winmgmt - ok 23:19:06.0666 6904 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll 23:19:06.0760 6904 WinRM - ok 23:19:07.0540 6904 winusb (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.SYS 23:19:07.0571 6904 winusb - ok 23:19:07.0945 6904 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll 23:19:08.0008 6904 Wlansvc - ok 23:19:08.0086 6904 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys 23:19:08.0133 6904 WmiAcpi - ok 23:19:08.0445 6904 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe 23:19:08.0476 6904 wmiApSrv - ok 23:19:08.0507 6904 WMPNetworkSvc - ok 23:19:08.0647 6904 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll 23:19:08.0679 6904 WPCSvc - ok 23:19:08.0710 6904 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll 23:19:08.0757 6904 WPDBusEnum - ok 23:19:08.0788 6904 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys 23:19:08.0819 6904 WpdUsb - ok 23:19:09.0100 6904 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe 23:19:09.0193 6904 WPFFontCache_v0400 - ok 23:19:09.0256 6904 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys 23:19:09.0318 6904 ws2ifsl - ok 23:19:09.0427 6904 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll 23:19:09.0474 6904 wscsvc - ok 23:19:09.0474 6904 WSearch - ok 23:19:10.0176 6904 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll 23:19:10.0332 6904 wuauserv - ok 23:19:10.0551 6904 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys 23:19:10.0597 6904 WUDFRd - ok 23:19:10.0707 6904 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll 23:19:10.0753 6904 wudfsvc - ok 23:19:10.0816 6904 XAudio (e288fa83c178a3458bac1fa80b346c06) C:\Windows\system32\DRIVERS\xaudio64.sys 23:19:10.0831 6904 XAudio - ok 23:19:10.0863 6904 XAudioService (510652a925b5d6c3892379d263a87f00) C:\Windows\system32\DRIVERS\xaudio64.exe 23:19:10.0909 6904 XAudioService - ok 23:19:10.0987 6904 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 23:19:15.0199 6904 \Device\Harddisk0\DR0 - ok 23:19:15.0231 6904 Boot (0x1200) (604ebd5fe397a8bd824bc4ea2689abd8) \Device\Harddisk0\DR0\Partition0 23:19:15.0231 6904 \Device\Harddisk0\DR0\Partition0 - ok 23:19:15.0246 6904 Boot (0x1200) (0b8f8da242653f2976dfba9d860ea6cc) \Device\Harddisk0\DR0\Partition1 23:19:15.0246 6904 \Device\Harddisk0\DR0\Partition1 - ok 23:19:15.0246 6904 ============================================================ 23:19:15.0246 6904 Scan finished 23:19:15.0246 6904 ============================================================ 23:19:15.0262 6740 Detected object count: 3 23:19:15.0262 6740 Actual detected object count: 3 23:21:30.0003 6740 AllShare ( UnsignedFile.Multi.Generic ) - skipped by user 23:21:30.0018 6740 AllShare ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:21:30.0018 6740 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 23:21:30.0018 6740 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:21:30.0018 6740 OKI OPHC DCS Loader ( UnsignedFile.Multi.Generic ) - skipped by user 23:21:30.0018 6740 OKI OPHC DCS Loader ( UnsignedFile.Multi.Generic ) - User select action: Skip aswMBR log: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-19 23:24:58 ----------------------------- 23:24:58.117 OS Version: Windows x64 6.0.6002 Service Pack 2 23:24:58.117 Number of processors: 4 586 0xF0B 23:24:58.117 ComputerName: STATHAKIS-PC UserName: Alex 23:25:00.894 Initialize success 23:25:51.493 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 23:25:51.493 Disk 0 Vendor: WDC_WD6400AAKS-75A7B0 01.03B01 Size: 610480MB BusType: 3 23:25:51.508 Disk 0 MBR read successfully 23:25:51.508 Disk 0 MBR scan 23:25:51.508 Disk 0 Windows XP default MBR code 23:25:51.524 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63 23:25:51.540 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2048 MB offset 112640 23:25:51.555 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 608376 MB offset 4306944 23:25:51.571 Disk 0 scanning C:\Windows\system32\drivers 23:26:00.241 Service scanning 23:26:13.532 Modules scanning 23:26:13.532 Disk 0 trace - called modules: 23:26:13.563 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 23:26:13.563 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80075231d0] 23:26:14.078 3 CLASSPNP.SYS[fffffa6000dcdc33] -> nt!IofCallDriver -> [0xfffffa8006113520] 23:26:14.078 5 acpi.sys[fffffa60008f4fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005602940] 23:26:14.078 Scan finished successfully 23:28:22.367 Disk 0 MBR has been saved successfully to "C:\Users\Alex\Desktop\MBR.dat" 23:28:22.367 The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR.txt" DDS Log: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Alex at 23:33:28 on 2012-06-19 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6132.3885 [GMT -5:00] . AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92} SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler64.exe C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Fitbit\fitbit.exe C:\Windows\system32\spool\DRIVERS\x64\3\OPHCLDCS.