cubswild
-
Posts
17 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by cubswild
-
-
Also, sorry for the multiple posts--but when you said "delete them for now," what exactly should I be deleting? The three programs that Trend Micro found? If so, it stopped them from installing, and I can't find where the ComboFix is since I deleted it before. I can uninstall OTL, I believe.
-
I'm happy to do this again--but this was the 24 hour one that just completed today. Should I do the same scan?
-
Trend micro just alerted me that it stopped suspicious software from installing itself (I believe the j:/ one is the autorun flashdrive software, but I swear I deleted ComboFix, and I can't find the program in the location it says it exists. Should I uninstall OTL yet?)
Date/Time Name From Response ######## C:\Users\Alex\Downloads\ComboFix.exe <abbr title="Unknown" oncopy="event.clipboardData.setData('text/plain' 'Unknown');event.preventDefault();" >Unknown</abbr> Terminated ######## C:\Users\Alex\Desktop\OTL.exe <abbr title="Unknown" oncopy="event.clipboardData.setData('text/plain' 'Unknown');event.preventDefault();" >Unknown</abbr> Terminated ######## j:\install.bat <abbr title="Unknown" oncopy="event.clipboardData.setData('text/plain' 'Unknown');event.preventDefault();" >Unknown</abbr> Denied
-
Wait--unfortunately, I just found that it's still taking me to a new website when I check different links (Don't click on it, obviously, but this is one of the sites it's trying to take me to that is being blocked by Trend Micro: http://64.15.72.104/click.php?go=aHR0cDovL2NsaWNrLkdldC1BbnN3ZXJzLUZhc3QuY29tL2Fkcy1jbGlja3RyYWNrL2NsaWNrL2p1bXAxLmRvP3NpZD1CWnJBQUM0cFZXdm9WQ1EyaEZvODFUM01IazYlMkJleTNxNk9jOGVnUlN5ZDAlM0QmYWZmaWxpYXRlPTQ2MzU1JnN1YmlkPTg5MDlfMTIzMyZyYz0wJnRlcm1zPWxvcyBwb2xsaXRvcyBkaWNlbiBzb25n&b=MC4wMjg=&aff=8909&subaff=1233&time=1340387575&searcher_ip=67.149.143.234&cnt=21843&qq=los+pollitos+dicen+song&mode=&seid=fzwfj8M/33Q3TJfi+H2xwrq900gJ9R/Tluo1RgG0&se=YWJjc2VhcmNo&sid=9&pos=1)
Now what do you think we should do? Should I maybe delete Chrome since IE doesn't seem to have the problem?
-
All right--the newest version of Java is running! I've done a few searches in Chrome using Google and it all of the links I click on take me to pages that I am choosing to go to. Do you think that this is the end of the trojan? Let me know if there are any other additional steps I need to be taking to ensure that the problem has ended--and to ensure that it doesn't occur again! (I currently use Trend Micro Titanium Internet security to prevent viruses, but obviously, it didn't work perfectly.)
-
Status: Disinfected (events: 9)
6/21/2012 9:23:15 AM Disinfected Trojan program Exploit.OSX.Smid.b C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4 High
6/21/2012 9:23:15 AM Disinfected Trojan program Exploit.OSX.Smid.b C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4/AppletX.class High
6/21/2012 9:23:16 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128 High
6/21/2012 9:23:16 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128/mz1/my/CL.class High
6/21/2012 9:23:15 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce High
6/21/2012 9:23:15 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce/mz1/my/CL.class High
6/21/2012 9:23:16 AM Disinfected Trojan program Trojan-Downloader.Java.OpenStream.af C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076 High
6/21/2012 9:23:16 AM Disinfected Trojan program Exploit.Java.Agent.f C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/AppletX.class High
6/21/2012 9:23:16 AM Disinfected Trojan program Trojan-Downloader.Java.OpenStream.af C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/LoaderX.class High
-
Not sure why it's showing html--let me know if this is a problem.
-
<p>For some reason that last post was showing html. Let me try this again:</p>
<p> </p>
<p> </p>
<div>Status: Disinfected (events: 9)<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.OSX.Smid.b<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.OSX.Smid.b<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4/AppletX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128/mz1/my/CL.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce/mz1/my/CL.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.OpenStream.af<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.Java.Agent.f<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/AppletX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.OpenStream.af<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/LoaderX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div> </div>
-
<p>All right--after 24 hours of scanning, below is the Detected Threats report!:</p>
<p> </p>
<p> </p>
<div>Status: Disinfected (events: 9)<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.OSX.Smid.b<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.OSX.Smid.b<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4/AppletX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128/mz1/my/CL.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce/mz1/my/CL.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.OpenStream.af<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.Java.Agent.f<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/AppletX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.OpenStream.af<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/LoaderX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div> </div>
<div> </div>
<div>Let me know what my next steps should be! As always, I appreciate the time you're spending on this.</div>
-
The Kaspersky virus scan is still plugging along (it's been going for 13 hours now). I'll let you know when it has completed!
-
Hi,
I ran the program successfully, but the text file you spoke of did not appear to exist. I found the Eset folder under C:\programfiles(x86)\eset\esteonlinescanner, but the only txt file in there was a setup file. I was able to create a text file of the quarantined files, though, so hopefully that is what you were looking for:
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToOLbar32.dll.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\7dad89f5-1d7d67a1 a variant of Win32/Kryptik.WDX trojan cleaned by deleting - quarantined
Let me know if you need me to look for something else. Again, I really appreciate all the help!
-
Also, not sure it means anything, but there are a bunch of transparent temp files of old Microsoft Word documents that have now appeared on my desktop for some reason...
-
Hi again,
I ran it again in safe mode (once with networking, once in just pure safe mode). Both times returned the error code 23 I copied above.
-
Thanks again for the assistance. I followed the steps above (I actually deleted Freecorder altogether besides just deleting the toolbar), and then StartNow said it was already deleted once I had done that. OTL appeared to work, but at the end of the whole process when it was creating logs, it got to what appeared was almost done, and then the following error window came up:
"Win32 Error. Code: 23. Data error (cyclic redundancy check)"
Any idea what this is or how to get the log files if they didn't pop up automatically? I know it was supposed to be a short process for OTL to scan, but it was almost 15 minutes. It took an ESPECIALLY long time when it was scanning Google Chrome. (Note that in my original problem with the opening random webpages from Google, this only seems to occur in Chrome right now, not in IE).
Thanks!
