andTo86

Members

View Profile See their activity

Posts
18
Joined
November 30, 2012
Last visited
December 14, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by andTo86

Google redirect - new variant?

andTo86 replied to andTo86's topic in Resolved Malware Removal Logs

Everything seems to be MUCH better! Thanks for all of your help!
- December 14, 2012
- 33 replies
Google redirect - new variant?

andTo86 replied to andTo86's topic in Resolved Malware Removal Logs

I opted out of a couple of the startup items - speedfan and via audio vdeck. Everything went smooth, and Eset reported nothing was found.
- December 12, 2012
- 33 replies
Google redirect - new variant?

andTo86 replied to andTo86's topic in Resolved Malware Removal Logs

I only found one of the Java 6 update 30 installs, but it didn't say if it was 32bit or 64. Windows and revo both showed the same thing. The first time I tried to reinstall Java, there was a message about a corrupt dll. Re-downloaded and tried again, success Ccleaner worked without a problem. Malwarebytes gave an error about the hosts file. Re-ran as admin, and it worked. Hijack this ran without a problem. Internet explorer still seems to be broken - google loads instantly, but when you click on a link it loads the title bar and address bar changes, but the screen is just transparent with a spinning progress wheel for a couple of minutes. It doesn't appear to be redirecting, but it's doing something unusual. Otherwise everything seems fine, firefox is perfect. Thanks! _____________________________________________________________________________________ Malwarebytes: _____________________________________________________________________________________ Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.12.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 andys :: POSADMIN_DESKTO [administrator] 12/12/2012 10:50:42 AM mbam-log-2012-12-12 (10-50-42).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 316951 Time elapsed: 3 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) _____________________________________________________________________________________ HijackThis _____________________________________________________________________________________ Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:02:55 AM, on 12/12/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe C:\Program Files (x86)\MagicDisc\MagicDisc.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe C:\Users\andys\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-80-1695898196-1825476648-513549388-626041723-1784616795\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'MSSQL$SQLEXPR12') O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe O4 - Global Startup: SpeedFan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} (RSClientPrint 2005 Class) - http://catermate/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=003qbt24xm5zppzdjihwctzx&ControlID=c89f4bf62c6b49b29de559a8ed36cbb0&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://video.byremote.net/activex/AxisCamControl.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://24.229.44.162:8081/activex/AMC.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://kace.webex.com/client/T27LB/nbr/ieatgpc1.cab O16 - DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} (TSBnwCam Control) - http://bbremote.dynalias.com:4000/user/TSBnwCam.CAB O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skibearcreek.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skibearcreek.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = skibearcreek.com O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apache2.4 - Apache Software Foundation - P:\xampp\apache\bin\httpd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: WebEx Service Host for Support Center (atashost) - Cisco WebEx LLC - C:\Windows\SysWOW64\atashost.exe O23 - Service: Barracuda Backup Agent (bbagent) - Barracuda Networks, Inc. - C:\Program Files\Barracuda\Barracuda Backup Agent\win\x86_64\bbwinsdr.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FileZillaServer - FileZilla Project - P:\xampp\FileZillaFTP\FileZillaServer.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: mysql - Unknown owner - P:\xampp\mysql\bin\mysqld.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SiriuswareUpdate - Siriusware, Inc. - C:\Program Files (x86)\Siriusware\SiriuswareUpdate.exe O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: SonicWALL CDP Agent Service (SonicWALLCDPAgent) - SonicWALL, Inc. - C:\Program Files (x86)\SonicWALL\SonicWALL Continuous Data Protection\CDPAgentService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files (x86)\UltraVNC\WinVNC.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11116 bytes
- December 12, 2012
- 33 replies
Google redirect - new variant?

andTo86 replied to andTo86's topic in Resolved Malware Removal Logs

I'm not sure if my last post wasn't clear - Firefox is fine, internet explorer is strange. I reset firefox and rebooted anyway. Firefox is still normal, and IE is still strange. Thanks!
- December 11, 2012
- 33 replies
Google redirect - new variant?

andTo86 replied to andTo86's topic in Resolved Malware Removal Logs

Firefox still seems to be ok. After running the OTL fix, IE seemed to be working much better, loaded google instantly, but then crashed on the very first test page I visited - an article on wired.com. Now it's behaving strange again - long page loads on everything other than google.
- December 11, 2012
- 33 replies
Google redirect - new variant?

andTo86 replied to andTo86's topic in Resolved Malware Removal Logs

Looks better this time: ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found. Registry value HKEY_USERS\S-1-5-80-1695898196-1825476648-513549388-626041723-1784616795\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. C:\Users\marks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk moved successfully. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\Windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Starting removal of ActiveX control Garmin Communicator Plug-In Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully. File Protocol\Handler\ms-help - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11\ deleted successfully. File Protocol\Handler\mso-offdap11 - No CLSID value found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\andys\Desktop\cmd.bat deleted successfully. C:\Users\andys\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: administrator User: All Users User: andys ->Java cache emptied: 13151615 bytes User: Default User: Default User User: marks ->Java cache emptied: 0 bytes User: MSSQL$SQLEXPR12 User: Public User: TEMP User: TEMP.SKIBEARCREEK Total Java Files Cleaned = 13.00 mb [EMPTYFLASH] User: administrator ->Flash cache emptied: 0 bytes User: All Users User: andys ->Flash cache emptied: 719 bytes User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: marks ->Flash cache emptied: 0 bytes User: MSSQL$SQLEXPR12 ->Flash cache emptied: 0 bytes User: Public User: TEMP ->Flash cache emptied: 0 bytes User: TEMP.SKIBEARCREEK Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12112012_104715
- December 11, 2012
- 33 replies
Google redirect - new variant?

andTo86 replied to andTo86's topic in Resolved Malware Removal Logs

OTL didn't ask for a reboot. I haven't seen any symptoms of google redirects, firefox seems normal, but IE is still behaving strange - blank window for 2-3 minutes when you try to load a page, and wierd DNS requests - view.atmdt.com.nsatc.com, c.msn.com.nsatc.com, for instance. OTL Log: Error: Unable to interpret <:OTLFF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundO3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.O4 - HKU\S-1-5-80-1695898196-1825476648-513549388-626041723-1784616795..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - Startup: C:\Users\marks\AppData\Roaming\Micro> in the current context! Error: Unable to interpret <soft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not foundO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)O18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.:Filesipconfig /flushdns /c:Commands[PURITY][emptyjava][EMPTYFLASH]> in the current context! OTL by OldTimer - Version 3.2.69.0 log created on 12102012_153952
- December 10, 2012
- 33 replies
Google redirect - new variant?