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio64.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\conime.exe C:\Windows\RAVCpl64.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files (x86)\google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Fitbit\fitbit-tray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files (x86)\Digital Line Detect\DLG.exe C:\Program Files (x86)\PIXELA\ImageMixer3\HDDCameraMonitor.exe C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Program Files (x86)\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe C:\Program Files (x86)\Freecorder\FLVSrvc.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Windows\system32\wuauclt.exe C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Windows\splwow64.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uDefault_Search_URL = hxxp://ie.search.msn.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uCustomizeSearch = hxxp://ie.search.msn.com uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Facebook Update] "C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE mRun: [ReminderApp] C:\Program Files (x86)\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEM~1.LNK - C:\Program Files (x86)\PIXELA\ImageMixer3\HDDCameraMonitor.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL Trusted Zone: intuit.com\ttlc Trusted Zone: turbotax.com DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxps://sisportal.maine207.org/Classroom/Reserved.ReportViewerWebControl.axd?ReportSession=my0ckk55ekkjdq55inudna45&ControlID=ef5d6b4ebd47423282911269a5a78151&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {3BF72F68-72D8-461D-A884-329D936C5581} - hxxp://www.totsites.com/admin2/includes/imageuploader5_5_6/ImageUploader5.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://fileserver.maine207.org/InternalSite/WhlCompMgr.cab DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://taskstreamhelp.webex.com/client/T26L/event/ieatgpc1.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{527048B8-AAC7-4BA2-BD4C-F55D70C4D564} : DhcpNameServer = 192.168.1.1 Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll BHO-X64: Trend Micro NSC BHO - No File BHO-X64: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO-X64: NCO 2.0 IE BHO - No File BHO-X64: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll BHO-X64: Freecorder Toolbar - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll BHO-X64: TmBpIeBHO - No File BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO-X64: Ask Toolbar BHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll BHO-X64: Google Gears Helper - No File TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll mRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot mRun-x64: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" mRun-x64: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE mRun-x64: [ReminderApp] C:\Program Files (x86)\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2008-7-30 52760] R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928] R2 AllShare;SAMSUNG AllShare Service;C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-7-16 6638080] R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-11-27 275912] R2 Fitbit;Fitbit Data Uploader;C:\Program Files (x86)\Fitbit\fitbit.exe [2012-2-28 788000] R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672] R2 OKI OPHC DCS Loader;OKI OPHC DCS Loader;C:\Windows\System32\spool\drivers\x64\3\OPHCLDCS.EXE [2005-9-12 19968] R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2011-9-22 150928] R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?] R3 SIUSBXP;SIUSBXP;C:\Windows\system32\drivers\SiUSBXp.sys --> C:\Windows\system32\drivers\SiUSBXp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate1c98b1ccc2f0af0;Google Update Service (gupdate1c98b1ccc2f0af0);C:\Program Files (x86)\google\Update\GoogleUpdate.exe [2009-2-9 133104] S3 DMService;Microsoft Forefront UAG Endpoint Component Manager;C:\Windows\DOWNLO~1\DMService.exe [2011-9-22 487824] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\google\Update\GoogleUpdate.exe [2009-2-9 133104] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920] . =============== File Associations =============== . JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2012-06-20 04:09:00 -------- d-sh--w- C:\$RECYCLE.BIN 2012-06-19 13:29:07 98816 ----a-w- C:\Windows\sed.exe 2012-06-19 13:29:07 518144 ----a-w- C:\Windows\SWREG.exe 2012-06-19 13:29:07 256000 ----a-w- C:\Windows\PEV.exe 2012-06-19 13:29:07 208896 ----a-w- C:\Windows\MBR.exe 2012-06-19 13:28:59 -------- d-----w- C:\ComboFix 2012-06-14 08:15:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll 2012-06-14 08:15:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll 2012-06-14 08:15:59 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll 2012-06-13 21:48:34 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-13 21:48:33 2767360 ----a-w- C:\Windows\System32\win32k.sys 2012-06-13 21:48:21 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-13 21:48:21 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-06-13 21:48:21 174592 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-13 21:48:21 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-13 21:48:21 132096 ----a-w- C:\Windows\System32\cryptnet.dll 2012-06-13 21:48:21 1267200 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-12 05:22:27 35928 ----a-w- C:\Windows\System32\AdobePDF64.dll . ==================== Find3M ==================== . 2012-05-28 17:43:55 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-28 17:43:55 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-04-03 08:22:15 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 23:33:52.30 =============== Attach Log: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 6/19/2008 3:32:32 AM System Uptime: 6/19/2012 10:13:15 PM (1 hours ago) . Motherboard: Dell Inc. | | 0FM586 Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 594 GiB total, 166.266 GiB free. D: is FIXED (NTFS) - 2 GiB total, 1.003 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . . Update for Microsoft Office 2007 (KB2508958) Acrobat.com Add or Remove Adobe Creative Suite 3 Master Collection Adobe Acrobat 8 Professional Adobe Acrobat 8.3.1 - CPSID_83708 Adobe Acrobat 8.3.1 Professional Adobe After Effects CS3 Adobe After Effects CS3 Presets Adobe After Effects CS3 Template Projects & Footage Adobe After Effects CS3 Third Party Content Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe BridgeTalk Plugin CS3 Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Contribute CS3 Adobe Creative Suite 3 Master Collection Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe Encore CS3 Adobe Encore CS3 Codecs Adobe Encore CS3 Library Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Fireworks CS3 Adobe Flash CS3 Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Flash Player 9 Plugin Adobe Flash Video Encoder Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe InDesign CS3 Adobe InDesign CS3 Icon Handler Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Premiere Pro CS3 Adobe Premiere Pro CS3 Functional Content Adobe Premiere Pro CS3 Third Party Content Adobe Reader X (10.1.3) Adobe Setup Adobe Shockwave Player 11.5 Adobe SING CS3 Adobe Soundbooth CS3 Adobe Soundbooth CS3 Codecs Adobe Soundbooth CS3 Scores Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Version Cue CS3 Server {ko_KR} Adobe Video Profiles Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP DVA Panels CS3 Adobe XMP Panels CS3 AHV content for Acrobat and Flash Amazon MP3 Downloader 1.0.12 AnswerWorks 5.0 English Runtime Any Video Converter 3.1.8 Apple Application Support Apple Software Update Ask Toolbar Ask Toolbar Updater Audacity 1.2.6 AVI-FLV-MP4-WMV Converter 1.2 C3200n Series GDI Driver from OKI® Printing Solutions for Windows Canon MP Navigator EX 1.0 Canon MP210 series User Registration Canon Utilities Easy-PhotoPrint EX Canon Utilities Solution Menu Compatibility Pack for the 2007 Office system Dell Getting Started Guide Digital Line Detect EDocs Facebook Video Calling 1.2.0.159 Fitbit Base Station (Driver Removal) Fitbit v2.1.0 Freecorder 5 Freecorder Toolbar Google Chrome Google Earth Google Gears Google Toolbar for Internet Explorer Google Update Helper Google Updater Google Video Uploader GoToMeeting 5.1.0.880 HandBrake 0.9.5 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) ImageMixer3 Java Auto Updater Java 6 Update 30 LEGO MINDSTORMS Edu NXT - English Language Pack LEGO MINDSTORMS Edu NXT Software v2.1 LiveUpdate (Symantec Corporation) Logitech Harmony Remote Software 7 Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft Forefront UAG endpoint components v4.0.0 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works Move Media Player MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NetWaiting PDF Settings Photo Transport Photo Viewer V208G2 Quicken 2008 QuickTime Realtek High Definition Audio Driver Remote Control USB Driver Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager SAMSUNG PC Share Manager ScanSoft OmniPage SE 4 Scrapbook Factory Deluxe 4.0 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Smartparts Desktop Spelling Dictionaries Support For Adobe Reader 8 StartNow Toolbar TurboTax 2008 TurboTax 2008 wiliper TurboTax 2008 WinPerFedFormset TurboTax 2008 WinPerProgramHelp TurboTax 2008 WinPerReleaseEngine TurboTax 2008 WinPerTaxSupport TurboTax 2008 WinPerUserEducation TurboTax 2008 wrapper TurboTax 2009 TurboTax 2009 wiliper TurboTax 2009 WinPerFedFormset TurboTax 2009 WinPerReleaseEngine TurboTax 2009 WinPerTaxSupport TurboTax 2009 wrapper TurboTax 2010 TurboTax 2010 wiliper TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wrapper TurboTax 2011 TurboTax 2011 wiliper TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wrapper Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) WebEx . ==== End Of File ===========================
-
Hello, I'm running Windows Vista Home Premium Version 6 service pack 2, and I've noticed recently that when I click on links in Google, sometimes it takes me to websites that are not the links I clicked on (numeric addresses that are blocked by Trend Micro, sites that sell virus protection, etc.). I have already run Malwarebytes AntiMalware, and the two most recent logs are copied and pasted below. I also just ran ComboFix, and its log is below the two Malwarebytes logs. It appears that the random link problem still exists, even after running ComboFix. Any help you can offer is much appreciated! 6/12/2012: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.12.02 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Alex :: STATHAKIS-PC [administrator] 6/12/2012 12:30:37 AM mbam-log-2012-06-12 (00-30-37).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 228585 Time elapsed: 16 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 1 C:\Users\Alex\AppData\Local\IsolatedStorage\Installer464\ntrzxb.dll (Trojan.Happili.XGen) -> Delete on reboot. Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Installer464 (Trojan.Happili.XGen) -> Data: rundll32.exe "C:\Users\Alex\AppData\Local\IsolatedStorage\Installer464\ntrzxb.dll",CreateInstance -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Alex\AppData\Local\IsolatedStorage\Installer464\ntrzxb.dll (Trojan.Happili.XGen) -> Delete on reboot. C:\Users\Alex\AppData\Local\Temp\0.7895981171162177 (Trojan.Happili) -> Quarantined and deleted successfully. (end) 6/19/2012: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.19.04 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Alex :: STATHAKIS-PC [administrator] 6/19/2012 8:02:11 AM mbam-log-2012-06-19 (08-02-11).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 229650 Time elapsed: 15 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Combofix 6/19/2012 ComboFix 12-06-19.01 - Alex 06/19/2012 8:32.1.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6132.3086 [GMT -5:00] Running from: c:\users\Alex\Desktop\ComboFix.exe AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92} SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\StartNow Toolbar c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png c:\program files (x86)\StartNow Toolbar\Resources\installer.xml c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml c:\program files (x86)\StartNow Toolbar\Resources\update.xml c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe c:\program files (x86)\StartNow Toolbar\ToOLbar32.dll c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe c:\program files (x86)\StartNow Toolbar\uninstall.dat c:\users\Alex\g2mdlhlpx.exe c:\users\Alex\WINDOWS . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Updater Service for StartNow Toolbar -------\Service_Updater Service for StartNow Toolbar . . ((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 ))))))))))))))))))))))))))))))) . . 2012-06-19 13:49 . 2012-06-19 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-14 08:15 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2012-06-14 08:15 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2012-06-14 08:15 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll 2012-06-13 21:48 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 21:48 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 21:48 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 21:48 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 21:48 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 21:48 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-13 21:48 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-13 21:48 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-12 05:22 . 