-
Hello,
Thanks so much for the prompt assistance! Below are the log files you requested:
TDSSKiller Log:
23:17:01.0331 6940 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
23:17:01.0659 6940 ============================================================
23:17:01.0659 6940 Current date / time: 2012/06/19 23:17:01.0659
23:17:01.0659 6940 SystemInfo:
23:17:01.0659 6940
23:17:01.0659 6940 OS Version: 6.0.6002 ServicePack: 2.0
23:17:01.0659 6940 Product type: Workstation
23:17:01.0659 6940 ComputerName: STATHAKIS-PC
23:17:01.0659 6940 UserName: Alex
23:17:01.0659 6940 Windows directory: C:\Windows
23:17:01.0659 6940 System windows directory: C:\Windows
23:17:01.0659 6940 Running under WOW64
23:17:01.0659 6940 Processor architecture: Intel x64
23:17:01.0659 6940 Number of processors: 4
23:17:01.0659 6940 Page size: 0x1000
23:17:01.0659 6940 Boot type: Normal boot
23:17:01.0659 6940 ============================================================
23:17:03.0172 6940 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:17:03.0219 6940 ============================================================
23:17:03.0219 6940 \Device\Harddisk0\DR0:
23:17:03.0219 6940 MBR partitions:
23:17:03.0219 6940 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x400000
23:17:03.0219 6940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x41B800, BlocksNum 0x4A43C000
23:17:03.0219 6940 ============================================================
23:17:03.0266 6940 C: <-> \Device\Harddisk0\DR0\Partition1
23:17:03.0375 6940 D: <-> \Device\Harddisk0\DR0\Partition0
23:17:03.0375 6940 ============================================================
23:17:03.0375 6940 Initialize success
23:17:03.0375 6940 ============================================================
23:17:29.0458 6904 ============================================================
23:17:29.0458 6904 Scan started
23:17:29.0458 6904 Mode: Manual; SigCheck; TDLFS;
23:17:29.0458 6904 ============================================================
23:17:33.0519 6904 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
23:17:33.0675 6904 ACPI - ok
23:17:34.0423 6904 Adobe Version Cue CS3 (14c23516c990dcd6052152cf034dde40) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
23:17:34.0455 6904 Adobe Version Cue CS3 - ok
23:17:34.0579 6904 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:17:34.0611 6904 AdobeARMservice - ok
23:17:34.0813 6904 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
23:17:34.0876 6904 adp94xx - ok
23:17:35.0079 6904 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
23:17:35.0110 6904 adpahci - ok
23:17:35.0188 6904 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
23:17:35.0203 6904 adpu160m - ok
23:17:35.0422 6904 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
23:17:35.0469 6904 adpu320 - ok
23:17:35.0656 6904 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
23:17:35.0718 6904 AeLookupSvc - ok
23:17:36.0342 6904 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
23:17:36.0467 6904 AFD - ok
23:17:36.0561 6904 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
23:17:36.0576 6904 agp440 - ok
23:17:36.0732 6904 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
23:17:36.0763 6904 aic78xx - ok
23:17:36.0857 6904 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
23:17:36.0904 6904 ALG - ok
23:17:36.0982 6904 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
23:17:37.0013 6904 aliide - ok
23:17:37.0855 6904 AllShare (aaa1f9d4cf4c976c21bca8afa2bae6a4) C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
23:17:38.0542 6904 AllShare ( UnsignedFile.Multi.Generic ) - warning
23:17:38.0542 6904 AllShare - detected UnsignedFile.Multi.Generic (1)
23:17:38.0682 6904 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
23:17:38.0698 6904 amdide - ok
23:17:38.0745 6904 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
23:17:38.0776 6904 AmdK8 - ok
23:17:38.0963 6904 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
23:17:38.0979 6904 Amsp - ok
23:17:39.0057 6904 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
23:17:39.0072 6904 Appinfo - ok
23:17:39.0166 6904 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:17:39.0181 6904 Apple Mobile Device - ok
23:17:39.0228 6904 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
23:17:39.0259 6904 arc - ok
23:17:39.0291 6904 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
23:17:39.0306 6904 arcsas - ok
23:17:39.0337 6904 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
23:17:39.0384 6904 AsyncMac - ok
23:17:39.0431 6904 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
23:17:39.0447 6904 atapi - ok
23:17:39.0587 6904 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
23:17:39.0634 6904 AudioEndpointBuilder - ok
23:17:39.0649 6904 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
23:17:39.0696 6904 AudioSrv - ok
23:17:39.0790 6904 Automatic LiveUpdate Scheduler (de220dcea74e13e659ff6192c3afe49c) C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
23:17:39.0805 6904 Automatic LiveUpdate Scheduler - ok
23:17:39.0805 6904 Beep - ok
23:17:39.0883 6904 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
23:17:39.0930 6904 BFE - ok
23:17:40.0024 6904 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
23:17:40.0102 6904 BITS - ok
23:17:40.0180 6904 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
23:17:40.0211 6904 blbdrive - ok
23:17:40.0336 6904 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:17:40.0383 6904 Bonjour Service - ok
23:17:40.0445 6904 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
23:17:40.0507 6904 bowser - ok
23:17:40.0539 6904 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
23:17:40.0570 6904 BrFiltLo - ok
23:17:40.0585 6904 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
23:17:40.0617 6904 BrFiltUp - ok
23:17:40.0663 6904 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
23:17:40.0695 6904 Browser - ok
23:17:40.0741 6904 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
23:17:40.0788 6904 Brserid - ok
23:17:40.0804 6904 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
23:17:40.0851 6904 BrSerWdm - ok
23:17:40.0897 6904 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
23:17:40.0944 6904 BrUsbMdm - ok
23:17:40.0991 6904 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
23:17:41.0053 6904 BrUsbSer - ok
23:17:41.0085 6904 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
23:17:41.0147 6904 BTHMODEM - ok
23:17:41.0272 6904 catchme - ok
23:17:41.0334 6904 CAXHWBS2 (84e556e7f7c00c22e300d78200fc6c44) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
23:17:41.0381 6904 CAXHWBS2 - ok
23:17:41.0428 6904 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
23:17:41.0490 6904 cdfs - ok
23:17:41.0553 6904 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
23:17:41.0599 6904 cdrom - ok
23:17:41.0631 6904 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
23:17:41.0677 6904 CertPropSvc - ok
23:17:41.0693 6904 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
23:17:41.0740 6904 circlass - ok
23:17:42.0114 6904 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
23:17:42.0255 6904 CLFS - ok
23:17:42.0660 6904 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:17:42.0707 6904 clr_optimization_v2.0.50727_32 - ok
23:17:42.0910 6904 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:17:42.0941 6904 clr_optimization_v2.0.50727_64 - ok
23:17:43.0269 6904 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:17:43.0284 6904 clr_optimization_v4.0.30319_32 - ok
23:17:43.0549 6904 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:17:43.0565 6904 clr_optimization_v4.0.30319_64 - ok
23:17:43.0643 6904 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
23:17:43.0674 6904 cmdide - ok
23:17:43.0721 6904 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
23:17:43.0752 6904 Compbatt - ok
23:17:43.0752 6904 COMSysApp - ok
23:17:43.0815 6904 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
23:17:43.0846 6904 crcdisk - ok
23:17:44.0142 6904 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
23:17:44.0173 6904 CryptSvc - ok
23:17:45.0172 6904 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
23:17:45.0265 6904 DcomLaunch - ok
23:17:45.0484 6904 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
23:17:45.0531 6904 DfsC - ok
