Jump to content

Chrome sometimes opens random pages when clicking on links in Google


Recommended Posts

Hello,

I'm running Windows Vista Home Premium Version 6 service pack 2, and I've noticed recently that when I click on links in Google, sometimes it takes me to websites that are not the links I clicked on (numeric addresses that are blocked by Trend Micro, sites that sell virus protection, etc.). I have already run Malwarebytes AntiMalware, and the two most recent logs are copied and pasted below. I also just ran ComboFix, and its log is below the two Malwarebytes logs. It appears that the random link problem still exists, even after running ComboFix. Any help you can offer is much appreciated!

6/12/2012:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.12.02

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Alex :: STATHAKIS-PC [administrator]

6/12/2012 12:30:37 AM

mbam-log-2012-06-12 (00-30-37).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 228585

Time elapsed: 16 minute(s), 50 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 1

C:\Users\Alex\AppData\Local\IsolatedStorage\Installer464\ntrzxb.dll (Trojan.Happili.XGen) -> Delete on reboot.

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Installer464 (Trojan.Happili.XGen) -> Data: rundll32.exe "C:\Users\Alex\AppData\Local\IsolatedStorage\Installer464\ntrzxb.dll",CreateInstance -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\Alex\AppData\Local\IsolatedStorage\Installer464\ntrzxb.dll (Trojan.Happili.XGen) -> Delete on reboot.

C:\Users\Alex\AppData\Local\Temp\0.7895981171162177 (Trojan.Happili) -> Quarantined and deleted successfully.

(end)

6/19/2012:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.19.04

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Alex :: STATHAKIS-PC [administrator]

6/19/2012 8:02:11 AM

mbam-log-2012-06-19 (08-02-11).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 229650

Time elapsed: 15 minute(s), 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Combofix 6/19/2012

ComboFix 12-06-19.01 - Alex 06/19/2012 8:32.1.4 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6132.3086 [GMT -5:00]

Running from: c:\users\Alex\Desktop\ComboFix.exe

AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\StartNow Toolbar

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png

c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png

c:\program files (x86)\StartNow Toolbar\Resources\installer.xml

c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html

c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css

c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css

c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png

c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css

c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js

c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png

c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml

c:\program files (x86)\StartNow Toolbar\Resources\update.xml

c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe

c:\program files (x86)\StartNow Toolbar\ToOLbar32.dll

c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe

c:\program files (x86)\StartNow Toolbar\uninstall.dat

c:\users\Alex\g2mdlhlpx.exe

c:\users\Alex\WINDOWS

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Updater Service for StartNow Toolbar

-------\Service_Updater Service for StartNow Toolbar

.

.

((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))

.

.

2012-06-19 13:49 . 2012-06-19 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-14 08:15 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-06-14 08:15 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll

2012-06-14 08:15 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll

2012-06-13 21:48 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 21:48 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys

2012-06-13 21:48 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 21:48 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 21:48 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 21:48 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-13 21:48 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-13 21:48 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-12 05:22 . 2007-03-23 21:55 35928 ----a-w- c:\windows\system32\AdobePDF64.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-28 17:43 . 2012-05-20 12:26 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-28 17:43 . 2011-06-06 18:20 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-04 20:56 . 2010-02-10 16:13 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-03 08:22 . 2012-05-08 18:47 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-30 12:45 . 2012-05-08 18:48 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]

2011-06-24 15:04 81920 ----a-w- c:\program files (x86)\freecordertoolbar\vmntemplateX.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-01-03 22:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}"= "c:\program files (x86)\freecordertoolbar\vmntemplateX.dll" [2011-06-24 81920]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-11 39408]

"Facebook Update"="c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-13 137536]

"Fitbit Service Monitor"="c:\program files (x86)\Fitbit\fitbit-tray.exe" [2011-10-26 2164256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]

"ReminderApp"="c:\program files (x86)\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe" [2007-06-08 161864]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2008-6-19 50688]

ImageMixer HDD Camera Monitor.lnk - c:\program files (x86)\PIXELA\ImageMixer3\HDDCameraMonitor.exe [2008-7-30 2117632]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3800825891-3633625581-3018973039-1000Core.job

- c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-13 13:42]

.

2012-06-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3800825891-3633625581-3018973039-1000UA.job

- c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-13 13:42]

.