andTo86 replied to andTo86's topic in Resolved Malware Removal Logs

I'll be more careful Ran the MS fixit button then reset IE again, then ran OTL: _____________________________________________________________________________________________________________ OTL.txt: _____________________________________________________________________________________________________________ OTL logfile created on: 12/10/2012 2:11:41 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andys\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.99 Gb Total Physical Memory | 5.61 Gb Available Physical Memory | 70.22% Memory free 15.98 Gb Paging File | 13.39 Gb Available in Paging File | 83.78% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931.41 Gb Total Space | 857.46 Gb Free Space | 92.06% Space Free | Partition Type: NTFS Drive P: | 931.51 Gb Total Space | 797.55 Gb Free Space | 85.62% Space Free | Partition Type: NTFS Computer Name: POSADMIN_DESKTO | User Name: andys | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\andys\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC) PRC - P:\xampp\mysql\bin\mysqld.exe () PRC - P:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\SonicWALL\SonicWALL Continuous Data Protection\CDPAgentService.exe (SonicWALL, Inc.) PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files (x86)\UltraVNC\winvnc.exe (UltraVNC) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (bbagent) -- C:\Program Files\Barracuda\Barracuda Backup Agent\win\x86_64\bbwinsdr.exe (Barracuda Networks, Inc.) SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC) SRV - (mysql) -- P:\xampp\mysql\bin\mysqld.exe () SRV - (Apache2.4) -- P:\xampp\apache\bin\httpd.exe (Apache Software Foundation) SRV - (FileZillaServer) -- P:\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project) SRV - (SiriuswareUpdate) -- C:\Program Files (x86)\Siriusware\SiriuswareUpdate.exe (Siriusware, Inc.) SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation) SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SonicWALLCDPAgent) -- C:\Program Files (x86)\SonicWALL\SonicWALL Continuous Data Protection\CDPAgentService.exe (SonicWALL, Inc.) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (winvnc) -- C:\Program Files (x86)\UltraVNC\winvnc.exe (UltraVNC) ========== Driver Services (SafeList) ========== DRV:64bit: - (WpsHelper) -- C:\Windows\SysNative\drivers\wpshelper.sys (Symantec Corporation) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation) DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.) DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (ser2attr) -- C:\Windows\SysNative\drivers\ser2attr64.sys (Tripp Lite) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (WPS) -- C:\Windows\SysNative\drivers\WPSDRVnt.sys (Symantec Corporation) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (Teefer2) -- C:\Windows\SysNative\drivers\Teefer2.sys (Symantec Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121209.006\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121209.006\eng64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation) DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 C8 28 0C C9 A5 CB 01 [binary data] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 C8 28 0C C9 A5 CB 01 [binary data] IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-57989841-1482476501-725345543-1354\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-57989841-1482476501-725345543-1354\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-57989841-1482476501-725345543-1354\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-57989841-1482476501-725345543-1354\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 E3 FA 5C 08 D7 CD 01 [binary data] IE - HKU\S-1-5-21-57989841-1482476501-725345543-1354\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-57989841-1482476501-725345543-1354\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://www.google.com/" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/04 15:13:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/04 15:13:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/07 10:15:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andys\AppData\Roaming\mozilla\Extensions [2012/12/04 15:13:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/12/04 15:13:32 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/10/24 12:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/10/24 12:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/12/04 16:26:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKU\S-1-5-21-57989841-1482476501-725345543-1354..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe () O4 - HKU\S-1-5-21-57989841-1482476501-725345543-1354..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-57989841-1482476501-725345543-1354..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-80-1695898196-1825476648-513549388-626041723-1784616795..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-80-1695898196-1825476648-513549388-626041723-1784616795..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\andys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O4 - Startup: C:\Users\marks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-57989841-1482476501-725345543-1354\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-57989841-1482476501-725345543-1354\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-57989841-1482476501-725345543-1354\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-80-1695898196-1825476648-513549388-626041723-1784616795\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} http://catermate/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=003qbt24xm5zppzdjihwctzx&ControlID=c89f4bf62c6b49b29de559a8ed36cbb0&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab (RSClientPrint 2005 Class) O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab (Citrix ICA Client) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://video.byremote.net/activex/AxisCamControl.cab (CamImage Class) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://24.229.44.162:8081/activex/AMC.cab (AxisMediaControlEmb Class) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kace.webex.com/client/T27LB/nbr/ieatgpc1.cab (GpcContainer Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} http://bbremote.dynalias.com:4000/user/TSBnwCam.CAB (TSBnwCam Control) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.42.8 192.168.42.45 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skibearcreek.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDDCB956-BF4D-452C-875D-30829D9702B4}: DhcpNameServer = 192.168.42.8 192.168.42.45 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/02/14 13:28:27 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/10 14:10:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\andys\Desktop\OTL.exe [2012/12/06 09:32:06 | 000,000,000 | ---D | C] -- C:\Users\andys\Desktop\Old Firefox Data [2012/12/05 17:27:59 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\andys\Desktop\aswMBR.exe [2012/12/05 17:25:46 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\andys\Desktop\tdsskiller.exe [2012/12/04 16:14:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/12/04 16:14:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/12/04 16:14:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/12/04 16:14:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/12/04 16:13:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/12/04 16:09:27 | 000,000,000 | ---D | C] -- C:\Users\andys\AppData\Local\VirtualStore [2012/12/04 16:05:48 | 005,009,321 | R--- | C] (Swearware) -- C:\Users\andys\Desktop\ComboFix.exe [2012/12/04 15:13:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/12/04 09:38:58 | 000,000,000 | ---D | C] -- C:\Users\andys\Desktop\RK_Quarantine [2012/12/03 14:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012/12/03 14:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/12/03 14:21:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012/11/30 15:33:39 | 000,000,000 | ---D | C] -- C:\found.000 [2012/11/30 13:46:57 | 000,000,000 | ---D | C] -- C:\Users\andys\AppData\Roaming\SUPERAntiSpyware.com [2012/11/30 13:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012/11/30 13:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012/11/30 13:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012/11/30 11:43:14 | 000,000,000 | ---D | C] -- C:\Users\andys\Documents\mbar-1.01.0.1009 [2012/11/30 09:19:02 | 000,000,000 | ---D | C] -- C:\Users\andys\Desktop\GooredFix Backups [2012/11/29 16:58:10 | 000,000,000 | ---D | C] -- C:\Users\andys\AppData\Local\Apple Computer [2012/11/29 15:03:53 | 000,000,000 | ---D | C] -- C:\FRST [2012/11/29 10:01:43 | 000,000,000 | ---D | C] -- C:\Users\andys\AppData\Roaming\Malwarebytes [2012/11/29 10:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/29 10:01:35 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/11/29 10:01:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/11/29 10:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/11/27 10:38:42 | 000,000,000 | ---D | C] -- C:\Users\andys\AppData\Local\Temporary Projects [2012/11/20 16:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\roomMaster for Windows [2012/11/16 16:35:41 | 000,048,512 | ---- | C] (Datacard Corp.) -- C:\Windows\SysNative\crdnmon.dll [2012/11/16 16:33:59 | 000,000,000 | ---D | C] -- C:\CardPrinter [2012/11/16 16:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Datacard Card Printers [2012/11/16 16:11:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Datacard Card Printers [2012/11/16 16:05:05 | 000,000,000 | ---D | C] -- C:\Users\andys\AppData\Roaming\Hex-Rays [2012/11/16 16:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDA Pro Free [2012/11/16 16:04:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDA Free [2012/11/15 03:09:38 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012/11/15 03:09:38 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012/11/15 03:03:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/11/15 03:03:56 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/11/15 03:03:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/11/15 03:03:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/11/15 03:03:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/11/15 03:03:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/11/15 03:03:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/11/15 03:03:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/11/15 03:03:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/11/15 03:03:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/11/15 03:03:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/11/15 03:03:54 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/11/15 03:03:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/11/15 03:03:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/11/15 03:03:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/11/15 03:01:04 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012/11/15 03:01:04 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012/11/15 03:01:04 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012/11/15 03:01:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012/11/14 09:05:14 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012/11/14 09:05:14 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012/11/14 09:05:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012/11/14 09:05:01 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012/11/14 09:05:01 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012/11/14 09:05:01 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012/11/14 09:05:01 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012/11/14 09:05:01 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012/11/14 09:05:01 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012/11/14 09:04:34 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012/11/14 09:04:34 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012/11/13 14:56:48 | 000,000,000 | ---D | C] -- C:\Users\andys\AppData\Local\Adobe [2012/11/13 11:34:47 | 000,000,000 | ---D | C] -- C:\Users\andys\AppData\Roaming\Ditto [2012/11/13 11:34:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto [2012/11/13 11:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ditto [2012/11/13 11:29:46 | 000,000,000 | ---D | C] -- C:\Users\andys\AppData\Local\Macromedia [2012/11/12 10:12:12 | 000,000,000 | ---D | C] -- C:\Users\andys\AppData\Local\ElevatedDiagnostics [2012/11/12 09:16:36 | 000,000,000 | ---D | C] -- C:\Users\andys\reptool [2012/11/12 09:16:24 | 000,000,000 | ---D | C] -- C:\Users\andys\eqlgroupmgr ========== Files - Modified Within 30 Days ========== [2012/12/10 14:10:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andys\Desktop\OTL.exe [2012/12/10 14:01:32 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/10 14:01:32 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/10 13:54:34 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/10 13:53:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/10 13:53:06 | 2140,422,143 | -HS- | M] () -- C:\hiberfil.sys [2012/12/07 12:45:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1482476501-725345543-2304UA.job [2012/12/07 12:41:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/06 17:07:02 | 000,143,996 | ---- | M] () -- C:\Users\andys\Desktop\Packet Dump - google redirect.pcapng [2012/12/06 13:47:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0ad9d2b7-7e8e-4ed9-af77-835f1f9f565d.job [2012/12/06 09:45:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1482476501-725345543-2304Core.job [2012/12/06 02:00:40 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0f4968e7-1e9a-4b8c-aa51-916e82b7b2d1.job [2012/12/05 17:48:36 | 000,000,512 | ---- | M] () -- C:\Users\andys\Desktop\MBR.dat [2012/12/05 17:28:24 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\andys\Desktop\aswMBR.exe [2012/12/05 17:25:51 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\andys\Desktop\tdsskiller.exe [2012/12/04 16:26:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/12/04 16:05:56 | 005,009,321 | R--- | M] (Swearware) -- C:\Users\andys\Desktop\ComboFix.exe [2012/12/03 14:21:59 | 000,001,278 | ---- | M] () -- C:\Users\andys\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/12/03 14:21:59 | 000,001,254 | ---- | M] () -- C:\Users\andys\Desktop\Spybot - Search & Destroy.lnk [2012/11/30 13:46:56 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/11/29 10:01:36 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/29 10:00:28 | 001,090,338 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/29 10:00:28 | 000,880,658 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/29 10:00:28 | 000,204,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/28 09:48:14 | 000,000,838 | ---- | M] () -- C:\Users\andys\Desktop\Sales32c.ini - Shortcut.lnk [2012/11/27 11:52:59 | 000,002,028 | -H-- | M] () -- C:\Users\andys\Documents\Default.rdp [2012/11/26 13:53:10 | 000,000,218 | ---- | M] () -- C:\Users\andys\AppData\Local\recently-used.xbel [2012/11/26 10:42:09 | 001,972,000 | ---- | M] () -- C:\Users\andys\Desktop\Maps and Views - 2012-11-26.avc [2012/11/20 16:42:31 | 000,001,571 | ---- | M] () -- C:\Users\Public\Desktop\roomMaster for Windows (Quick Start).lnk [2012/11/20 16:42:31 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\roomMaster Help.lnk [2012/11/20 09:14:17 | 000,749,275 | ---- | M] () -- C:\Users\andys\Desktop\Sasquatch.zip [2012/11/16 16:11:07 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Diagnostics for Card Printers.lnk [2012/11/16 16:04:48 | 000,000,915 | ---- | M] () -- C:\Users\andys\Desktop\IDA Pro Free.lnk [2012/11/15 09:01:26 | 000,001,129 | ---- | M] () -- C:\Users\andys\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2012/11/15 03:32:58 | 005,452,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012/12/06 17:07:02 | 000,143,996 | ---- | C] () -- C:\Users\andys\Desktop\Packet Dump - google redirect.pcapng [2012/12/05 17:48:36 | 000,000,512 | ---- | C] () -- C:\Users\andys\Desktop\MBR.dat [2012/12/04 16:14:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/12/04 16:14:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/12/04 16:14:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/12/04 16:14:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/12/04 16:14:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/12/03 14:21:59 | 000,001,278 | ---- | C] () -- C:\Users\andys\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/12/03 14:21:59 | 000,001,254 | ---- | C] () -- C:\Users\andys\Desktop\Spybot - Search & Destroy.lnk [2012/11/30 13:47:00 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0f4968e7-1e9a-4b8c-aa51-916e82b7b2d1.job [2012/11/30 13:47:00 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0ad9d2b7-7e8e-4ed9-af77-835f1f9f565d.job [2012/11/30 13:46:56 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/11/29 10:01:36 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/28 09:48:14 | 000,000,838 | ---- | C] () -- C:\Users\andys\Desktop\Sales32c.ini - Shortcut.lnk [2012/11/26 13:53:10 | 000,000,218 | ---- | C] () -- C:\Users\andys\AppData\Local\recently-used.xbel [2012/11/26 10:45:50 | 001,972,000 | ---- | C] () -- C:\Users\andys\Desktop\Maps and Views - 2012-11-26.avc [2012/11/20 16:42:31 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\roomMaster Help.lnk [2012/11/20 09:14:17 | 000,749,275 | ---- | C] () -- C:\Users\andys\Desktop\Sasquatch.zip [2012/11/16 16:11:07 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Diagnostics for Card Printers.lnk [2012/11/16 16:04:48 | 000,000,915 | ---- | C] () -- C:\Users\andys\Desktop\IDA Pro Free.lnk [2012/11/15 03:09:42 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/15 03:01:04 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/09/06 09:38:48 | 000,000,017 | ---- | C] () -- C:\Users\andys\AppData\Local\resmon.resmoncfg [2012/09/06 09:10:22 | 000,001,034 | RHS- | C] () -- C:\Users\andys\ntuser.pol [2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/02/01 14:27:51 | 000,006,977 | ---- | C] () -- C:\Windows\SigPlus.ini [2009/12/31 17:29:20 | 000,006,075 | RHS- | C] () -- C:\ProgramData\ntuser.pol ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > ________________________________________________________________________________________________________ Extras.txt: ________________________________________________________________________________________________________ OTL Extras logfile created on: 12/10/2012 2:11:41 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andys\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.99 Gb Total Physical Memory | 5.61 Gb Available Physical Memory | 70.22% Memory free 15.98 Gb Paging File | 13.39 Gb Available in Paging File | 83.78% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931.41 Gb Total Space | 857.46 Gb Free Space | 92.06% Space Free | Partition Type: NTFS Drive P: | 931.51 Gb Total Space | 797.55 Gb Free Space | 85.62% Space Free | Partition Type: NTFS Computer Name: POSADMIN_DESKTO | User Name: andys | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0114D64E-3CC9-4434-965D-31A5A215E450}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{04B97CBE-D4EB-4554-8F2B-583426BC0C13}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{37A040DF-5286-4BC7-BFA3-C05E981FB589}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{4114FCC9-6D44-4B94-A9DA-35B6804D7686}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{58A28603-8E39-44BE-983F-11EA8CB9A7D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8D0AC6E7-1391-4485-AF6B-5087C93EE539}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B41B5F8D-987F-4F67-AAEA-CE9A3BC2D914}" = lport=5120 | protocol=6 | dir=in | app=c:\program files\barracuda\barracuda backup agent\win\x86_64\bbwinsdr.exe | "{B6ECAF0F-7DFD-45F7-B08B-E07ABB95DC58}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{BC8BB870-6E97-4A9B-B622-0B280E8B024C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DC053FA3-92D7-4902-9F6A-4695A9A71BED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E1D8B25F-4081-4503-A778-FBD2C4714013}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E262D4D7-6A3D-4370-9335-81DA1677DD6A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05AFE76A-FBF3-417D-86C9-31F86FEA55C0}" = protocol=17 