23:17:48.0198 6904 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
23:17:49.0119 6904 DFSR - ok
23:17:50.0913 6904 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
23:17:51.0053 6904 Dhcp - ok
23:17:51.0271 6904 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
23:17:51.0318 6904 disk - ok
23:17:51.0849 6904 DMService (4ac7157b62f876fcae60fd692086ceb9) C:\Windows\DOWNLO~1\DMService.exe
23:17:52.0005 6904 DMService - ok
23:17:52.0239 6904 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
23:17:52.0301 6904 Dnscache - ok
23:17:52.0551 6904 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
23:17:52.0597 6904 dot3svc - ok
23:17:52.0816 6904 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
23:17:52.0925 6904 DPS - ok
23:17:53.0097 6904 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
23:17:53.0159 6904 drmkaud - ok
23:17:53.0892 6904 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
23:17:54.0017 6904 DXGKrnl - ok
23:17:54.0407 6904 e1express (a458e7d986f51c827640f5d1f1e886e4) C:\Windows\system32\DRIVERS\e1e6032e.sys
23:17:54.0423 6904 e1express - ok
23:17:54.0641 6904 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
23:17:54.0688 6904 E1G60 - ok
23:17:54.0844 6904 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
23:17:54.0875 6904 EapHost - ok
23:17:55.0047 6904 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
23:17:55.0062 6904 Ecache - ok
23:17:55.0842 6904 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
23:17:55.0936 6904 ehRecvr - ok
23:17:56.0263 6904 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
23:17:56.0295 6904 ehSched - ok
23:17:56.0357 6904 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
23:17:56.0388 6904 ehstart - ok
23:17:56.0981 6904 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
23:17:57.0137 6904 elxstor - ok
23:17:57.0714 6904 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
23:17:57.0839 6904 EMDMgmt - ok
23:17:57.0964 6904 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
23:17:58.0011 6904 ErrDev - ok
23:17:58.0432 6904 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
23:17:58.0494 6904 EventSystem - ok
23:17:58.0728 6904 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
23:17:58.0791 6904 exfat - ok
23:17:59.0149 6904 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
23:17:59.0227 6904 fastfat - ok
23:17:59.0383 6904 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
23:17:59.0446 6904 fdc - ok
23:17:59.0539 6904 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
23:17:59.0602 6904 fdPHost - ok
23:17:59.0633 6904 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
23:17:59.0711 6904 FDResPub - ok
23:17:59.0836 6904 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
23:17:59.0851 6904 FileInfo - ok
23:17:59.0914 6904 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
23:17:59.0976 6904 Filetrace - ok
23:18:01.0723 6904 Fitbit (d4c0e5c287aad7ff3176731a310ab2af) C:\Program Files (x86)\Fitbit\fitbit.exe
23:18:01.0973 6904 Fitbit - ok
23:18:02.0441 6904 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:18:02.0472 6904 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:18:02.0472 6904 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:18:03.0143 6904 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:18:03.0252 6904 flpydisk - ok
23:18:03.0720 6904 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
23:18:03.0783 6904 FltMgr - ok
23:18:05.0077 6904 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
23:18:05.0717 6904 FontCache - ok
23:18:06.0029 6904 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:18:06.0045 6904 FontCache3.0.0.0 - ok
23:18:06.0232 6904 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
23:18:06.0279 6904 Fs_Rec - ok
23:18:06.0528 6904 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
23:18:06.0559 6904 gagp30kx - ok
23:18:06.0669 6904 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
23:18:06.0700 6904 GEARAspiWDM - ok
23:18:07.0464 6904 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
23:18:07.0761 6904 gpsvc - ok
23:18:08.0041 6904 gupdate1c98b1ccc2f0af0 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:18:08.0057 6904 gupdate1c98b1ccc2f0af0 - ok
23:18:08.0088 6904 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:18:08.0104 6904 gupdatem - ok
23:18:08.0291 6904 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:18:08.0307 6904 gusvc - ok
23:18:09.0430 6904 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:18:09.0726 6904 HDAudBus - ok
23:18:09.0804 6904 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
23:18:09.0882 6904 HidBth - ok
23:18:09.0945 6904 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
23:18:10.0023 6904 HidIr - ok
23:18:10.0054 6904 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
23:18:10.0085 6904 hidserv - ok
23:18:10.0163 6904 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
23:18:10.0194 6904 HidUsb - ok
23:18:10.0381 6904 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
23:18:10.0444 6904 hkmsvc - ok
23:18:10.0584 6904 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
23:18:10.0631 6904 HpCISSs - ok
23:18:12.0675 6904 HSF_DPV (8774d021a3fffe44150f8510381deee6) C:\Windows\system32\DRIVERS\CAX_DPV.sys
23:18:13.0330 6904 HSF_DPV - ok
23:18:14.0203 6904 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
23:18:14.0328 6904 HTTP - ok
23:18:14.0359 6904 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
23:18:14.0375 6904 i2omp - ok
23:18:14.0437 6904 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
23:18:14.0469 6904 i8042prt - ok
23:18:14.0500 6904 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
23:18:14.0515 6904 iaStorV - ok
23:18:14.0640 6904 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:18:14.0734 6904 idsvc - ok
23:18:15.0124 6904 igfx (50f15f9aee2e7692dfe58917e2d40498) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:18:15.0654 6904 igfx - ok
23:18:15.0857 6904 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
23:18:15.0873 6904 iirsp - ok
23:18:15.0997 6904 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
23:18:16.0091 6904 IKEEXT - ok
23:18:16.0200 6904 IntcAzAudAddService (04c6489a44e340574daae64a6062541c) C:\Windows\system32\drivers\RTKVHD64.sys
23:18:16.0434 6904 IntcAzAudAddService - ok
23:18:16.0512 6904 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
23:18:16.0528 6904 intelide - ok
23:18:16.0559 6904 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
23:18:16.0606 6904 intelppm - ok
23:18:16.0777 6904 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
23:18:16.0793 6904 IntuitUpdateService - ok
23:18:16.0918 6904 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
23:18:16.0933 6904 IntuitUpdateServiceV4 - ok
23:18:17.0043 6904 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
23:18:17.0121 6904 IPBusEnum - ok
23:18:17.0214 6904 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:18:17.0277 6904 IpFilterDriver - ok
23:18:17.0370 6904 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
23:18:17.0386 6904 iphlpsvc - ok
23:18:17.0401 6904 IpInIp - ok
23:18:17.0433 6904 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
23:18:17.0464 6904 IPMIDRV - ok
23:18:17.0495 6904 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
23:18:17.0526 6904 IPNAT - ok
23:18:17.0635 6904 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
23:18:17.0667 6904 iPod Service - ok
23:18:17.0698 6904 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
23:18:17.0729 6904 IRENUM - ok
23:18:17.0776 6904 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
23:18:17.0791 6904 isapnp - ok
23:18:17.0854 6904 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
23:18:17.0885 6904 iScsiPrt - ok
23:18:17.0901 6904 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
23:18:17.0916 6904 iteatapi - ok
23:18:17.0947 6904 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
23:18:17.0963 6904 iteraid - ok
23:18:17.0979 6904 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
23:18:17.0994 6904 kbdclass - ok
23:18:18.0057 6904 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
23:18:18.0072 6904 kbdhid - ok
23:18:18.0135 6904 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:18:18.0166 6904 KeyIso - ok
23:18:18.0228 6904 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