2012-06-18 c:\windows\Tasks\Google Software Updater.job

- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-11 18:55]

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-10 01:13]

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-10 01:13]

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3800825891-3633625581-3018973039-1000Core.job

- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 02:58]

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3800825891-3633625581-3018973039-1000UA.job

- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 02:58]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-01-15 5641728]

"Skytel"="Skytel.exe" [2007-11-21 1826816]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-05 137240]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-05 202264]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-05 165400]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]

"combofix"="c:\combofix\CF11741.3XE" [2008-01-21 363008]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://ie.search.msn.com

uLocal Page = c:\windows\system32\blank.htm

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uCustomizeSearch = hxxp://ie.search.msn.com

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 192.168.1.1

DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxps://sisportal.maine207.org/Classroom/Reserved.ReportViewerWebControl.axd?ReportSession=my0ckk55ekkjdq55inudna45&ControlID=ef5d6b4ebd47423282911269a5a78151&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab

DPF: {3BF72F68-72D8-461D-A884-329D936C5581} - hxxp://www.totsites.com/admin2/includes/imageuploader5_5_6/ImageUploader5.cab

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe

Wow6432Node-HKLM-Run-StartNowToolbarHelper - c:\program files (x86)\StartNow Toolbar\ToolbarHelper.exe

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-FITBIT&10C4&84C4 - c:\program files (x86)\Fitbit\Base Station\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4

AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe

c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe

c:\program files (x86)\Fitbit\fitbit.exe

c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe

c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

c:\program files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

.

**************************************************************************

.

Completion time: 2012-06-19 09:05:10 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-19 14:05

.

Pre-Run: 165,733,531,648 bytes free

Post-Run: 178,640,384,000 bytes free

.

- - End Of File - - 7CDC44E46E296227C7C4A7F643C45ACD

Link to post
Share on other sites

Hello cubswild and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please do not run ComboFix without any supervision. Take a look why:

http://www.bleepingcomputer.com/forums/topic273628.html

Please manually delete ComboFix.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Step 3

Follow the instructions here for DDS:

http://forums.malwarebytes.org/index.php?showtopic=9573

In your next reply, post the following log files:

  • TDSSKiller log
  • aswMBR log
  • DDS log with Attach.txt

Link to post
Share on other sites

Hello,

Thanks so much for the prompt assistance! Below are the log files you requested:

TDSSKiller Log:

23:17:01.0331 6940 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31

23:17:01.0659 6940 ============================================================

23:17:01.0659 6940 Current date / time: 2012/06/19 23:17:01.0659

23:17:01.0659 6940 SystemInfo:

23:17:01.0659 6940

23:17:01.0659 6940 OS Version: 6.0.6002 ServicePack: 2.0

23:17:01.0659 6940 Product type: Workstation

23:17:01.0659 6940 ComputerName: STATHAKIS-PC

23:17:01.0659 6940 UserName: Alex

23:17:01.0659 6940 Windows directory: C:\Windows

23:17:01.0659 6940 System windows directory: C:\Windows

23:17:01.0659 6940 Running under WOW64

23:17:01.0659 6940 Processor architecture: Intel x64

23:17:01.0659 6940 Number of processors: 4

23:17:01.0659 6940 Page size: 0x1000

23:17:01.0659 6940 Boot type: Normal boot

23:17:01.0659 6940 ============================================================

23:17:03.0172 6940 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:17:03.0219 6940 ============================================================

23:17:03.0219 6940 \Device\Harddisk0\DR0:

23:17:03.0219 6940 MBR partitions:

23:17:03.0219 6940 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x400000

23:17:03.0219 6940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x41B800, BlocksNum 0x4A43C000

23:17:03.0219 6940 ============================================================

23:17:03.0266 6940 C: <-> \Device\Harddisk0\DR0\Partition1

23:17:03.0375 6940 D: <-> \Device\Harddisk0\DR0\Partition0

23:17:03.0375 6940 ============================================================

23:17:03.0375 6940 Initialize success

23:17:03.0375 6940 ============================================================

23:17:29.0458 6904 ============================================================

23:17:29.0458 6904 Scan started

23:17:29.0458 6904 Mode: Manual; SigCheck; TDLFS;