2007-03-23 21:55 35928 ----a-w- c:\windows\system32\AdobePDF64.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-28 17:43 . 2012-05-20 12:26 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-28 17:43 . 2011-06-06 18:20 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-04 20:56 . 2010-02-10 16:13 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 08:22 . 2012-05-08 18:47 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 12:45 . 2012-05-08 18:48 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}] 2011-06-24 15:04 81920 ----a-w- c:\program files (x86)\freecordertoolbar\vmntemplateX.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 22:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}"= "c:\program files (x86)\freecordertoolbar\vmntemplateX.dll" [2011-06-24 81920] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-11 39408] "Facebook Update"="c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-13 137536] "Fitbit Service Monitor"="c:\program files (x86)\Fitbit\fitbit-tray.exe" [2011-10-26 2164256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056] "ReminderApp"="c:\program files (x86)\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe" [2007-06-08 161864] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2008-6-19 50688] ImageMixer HDD Camera Monitor.lnk - c:\program files (x86)\PIXELA\ImageMixer3\HDDCameraMonitor.exe [2008-7-30 2117632] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-06-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3800825891-3633625581-3018973039-1000Core.job - c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-13 13:42] . 2012-06-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3800825891-3633625581-3018973039-1000UA.job - c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-13 13:42] . 2012-06-18 c:\windows\Tasks\Google Software Updater.job - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-11 18:55] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-10 01:13] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-10 01:13] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3800825891-3633625581-3018973039-1000Core.job - c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 02:58] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3800825891-3633625581-3018973039-1000UA.job - c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 02:58] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RAVCpl64.exe" [2008-01-15 5641728] "Skytel"="Skytel.exe" [2007-11-21 1826816] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-05 137240] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-05 202264] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-05 165400] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824] "combofix"="c:\combofix\CF11741.3XE" [2008-01-21 363008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://ie.search.msn.com uLocal Page = c:\windows\system32\blank.htm uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uCustomizeSearch = hxxp://ie.search.msn.com uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html Trusted Zone: intuit.com\ttlc Trusted Zone: turbotax.com TCP: DhcpNameServer = 192.168.1.1 DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxps://sisportal.maine207.org/Classroom/Reserved.ReportViewerWebControl.axd?ReportSession=my0ckk55ekkjdq55inudna45&ControlID=ef5d6b4ebd47423282911269a5a78151&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab DPF: {3BF72F68-72D8-461D-A884-329D936C5581} - hxxp://www.totsites.com/admin2/includes/imageuploader5_5_6/ImageUploader5.cab CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe Wow6432Node-HKLM-Run-StartNowToolbarHelper - c:\program files (x86)\StartNow Toolbar\ToolbarHelper.exe WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-FITBIT&10C4&84C4 - c:\program files (x86)\Fitbit\Base Station\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4 AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe c:\program files (x86)\Fitbit\fitbit.exe c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe . ************************************************************************** . Completion time: 2012-06-19 09:05:10 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-19 14:05 . Pre-Run: 165,733,531,648 bytes free Post-Run: 178,640,384,000 bytes free . - - End Of File - - 7CDC44E46E296227C7C4A7F643C45ACD