23:18:18.0259 6904 KSecDD - ok
23:18:18.0306 6904 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
23:18:18.0353 6904 ksthunk - ok
23:18:18.0431 6904 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
23:18:18.0509 6904 KtmRm - ok
23:18:18.0556 6904 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
23:18:18.0587 6904 LanmanServer - ok
23:18:18.0618 6904 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
23:18:18.0649 6904 LanmanWorkstation - ok
23:18:18.0852 6904 LiveUpdate (63ed50a6ed61829c2def5b733d258a05) C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
23:18:18.0946 6904 LiveUpdate - ok
23:18:19.0024 6904 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
23:18:19.0055 6904 lltdio - ok
23:18:19.0102 6904 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
23:18:19.0149 6904 lltdsvc - ok
23:18:19.0227 6904 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
23:18:19.0258 6904 lmhosts - ok
23:18:19.0429 6904 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
23:18:19.0445 6904 LSI_FC - ok
23:18:19.0648 6904 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
23:18:19.0679 6904 LSI_SAS - ok
23:18:19.0851 6904 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
23:18:19.0882 6904 LSI_SCSI - ok
23:18:20.0007 6904 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
23:18:20.0053 6904 luafv - ok
23:18:20.0194 6904 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
23:18:20.0209 6904 Mcx2Svc - ok
23:18:20.0287 6904 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:18:20.0319 6904 mdmxsdk - ok
23:18:20.0397 6904 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
23:18:20.0428 6904 megasas - ok
23:18:20.0537 6904 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
23:18:20.0568 6904 MegaSR - ok
23:18:20.0615 6904 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
23:18:20.0662 6904 MMCSS - ok
23:18:20.0724 6904 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
23:18:20.0755 6904 Modem - ok
23:18:20.0865 6904 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
23:18:20.0896 6904 monitor - ok
23:18:20.0943 6904 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
23:18:20.0958 6904 mouclass - ok
23:18:21.0036 6904 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
23:18:21.0099 6904 mouhid - ok
23:18:21.0208 6904 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
23:18:21.0270 6904 MountMgr - ok
23:18:21.0364 6904 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
23:18:21.0395 6904 mpio - ok
23:18:21.0535 6904 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
23:18:21.0582 6904 mpsdrv - ok
23:18:22.0425 6904 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
23:18:22.0549 6904 MpsSvc - ok
23:18:22.0627 6904 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
23:18:22.0659 6904 Mraid35x - ok
23:18:22.0924 6904 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
23:18:22.0986 6904 MRxDAV - ok
23:18:23.0205 6904 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:18:23.0267 6904 mrxsmb - ok
23:18:23.0610 6904 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:18:23.0641 6904 mrxsmb10 - ok
23:18:23.0891 6904 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:18:23.0938 6904 mrxsmb20 - ok
23:18:24.0063 6904 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
23:18:24.0094 6904 msahci - ok
23:18:24.0172 6904 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
23:18:24.0187 6904 msdsm - ok
23:18:24.0343 6904 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
23:18:24.0406 6904 MSDTC - ok
23:18:24.0468 6904 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
23:18:24.0515 6904 Msfs - ok
23:18:24.0640 6904 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
23:18:24.0655 6904 msisadrv - ok
23:18:24.0858 6904 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
23:18:24.0936 6904 MSiSCSI - ok
23:18:24.0936 6904 msiserver - ok
23:18:25.0014 6904 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
23:18:25.0061 6904 MSKSSRV - ok
23:18:25.0123 6904 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
23:18:25.0186 6904 MSPCLOCK - ok
23:18:25.0248 6904 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
23:18:25.0311 6904 MSPQM - ok
23:18:25.0841 6904 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
23:18:25.0888 6904 MsRPC - ok
23:18:25.0997 6904 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
23:18:26.0013 6904 mssmbios - ok
23:18:26.0091 6904 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
23:18:26.0153 6904 MSTEE - ok
23:18:26.0278 6904 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
23:18:26.0293 6904 Mup - ok
23:18:26.0730 6904 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
23:18:26.0902 6904 napagent - ok
23:18:27.0323 6904 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
23:18:27.0370 6904 NativeWifiP - ok
23:18:28.0056 6904 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
23:18:28.0119 6904 NDIS - ok
23:18:28.0197 6904 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
23:18:28.0243 6904 NdisTapi - ok
23:18:28.0290 6904 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
23:18:28.0337 6904 Ndisuio - ok
23:18:28.0493 6904 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
23:18:28.0540 6904 NdisWan - ok
23:18:28.0649 6904 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
23:18:28.0680 6904 NDProxy - ok
23:18:28.0774 6904 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
23:18:28.0821 6904 NetBIOS - ok
23:18:29.0101 6904 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
23:18:29.0164 6904 netbt - ok
23:18:29.0257 6904 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:18:29.0289 6904 Netlogon - ok
23:18:29.0835 6904 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
23:18:29.0897 6904 Netman - ok
23:18:30.0334 6904 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
23:18:30.0412 6904 netprofm - ok
23:18:30.0786 6904 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:18:30.0833 6904 NetTcpPortSharing - ok
23:18:30.0942 6904 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
23:18:30.0973 6904 nfrd960 - ok
23:18:31.0285 6904 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
23:18:31.0363 6904 NlaSvc - ok
23:18:31.0519 6904 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
23:18:31.0566 6904 Npfs - ok
23:18:31.0644 6904 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
23:18:31.0691 6904 nsi - ok
23:18:31.0769 6904 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
23:18:31.0816 6904 nsiproxy - ok
23:18:33.0516 6904 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
23:18:33.0875 6904 Ntfs - ok
23:18:34.0421 6904 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
23:18:34.0468 6904 Null - ok
23:18:34.0593 6904 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
23:18:34.0624 6904 nvraid - ok
23:18:34.0686 6904 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
23:18:34.0717 6904 nvstor - ok
23:18:34.0873 6904 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
23:18:34.0905 6904 nv_agp - ok
23:18:34.0905 6904 NwlnkFlt - ok
23:18:34.0920 6904 NwlnkFwd - ok
23:18:35.0497 6904 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:18:35.0591 6904 odserv - ok
23:18:35.0778 6904 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
23:18:35.0856 6904 ohci1394 - ok
23:18:35.0997 6904 OKI OPHC DCS Loader (b9c8dd896fa7646edcc69c2c51f95254) C:\Windows\system32\spool\DRIVERS\x64\3\OPHCLDCS.EXE
23:18:35.0997 6904 OKI OPHC DCS Loader ( UnsignedFile.Multi.Generic ) - warning
23:18:35.0997 6904 OKI OPHC DCS Loader - detected UnsignedFile.Multi.Generic (1)
23:18:36.0137 6904 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:18:36.0153 6904 ose - ok
23:18:36.0886 6904 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:18:37.0120 6904 p2pimsvc - ok
23:18:37.0135 6904 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:18:37.0260 6904 p2psvc - ok
23:18:37.0385 6904 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
23:18:37.0479 6904 Parport - ok
23:18:37.0603 6904 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
23:18:37.0619 6904 partmgr - ok
23:18:37.0822 6904 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
23:18:37.0853 6904 PcaSvc - ok
23:18:38.0602 6904 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
23:18:38.0695 6904 pci - ok
23:18:38.0867 6904 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