23:17:29.0458 6904 ============================================================

23:17:33.0519 6904 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

23:17:33.0675 6904 ACPI - ok

23:17:34.0423 6904 Adobe Version Cue CS3 (14c23516c990dcd6052152cf034dde40) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

23:17:34.0455 6904 Adobe Version Cue CS3 - ok

23:17:34.0579 6904 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

23:17:34.0611 6904 AdobeARMservice - ok

23:17:34.0813 6904 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

23:17:34.0876 6904 adp94xx - ok

23:17:35.0079 6904 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

23:17:35.0110 6904 adpahci - ok

23:17:35.0188 6904 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

23:17:35.0203 6904 adpu160m - ok

23:17:35.0422 6904 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

23:17:35.0469 6904 adpu320 - ok

23:17:35.0656 6904 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll

23:17:35.0718 6904 AeLookupSvc - ok

23:17:36.0342 6904 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys

23:17:36.0467 6904 AFD - ok

23:17:36.0561 6904 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

23:17:36.0576 6904 agp440 - ok

23:17:36.0732 6904 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

23:17:36.0763 6904 aic78xx - ok

23:17:36.0857 6904 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe

23:17:36.0904 6904 ALG - ok

23:17:36.0982 6904 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

23:17:37.0013 6904 aliide - ok

23:17:37.0855 6904 AllShare (aaa1f9d4cf4c976c21bca8afa2bae6a4) C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe

23:17:38.0542 6904 AllShare ( UnsignedFile.Multi.Generic ) - warning

23:17:38.0542 6904 AllShare - detected UnsignedFile.Multi.Generic (1)

23:17:38.0682 6904 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

23:17:38.0698 6904 amdide - ok

23:17:38.0745 6904 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

23:17:38.0776 6904 AmdK8 - ok

23:17:38.0963 6904 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

23:17:38.0979 6904 Amsp - ok

23:17:39.0057 6904 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll

23:17:39.0072 6904 Appinfo - ok

23:17:39.0166 6904 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

23:17:39.0181 6904 Apple Mobile Device - ok

23:17:39.0228 6904 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

23:17:39.0259 6904 arc - ok

23:17:39.0291 6904 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

23:17:39.0306 6904 arcsas - ok

23:17:39.0337 6904 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

23:17:39.0384 6904 AsyncMac - ok

23:17:39.0431 6904 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

23:17:39.0447 6904 atapi - ok

23:17:39.0587 6904 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

23:17:39.0634 6904 AudioEndpointBuilder - ok

23:17:39.0649 6904 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

23:17:39.0696 6904 AudioSrv - ok

23:17:39.0790 6904 Automatic LiveUpdate Scheduler (de220dcea74e13e659ff6192c3afe49c) C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe

23:17:39.0805 6904 Automatic LiveUpdate Scheduler - ok

23:17:39.0805 6904 Beep - ok

23:17:39.0883 6904 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll

23:17:39.0930 6904 BFE - ok

23:17:40.0024 6904 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll

23:17:40.0102 6904 BITS - ok

23:17:40.0180 6904 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

23:17:40.0211 6904 blbdrive - ok

23:17:40.0336 6904 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

23:17:40.0383 6904 Bonjour Service - ok

23:17:40.0445 6904 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

23:17:40.0507 6904 bowser - ok

23:17:40.0539 6904 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

23:17:40.0570 6904 BrFiltLo - ok

23:17:40.0585 6904 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

23:17:40.0617 6904 BrFiltUp - ok

23:17:40.0663 6904 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll

23:17:40.0695 6904 Browser - ok

23:17:40.0741 6904 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

23:17:40.0788 6904 Brserid - ok

23:17:40.0804 6904 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

23:17:40.0851 6904 BrSerWdm - ok

23:17:40.0897 6904 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

23:17:40.0944 6904 BrUsbMdm - ok

23:17:40.0991 6904 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

23:17:41.0053 6904 BrUsbSer - ok

23:17:41.0085 6904 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

23:17:41.0147 6904 BTHMODEM - ok

23:17:41.0272 6904 catchme - ok

23:17:41.0334 6904 CAXHWBS2 (84e556e7f7c00c22e300d78200fc6c44) C:\Windows\system32\DRIVERS\CAXHWBS2.sys