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\cdpagentservice.exe | "{0920B9E3-E585-4372-9111-858F22250756}" = protocol=17 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe | "{0D51FCE6-8818-463F-AFDB-3E41704BB2CB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{10A52524-A21D-405B-850E-F08D90F37A43}" = protocol=6 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe | "{15FECCBC-FF36-47B7-B351-D8E579DB582B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe | "{1ABD5DBC-9122-48FC-8208-B03BDD1EB58B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{1BF18825-C2A2-4C71-8356-084EC851939E}" = protocol=6 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe | "{23E4A286-0F4B-48F1-84E2-D6EE76157406}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe | "{2C5712FC-7974-4AC1-A053-F4EEB4BE12BA}" = protocol=17 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\cdpautoupdate.exe | "{34EBF201-D456-49C0-BB9E-B151F264D235}" = protocol=6 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\lasso.client.exe | "{35733B4C-BD7A-436D-B0E8-59D1549D43BA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{358DFF7D-DBBE-46D7-831B-2303B219FFE8}" = protocol=6 | dir=in | app=c:\users\marks\appdata\roaming\dropbox\bin\dropbox.exe | "{3A7816CD-2B2D-4EEF-9789-DE8E115B892F}" = protocol=17 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\cdpautoupdate.exe | "{3CD59204-E72C-4D13-95E7-D598B60631C1}" = protocol=6 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\cdpagentservice.exe | "{3EDF64E7-EC94-4AA5-97F5-D6A8BF5CBB99}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe | "{41E9DBE5-85AD-42C2-AAEA-40CDC9A1DEBA}" = protocol=6 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\cdpautoupdate.exe | "{472DCC64-C078-4D99-842E-4DE230E1D9D4}" = protocol=17 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\lasso.client.exe | "{5B3A57D5-2519-478E-BF0D-9462812E249D}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe | "{62D9CC6D-C582-48A2-BEF1-80D1985D5B59}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6765826D-362B-4F6D-800B-DEA24F2FA176}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe | "{7941685E-624D-432E-A04B-A84C7E2A561E}" = protocol=6 | dir=out | app=c:\program files\barracuda\barracuda backup agent\win\x86_64\bbwinsdr.exe | "{85BA07B2-ED91-40EB-A300-62B0233EF8B9}" = protocol=6 | dir=in | app=c:\program files\avigilon\avigilon control center client\dvrclientclrapp_u.exe | "{908D140A-3541-469C-B0A2-0E0AF797733F}" = protocol=6 | dir=in | app=c:\users\andys\appdata\roaming\dropbox\bin\dropbox.exe | "{9097F854-5485-4AC6-83B1-1E08C1CC63CF}" = protocol=17 | dir=in | app=c:\program files\avigilon\avigilon control center client\dvrclientclrapp_u.exe | "{9967EC69-923B-40D9-A58A-F5B9FC39F81E}" = protocol=6 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\cdpautoupdate.exe | "{9E2B1A9E-A625-44E1-969D-B1B08F09DB99}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe | "{9F8DCA9E-08B4-4D6F-855A-210AED5EBD91}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe | "{A3F02C77-7366-4311-A245-699FBE56824E}" = protocol=17 | dir=in | app=c:\users\marks\appdata\roaming\dropbox\bin\dropbox.exe | "{A7382291-490F-47DB-B393-22FAE211AC92}" = protocol=17 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\lasso.client.exe | "{A74C4E2A-18C6-4C09-BA60-6F6C2833D8A5}" = protocol=17 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\cdpagentservice.exe | "{ABADC930-7D6A-45A9-8ABF-8D1FB0FD4186}" = protocol=17 | dir=in | app=c:\users\andys\appdata\roaming\dropbox\bin\dropbox.exe | "{AED7B905-1C1E-4F62-B8A5-C79759893203}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BB45356B-2C55-4D6B-8E76-0E513E2FD6DE}" = protocol=17 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe | "{BD5E329F-A311-4F85-8F73-220FC8F11F4B}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe | "{E893E10D-4D1D-4450-ABEC-E730F6C22EE7}" = protocol=6 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\lasso.client.exe | "{EF68E299-C45C-46A4-A64F-FD6D54507495}" = protocol=6 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\cdpagentservice.exe | "{F429F7BC-FBC4-4BD3-A7B4-2C07E29D56D0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{F82E6B6C-6812-4B13-8BAA-2C3998A430BD}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe | "{FFAE1B47-F3F2-404E-814B-B15B0541B894}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe | "TCP Query User{2036C728-15D1-4AAD-9CA0-004C50C14813}C:\program files\ditto\ditto.exe" = protocol=6 | dir=in | app=c:\program files\ditto\ditto.exe | "TCP Query User{577FC247-526D-410C-98FA-6D209E26DC8C}C:\users\marks\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\marks\appdata\local\akamai\netsession_win.exe | "TCP Query User{939A1231-22BB-41BE-83C8-E8E95D881E32}C:\users\mark schroetel\appdata\local\temp\{eb6b8130-8b18-11d4-9f50-00010243dbda}\bisrvloc.exe" = protocol=6 | dir=in | app=c:\users\mark schroetel\appdata\local\temp\{eb6b8130-8b18-11d4-9f50-00010243dbda}\bisrvloc.exe | "TCP Query User{C9553F64-3537-4D7A-9F8F-E83FB2183BC1}P:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=p:\xampp\apache\bin\httpd.exe | "UDP Query User{0156F520-74B1-4EBF-B451-002FCF8F7E2F}C:\users\mark schroetel\appdata\local\temp\{eb6b8130-8b18-11d4-9f50-00010243dbda}\bisrvloc.exe" = protocol=17 | dir=in | app=c:\users\mark schroetel\appdata\local\temp\{eb6b8130-8b18-11d4-9f50-00010243dbda}\bisrvloc.exe | "UDP Query User{0427192D-198E-47B8-9756-3E276FBBCFEE}C:\users\marks\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\marks\appdata\local\akamai\netsession_win.exe | "UDP Query User{12833BAE-5956-430E-97E6-B9531309AF4A}P:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=p:\xampp\apache\bin\httpd.exe | "UDP Query User{AF07828C-B0A9-443D-A92E-83806EE526B2}C:\program files\ditto\ditto.exe" = protocol=17 | dir=in | app=c:\program files\ditto\ditto.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0C6C4C8A-3B96-4681-90BA-0E15CDE96298}" = Microsoft SQL Server 2008 Management Studio "{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool "{108C8C1D-DA02-4A6C-94CD-5603F6A6FC72}" = Microsoft SQL Server 2008 Management Studio "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java 6 Update 30 (64-bit) "{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}" = Microsoft SQL Server 2008 Native Client "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}" = Microsoft VSS Writer for SQL Server 2012 "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{530992D4-DDBA-4F68-8B0D-FF50AC57531B}" = Symantec Endpoint Protection "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6292D514-17A4-403F-98F9-E150F10C043D}" = Microsoft SQL Server 2008 Setup Support Files "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{751EE164-9F12-4E57-ADB0-02D8F34A10AD}" = Microsoft SQL Server Native Client "{7C903D14-7EF4-4B71-BF78-2BCAFC499EB1}" = SQLXML4 "{7E587F58-50BE-3557-89F6-14D99CB5FB2A}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{7E84C38A-25FF-42C8-AD63-09A9CB3F9D17}" = Avigilon Control Center Client "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8ECC12DC-7819-402A-B54E-A991558C81B1}" = Oracle VM VirtualBox 4.2.0 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU "{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{C92556F2-4950-48CF-ABA3-F0026B05BCE8}" = Microsoft SQL Server 2005 Backward compatibility "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU "{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1 "{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1" = PDF-XChange 4 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F7ADB493-B913-4D61-9A63-DA736C20C3F2}" = Adobe Photoshop Lightroom 4.1 64-bit "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "Barracuda Backup Agent" = Barracuda Backup Agent "Ditto_is1" = Ditto "Kyocera Product Library" = Kyocera Product Library "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1 "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit) "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit) "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "MosChip Semiconductor Technology Ltd" = PCIe to Peripheral Adaptor "SiriuswareNovaPDF_is1" = SiriuswareNovaPDF (novaPDF 7.4 printer) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{004C3C75-9F69-4A85-98EE-BCBF8FD18EF7}" = NDMS "{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}" = Microsoft SQL Server 2005 Books Online (English) "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver "{124D51A1-F3C2-45AE-B812-D3CA71247093}" = SQL Server 2012 Common Files "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2 "{1DD463C0-A50A-4394-B7E4-5895C02F9E0D}" = Microsoft SQL Server 2005 Tools "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FB36F6C-7CF6-4C83-BAB2-40CF52C58A41}" = Siriusware Sales "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java 6 Update 30 "{2EF79043-1AFC-49DD-B94B-2C067525E217}" = Update Siriusware 41 "{30CA21F2-901A-44DB-A43F-FC31CD0F2493}" = Sql Server Customer Experience Improvement Program "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B9E6EB0-0EED-4E74-9479-F982C3254F71}" = SQL Server Browser for SQL Server 2012 "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{54F84805-0116-467F-8713-899DFC472235}" = SQL Server 2012 Database Engine Shared "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1 "{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR "{6E20CA13-B6C8-4169-B382-3D5677C2940F}" = Diagnostics for Card Printers "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7D29ED63-84F9-4EC7-B49F-994A3A3195B2}" = SQL Server 2012 Common Files "{7E664C9F-0341-11F9-39F7-E2493FACF037}" = Adobe® Content Viewer "{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}" = Microsoft SQL Server 2008 R2 Management Objects "{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU "{87D50333-E534-493A-8E98-0A49BC28F64B}" = SQL Server 2012 Database Engine Services "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_VISSTD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_VISSTD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}_VISSTD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_VISSTD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_VISSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0053-0000-0000-0000000FF1CE}" = Microsoft Office Visio Standard 2007 "{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3) "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007 "{90120000-0054-0409-0000-0000000FF1CE}_VISSTD_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}_VISSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}_VISSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_VISSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007 "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92AD6BAB-3C60-4C21-8DC2-C84AD816515A}" = Datacard e-Guide - SP Series "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CCE40CE-A9E6-4916-8729-B008558EEF3F}" = Microsoft Report Viewer 2012 Runtime "{9D3AADF9-5EFB-4EB5-8569-4247827DA7E5}" = Delphi Diagrams "{A3A77807-E352-4786-BA53-7EF8DAFF69D5}" = Avigilon Control Center Player "{A7FE99B6-E077-4F52-BC6A-E24C338F3C23}" = Crystal Reports XI Release 2 .NET 2005 Server "{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4 "{AD15759F-488D-442C-A8B4-C4FEEACFA939}" = SQL Server 2012 Management Studio "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{C22613C2-C7A4-4761-A906-116ECD4E7477}" = SQL Server 2012 Database Engine Services "{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU "{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}" = Microsoft SQL Server System CLR Types "{CB1177DD-0316-4C93-A5AE-BBF1E2B7F07E}" = SQL Server 2012 Management Studio "{CEA86648-87FA-4775-8F3B-A57F720BAE85}" = Microsoft SQL Server 2012 Setup (English) "{CF60BEA8-D816-4F0D-9A34-91782537D85B}" = Siriusware ReportManager "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D0F44C37-A22B-4733-BBA7-86C9F4988725}" = SQL Server 2012 Database Engine Shared "{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files "{D53FF78E-F3AC-4C63-AFE6-96FE727B65CD}" = Siriusware CommonFiles4058 "{D5DCEC84-E9FC-44DA-AA6E-916E8621B870}" = Siriusware SysManager "{D64B6984-242F-32BC-B008-752806E5FC44}" = Microsoft Visual Studio 2010 Shell (Isolated) - ENU "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1 "{DFB059F4-DBB2-497F-999E-AD86FA90E6DD}" = Microsoft SQL Server 2012 RsFx Driver "{E0D23AD6-D198-40DD-8F03-942DE048895A}" = Delphi Workstation "{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012 "{E35560A2-24EC-44F5-88D2-BEAB50C9C6CE}" = Diagrams AP Installer "{E61925A2-F785-413E-B245-B8EB12AE24E0}" = SonicWALL Continuous Data Protection "{EA710A0A-BF5D-433C-8EB5-D17DC54CC298}" = Microsoft Office Live Meeting 2007 "{EB6B8130-8B18-11D4-9F50-00010243DBDA}" = Hummingbird BI Query "{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F51445E9-DB1D-4F84-ABCA-E7B85C92A31B}" = Newmarket DelphiSync "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "2849-8758-5167-8645" = OneSwarm 0.7.5 "ActiveTouchMeetingClient" = Cisco WebEx Meetings "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2 "Autodesk Design Review 2011" = Autodesk Design Review 2011 "Avigilon Control Center Client" = Avigilon Control Center Client "Avigilon Control Center Player" = Avigilon Control Center Player "AXIS Media Control Embedded" = AXIS Media Control Embedded "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager "Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32 "com.adobe.dmp.contentviewer" = Adobe® Content Viewer "DiskAid_is1" = DiskAid 5.09 "Foxit Reader_is1" = Foxit Reader "IDA Pro Free_is1" = IDA Pro Free v5.0 "ImgBurn" = ImgBurn "InstallShield_{004C3C75-9F69-4A85-98EE-BCBF8FD18EF7}" = NDMS "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "InstallShield_{E0D23AD6-D198-40DD-8F03-942DE048895A}" = Newmarket Delphi Workstation "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation) "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Microsoft SQL Server 11" = Microsoft SQL Server 2012 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft SQL Server SQLServer2012" = Microsoft SQL Server 2012 "Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1 "Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU "Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "PROR" = Microsoft Office Professional 2007 "SpeedFan" = SpeedFan (remove only) "Ultravnc2_is1" = UltraVnc "VISSTD" = Microsoft Office Visio Standard 2007 "WinPcapInst" = WinPcap 4.1.2 "Wireshark" = Wireshark 1.8.2 (64-bit) "xampp" = XAMPP 1.8.0 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10/18/2011 9:51:55 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 10/19/2011 4:23:36 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 10/20/2011 11:22:07 AM | Computer Name = GM_Desktop.skibearcreek.com | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 10/21/2011 6:16:37 AM | Computer Name = GM_Desktop.skibearcreek.com | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 10/21/2011 12:35:40 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Application Error | ID = 1000 Description = Faulting application name: EXCEL.EXE, version: 12.0.6565.5003, time stamp: 0x4e5fe1a6 Faulting module name: EXCEL.EXE, version: 12.0.6565.5003, time stamp: 0x4e5fe1a6 Exception code: 0xc0000005 Fault offset: 0x006298db Faulting process id: 0x102c Faulting application start time: 0x01cc8cf5c5eb1d90 Faulting application path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Report Id: b5da6fa6-fc02-11e0-b225-e0cb4e1200ef Error - 10/22/2011 1:29:05 AM | Computer Name = GM_Desktop.skibearcreek.com | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 10/22/2011 8:07:29 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 10/23/2011 3:27:42 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 10/26/2011 4:36:06 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Application Error | ID = 1000 Description = Faulting application name: WSCommCntr2.exe, version: 3.0.269.0, time stamp: 0x4c0c8ae0 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9 Exception code: 0xc0000005 Fault offset: 0x000000000004e4b4 Faulting process id: 0x16dc Faulting application start time: 0x01cc941ee1224412 Faulting application path: C:\Program Files\Common Files\Autodesk Shared\WSCommCntr\lib\WSCommCntr2.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 20d35952-0012-11e1-b225-e0cb4e1200ef Error - 10/30/2011 6:08:00 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Customer Experience Improvement Program | ID = 1008 Description = [ OSession Events ] Error - 4/12/2011 3:53:33 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22843 seconds with 2640 seconds of active time. This session ended with a crash. Error - 6/16/2011 9:02:06 AM | Computer Name = GM_Desktop.skibearcreek.com | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 82934 seconds with 6720 seconds of active time. This session ended with a crash. Error - 6/20/2011 8:14:32 AM | Computer Name = GM_Desktop.skibearcreek.com | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 570 seconds with 360 seconds of active time. This session ended with a crash. Error - 6/22/2011 5:47:26 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 205662 seconds with 8460 seconds of active time. This session ended with a crash. Error - 7/21/2011 12:43:40 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4712 seconds with 300 seconds of active time. This session ended with a crash. Error - 10/21/2011 12:35:39 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 340889 seconds with 1380 seconds of active time. This session ended with a crash. Error - 11/11/2011 9:44:26 AM | Computer Name = GM_Desktop.skibearcreek.com | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 97 seconds with 0 seconds of active time. This session ended with a crash. Error - 11/22/2011 3:57:32 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2448 seconds with 780 seconds of active time. This session ended with a crash. Error - 4/5/2012 9:49:39 AM | Computer Name = GM_Desktop.skibearcreek.com | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 83340 seconds with 4380 seconds of active time. This session ended with a crash. Error - 7/14/2012 4:46:42 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 176791 seconds with 240 seconds of active time. This session ended with a crash. [ System Events ] Error - 12/6/2012 10:38:00 AM | Computer Name = Posadmin_Desktop.skibearcreek.com | Source = DCOM | ID = 10016 Description = Error - 12/6/2012 10:41:28 AM | Computer Name = Posadmin_Desktop.skibearcreek.com | Source = DCOM | ID = 10010 Description = Error - 12/6/2012 6:07:24 PM | Computer Name = Posadmin_Desktop.skibearcreek.com | Source = DCOM | ID = 10010 Description = Error - 12/7/2012 11:02:03 AM | Computer Name = Posadmin_Desktop.skibearcreek.com | Source = DCOM | ID = 10016 Description = Error - 12/7/2012 11:35:07 AM | Computer Name = Posadmin_Desktop.skibearcreek.com | Source = NETLOGON | ID = 5783 Description = The session setup to the Windows NT or Windows 2000 Domain Controller \\PDC.skibearcreek.com for the domain SKIBEARCREEK is not responsive. The current RPC call from Netlogon on \\POSADMIN_DESKTO to \\PDC.skibearcreek.com has been cancelled. Error - 12/7/2012 1:06:30 PM | Computer Name = Posadmin_Desktop.skibearcreek.com | Source = DCOM | ID = 10010 Description = Error - 12/10/2012 11:25:25 AM | Computer Name = Posadmin_Desktop.skibearcreek.com | Source = DCOM | ID = 10016 Description = Error - 12/10/2012 11:38:41 AM | Computer Name = Posadmin_Desktop.skibearcreek.com | Source = DCOM | ID = 10010 Description = Error - 12/10/2012 2:54:56 PM | Computer Name = Posadmin_Desktop.skibearcreek.com | Source = DCOM | ID = 10016 Description = Error - 12/10/2012 2:59:10 PM | Computer Name = Posadmin_Desktop.skibearcreek.com | Source = DCOM | ID = 10010 Description = < End of report >
- December 10, 2012
- 33 replies
Google redirect - new variant?