23:18:38.0883 6904 pciide - ok
23:18:39.0148 6904 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
23:18:39.0195 6904 pcmcia - ok
23:18:40.0209 6904 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
23:18:40.0443 6904 PEAUTH - ok
23:18:40.0755 6904 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
23:18:40.0833 6904 PerfHost - ok
23:18:40.0864 6904 pfc - ok
23:18:41.0316 6904 PID_0928 (b47dee29b5e6e1939567a926c7a3e6a4) C:\Windows\system32\DRIVERS\LV561V64.SYS
23:18:41.0394 6904 PID_0928 - ok
23:18:42.0424 6904 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
23:18:42.0751 6904 pla - ok
23:18:42.0907 6904 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
23:18:42.0954 6904 PlugPlay - ok
23:18:43.0765 6904 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:18:44.0062 6904 PNRPAutoReg - ok
23:18:44.0077 6904 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:18:44.0140 6904 PNRPsvc - ok
23:18:44.0467 6904 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
23:18:44.0545 6904 PolicyAgent - ok
23:18:44.0889 6904 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
23:18:44.0951 6904 PptpMiniport - ok
23:18:45.0029 6904 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
23:18:45.0076 6904 Processor - ok
23:18:45.0310 6904 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
23:18:45.0357 6904 ProfSvc - ok
23:18:45.0450 6904 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:18:45.0481 6904 ProtectedStorage - ok
23:18:45.0622 6904 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
23:18:45.0669 6904 PSched - ok
23:18:45.0825 6904 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
23:18:45.0856 6904 PxHlpa64 - ok
23:18:46.0839 6904 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
23:18:47.0307 6904 ql2300 - ok
23:18:47.0463 6904 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
23:18:47.0494 6904 ql40xx - ok
23:18:47.0806 6904 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
23:18:47.0853 6904 QWAVE - ok
23:18:47.0899 6904 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
23:18:47.0946 6904 QWAVEdrv - ok
23:18:49.0210 6904 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
23:18:49.0818 6904 R300 - ok
23:18:50.0848 6904 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
23:18:50.0879 6904 RasAcd - ok
23:18:51.0004 6904 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
23:18:51.0051 6904 RasAuto - ok
23:18:51.0097 6904 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:18:51.0129 6904 Rasl2tp - ok
23:18:51.0144 6904 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
23:18:51.0175 6904 RasMan - ok
23:18:51.0207 6904 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
23:18:51.0222 6904 RasPppoe - ok
23:18:51.0238 6904 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
23:18:51.0253 6904 RasSstp - ok
23:18:51.0300 6904 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
23:18:51.0331 6904 rdbss - ok
23:18:51.0347 6904 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:18:51.0378 6904 RDPCDD - ok
23:18:51.0409 6904 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
23:18:51.0456 6904 rdpdr - ok
23:18:51.0456 6904 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
23:18:51.0487 6904 RDPENCDD - ok
23:18:51.0534 6904 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
23:18:51.0581 6904 RDPWD - ok
23:18:51.0612 6904 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
23:18:51.0643 6904 RemoteAccess - ok
23:18:51.0706 6904 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
23:18:51.0737 6904 RemoteRegistry - ok
23:18:51.0753 6904 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
23:18:51.0784 6904 RpcLocator - ok
23:18:51.0862 6904 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
23:18:51.0909 6904 RpcSs - ok
23:18:51.0971 6904 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
23:18:52.0018 6904 rspndr - ok
23:18:52.0065 6904 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:18:52.0096 6904 SamSs - ok
23:18:52.0127 6904 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
23:18:52.0143 6904 sbp2port - ok
23:18:52.0158 6904 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
23:18:52.0189 6904 SCardSvr - ok
23:18:52.0252 6904 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
23:18:52.0299 6904 Schedule - ok
23:18:52.0345 6904 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
23:18:52.0377 6904 SCPolicySvc - ok
23:18:52.0392 6904 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
23:18:52.0408 6904 SDRSVC - ok
23:18:52.0423 6904 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:18:52.0470 6904 secdrv - ok
23:18:52.0486 6904 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
23:18:52.0517 6904 seclogon - ok
23:18:52.0517 6904 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
23:18:52.0564 6904 SENS - ok
23:18:52.0579 6904 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
23:18:52.0626 6904 Serenum - ok
23:18:52.0657 6904 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
23:18:52.0735 6904 Serial - ok
23:18:52.0751 6904 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
23:18:52.0782 6904 sermouse - ok
23:18:52.0798 6904 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
23:18:52.0829 6904 SessionEnv - ok
23:18:52.0845 6904 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
23:18:52.0876 6904 sffdisk - ok
23:18:52.0876 6904 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
23:18:52.0923 6904 sffp_mmc - ok
23:18:52.0938 6904 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
23:18:52.0969 6904 sffp_sd - ok
23:18:52.0985 6904 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
23:18:53.0032 6904 sfloppy - ok
23:18:53.0047 6904 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
23:18:53.0094 6904 SharedAccess - ok
23:18:53.0141 6904 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
23:18:53.0172 6904 ShellHWDetection - ok
23:18:53.0188 6904 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
23:18:53.0203 6904 SiSRaid2 - ok
23:18:53.0219 6904 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
23:18:53.0235 6904 SiSRaid4 - ok
23:18:53.0297 6904 SIUSBXP (4c9f8e72f87f50a6125aaa31b63b2d18) C:\Windows\system32\drivers\SiUSBXp.sys
23:18:53.0313 6904 SIUSBXP - ok
23:18:53.0469 6904 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
23:18:53.0578 6904 slsvc - ok
23:18:53.0656 6904 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
23:18:53.0687 6904 SLUINotify - ok
23:18:53.0781 6904 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
23:18:53.0812 6904 Smb - ok
23:18:53.0843 6904 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
23:18:53.0859 6904 SNMPTRAP - ok
23:18:53.0921 6904 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
23:18:53.0937 6904 spldr - ok
23:18:53.0983 6904 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
23:18:53.0999 6904 Spooler - ok
23:18:54.0061 6904 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
23:18:54.0155 6904 srv - ok
23:18:54.0233 6904 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
23:18:54.0264 6904 srv2 - ok
23:18:54.0327 6904 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
23:18:54.0358 6904 srvnet - ok
23:18:54.0358 6904 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
23:18:54.0420 6904 SSDPSRV - ok
23:18:54.0483 6904 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
23:18:54.0514 6904 SstpSvc - ok
23:18:54.0561 6904 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
23:18:54.0607 6904 stisvc - ok
23:18:54.0717 6904 stllssvr (7489520e98a119b5a9a00857f4f87d16) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
23:18:54.0732 6904 stllssvr - ok
23:18:54.0763 6904 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
23:18:54.0779 6904 swenum - ok
23:18:54.0841 6904 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
23:18:54.0888 6904 swprv - ok
23:18:54.0904 6904 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
23:18:54.0919 6904 Symc8xx - ok
23:18:54.0919 6904 SymIM - ok
23:18:54.0919 6904 SymIMMP - ok
23:18:54.0951 6904 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
23:18:54.0966 6904 Sym_hi - ok
23:18:54.0982 6904 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
23:18:54.0997 6904 Sym_u3 - ok
23:18:55.0044 6904 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
23:18:55.0122 6904 SysMain - ok
23:18:55.0169 6904 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
23:18:55.0200 6904 TabletInputService - ok
23:18:55.0231 6904 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
23:18:55.0278 6904 TapiSrv - ok
23:18:55.0278 6904 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
23:18:55.0309 6904 TBS - ok
23:18:55.0419 6904 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
23:18:55.0512 6904 Tcpip - ok
23:18:55.0528 6904 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
23:18:55.0637 6904 Tcpip6 - ok
23:18:55.0715 6904 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
23:18:55.0731 6904 tcpipreg - ok
23:18:55.0746 6904 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
23:18:55.0777 6904 TDPIPE - ok
23:18:55.0793 6904 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
23:18:55.0840 6904 TDTCP - ok
23:18:55.0871 6904 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
23:18:55.0902 6904 tdx - ok
23:18:55.0949 6904 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
23:18:55.0965 6904 TermDD - ok
23:18:55.0996 6904 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
23:18:56.0058 6904 TermService - ok
23:18:56.0121 6904 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
23:18:56.0136 6904 Themes - ok
23:18:56.0167 6904 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
23:18:56.0214 6904 THREADORDER - ok
23:18:56.0245 6904 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
23:18:56.0261 6904 tmactmon - ok
23:18:56.0323 6904 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
23:18:56.0339 6904 tmcomm - ok
23:18:56.0370 6904 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
23:18:56.0401 6904 tmevtmgr - ok
23:18:56.0417 6904 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
23:18:56.0433 6904 tmtdi - ok
23:18:56.0464 6904 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
23:18:56.0511 6904 TrkWks - ok
23:18:56.0542 6904 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
23:18:56.0573 6904 TrustedInstaller - ok
23:18:56.0604 6904 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:18:56.0635 6904 tssecsrv - ok
23:18:56.0682 6904 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
23:18:56.0698 6904 tunmp - ok
23:18:56.0745 6904 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
23:18:56.0760 6904 tunnel - ok
23:18:56.0776 6904 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
23:18:56.0791 6904 uagp35 - ok
23:18:57.0291 6904 uagqecsvc (90ea2f8a920ee567029089b6a3c05c96) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
23:18:57.0306 6904 uagqecsvc - ok
23:18:57.0649 6904 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
23:18:57.0712 6904 udfs - ok
23:18:57.0759 6904 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
23:18:57.0821 6904 UI0Detect - ok
23:18:57.0883 6904 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
23:18:57.0915 6904 uliagpkx - ok
23:18:57.0993 6904 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
23:18:58.0039 6904 uliahci - ok
23:18:58.0336 6904 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
23:18:58.0367 6904 UlSata - ok
23:18:58.0398 6904 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
23:18:58.0429 6904 ulsata2 - ok
23:18:58.0461 6904 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
23:18:58.0507 6904 umbus - ok
23:18:58.0539 6904 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
23:18:58.0585 6904 upnphost - ok
23:18:58.0648 6904 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:18:58.0679 6904 USBAAPL64 - ok
23:18:58.0741 6904 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
23:18:58.0788 6904 usbaudio - ok
23:18:58.0835 6904 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
23:18:58.0866 6904 usbccgp - ok
23:18:59.0069 6904 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
23:18:59.0163 6904 usbcir - ok
23:18:59.0241 6904 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
23:18:59.0272 6904 usbehci - ok
23:18:59.0365 6904 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
23:18:59.0428 6904 usbhub - ok
23:18:59.0506 6904 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
23:18:59.0599 6904 usbohci - ok
23:18:59.0646 6904 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
23:18:59.0693 6904 usbprint - ok
23:18:59.0771 6904 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
23:18:59.0802 6904 usbscan - ok
23:18:59.0865 6904 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:18:59.0911 6904 USBSTOR - ok
23:18:59.0927 6904 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
23:18:59.0958 6904 usbuhci - ok
23:19:00.0021 6904 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
23:19:00.0067 6904 UxSms - ok
23:19:00.0114 6904 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
23:19:00.0192 6904 vds - ok
23:19:00.0223 6904 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
23:19:00.0270 6904 vga - ok
23:19:00.0301 6904 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
23:19:00.0348 6904 VgaSave - ok
23:19:00.0395 6904 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
23:19:00.0426 6904 viaide - ok
23:19:00.0489 6904 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
23:19:00.0504 6904 volmgr - ok
23:19:00.0629 6904 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
23:19:00.0660 6904 volmgrx - ok
23:19:00.0723 6904 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
23:19:00.0754 6904 volsnap - ok
23:19:00.0816 6904 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
23:19:00.0847 6904 vsmraid - ok
23:19:01.0612 6904 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
23:19:01.0737 6904 VSS - ok
23:19:01.0861 6904 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
23:19:01.0908 6904 W32Time - ok
23:19:01.0955 6904 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
23:19:02.0033 6904 WacomPen - ok
23:19:02.0127 6904 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
23:19:02.0158 6904 Wanarp - ok
23:19:02.0158 6904 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
23:19:02.0189 6904 Wanarpv6 - ok
23:19:02.0782 6904 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
23:19:02.0844 6904 wcncsvc - ok
23:19:02.0860 6904 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
23:19:02.0907 6904 WcsPlugInService - ok
23:19:03.0016 6904 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
23:19:03.0063 6904 Wd - ok
23:19:03.0359 6904 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
23:19:03.0453 6904 Wdf01000 - ok
23:19:03.0468 6904 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
23:19:03.0515 6904 WdiServiceHost - ok
23:19:03.0515 6904 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
23:19:03.0577 6904 WdiSystemHost - ok
23:19:03.0687 6904 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
23:19:03.0702 6904 WebClient - ok
23:19:03.0749 6904 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
23:19:03.0796 6904 Wecsvc - ok
23:19:03.0796 6904 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
23:19:03.0827 6904 wercplsupport - ok
23:19:03.0827 6904 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
23:19:03.0858 6904 WerSvc - ok
23:19:04.0451 6904 winachsf (47e8fe123d0a99dc0e172f89425b9342) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
23:19:04.0513 6904 winachsf - ok
23:19:04.0545 6904 WinDefend - ok
23:19:04.0545 6904 WinHttpAutoProxySvc - ok
23:19:04.0825 6904 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
23:19:04.0872 6904 Winmgmt - ok
23:19:06.0666 6904 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
23:19:06.0760 6904 WinRM - ok
23:19:07.0540 6904 winusb (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.SYS
23:19:07.0571 6904 winusb - ok
23:19:07.0945 6904 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
23:19:08.0008 6904 Wlansvc - ok
23:19:08.0086 6904 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
23:19:08.0133 6904 WmiAcpi - ok
23:19:08.0445 6904 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
23:19:08.0476 6904 wmiApSrv - ok
23:19:08.0507 6904 WMPNetworkSvc - ok
23:19:08.0647 6904 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
23:19:08.0679 6904 WPCSvc - ok
23:19:08.0710 6904 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
23:19:08.0757 6904 WPDBusEnum - ok
23:19:08.0788 6904 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
23:19:08.0819 6904 WpdUsb - ok