andTo86 replied to andTo86's topic in Resolved Malware Removal Logs

Ok I just realized that I missed this step when I reset internet explorer: "first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737" Should I go back and do that? Sorry!
- December 10, 2012
- 33 replies
Google redirect - new variant?

andTo86 replied to andTo86's topic in Resolved Malware Removal Logs

Also, I'm getting a popup to update java - should I do that now?
- December 7, 2012
- 33 replies
Google redirect - new variant?

andTo86 replied to andTo86's topic in Resolved Malware Removal Logs

Ok - I cleaned out IE. It's still behaving strange, with occasional long pauses when browsing.
- December 7, 2012
- 33 replies
Google redirect - new variant?

andTo86 replied to andTo86's topic in Resolved Malware Removal Logs

I haven't seen any redirected search results since reseting firefox, but Internet explorer is still acting very strange, and I'm not sure if it's related to the problem or if it's just broken. It loads google instantly, but when you search and click on a link, occasionally the page is just blank for a minute or two. The address bar shows the address of the target, but I get a spinning progress circle up on the tab, and when I look in wireshark, I see a bunch of DNS requests for wierd sites - tag.admeld.com, bid.openx.net, view.atdmt.com, tap.rubiconproject.com, b.scorecardresearch.com, socialprofiles.zenfs.com, s7.addthis.com. I know that these could be normal ads, but there aren't any ads on the pages I'm looking for. Should I be concerned about these strange queries?
- December 6, 2012
- 33 replies
Google redirect - new variant?