23:19:09.0100 6904 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:19:09.0193 6904 WPFFontCache_v0400 - ok
23:19:09.0256 6904 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
23:19:09.0318 6904 ws2ifsl - ok
23:19:09.0427 6904 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
23:19:09.0474 6904 wscsvc - ok
23:19:09.0474 6904 WSearch - ok
23:19:10.0176 6904 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
23:19:10.0332 6904 wuauserv - ok
23:19:10.0551 6904 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:19:10.0597 6904 WUDFRd - ok
23:19:10.0707 6904 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
23:19:10.0753 6904 wudfsvc - ok
23:19:10.0816 6904 XAudio (e288fa83c178a3458bac1fa80b346c06) C:\Windows\system32\DRIVERS\xaudio64.sys
23:19:10.0831 6904 XAudio - ok
23:19:10.0863 6904 XAudioService (510652a925b5d6c3892379d263a87f00) C:\Windows\system32\DRIVERS\xaudio64.exe
23:19:10.0909 6904 XAudioService - ok
23:19:10.0987 6904 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:19:15.0199 6904 \Device\Harddisk0\DR0 - ok
23:19:15.0231 6904 Boot (0x1200) (604ebd5fe397a8bd824bc4ea2689abd8) \Device\Harddisk0\DR0\Partition0
23:19:15.0231 6904 \Device\Harddisk0\DR0\Partition0 - ok
23:19:15.0246 6904 Boot (0x1200) (0b8f8da242653f2976dfba9d860ea6cc) \Device\Harddisk0\DR0\Partition1
23:19:15.0246 6904 \Device\Harddisk0\DR0\Partition1 - ok
23:19:15.0246 6904 ============================================================
23:19:15.0246 6904 Scan finished
23:19:15.0246 6904 ============================================================
23:19:15.0262 6740 Detected object count: 3
23:19:15.0262 6740 Actual detected object count: 3
23:21:30.0003 6740 AllShare ( UnsignedFile.Multi.Generic ) - skipped by user
23:21:30.0018 6740 AllShare ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:21:30.0018 6740 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:21:30.0018 6740 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:21:30.0018 6740 OKI OPHC DCS Loader ( UnsignedFile.Multi.Generic ) - skipped by user
23:21:30.0018 6740 OKI OPHC DCS Loader ( UnsignedFile.Multi.Generic ) - User select action: Skip
aswMBR log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-19 23:24:58
-----------------------------
23:24:58.117 OS Version: Windows x64 6.0.6002 Service Pack 2
23:24:58.117 Number of processors: 4 586 0xF0B
23:24:58.117 ComputerName: STATHAKIS-PC UserName: Alex
23:25:00.894 Initialize success
23:25:51.493 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:25:51.493 Disk 0 Vendor: WDC_WD6400AAKS-75A7B0 01.03B01 Size: 610480MB BusType: 3
23:25:51.508 Disk 0 MBR read successfully
23:25:51.508 Disk 0 MBR scan
23:25:51.508 Disk 0 Windows XP default MBR code
23:25:51.524 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
23:25:51.540 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2048 MB offset 112640
23:25:51.555 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 608376 MB offset 4306944
23:25:51.571 Disk 0 scanning C:\Windows\system32\drivers
23:26:00.241 Service scanning
23:26:13.532 Modules scanning
23:26:13.532 Disk 0 trace - called modules:
23:26:13.563 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:26:13.563 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80075231d0]
23:26:14.078 3 CLASSPNP.SYS[fffffa6000dcdc33] -> nt!IofCallDriver -> [0xfffffa8006113520]
23:26:14.078 5 acpi.sys[fffffa60008f4fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005602940]
23:26:14.078 Scan finished successfully
23:28:22.367 Disk 0 MBR has been saved successfully to "C:\Users\Alex\Desktop\MBR.dat"
23:28:22.367 The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR.txt"
DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Alex at 23:33:28 on 2012-06-19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6132.3885 [GMT -5:00]
.
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Fitbit\fitbit.exe
C:\Windows\system32\spool\DRIVERS\x64\3\OPHCLDCS.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\conime.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Fitbit\fitbit-tray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\PIXELA\ImageMixer3\HDDCameraMonitor.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
C:\Program Files (x86)\Freecorder\FLVSrvc.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\splwow64.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://ie.search.msn.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uCustomizeSearch = hxxp://ie.search.msn.com
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Facebook Update] "C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe
mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [ReminderApp] C:\Program Files (x86)\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEM~1.LNK - C:\Program Files (x86)\PIXELA\ImageMixer3\HDDCameraMonitor.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxps://sisportal.maine207.org/Classroom/Reserved.ReportViewerWebControl.axd?ReportSession=my0ckk55ekkjdq55inudna45&ControlID=ef5d6b4ebd47423282911269a5a78151&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3BF72F68-72D8-461D-A884-329D936C5581} - hxxp://www.totsites.com/admin2/includes/imageuploader5_5_6/ImageUploader5.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://fileserver.maine207.org/InternalSite/WhlCompMgr.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://taskstreamhelp.webex.com/client/T26L/event/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{527048B8-AAC7-4BA2-BD4C-F55D70C4D564} : DhcpNameServer = 192.168.1.1
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO-X64: NCO 2.0 IE BHO - No File
BHO-X64: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
BHO-X64: Freecorder Toolbar - No File
BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO-X64: Google Gears Helper - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [ReminderApp] C:\Program Files (x86)\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2008-7-30 52760]
R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AllShare;SAMSUNG AllShare Service;C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-7-16 6638080]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-11-27 275912]
R2 Fitbit;Fitbit Data Uploader;C:\Program Files (x86)\Fitbit\fitbit.exe [2012-2-28 788000]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 OKI OPHC DCS Loader;OKI OPHC DCS Loader;C:\Windows\System32\spool\drivers\x64\3\OPHCLDCS.EXE [2005-9-12 19968]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2011-9-22 150928]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
R3 SIUSBXP;SIUSBXP;C:\Windows\system32\drivers\SiUSBXp.sys --> C:\Windows\system32\drivers\SiUSBXp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c98b1ccc2f0af0;Google Update Service (gupdate1c98b1ccc2f0af0);C:\Program Files (x86)\google\Update\GoogleUpdate.exe [2009-2-9 133104]
S3 DMService;Microsoft Forefront UAG Endpoint Component Manager;C:\Windows\DOWNLO~1\DMService.exe [2011-9-22 487824]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\google\Update\GoogleUpdate.exe [2009-2-9 133104]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-06-20 04:09:00 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-19 13:29:07 98816 ----a-w- C:\Windows\sed.exe
2012-06-19 13:29:07 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-19 13:29:07 256000 ----a-w- C:\Windows\PEV.exe
2012-06-19 13:29:07 208896 ----a-w- C:\Windows\MBR.exe
2012-06-19 13:28:59 -------- d-----w- C:\ComboFix
2012-06-14 08:15:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-06-14 08:15:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-06-14 08:15:59 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2012-06-13 21:48:34 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 21:48:33 2767360 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 21:48:21 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 21:48:21 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-13 21:48:21 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 21:48:21 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 21:48:21 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 21:48:21 1267200 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-12 05:22:27 35928 ----a-w- C:\Windows\System32\AdobePDF64.dll
.
==================== Find3M ====================
.
2012-05-28 17:43:55 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-28 17:43:55 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-03 08:22:15 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 23:33:52.30 ===============
Attach Log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 6/19/2008 3:32:32 AM
System Uptime: 6/19/2012 10:13:15 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0FM586
Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 594 GiB total, 166.266 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 1.003 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.3.1 - CPSID_83708
Adobe Acrobat 8.3.1 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Template Projects & Footage
Adobe After Effects CS3 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe Encore CS3 Library
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader X (10.1.3)
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Amazon MP3 Downloader 1.0.12
AnswerWorks 5.0 English Runtime
Any Video Converter 3.1.8
Apple Application Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
Audacity 1.2.6
AVI-FLV-MP4-WMV Converter 1.2
C3200n Series GDI Driver from OKI® Printing Solutions for Windows
Canon MP Navigator EX 1.0
Canon MP210 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Compatibility Pack for the 2007 Office system
Dell Getting Started Guide
Digital Line Detect
EDocs
Facebook Video Calling 1.2.0.159
Fitbit Base Station (Driver Removal)
Fitbit v2.1.0
Freecorder 5
Freecorder Toolbar
Google Chrome
Google Earth
Google Gears
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Google Video Uploader
GoToMeeting 5.1.0.880
HandBrake 0.9.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImageMixer3
Java Auto Updater
Java 6 Update 30
LEGO MINDSTORMS Edu NXT - English Language Pack
LEGO MINDSTORMS Edu NXT Software v2.1
LiveUpdate (Symantec Corporation)
Logitech Harmony Remote Software 7
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Forefront UAG endpoint components v4.0.0
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Move Media Player
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
PDF Settings
Photo Transport
Photo Viewer V208G2
Quicken 2008
QuickTime
Realtek High Definition Audio Driver
Remote Control USB Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SAMSUNG PC Share Manager
ScanSoft OmniPage SE 4
Scrapbook Factory Deluxe 4.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Smartparts Desktop
Spelling Dictionaries Support For Adobe Reader 8
StartNow Toolbar
TurboTax 2008
TurboTax 2008 wiliper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wiliper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wiliper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wiliper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebEx
.
==== End Of File ===========================
-
Hello,
I'm running Windows Vista Home Premium Version 6 service pack 2, and I've noticed recently that when I click on links in Google, sometimes it takes me to websites that are not the links I clicked on (numeric addresses that are blocked by Trend Micro, sites that sell virus protection, etc.). I have already run Malwarebytes AntiMalware, and the two most recent logs are copied and pasted below. I also just ran ComboFix, and its log is below the two Malwarebytes logs. It appears that the random link problem still exists, even after running ComboFix. Any help you can offer is much appreciated!
6/12/2012:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.12.02
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Alex :: STATHAKIS-PC [administrator]
6/12/2012 12:30:37 AM
mbam-log-2012-06-12 (00-30-37).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228585
Time elapsed: 16 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\Users\Alex\AppData\Local\IsolatedStorage\Installer464\ntrzxb.dll (Trojan.Happili.XGen) -> Delete on reboot.
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Installer464 (Trojan.Happili.XGen) -> Data: rundll32.exe "C:\Users\Alex\AppData\Local\IsolatedStorage\Installer464\ntrzxb.dll",CreateInstance -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\Alex\AppData\Local\IsolatedStorage\Installer464\ntrzxb.dll (Trojan.Happili.XGen) -> Delete on reboot.
C:\Users\Alex\AppData\Local\Temp\0.7895981171162177 (Trojan.Happili) -> Quarantined and deleted successfully.
(end)
6/19/2012:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.19.04
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Alex :: STATHAKIS-PC [administrator]
6/19/2012 8:02:11 AM
mbam-log-2012-06-19 (08-02-11).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229650
Time elapsed: 15 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Combofix 6/19/2012
ComboFix 12-06-19.01 - Alex 06/19/2012 8:32.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6132.3086 [GMT -5:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\ToOLbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\users\Alex\g2mdlhlpx.exe
c:\users\Alex\WINDOWS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-19 13:49 . 2012-06-19 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-14 08:15 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-06-14 08:15 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-06-14 08:15 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-06-13 21:48 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 21:48 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 21:48 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 21:48 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 21:48 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 21:48 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 21:48 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 21:48 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-12 05:22 . 2007-03-23 21:55 35928 ----a-w- c:\windows\system32\AdobePDF64.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-28 17:43 . 2012-05-20 12:26 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-28 17:43 . 2011-06-06 18:20 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 20:56 . 2010-02-10 16:13 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:22 . 2012-05-08 18:47 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:45 . 2012-05-08 18:48 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
2011-06-24 15:04 81920 ----a-w- c:\program files (x86)\freecordertoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 22:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}"= "c:\program files (x86)\freecordertoolbar\vmntemplateX.dll" [2011-06-24 81920]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-11 39408]
"Facebook Update"="c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-13 137536]
"Fitbit Service Monitor"="c:\program files (x86)\Fitbit\fitbit-tray.exe" [2011-10-26 2164256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"ReminderApp"="c:\program files (x86)\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe" [2007-06-08 161864]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2008-6-19 50688]
ImageMixer HDD Camera Monitor.lnk - c:\program files (x86)\PIXELA\ImageMixer3\HDDCameraMonitor.exe [2008-7-30 2117632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3800825891-3633625581-3018973039-1000Core.job
- c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-13 13:42]
.
2012-06-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3800825891-3633625581-3018973039-1000UA.job
- c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-13 13:42]
.
2012-06-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-11 18:55]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-10 01:13]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-10 01:13]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3800825891-3633625581-3018973039-1000Core.job
- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 02:58]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3800825891-3633625581-3018973039-1000UA.job
- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 02:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-01-15 5641728]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-05 137240]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-05 202264]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-05 165400]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
"combofix"="c:\combofix\CF11741.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.search.msn.com
uLocal Page = c:\windows\system32\blank.htm
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uCustomizeSearch = hxxp://ie.search.msn.com
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxps://sisportal.maine207.org/Classroom/Reserved.ReportViewerWebControl.axd?ReportSession=my0ckk55ekkjdq55inudna45&ControlID=ef5d6b4ebd47423282911269a5a78151&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: {3BF72F68-72D8-461D-A884-329D936C5581} - hxxp://www.totsites.com/admin2/includes/imageuploader5_5_6/ImageUploader5.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
Wow6432Node-HKLM-Run-StartNowToolbarHelper - c:\program files (x86)\StartNow Toolbar\ToolbarHelper.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-FITBIT&10C4&84C4 - c:\program files (x86)\Fitbit\Base Station\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
c:\program files (x86)\Fitbit\fitbit.exe
c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-06-19 09:05:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-19 14:05
.
Pre-Run: 165,733,531,648 bytes free
Post-Run: 178,640,384,000 bytes free
.
- - End Of File - - 7CDC44E46E296227C7C4A7F643C45ACD
Chrome sometimes opens random pages when clicking on links in Google
in Resolved Malware Removal Logs
Posted
Okay, I've tried a bunch of times now, and when clicking links in Google from Google Chrome, I'm no longer redirected--I think the problem has been solved! Do you think that the trojan was only attached to Chrome, or should I worry that it's still hidden somewhere in the computer? What do you think my next steps should be to make sure the computer isn't infected and that we never get infected again?
Thanks again for all of your time!