andTo86 replied to andTo86's topic in Resolved Malware Removal Logs

Ok I ran those tools; results are below. It could be coincidence, but it seems as if the problem goes away when I'm browsing the malwarebytes forum and comes back when I haven't been there for a few minutes, as if it knows that I'm aware. IE also started occasionally locking up if I have more than one window open. The second window just goes transaprent and shows whatever screen is behind it. I can move it around with the title bar and it closes, but occasionally it takes a few minutes. It's an intel core i7 with 8 gigs of ram, so it's not just being slow. TDSSKiller: 17:25:58.0840 5364 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 17:25:59.0105 5364 ============================================================ 17:25:59.0105 5364 Current date / time: 2012/12/05 17:25:59.0105 17:25:59.0105 5364 SystemInfo: 17:25:59.0105 5364 17:25:59.0105 5364 OS Version: 6.1.7601 ServicePack: 1.0 17:25:59.0105 5364 Product type: Workstation 17:25:59.0105 5364 ComputerName: POSADMIN_DESKTO 17:25:59.0105 5364 UserName: andys 17:25:59.0105 5364 Windows directory: C:\Windows 17:25:59.0105 5364 System windows directory: C:\Windows 17:25:59.0105 5364 Running under WOW64 17:25:59.0105 5364 Processor architecture: Intel x64 17:25:59.0105 5364 Number of processors: 8 17:25:59.0105 5364 Page size: 0x1000 17:25:59.0105 5364 Boot type: Normal boot 17:25:59.0105 5364 ============================================================ 17:25:59.0776 5364 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:25:59.0776 5364 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:25:59.0792 5364 ============================================================ 17:25:59.0792 5364 \Device\Harddisk0\DR0: 17:25:59.0792 5364 MBR partitions: 17:25:59.0792 5364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 17:25:59.0792 5364 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D2800 17:25:59.0792 5364 \Device\Harddisk1\DR1: 17:25:59.0792 5364 MBR partitions: 17:25:59.0792 5364 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74704000 17:25:59.0792 5364 ============================================================ 17:25:59.0823 5364 C: <-> \Device\Harddisk0\DR0\Partition2 17:26:00.0322 5364 P: <-> \Device\Harddisk1\DR1\Partition1 17:26:00.0322 5364 ============================================================ 17:26:00.0322 5364 Initialize success 17:26:00.0322 5364 ============================================================ 17:26:14.0097 5492 ============================================================ 17:26:14.0097 5492 Scan started 17:26:14.0097 5492 Mode: Manual; 17:26:14.0097 5492 ============================================================ 17:26:14.0674 5492 ================ Scan system memory ======================== 17:26:14.0674 5492 System memory - ok 17:26:14.0674 5492 ================ Scan services ============================= 17:26:14.0768 5492 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE 17:26:14.0768 5492 !SASCORE - ok 17:26:14.0939 5492 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 17:26:14.0939 5492 1394ohci - ok 17:26:14.0971 5492 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 17:26:14.0971 5492 ACPI - ok 17:26:15.0017 5492 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 17:26:15.0049 5492 AcpiPmi - ok 17:26:15.0111 5492 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 17:26:15.0158 5492 adp94xx - ok 17:26:15.0173 5492 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 17:26:15.0205 5492 adpahci - ok 17:26:15.0220 5492 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 17:26:15.0236 5492 adpu320 - ok 17:26:15.0267 5492 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 17:26:15.0267 5492 AeLookupSvc - ok 17:26:15.0314 5492 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 17:26:15.0329 5492 AFD - ok 17:26:15.0361 5492 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 17:26:15.0376 5492 agp440 - ok 17:26:15.0423 5492 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 17:26:15.0439 5492 ALG - ok 17:26:15.0454 5492 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 17:26:15.0470 5492 aliide - ok 17:26:15.0517 5492 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 17:26:15.0517 5492 AMD External Events Utility - ok 17:26:15.0548 5492 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 17:26:15.0563 5492 amdide - ok 17:26:15.0579 5492 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 17:26:15.0595 5492 AmdK8 - ok 17:26:15.0797 5492 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 17:26:15.0953 5492 amdkmdag - ok 17:26:15.0985 5492 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 17:26:15.0985 5492 amdkmdap - ok 17:26:16.0000 5492 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 17:26:16.0016 5492 AmdPPM - ok 17:26:16.0047 5492 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 17:26:16.0063 5492 amdsata - ok 17:26:16.0109 5492 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 17:26:16.0109 5492 amdsbs - ok 17:26:16.0125 5492 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 17:26:16.0125 5492 amdxata - ok 17:26:16.0203 5492 [ 44EE9285880603E2C7550541EA698D8D ] Apache2.4 P:\xampp\apache\bin\httpd.exe 17:26:16.0203 5492 Apache2.4 - ok 17:26:16.0281 5492 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 17:26:16.0297 5492 AppID - ok 17:26:16.0328 5492 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 17:26:16.0375 5492 AppIDSvc - ok 17:26:16.0390 5492 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 17:26:16.0390 5492 Appinfo - ok 17:26:16.0515 5492 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 17:26:16.0515 5492 Apple Mobile Device - ok 17:26:16.0577 5492 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 17:26:16.0577 5492 AppMgmt - ok 17:26:16.0609 5492 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 17:26:16.0640 5492 arc - ok 17:26:16.0655 5492 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 17:26:16.0687 5492 arcsas - ok 17:26:16.0796 5492 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 17:26:16.0827 5492 aspnet_state - ok 17:26:16.0858 5492 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 17:26:16.0858 5492 AsyncMac - ok 17:26:16.0889 5492 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 17:26:16.0889 5492 atapi - ok 17:26:17.0030 5492 [ 5A5DC741689E6E289FC6BA794B8B8E58 ] atashost C:\Windows\SysWOW64\atashost.exe 17:26:17.0030 5492 atashost - ok 17:26:17.0077 5492 [ FDA1E117A7E880BFF5540D180C06EA87 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 17:26:17.0092 5492 AtiHDAudioService - ok 17:26:17.0123 5492 [ 506934DF94E3197F4A1BBE8FBEAB0CCD ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 17:26:17.0123 5492 AtiHdmiService - ok 17:26:17.0295 5492 [ 60216B0E704584DE6D5A9F59E9C34C47 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 17:26:17.0326 5492 atikmdag - ok 17:26:17.0373 5492 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 17:26:17.0373 5492 AudioEndpointBuilder - ok 17:26:17.0388 5492 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 17:26:17.0388 5492 AudioSrv - ok 17:26:17.0420 5492 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 17:26:17.0451 5492 AxInstSV - ok 17:26:17.0498 5492 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 17:26:17.0529 5492 b06bdrv - ok 17:26:17.0560 5492 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 17:26:17.0591 5492 b57nd60a - ok 17:26:17.0716 5492 [ EC33F6D3595ADAD025E90EA2C666609A ] bbagent C:\Program Files\Barracuda\Barracuda Backup Agent\win\x86_64\bbwinsdr.exe 17:26:17.0716 5492 bbagent - ok 17:26:17.0747 5492 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 17:26:17.0747 5492 BDESVC - ok 17:26:17.0763 5492 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 17:26:17.0763 5492 Beep - ok 17:26:17.0825 5492 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 17:26:17.0825 5492 BFE - ok 17:26:17.0872 5492 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 17:26:17.0966 5492 BITS - ok 17:26:17.0966 5492 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 17:26:17.0966 5492 blbdrive - ok 17:26:18.0028 5492 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 17:26:18.0044 5492 Bonjour Service - ok 17:26:18.0059 5492 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 17:26:18.0059 5492 bowser - ok 17:26:18.0075 5492 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 17:26:18.0090 5492 BrFiltLo - ok 17:26:18.0090 5492 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 17:26:18.0122 5492 BrFiltUp - ok 17:26:18.0137 5492 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 17:26:18.0153 5492 BridgeMP - ok 17:26:18.0184 5492 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 17:26:18.0184 5492 Browser - ok 17:26:18.0215 5492 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 17:26:18.0231 5492 Brserid - ok 17:26:18.0246 5492 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 17:26:18.0262 5492 BrSerWdm - ok 17:26:18.0262 5492 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 17:26:18.0278 5492 BrUsbMdm - ok 17:26:18.0293 5492 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 17:26:18.0309 5492 BrUsbSer - ok 17:26:18.0324 5492 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 17:26:18.0340 5492 BTHMODEM - ok 17:26:18.0387 5492 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 17:26:18.0387 5492 bthserv - ok 17:26:18.0402 5492 catchme - ok 17:26:18.0480 5492 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe 17:26:18.0480 5492 ccEvtMgr - ok 17:26:18.0480 5492 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe 17:26:18.0480 5492 ccSetMgr - ok 17:26:18.0527 5492 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 17:26:18.0527 5492 cdfs - ok 17:26:18.0590 5492 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 17:26:18.0636 5492 cdrom - ok 17:26:18.0668 5492 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 17:26:18.0683 5492 CertPropSvc - ok 17:26:18.0699 5492 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 17:26:18.0699 5492 circlass - ok 17:26:18.0730 5492 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 17:26:18.0730 5492 CLFS - ok 17:26:18.0839 5492 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:26:18.0886 5492 clr_optimization_v2.0.50727_32 - ok 17:26:18.0902 5492 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:26:18.0902 5492 clr_optimization_v2.0.50727_64 - ok 17:26:19.0058 5492 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:26:19.0058 5492 clr_optimization_v4.0.30319_32 - ok 17:26:19.0104 5492 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:26:19.0120 5492 clr_optimization_v4.0.30319_64 - ok 17:26:19.0136 5492 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 17:26:19.0151 5492 CmBatt - ok 17:26:19.0182 5492 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 17:26:19.0198 5492 cmdide - ok 17:26:19.0229 5492 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 17:26:19.0229 5492 CNG - ok 17:26:19.0276 5492 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 17:26:19.0276 5492 Compbatt - ok 17:26:19.0323 5492 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 17:26:19.0323 5492 CompositeBus - ok 17:26:19.0323 5492 COMSysApp - ok 17:26:19.0354 5492 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 17:26:19.0370 5492 crcdisk - ok 17:26:19.0416 5492 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 17:26:19.0416 5492 CryptSvc - ok 17:26:19.0463 5492 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 17:26:19.0463 5492 CSC - ok 17:26:19.0494 5492 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 17:26:19.0510 5492 CscService - ok 17:26:19.0526 5492 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 17:26:19.0526 5492 DcomLaunch - ok 17:26:19.0557 5492 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 17:26:19.0588 5492 defragsvc - ok 17:26:19.0619 5492 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 17:26:19.0619 5492 DfsC - ok 17:26:19.0650 5492 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 17:26:19.0650 5492 Dhcp - ok 17:26:19.0666 5492 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 17:26:19.0666 5492 discache - ok 17:26:19.0682 5492 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 17:26:19.0682 5492 Disk - ok 17:26:19.0713 5492 DisplayLinkUsbPort - ok 17:26:19.0744 5492 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 17:26:19.0744 5492 Dnscache - ok 17:26:19.0775 5492 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 17:26:19.0806 5492 dot3svc - ok 17:26:19.0838 5492 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 17:26:19.0838 5492 DPS - ok 17:26:19.0884 5492 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 17:26:19.0884 5492 drmkaud - ok 17:26:19.0931 5492 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 17:26:19.0947 5492 DXGKrnl - ok 17:26:19.0962 5492 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 17:26:19.0962 5492 EapHost - ok 17:26:20.0040 5492 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 17:26:20.0103 5492 ebdrv - ok 17:26:20.0165 5492 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 17:26:20.0165 5492 eeCtrl - ok 17:26:20.0196 5492 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 17:26:20.0196 5492 EFS - ok 17:26:20.0274 5492 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 17:26:20.0384 5492 ehRecvr - ok 17:26:20.0399 5492 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 17:26:20.0415 5492 ehSched - ok 17:26:20.0477 5492 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 17:26:20.0477 5492 elxstor - ok 17:26:20.0524 5492 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 17:26:20.0524 5492 EraserUtilRebootDrv - ok 17:26:20.0555 5492 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 17:26:20.0571 5492 ErrDev - ok 17:26:20.0602 5492 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 17:26:20.0618 5492 EventSystem - ok 17:26:20.0649 5492 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 17:26:20.0664 5492 exfat - ok 17:26:20.0680 5492 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 17:26:20.0711 5492 fastfat - ok 17:26:20.0758 5492 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 17:26:20.0774 5492 Fax - ok 17:26:20.0805 5492 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 17:26:20.0836 5492 fdc - ok 17:26:20.0852 5492 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 17:26:20.0852 5492 fdPHost - ok 17:26:20.0867 5492 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 17:26:20.0867 5492 FDResPub - ok 17:26:20.0883 5492 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 17:26:20.0883 5492 FileInfo - ok 17:26:20.0898 5492 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 17:26:20.0898 5492 Filetrace - ok 17:26:20.0945 5492 [ 7E76EED28B8B8696B7F7ED5F757AA304 ] FileZillaServer P:\xampp\FileZillaFTP\FileZillaServer.exe 17:26:21.0039 5492 FileZillaServer - ok 17:26:21.0179 5492 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 17:26:21.0257 5492 FLEXnet Licensing Service - ok 17:26:21.0335 5492 [ A4297244D4F817278A6AE45B1899CA9C ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe 17:26:21.0382 5492 FLEXnet Licensing Service 64 - ok 17:26:21.0398 5492 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 17:26:21.0413 5492 flpydisk - ok 17:26:21.0444 5492 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 17:26:21.0444 5492 FltMgr - ok 17:26:21.0491 5492 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 17:26:21.0507 5492 FontCache - ok 17:26:21.0554 5492 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:26:21.0569 5492 FontCache3.0.0.0 - ok 17:26:21.0600 5492 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 17:26:21.0616 5492 FsDepends - ok 17:26:21.0663 5492 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 17:26:21.0663 5492 Fs_Rec - ok 17:26:21.0694 5492 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 17:26:21.0710 5492 fvevol - ok 17:26:21.0741 5492 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 17:26:21.0772 5492 gagp30kx - ok 17:26:21.0803 5492 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 17:26:21.0803 5492 GEARAspiWDM - ok 17:26:21.0866 5492 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 17:26:21.0866 5492 gpsvc - ok 17:26:21.0944 5492 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:26:21.0944 5492 gupdate - ok 17:26:21.0975 5492 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:26:21.0975 5492 gupdatem - ok 17:26:22.0006 5492 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 17:26:22.0022 5492 hcw85cir - ok 17:26:22.0068 5492 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 17:26:22.0068 5492 HdAudAddService - ok 17:26:22.0115 5492 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 17:26:22.0115 5492 HDAudBus - ok 17:26:22.0131 5492 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 17:26:22.0162 5492 HidBatt - ok 17:26:22.0178 5492 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 17:26:22.0193 5492 HidBth - ok 17:26:22.0240 5492 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 17:26:22.0256 5492 HidIr - ok 17:26:22.0271 5492 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 17:26:22.0271 5492 hidserv - ok 17:26:22.0318 5492 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 17:26:22.0318 5492 HidUsb - ok 17:26:22.0365 5492 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 17:26:22.0380 5492 hkmsvc - ok 17:26:22.0412 5492 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 17:26:22.0443 5492 HomeGroupListener - ok 17:26:22.0490 5492 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 17:26:22.0490 5492 HomeGroupProvider - ok 17:26:22.0536 5492 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 17:26:22.0568 5492 HpSAMD - ok 17:26:22.0583 5492 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 17:26:22.0599 5492 HTTP - ok 17:26:22.0614 5492 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 17:26:22.0614 5492 hwpolicy - ok 17:26:22.0630 5492 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 17:26:22.0630 5492 i8042prt - ok 17:26:22.0708 5492 [ 52E8A3CC8269ADB27D25182284C5E650 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe 17:26:22.0708 5492 IAANTMON - ok 17:26:22.0755 5492 [ 1ADAA4F16073FD0C7270F451FD024E97 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 17:26:22.0755 5492 iaStor - ok 17:26:22.0786 5492 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 17:26:22.0802 5492 iaStorV - ok 17:26:22.0864 5492 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 17:26:22.0895 5492 IDriverT - ok 17:26:22.0958 5492 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:26:23.0020 5492 idsvc - ok 17:26:23.0036 5492 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 17:26:23.0067 5492 iirsp - ok 17:26:23.0114 5492 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 17:26:23.0129 5492 IKEEXT - ok 17:26:23.0160 5492 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 17:26:23.0192 5492 intelide - ok 17:26:23.0223 5492 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 17:26:23.0223 5492 intelppm - ok 17:26:23.0254 5492 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 17:26:23.0254 5492 IPBusEnum - ok 17:26:23.0270 5492 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:26:23.0285 5492 IpFilterDriver - ok 17:26:23.0316 5492 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 17:26:23.0332 5492 iphlpsvc - ok 17:26:23.0363 5492 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 17:26:23.0379 5492 IPMIDRV - ok 17:26:23.0394 5492 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 17:26:23.0410 5492 IPNAT - ok 17:26:23.0441 5492 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 17:26:23.0441 5492 IRENUM - ok 17:26:23.0472 5492 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 17:26:23.0488 5492 isapnp - ok 17:26:23.0519 5492 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 17:26:23.0535 5492 iScsiPrt - ok 17:26:23.0566 5492 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 17:26:23.0566 5492 kbdclass - ok 17:26:23.0597 5492 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 17:26:23.0597 5492 kbdhid - ok 17:26:23.0613 5492 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 17:26:23.0628 5492 KeyIso - ok 17:26:23.0660 5492 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 17:26:23.0660 5492 KSecDD - ok 17:26:23.0706 5492 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 17:26:23.0706 5492 KSecPkg - ok 17:26:23.0722 5492 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 17:26:23.0722 5492 ksthunk - ok 17:26:23.0753 5492 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 17:26:23.0800 5492 KtmRm - ok 17:26:23.0831 5492 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 17:26:23.0831 5492 LanmanServer - ok 17:26:23.0862 5492 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 17:26:23.0862 5492 LanmanWorkstation - ok 17:26:23.0956 5492 [ E34152D03CAAAAA81DD66D803F392522 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE 17:26:23.0987 5492 LiveUpdate - ok 17:26:23.0987 5492 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 17:26:24.0003 5492 lltdio - ok 17:26:24.0018 5492 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 17:26:24.0050 5492 lltdsvc - ok 17:26:24.0065 5492 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 17:26:24.0065 5492 lmhosts - ok 17:26:24.0081 5492 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 17:26:24.0112 5492 LSI_FC - ok 17:26:24.0143 5492 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 17:26:24.0143 5492 LSI_SAS - ok 17:26:24.0159 5492 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 17:26:24.0174 5492 LSI_SAS2 - ok 17:26:24.0174 5492 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 17:26:24.0190 5492 LSI_SCSI - ok 17:26:24.0206 5492 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 17:26:24.0206 5492 luafv - ok 17:26:24.0252 5492 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys 17:26:24.0252 5492 mcdbus - ok 17:26:24.0268 5492 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 17:26:24.0284 5492 Mcx2Svc - ok 17:26:24.0362 5492 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe 17:26:24.0362 5492 MDM - ok 17:26:24.0377 5492 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 17:26:24.0393 5492 megasas - ok 17:26:24.0424 5492 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 17:26:24.0518 5492 MegaSR - ok 17:26:24.0549 5492 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 17:26:24.0549 5492 MMCSS - ok 17:26:24.0564 5492 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 17:26:24.0580 5492 Modem - ok 17:26:24.0596 5492 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 17:26:24.0596 5492 monitor - ok 17:26:24.0627 5492 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 17:26:24.0627 5492 mouclass - ok 17:26:24.0642 5492 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 17:26:24.0642 5492 mouhid - ok 17:26:24.0689 5492 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 17:26:24.0689 5492 mountmgr - ok 17:26:24.0752 5492 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 17:26:24.0767 5492 MozillaMaintenance - ok 17:26:24.0798 5492 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 17:26:24.0814 5492 mpio - ok 17:26:24.0830 5492 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 17:26:24.0830 5492 mpsdrv - ok 17:26:24.0876 5492 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 17:26:24.0876 5492 MpsSvc - ok 17:26:24.0908 5492 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 17:26:24.0923 5492 MRxDAV - ok 17:26:24.0954 5492 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 17:26:24.0954 5492 mrxsmb - ok 17:26:25.0001 5492 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:26:25.0001 5492 mrxsmb10 - ok 17:26:25.0017 5492 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:26:25.0017 5492 mrxsmb20 - ok 17:26:25.0048 5492 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 17:26:25.0064 5492 msahci - ok 17:26:25.0095 5492 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 17:26:25.0110 5492 msdsm - ok 17:26:25.0142 5492 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 17:26:25.0157 5492 MSDTC - ok 17:26:25.0204 5492 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 17:26:25.0204 5492 Msfs - ok 17:26:25.0235 5492 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 17:26:25.0235 5492 mshidkmdf - ok 17:26:25.0266 5492 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 17:26:25.0266 5492 msisadrv - ok 17:26:25.0298 5492 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 17:26:25.0313 5492 MSiSCSI - ok 17:26:25.0329 5492 msiserver - ok 17:26:25.0344 5492 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 17:26:25.0360 5492 MSKSSRV - ok 17:26:25.0376 5492 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 17:26:25.0376 5492 MSPCLOCK - ok 17:26:25.0391 5492 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 17:26:25.0407 5492 MSPQM - ok 17:26:25.0438 5492 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 17:26:25.0438 5492 MsRPC - ok 17:26:25.0454 5492 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 17:26:25.0454 5492 mssmbios - ok 17:26:25.0578 5492 [ CC609B669A9FA7176A3CB7222A4047F3 ] MSSQL$SQLEXPR12 c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPR12\MSSQL\Binn\sqlservr.exe 17:26:25.0578 5492 MSSQL$SQLEXPR12 - ok 17:26:25.0641 5492 MSSQL$SQLEXPRESS - ok 17:26:25.0688 5492 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE 17:26:25.0703 5492 MSSQLServerADHelper100 - ok 17:26:25.0750 5492 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 17:26:25.0750 5492 MSTEE - ok 17:26:25.0781 5492 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 17:26:25.0781 5492 MTConfig - ok 17:26:25.0859 5492 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys 17:26:25.0859 5492 MTsensor - ok 17:26:25.0890 5492 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 17:26:25.0890 5492 Mup - ok 17:26:25.0953 5492 mysql - ok 17:26:26.0015 5492 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 17:26:26.0015 5492 napagent - ok 17:26:26.0046 5492 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 17:26:26.0046 5492 NativeWifiP - ok 17:26:26.0171 5492 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121205.002\ENG64.SYS 17:26:26.0171 5492 NAVENG - ok 17:26:26.0249 5492 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121205.002\EX64.SYS 17:26:26.0265 5492 NAVEX15 - ok 17:26:26.0312 5492 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 17:26:26.0327 5492 NDIS - ok 17:26:26.0343 5492 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 17:26:26.0374 5492 NdisCap - ok 17:26:26.0405 5492 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 17:26:26.0405 5492 NdisTapi - ok 17:26:26.0436 5492 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 17:26:26.0452 5492 Ndisuio - ok 17:26:26.0483 5492 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 17:26:26.0483 5492 NdisWan - ok 17:26:26.0514 5492 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 17:26:26.0514 5492 NDProxy - ok 17:26:26.0530 5492 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 17:26:26.0530 5492 NetBIOS - ok 17:26:26.0577 5492 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 17:26:26.0577 5492 NetBT - ok 17:26:26.0592 5492 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 17:26:26.0592 5492 Netlogon - ok 17:26:26.0624 5492 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 17:26:26.0624 5492 Netman - ok 17:26:26.0670 5492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:26:26.0686 5492 NetMsmqActivator - ok 17:26:26.0686 5492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:26:26.0686 5492 NetPipeActivator - ok 17:26:26.0717 5492 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 17:26:26.0717 5492 netprofm - ok 17:26:26.0717 5492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:26:26.0717 5492 NetTcpActivator - ok 17:26:26.0733 5492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:26:26.0733 5492 NetTcpPortSharing - ok 17:26:26.0764 5492 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 17:26:26.0764 5492 nfrd960 - ok 17:26:26.0811 5492 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 17:26:26.0811 5492 NlaSvc - ok 17:26:26.0873 5492 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys 17:26:26.0873 5492 NPF - ok 17:26:26.0889 5492 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 17:26:26.0889 5492 Npfs - ok 17:26:26.0889 5492 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 17:26:26.0904 5492 nsi - ok 17:26:26.0904 5492 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 17:26:26.0904 5492 nsiproxy - ok 17:26:26.0982 5492 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 17:26:27.0014 5492 Ntfs - ok 17:26:27.0045 5492 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 17:26:27.0045 5492 Null - ok 17:26:27.0076 5492 [ F5BC2345E8C89D4E90FAFD23A2239935 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 17:26:27.0076 5492 nusb3hub - ok 17:26:27.0092 5492 [ 5D42578241BC2A9B4A64837077436D5F ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 17:26:27.0092 5492 nusb3xhc - ok 17:26:27.0154 5492 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 17:26:27.0170 5492 nvraid - ok 17:26:27.0201 5492 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 17:26:27.0216 5492 nvstor - ok 17:26:27.0248 5492 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 17:26:27.0263 5492 nv_agp - ok 17:26:27.0326 5492 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 17:26:27.0372 5492 odserv - ok 17:26:27.0419 5492 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 17:26:27.0435 5492 ohci1394 - ok 17:26:27.0466 5492 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:26:27.0528 5492 ose - ok 17:26:27.0560 5492 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 17:26:27.0591 5492 p2pimsvc - ok 17:26:27.0653 5492 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 17:26:27.0653 5492 p2psvc - ok 17:26:27.0700 5492 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 17:26:27.0716 5492 Parport - ok 17:26:27.0731 5492 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 17:26:27.0731 5492 partmgr - ok 17:26:27.0747 5492 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 17:26:27.0747 5492 PcaSvc - ok 17:26:27.0778 5492 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 17:26:27.0778 5492 pci - ok 17:26:27.0840 5492 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 17:26:27.0840 5492 pciide - ok 17:26:27.0872 5492 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 17:26:27.0903 5492 pcmcia - ok 17:26:27.0918 5492 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 17:26:27.0918 5492 pcw - ok 17:26:27.0950 5492 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 17:26:27.0965 5492 PEAUTH - ok 17:26:28.0028 5492 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 17:26:28.0074 5492 PeerDistSvc - ok 17:26:28.0215 5492 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 17:26:28.0230 5492 PerfHost - ok 17:26:28.0277 5492 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 17:26:28.0308 5492 pla - ok 17:26:28.0355 5492 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 17:26:28.0355 5492 PlugPlay - ok 17:26:28.0402 5492 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 17:26:28.0433 5492 PNRPAutoReg - ok 17:26:28.0449 5492 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 17:26:28.0449 5492 PNRPsvc - ok 17:26:28.0480 5492 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 17:26:28.0542 5492 PolicyAgent - ok 17:26:28.0558 5492 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 17:26:28.0558 5492 Power - ok 17:26:28.0589 5492 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 17:26:28.0589 5492 PptpMiniport - ok 17:26:28.0605 5492 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 17:26:28.0620 5492 Processor - ok 17:26:28.0652 5492 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 17:26:28.0652 5492 ProfSvc - ok 17:26:28.0667 5492 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 17:26:28.0667 5492 ProtectedStorage - ok 17:26:28.0698 5492 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 17:26:28.0698 5492 Psched - ok 17:26:28.0745 5492 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 17:26:28.0823 5492 ql2300 - ok 17:26:28.0839 5492 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 17:26:28.0870 5492 ql40xx - ok 17:26:28.0901 5492 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 17:26:28.0917 5492 QWAVE - ok 17:26:28.0932 5492 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 17:26:28.0948 5492 QWAVEdrv - ok 17:26:28.0979 5492 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 17:26:28.0995 5492 RasAcd - ok 17:26:29.0026 5492 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 17:26:29.0026 5492 RasAgileVpn - ok 17:26:29.0042 5492 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 17:26:29.0057 5492 RasAuto - ok 17:26:29.0073 5492 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 17:26:29.0088 5492 Rasl2tp - ok 17:26:29.0088 5492 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 17:26:29.0088 5492 RasMan - ok 17:26:29.0120 5492 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 17:26:29.0120 5492 RasPppoe - ok 17:26:29.0120 5492 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 17:26:29.0120 5492 RasSstp - ok 17:26:29.0166 5492 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 17:26:29.0166 5492 rdbss - ok 17:26:29.0182 5492 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 17:26:29.0182 5492 rdpbus - ok 17:26:29.0213 5492 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 17:26:29.0213 5492 RDPCDD - ok 17:26:29.0244 5492 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 17:26:29.0244 5492 RDPDR - ok 17:26:29.0260 5492 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 17:26:29.0260 5492 RDPENCDD - ok 17:26:29.0260 5492 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 17:26:29.0276 5492 RDPREFMP - ok 17:26:29.0322 5492 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 17:26:29.0322 5492 RdpVideoMiniport - ok 17:26:29.0354 5492 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 17:26:29.0354 5492 RDPWD - ok 17:26:29.0385 5492 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 17:26:29.0385 5492 rdyboost - ok 17:26:29.0432 5492 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 17:26:29.0432 5492 RemoteAccess - ok 17:26:29.0463 5492 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 17:26:29.0463 5492 RemoteRegistry - ok 17:26:29.0510 5492 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe 17:26:29.0541 5492 rpcapd - ok 17:26:29.0556 5492 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 17:26:29.0556 5492 RpcEptMapper - ok 17:26:29.0603 5492 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 17:26:29.0603 5492 RpcLocator - ok 17:26:29.0634 5492 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 17:26:29.0650 5492 RpcSs - ok 17:26:29.0712 5492 [ C9FE05A63C500ABE3AFA5786504C4D36 ] RsFx0105 C:\Windows\system32\DRIVERS\RsFx0105.sys 17:26:29.0744 5492 RsFx0105 - ok 17:26:29.0775 5492 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 17:26:29.0775 5492 rspndr - ok 17:26:29.0822 5492 [ 16D4E350420BAA7E63E16E3FC033E1F5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 17:26:29.0837 5492 RTL8167 - ok 17:26:29.0853 5492 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 17:26:29.0868 5492 s3cap - ok 17:26:29.0884 5492 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 17:26:29.0884 5492 SamSs - ok 17:26:29.0931 5492 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 17:26:29.0931 5492 SASDIFSV - ok 17:26:29.0946 5492 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 17:26:29.0946 5492 SASKUTIL - ok 17:26:29.0978 5492 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 17:26:29.0993 5492 sbp2port - ok 17:26:30.0102 5492 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 17:26:30.0102 5492 SBSDWSCService - ok 17:26:30.0134 5492 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 17:26:30.0165 5492 SCardSvr - ok 17:26:30.0196 5492 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 17:26:30.0212 5492 scfilter - ok 17:26:30.0274 5492 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 17:26:30.0290 5492 Schedule - ok 17:26:30.0290 5492 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 17:26:30.0290 5492 SCPolicySvc - ok 17:26:30.0305 5492 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 17:26:30.0305 5492 SDRSVC - ok 17:26:30.0336 5492 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 17:26:30.0336 5492 secdrv - ok 17:26:30.0352 5492 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 17:26:30.0352 5492 seclogon - ok 17:26:30.0383 5492 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 17:26:30.0383 5492 SENS - ok 17:26:30.0399 5492 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 17:26:30.0430 5492 SensrSvc - ok 17:26:30.0477 5492 [ 52F0A1375A81A2F193BEE97CA085F7FD ] ser2attr C:\Windows\system32\DRIVERS\ser2attr64.sys 17:26:30.0508 5492 ser2attr - ok 17:26:30.0539 5492 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 17:26:30.0539 5492 Serenum - ok 17:26:30.0586 5492 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 17:26:30.0586 5492 Serial - ok 17:26:30.0617 5492 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 17:26:30.0617 5492 sermouse - ok 17:26:30.0648 5492 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 17:26:30.0648 5492 SessionEnv - ok 17:26:30.0680 5492 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 17:26:30.0680 5492 sffdisk - ok 17:26:30.0695 5492 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 17:26:30.0695 5492 sffp_mmc - ok 17:26:30.0711 5492 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 17:26:30.0711 5492 sffp_sd - ok 17:26:30.0726 5492 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 17:26:30.0726 5492 sfloppy - ok 17:26:30.0773 5492 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 17:26:30.0789 5492 SharedAccess - ok 17:26:30.0804 5492 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 17:26:30.0820 5492 ShellHWDetection - ok 17:26:30.0882 5492 [ F5EDD95D3B912510661CFDF580ECC1D4 ] SiriuswareUpdate C:\Program Files (x86)\Siriusware\SiriuswareUpdate.exe 17:26:30.0882 5492 SiriuswareUpdate - ok 17:26:30.0914 5492 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 17:26:30.0929 5492 SiSRaid2 - ok 17:26:30.0929 5492 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 17:26:30.0945 5492 SiSRaid4 - ok 17:26:30.0976 5492 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 17:26:30.0992 5492 Smb - ok 17:26:31.0116 5492 [ AD97B711074CF27DA0C00F2C26E1A62C ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe 17:26:31.0148 5492 SmcService - ok 17:26:31.0179 5492 [ 91BD8E268D93AAF5F59AAC9DE84A25BB ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE 17:26:31.0179 5492 SNAC - ok 17:26:31.0210 5492 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 17:26:31.0210 5492 SNMPTRAP - ok 17:26:31.0241 5492 [ C8E09D169361D12909574981BED28116 ] SonicWALLCDPAgent C:\Program Files (x86)\SonicWALL\SonicWALL Continuous Data Protection\CDPAgentService.exe 17:26:31.0241 5492 SonicWALLCDPAgent - ok 17:26:31.0288 5492 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys 17:26:31.0288 5492 speedfan - ok 17:26:31.0304 5492 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 17:26:31.0304 5492 spldr - ok 17:26:31.0350 5492 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 17:26:31.0366 5492 Spooler - ok 17:26:31.0460 5492 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 17:26:31.0475 5492 sppsvc - ok 17:26:31.0491 5492 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 17:26:31.0491 5492 sppuinotify - ok 17:26:31.0600 5492 [ EAE151AFDB0B58736C01DAD5AD4A18DF ] SQLAgent$SQLEXPR12 c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPR12\MSSQL\Binn\SQLAGENT.EXE 17:26:31.0709 5492 SQLAgent$SQLEXPR12 - ok 17:26:31.0818 5492 [ 45E65FB17A4CD5FACBD3CA16C8334C82 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE 17:26:31.0834 5492 SQLAgent$SQLEXPRESS - ok 17:26:31.0881 5492 [ E9254892A2D74E537BAD3092F0F8EE40 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe 17:26:31.0896 5492 SQLBrowser - ok 17:26:31.0943 5492 [ EAD5300C93946B0250A309E2BF2BE4CF ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 17:26:31.0943 5492 SQLWriter - ok 17:26:31.0990 5492 [ 32900AC9CFDC578531279886CA16A4DF ] SRTSP C:\Windows\system32\Drivers\SRTSP64.SYS 17:26:31.0990 5492 SRTSP - ok 17:26:32.0021 5492 [ 8929566D1F14685FD78EAF25BEE3ECC7 ] SRTSPL C:\Windows\system32\Drivers\SRTSPL64.SYS 17:26:32.0084 5492 SRTSPL - ok 17:26:32.0099 5492 [ CB2FDF47EE67F8CCA5362ED9B94FE955 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX64.SYS 17:26:32.0099 5492 SRTSPX - ok 17:26:32.0130 5492 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 17:26:32.0130 5492 srv - ok 17:26:32.0162 5492 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 17:26:32.0162 5492 srv2 - ok 17:26:32.0193 5492 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 17:26:32.0193 5492 srvnet - ok 17:26:32.0224 5492 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 17:26:32.0255 5492 SSDPSRV - ok 17:26:32.0271 5492 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 17:26:32.0271 5492 SstpSvc - ok 17:26:32.0318 5492 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 17:26:32.0333 5492 stexstor - ok 17:26:32.0364 5492 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 17:26:32.0380 5492 stisvc - ok 17:26:32.0411 5492 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 17:26:32.0411 5492 storflt - ok 17:26:32.0458 5492 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 17:26:32.0458 5492 storvsc - ok 17:26:32.0489 5492 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 17:26:32.0489 5492 swenum - ok 17:26:32.0536 5492 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 17:26:32.0583 5492 swprv - ok 17:26:32.0645 5492 [ BA2FB8F8AB24D0279CAA98A4C118150E ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe 17:26:32.0676 5492 Symantec AntiVirus - ok 17:26:32.0708 5492 [ 7E4D281982E19ABD06728C7EE9AC40A8 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 17:26:32.0708 5492 SymEvent - ok 17:26:32.0739 5492 Synth3dVsc - ok 17:26:32.0801 5492 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 17:26:32.0817 5492 SysMain - ok 17:26:32.0864 5492 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 17:26:32.0895 5492 TabletInputService - ok 17:26:32.0910 5492 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 17:26:32.0910 5492 TapiSrv - ok 17:26:32.0942 5492 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 17:26:32.0957 5492 TBS - ok 17:26:33.0020 5492 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 17:26:33.0066 5492 Tcpip - ok 17:26:33.0129 5492 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 17:26:33.0144 5492 TCPIP6 - ok 17:26:33.0176 5492 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 17:26:33.0176 5492 tcpipreg - ok 17:26:33.0191 5492 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 17:26:33.0207 5492 TDPIPE - ok 17:26:33.0238 5492 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 17:26:33.0238 5492 TDTCP - ok 17:26:33.0269 5492 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 17:26:33.0269 5492 tdx - ok 17:26:33.0300 5492 [ 13657DC475DE564247745BF4DA23207C ] Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys 17:26:33.0300 5492 Teefer2 - ok 17:26:33.0332 5492 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 17:26:33.0332 5492 TermDD - ok 17:26:33.0378 5492 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 17:26:33.0378 5492 TermService - ok 17:26:33.0410 5492 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 17:26:33.0410 5492 Themes - ok 17:26:33.0441 5492 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 17:26:33.0441 5492 THREADORDER - ok 17:26:33.0456 5492 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 17:26:33.0456 5492 TrkWks - ok 17:26:33.0519 5492 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 17:26:33.0550 5492 TrustedInstaller - ok 17:26:33.0581 5492 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 17:26:33.0581 5492 tssecsrv - ok 17:26:33.0612 5492 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 17:26:33.0628 5492 TsUsbFlt - ok 17:26:33.0644 5492 tsusbhub - ok 17:26:33.0675 5492 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 17:26:33.0675 5492 tunnel - ok 17:26:33.0706 5492 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 17:26:33.0722 5492 uagp35 - ok 17:26:33.0753 5492 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 17:26:33.0768 5492 udfs - ok 17:26:33.0800 5492 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 17:26:33.0815 5492 UI0Detect - ok 17:26:33.0831 5492 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 17:26:33.0846 5492 uliagpkx - ok 17:26:33.0878 5492 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 17:26:33.0878 5492 umbus - ok 17:26:33.0909 5492 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 17:26:33.0909 5492 UmPass - ok 17:26:33.0940 5492 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 17:26:33.0940 5492 UmRdpService - ok 17:26:33.0956 5492 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 17:26:33.0987 5492 upnphost - ok 17:26:34.0018 5492 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 17:26:34.0049 5492 USBAAPL64 - ok 17:26:34.0080 5492 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 17:26:34.0112 5492 usbaudio - ok 17:26:34.0143 5492 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 17:26:34.0143 5492 usbccgp - ok 17:26:34.0174 5492 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 17:26:34.0205 5492 usbcir - ok 17:26:34.0221 5492 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 17:26:34.0221 5492 usbehci - ok 17:26:34.0268 5492 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 17:26:34.0268 5492 usbhub - ok 17:26:34.0299 5492 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 17:26:34.0330 5492 usbohci - ok 17:26:34.0361 5492 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 17:26:34.0361 5492 usbprint - ok 17:26:34.0392 5492 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:26:34.0392 5492 USBSTOR - ok 17:26:34.0439 5492 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 17:26:34.0455 5492 usbuhci - ok 17:26:34.0455 5492 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 17:26:34.0470 5492 UxSms - ok 17:26:34.0470 5492 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 17:26:34.0470 5492 VaultSvc - ok 17:26:34.0517 5492 [ 70BF30C45553F4A6DBB5D86053F8FBF1 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys 17:26:34.0533 5492 VBoxDrv - ok 17:26:34.0564 5492 [ A4739B2242C29D23BB9CD6472320C42B ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys 17:26:34.0564 5492 VBoxNetAdp - ok 17:26:34.0595 5492 [ C72D8E0AE95D025BA7ECD82919CB139F ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys 17:26:34.0595 5492 VBoxNetFlt - ok 17:26:34.0626 5492 [ F5EB0B5663D56D6F68EF84DD19333F73 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys 17:26:34.0626 5492 VBoxUSBMon - ok 17:26:34.0673 5492 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 17:26:34.0673 5492 vdrvroot - ok 17:26:34.0720 5492 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 17:26:34.0720 5492 vds - ok 17:26:34.0767 5492 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 17:26:34.0798 5492 vga - ok 17:26:34.0814 5492 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 17:26:34.0814 5492 VgaSave - ok 17:26:34.0829 5492 VGPU - ok 17:26:34.0860 5492 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 17:26:34.0892 5492 vhdmp - ok 17:26:34.0954 5492 [ 906A7C6B6659A650648CF21998270945 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys 17:26:34.0970 5492 VIAHdAudAddService - ok 17:26:35.0001 5492 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 17:26:35.0016 5492 viaide - ok 17:26:35.0048 5492 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 17:26:35.0048 5492 vmbus - ok 17:26:35.0079 5492 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 17:26:35.0110 5492 VMBusHID - ok 17:26:35.0141 5492 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 17:26:35.0141 5492 volmgr - ok 17:26:35.0172 5492 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 17:26:35.0172 5492 volmgrx - ok 17:26:35.0219 5492 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 17:26:35.0219 5492 volsnap - ok 17:26:35.0235 5492 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 17:26:35.0266 5492 vsmraid - ok 17:26:35.0313 5492 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 17:26:35.0328 5492 VSS - ok 17:26:35.0360 5492 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 17:26:35.0375 5492 vwifibus - ok 17:26:35.0406 5492 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 17:26:35.0406 5492 W32Time - ok 17:26:35.0438 5492 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 17:26:35.0453 5492 WacomPen - ok 17:26:35.0469 5492 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 17:26:35.0469 5492 WANARP - ok 17:26:35.0469 5492 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 17:26:35.0469 5492 Wanarpv6 - ok 17:26:35.0531 5492 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 17:26:35.0594 5492 WatAdminSvc - ok 17:26:35.0656 5492 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 17:26:35.0687 5492 wbengine - ok 17:26:35.0718 5492 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 17:26:35.0750 5492 WbioSrvc - ok 17:26:35.0781 5492 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 17:26:35.0781 5492 wcncsvc - ok 17:26:35.0812 5492 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 17:26:35.0828 5492 WcsPlugInService - ok 17:26:35.0828 5492 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 17:26:35.0843 5492 Wd - ok 17:26:35.0874 5492 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 17:26:35.0906 5492 Wdf01000 - ok 17:26:35.0921 5492 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 17:26:35.0921 5492 WdiServiceHost - ok 17:26:35.0921 5492 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 17:26:35.0921 5492 WdiSystemHost - ok 17:26:35.0952 5492 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 17:26:35.0984 5492 WebClient - ok 17:26:35.0999 5492 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 17:26:36.0030 5492 Wecsvc - ok 17:26:36.0046 5492 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 17:26:36.0046 5492 wercplsupport - ok 17:26:36.0077 5492 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 17:26:36.0077 5492 WerSvc - ok 17:26:36.0108 5492 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 17:26:36.0108 5492 WfpLwf - ok 17:26:36.0124 5492 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 17:26:36.0124 5492 WIMMount - ok 17:26:36.0140 5492 WinDefend - ok 17:26:36.0155 5492 WinHttpAutoProxySvc - ok 17:26:36.0218 5492 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 17:26:36.0218 5492 Winmgmt - ok 17:26:36.0280 5492 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 17:26:36.0405 5492 WinRM - ok 17:26:36.0467 5492 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 17:26:36.0483 5492 WinUsb - ok 17:26:36.0530 5492 [ 17F6D694264FEE245B3E33AB6B58B2ED ] winvnc C:\Program Files (x86)\UltraVNC\WinVNC.exe 17:26:36.0545 5492 winvnc - ok 17:26:36.0561 5492 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 17:26:36.0576 5492 Wlansvc - ok 17:26:36.0717 5492 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 17:26:36.0732 5492 wlidsvc - ok 17:26:36.0764 5492 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 17:26:36.0779 5492 WmiAcpi - ok 17:26:36.0810 5492 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 17:26:36.0826 5492 wmiApSrv - ok 17:26:36.0826 5492 WMPNetworkSvc - ok 17:26:36.0873 5492 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 17:26:36.0904 5492 WPCSvc - ok 17:26:36.0920 5492 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 17:26:36.0935 5492 WPDBusEnum - ok 17:26:36.0951 5492 [ 6CAB753B203F39B4CE05FF10013DE2EF ] WPS C:\Windows\system32\drivers\wpsdrvnt.sys 17:26:36.0951 5492 WPS - ok 17:26:36.0982 5492 [ 49B9FA407586503D27D17DBDEAEAC970 ] WpsHelper C:\Windows\system32\drivers\WpsHelper.sys 17:26:36.0982 5492 WpsHelper - ok 17:26:37.0013 5492 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 17:26:37.0013 5492 ws2ifsl - ok 17:26:37.0044 5492 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 17:26:37.0044 5492 wscsvc - ok 17:26:37.0076 5492 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 17:26:37.0076 5492 WSDPrintDevice - ok 17:26:37.0107 5492 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys 17:26:37.0107 5492 WSDScan - ok 17:26:37.0107 5492 WSearch - ok 17:26:37.0185 5492 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 17:26:37.0216 5492 wuauserv - ok 17:26:37.0232 5492 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 17:26:37.0232 5492 WudfPf - ok 17:26:37.0263 5492 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 17:26:37.0263 5492 WUDFRd - ok 17:26:37.0294 5492 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 17:26:37.0294 5492 wudfsvc - ok 17:26:37.0310 5492 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 17:26:37.0356 5492 WwanSvc - ok 17:26:37.0372 5492 ================ Scan global =============================== 17:26:37.0388 5492 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 17:26:37.0419 5492 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 17:26:37.0434 5492 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 17:26:37.0481 5492 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 17:26:37.0512 5492 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 17:26:37.0512 5492 [Global] - ok 17:26:37.0512 5492 ================ Scan MBR ================================== 17:26:37.0528 5492 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 17:26:37.0778 5492 \Device\Harddisk0\DR0 - ok 17:26:37.0778 5492 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 17:26:37.0778 5492 \Device\Harddisk1\DR1 - ok 17:26:37.0778 5492 ================ Scan VBR ================================== 17:26:37.0793 5492 [ FF6D98692DC02CA576A4DA37FEA6DB9F ] \Device\Harddisk0\DR0\Partition1 17:26:37.0793 5492 \Device\Harddisk0\DR0\Partition1 - ok 17:26:37.0793 5492 [ 4ED087713947015539C985CA214A0FB3 ] \Device\Harddisk0\DR0\Partition2 17:26:37.0793 5492 \Device\Harddisk0\DR0\Partition2 - ok 17:26:37.0809 5492 [ 3CF8558638108993AB664A138D7179E5 ] \Device\Harddisk1\DR1\Partition1 17:26:37.0809 5492 \Device\Harddisk1\DR1\Partition1 - ok 17:26:37.0809 5492 ============================================================ 17:26:37.0809 5492 Scan finished 17:26:37.0809 5492 ============================================================ 17:26:37.0809 5984 Detected object count: 0 17:26:37.0809 5984 Actual detected object count: 0 17:26:47.0356 0200 Deinitialize success _______________________________________________________________________________________________ AswMBR: _______________________________________________________________________________________________ aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-12-05 17:28:42 ----------------------------- 17:28:42.402 OS Version: Windows x64 6.1.7601 Service Pack 1 17:28:42.402 Number of processors: 8 586 0x1E05 17:28:42.402 ComputerName: POSADMIN_DESKTO UserName: andys 17:28:44.945 Initialize success 17:35:04.405 AVAST engine defs: 12120501 17:36:09.904 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 17:36:09.920 Disk 0 Vendor: Intel___ 1.0. Size: 953867MB BusType: 8 17:36:09.920 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1 17:36:09.920 Disk 1 Vendor: Intel___ 1.0. Size: 953867MB BusType: 8 17:36:09.935 Disk 0 MBR read successfully 17:36:09.935 Disk 0 MBR scan 17:36:09.951 Disk 0 Windows 7 default MBR code 17:36:09.951 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 17:36:09.967 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953765 MB offset 206848 17:36:10.029 Disk 0 scanning C:\Windows\system32\drivers 17:36:22.337 Service scanning 17:36:58.420 Modules scanning 17:36:58.436 Disk 0 trace - called modules: 17:36:58.451 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 17:36:58.451 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007eb6790] 17:36:58.451 3 CLASSPNP.SYS[fffff88001daf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8007c26050] 17:37:00.604 AVAST engine scan C:\Windows 17:37:11.008 AVAST engine scan C:\Windows\system32 17:43:45.313 AVAST engine scan C:\Windows\system32\drivers 17:44:02.286 AVAST engine scan C:\Users\andys 17:45:31.769 AVAST engine scan C:\ProgramData 17:48:00.251 Scan finished successfully 17:48:36.645 Disk 0 MBR has been saved successfully to "C:\Users\andys\Desktop\MBR.dat" 17:48:36.645 The log file has been saved successfully to "C:\Users\andys\Desktop\aswMBR.txt" Thanks!
- December 5, 2012
- 33 replies
Google redirect - new variant?

andTo86 replied to andTo86's topic in Resolved Malware Removal Logs

Hmm.. now it seems to be back in IE as well.
- December 4, 2012
- 33 replies
Google redirect - new variant?

andTo86 replied to andTo86's topic in Resolved Malware Removal Logs

I take that back. Firefox is still infected - just got redirected to click.livesearchnow.com.
- December 4, 2012
- 33 replies
Google redirect - new variant?

andTo86 replied to andTo86's topic in Resolved Malware Removal Logs

Combofix went smooth. Everything seems fine now! Combofix log: ComboFix 12-12-04.01 - andys 12/04/2012 16:16:28.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8183.6100 [GMT -5:00] Running from: c:\users\andys\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\users\marks\g2mdlhlpx.exe c:\users\TEMP\prfB402.tmp . . ((((((((((((((((((((((((( Files Created from 2012-11-04 to 2012-12-04 ))))))))))))))))))))))))))))))) . . 2012-12-04 21:25 . 2012-12-04 21:25 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2012-12-04 21:25 . 2012-12-04 21:25 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2012-12-04 21:25 . 2012-12-04 21:25 -------- d-----w- c:\users\MSSQL$SQLEXPR12\AppData\Local\temp 2012-12-04 21:25 . 2012-12-04 21:25 -------- d-----w- c:\users\marks\AppData\Local\temp 2012-12-04 21:25 . 2012-12-04 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-04 21:25 . 2012-12-04 21:25 -------- d-----w- c:\users\administrator\AppData\Local\temp 2012-12-03 19:21 . 2012-12-03 21:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-12-03 19:21 . 2012-12-03 19:32 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-11-30 20:33 . 2012-11-30 20:33 -------- d-----w- C:\found.000 2012-11-30 18:46 . 2012-11-30 18:46 -------- d-----w- c:\users\andys\AppData\Roaming\SUPERAntiSpyware.com 2012-11-30 18:46 . 2012-11-30 18:46 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-11-30 18:46 . 2012-11-30 18:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-11-29 21:58 . 2012-11-29 21:58 -------- d-----w- c:\users\andys\AppData\Local\Apple Computer 2012-11-29 20:03 . 2012-11-29 20:03 -------- d-----w- C:\FRST 2012-11-29 15:01 . 2012-11-29 15:01 -------- d-----w- c:\users\andys\AppData\Roaming\Malwarebytes 2012-11-29 15:01 . 2012-11-29 15:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-29 15:01 . 2012-11-29 15:01 -------- d-----w- c:\programdata\Malwarebytes 2012-11-29 15:01 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-27 15:38 . 2012-11-28 14:23 -------- d-----w- c:\users\andys\AppData\Local\Temporary Projects 2012-11-16 21:35 . 2011-08-16 19:59 48512 ----a-w- c:\windows\system32\crdnmon.dll 2012-11-16 21:33 . 2012-11-16 21:33 -------- d-----w- C:\CardPrinter 2012-11-16 21:11 . 2012-11-16 21:33 -------- d-----w- c:\program files (x86)\Datacard Card Printers 2012-11-16 21:05 . 2012-11-16 21:05 -------- d-----w- c:\users\andys\AppData\Roaming\Hex-Rays 2012-11-16 21:04 . 2012-11-16 21:11 -------- d-----w- c:\program files (x86)\IDA Free 2012-11-15 08:09 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-15 08:09 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 08:09 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 08:09 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 08:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 08:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 08:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 08:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 08:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 08:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 08:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-14 14:04 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-14 14:04 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-13 19:56 . 2012-11-13 19:56 -------- d-----w- c:\users\andys\AppData\Local\Adobe 2012-11-13 16:34 . 2012-12-04 21:09 -------- d-----w- c:\users\andys\AppData\Roaming\Ditto 2012-11-13 16:34 . 2012-11-13 16:34 -------- d-----w- c:\program files\Ditto 2012-11-13 16:29 . 2012-11-13 16:29 -------- d-----w- c:\users\andys\AppData\Local\Macromedia 2012-11-12 15:12 . 2012-11-12 15:12 -------- d-----w- c:\users\andys\AppData\Local\ElevatedDiagnostics 2012-11-12 14:16 . 2012-11-12 14:16 -------- d-----w- c:\users\andys\reptool 2012-11-12 14:16 . 2012-11-12 14:16 -------- d-----w- c:\users\andys\eqlgroupmgr 2012-11-07 17:06 . 2012-11-07 17:06 -------- d-----w- c:\program files\Barracuda 2012-11-07 15:15 . 2012-11-07 15:15 -------- d-----w- c:\users\andys\AppData\Local\Mozilla 2012-11-07 15:15 . 2012-11-29 19:36 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-11-05 19:51 . 2012-11-26 20:24 -------- d-----w- c:\users\andys\AppData\Roaming\Avigilon . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-15 08:01 . 2009-12-31 22:15 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-08 13:29 . 2012-04-12 13:17 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-08 13:29 . 2011-05-17 12:41 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-04 17:23 . 2012-10-23 16:12 2249392 ----a-w- c:\windows\system32\rmconfig.EXE 2012-10-25 22:29 . 2012-10-25 22:29 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin 2012-10-18 07:05 . 2012-10-17 17:44 182208 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-10-18 07:04 . 2012-09-07 18:51 561792 ----a-w- c:\programdata\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll 2012-10-18 07:02 . 2012-09-07 14:17 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2012-10-16 08:38 . 2012-11-28 07:14 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 07:14 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 07:14 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-11 21:09 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2012-10-11 21:08 . 2009-08-18 15:24 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-10-09 04:27 . 2012-08-15 07:27 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-10-02 20:25 . 2009-12-31 23:54 233120 ----a-w- c:\windows\system32\drivers\wpshelper.sys 2012-09-27 14:14 . 2012-09-27 14:14 136784 ----a-w- c:\windows\SysWow64\atashost.exe 2012-09-27 14:14 . 2012-09-27 14:14 223312 ----a-w- c:\windows\SysWow64\atsckernel.exe 2012-09-14 19:19 . 2012-10-10 12:14 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 12:14 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-09-13 11:14 . 2012-10-15 12:49 237400 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2012-09-13 11:13 . 2012-09-13 11:13 131416 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2012-09-13 11:13 . 2012-10-15 12:49 119640 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2012-09-13 11:13 . 2012-09-13 11:13 146264 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2012-09-13 11:13 . 2012-09-13 11:13 203608 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ditto"="c:\program files\Ditto\Ditto.exe" [2012-11-09 1717872] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496] "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . c:\users\marks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\andys\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A] . c:\users\andys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-9-7 576000] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SpeedFan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2012-9-12 4679672] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-08-16 116240] R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.21746.0.sys [x] R3 FileZillaServer;FileZillaServer;p:\xampp\FileZillaFTP\FileZillaServer.exe [2012-05-11 632320] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-02-14 1436424] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 ser2attr;Tripp Lite USB to Serial port;c:\windows\system32\DRIVERS\ser2attr64.sys [2009-11-16 96256] R3 SiriuswareUpdate;SiriuswareUpdate;c:\program files (x86)\Siriusware\SiriuswareUpdate.exe [2011-08-17 39968] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-06 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144] R4 SQLAgent$SQLEXPR12;SQL Server Agent (SQLEXPR12);c:\program files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPR12\MSSQL\Binn\SQLAGENT.EXE [2012-02-11 438360] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-09-13 237400] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-09-13 119640] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776] S2 Apache2.4;Apache2.4;p:\xampp\apache\bin\httpd.exe [2012-06-06 22016] S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2012-09-27 136784] S2 bbagent;Barracuda Backup Agent;c:\program files\Barracuda\Barracuda Backup Agent\win\x86_64\bbwinsdr.exe [2012-11-07 55808] S2 MSSQL$SQLEXPR12;SQL Server (SQLEXPR12);c:\program files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPR12\MSSQL\Binn\sqlservr.exe [2012-02-11 206424] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 SonicWALLCDPAgent;SonicWALL CDP Agent Service;c:\program files (x86)\SonicWALL\SonicWALL Continuous Data Protection\CDPAgentService.exe [2009-05-21 35328] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-26 138912] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-27 75264] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-13 131416] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-09-13 146264] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1250816] S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] . . Contents of the 'Scheduled Tasks' folder . 2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 14:21] . 2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 14:21] . 2012-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1482476501-725345543-2304Core.job - c:\users\marks\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19 15:21] . 2012-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1482476501-725345543-2304UA.job - c:\users\marks\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19 15:21] . 2012-12-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 0ad9d2b7-7e8e-4ed9-af77-835f1f9f565d.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . 2012-11-30 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 0f4968e7-1e9a-4b8c-aa51-916e82b7b2d1.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.42.8 192.168.42.45 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxp://catermate/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=003qbt24xm5zppzdjihwctzx&ControlID=c89f4bf62c6b49b29de559a8ed36cbb0&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://24.229.44.162:8081/activex/AMC.cab DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://bbremote.dynalias.com:4000/user/TSBnwCam.CAB FF - ProfilePath - c:\users\andys\AppData\Roaming\Mozilla\Firefox\Profiles\v85fksaf.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-Symantec Antvirus Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-04 16:40:49 ComboFix-quarantined-files.txt 2012-12-04 21:40 . Pre-Run: 920,825,946,112 bytes free Post-Run: 920,793,124,864 bytes free . - - End Of File - - 1C6AF707D35CE874E1C5797E7F645189
- December 4, 2012
- 33 replies
Google redirect - new variant?

andTo86 replied to andTo86's topic in Resolved Malware Removal Logs

Ok thanks! I was unable to download adwcleaner. Below is checkup.txt and the RK report. One thing that was strange is when I powered on this morning, I had an error dialog saying "there was a problem starting c:\users\username\appdata\local\temporary projects\microsoft_corporation\tfulef.dll". I checked the folder and it was created about the time the redirects started, but it was empty. Rogue killer deleted this directory in the registry keys. I didn't run any more AV / AT / fixes after the post yesterday. I haven't had a redirect or modifications to the browser history today. ________________________________________________________________________________ Security Check: ________________________________________________________________________________ Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Symantec Endpoint Protection WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 30 Java version out of Date! Adobe Flash Player 11.5.502.110 Mozilla Firefox (17.0) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malware Fixes SecurityCheck.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` ________________________________________________________________________________ RogueKiller: ________________________________________________________________________________ RogueKiller V8.3.1 [Dec 2 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : andys [Admin rights] Mode : Remove -- Date : 12/04/2012 09:40:48 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 14 ¤¤¤ [RUN][NOTFOUND] HKCU\[...]\Run : Microsoft_Corporation (rundll32.exe "C:\Users\andys\AppData\Local\Temporary Projects\Microsoft_Corporation\tfulef.dll",sf_commandW) -> DELETED [RUN][NOTFOUND] HKUS\.DEFAULT[...]\Run : Microsoft_Corporation (rundll32.exe "C:\Users\andys\AppData\Local\Temporary Projects\Microsoft_Corporation\tfulef.dll",sf_commandW) -> DELETED [RUN][NOTFOUND] HKUS\S-1-5-19[...]\Run : Microsoft_Corporation (rundll32.exe "C:\Users\andys\AppData\Local\Temporary Projects\Microsoft_Corporation\tfulef.dll",sf_commandW) -> DELETED [RUN][NOTFOUND] HKUS\S-1-5-20[...]\Run : Microsoft_Corporation (rundll32.exe "C:\Users\andys\AppData\Local\Temporary Projects\Microsoft_Corporation\tfulef.dll",sf_commandW) -> DELETED [RUN][NOTFOUND] HKUS\S-1-5-80-1695898196-1825476648-513549388-626041723-1784616795[...]\Run : Microsoft_Corporation (rundll32.exe "C:\Users\andys\AppData\Local\Temporary Projects\Microsoft_Corporation\tfulef.dll",sf_commandW) -> DELETED [TASK][PREVRUN] ProgramDataUpdater : C:\Windows\System32\rundll32.exe aepdu.dll,AePduRunUpdate -> DELETED [TASK][PREVRUN] Proxy : C:\Windows\System32\rundll32.exe /d acproxy.dll,PerformAutochkOperations -> DELETED [TASK][PREVRUN] SR : C:\Windows\System32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation -> DELETED [TASK][PREVRUN] IpAddressConflict1 : C:\Windows\System32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem -> DELETED [TASK][PREVRUN] IpAddressConflict2 : C:\Windows\System32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem -> DELETED [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2) [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Programs +++++ --- User --- [MBR] 3b79052cbee029cd2b5fa51c00149d00 [bSP] 51b4f6affb78eccd885944a1e473d73a : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953765 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive1: Data +++++ --- User --- [MBR] 988b44882e7c96faecd36b7d75c63769 [bSP] 33e37a1db2528b53f4b2e3f50cbd49f0 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953864 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[3]_D_12042012_02d0940.txt >> RKreport[1]_S_12042012_02d0939.txt ; RKreport[2]_S_12042012_02d0940.txt ; RKreport[3]_D_12042012_02d0940.txt
- December 4, 2012
- 33 replies
Google redirect - new variant?

andTo86 posted a topic in Resolved Malware Removal Logs

I seem to have some new / undiscovered variant of the google redirect, but malwarebytes doesn't detect it. Here's what I've tried so far: DDS, FRST, RootkitBuster GooredFix, fixtdss, tdsskiller Log files are attached. TIA! attach.txt dds.txt FRST.txt GooredFix.txt RootKitBusterDebug20121129_00.log
- December 3, 2012
- 33 replies

Events

Profiles

Forums

Everything posted by andTo86

Important Information