23:17:41.0381 6904 CAXHWBS2 - ok

23:17:41.0428 6904 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

23:17:41.0490 6904 cdfs - ok

23:17:41.0553 6904 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

23:17:41.0599 6904 cdrom - ok

23:17:41.0631 6904 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

23:17:41.0677 6904 CertPropSvc - ok

23:17:41.0693 6904 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

23:17:41.0740 6904 circlass - ok

23:17:42.0114 6904 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

23:17:42.0255 6904 CLFS - ok

23:17:42.0660 6904 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:17:42.0707 6904 clr_optimization_v2.0.50727_32 - ok

23:17:42.0910 6904 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:17:42.0941 6904 clr_optimization_v2.0.50727_64 - ok

23:17:43.0269 6904 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:17:43.0284 6904 clr_optimization_v4.0.30319_32 - ok

23:17:43.0549 6904 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:17:43.0565 6904 clr_optimization_v4.0.30319_64 - ok

23:17:43.0643 6904 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

23:17:43.0674 6904 cmdide - ok

23:17:43.0721 6904 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

23:17:43.0752 6904 Compbatt - ok

23:17:43.0752 6904 COMSysApp - ok

23:17:43.0815 6904 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

23:17:43.0846 6904 crcdisk - ok

23:17:44.0142 6904 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll

23:17:44.0173 6904 CryptSvc - ok

23:17:45.0172 6904 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

23:17:45.0265 6904 DcomLaunch - ok

23:17:45.0484 6904 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

23:17:45.0531 6904 DfsC - ok

23:17:48.0198 6904 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe

23:17:49.0119 6904 DFSR - ok

23:17:50.0913 6904 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll

23:17:51.0053 6904 Dhcp - ok

23:17:51.0271 6904 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

23:17:51.0318 6904 disk - ok

23:17:51.0849 6904 DMService (4ac7157b62f876fcae60fd692086ceb9) C:\Windows\DOWNLO~1\DMService.exe

23:17:52.0005 6904 DMService - ok

23:17:52.0239 6904 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll

23:17:52.0301 6904 Dnscache - ok

23:17:52.0551 6904 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll

23:17:52.0597 6904 dot3svc - ok

23:17:52.0816 6904 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll

23:17:52.0925 6904 DPS - ok

23:17:53.0097 6904 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

23:17:53.0159 6904 drmkaud - ok

23:17:53.0892 6904 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

23:17:54.0017 6904 DXGKrnl - ok

23:17:54.0407 6904 e1express (a458e7d986f51c827640f5d1f1e886e4) C:\Windows\system32\DRIVERS\e1e6032e.sys

23:17:54.0423 6904 e1express - ok

23:17:54.0641 6904 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

23:17:54.0688 6904 E1G60 - ok

23:17:54.0844 6904 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll

23:17:54.0875 6904 EapHost - ok

23:17:55.0047 6904 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

23:17:55.0062 6904 Ecache - ok

23:17:55.0842 6904 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe

23:17:55.0936 6904 ehRecvr - ok

23:17:56.0263 6904 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe

23:17:56.0295 6904 ehSched - ok

23:17:56.0357 6904 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll

23:17:56.0388 6904 ehstart - ok

23:17:56.0981 6904 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

23:17:57.0137 6904 elxstor - ok

23:17:57.0714 6904 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll

23:17:57.0839 6904 EMDMgmt - ok

23:17:57.0964 6904 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

23:17:58.0011 6904 ErrDev - ok

23:17:58.0432 6904 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll

23:17:58.0494 6904 EventSystem - ok

23:17:58.0728 6904 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

23:17:58.0791 6904 exfat - ok

23:17:59.0149 6904 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

23:17:59.0227 6904 fastfat - ok

23:17:59.0383 6904 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

23:17:59.0446 6904 fdc - ok

23:17:59.0539 6904 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll

23:17:59.0602 6904 fdPHost - ok

23:17:59.0633 6904 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll

23:17:59.0711 6904 FDResPub - ok

23:17:59.0836 6904 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

23:17:59.0851 6904 FileInfo - ok

23:17:59.0914 6904 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

23:17:59.0976 6904 Filetrace - ok

23:18:01.0723 6904 Fitbit (d4c0e5c287aad7ff3176731a310ab2af) C:\Program Files (x86)\Fitbit\fitbit.exe

23:18:01.0973 6904 Fitbit - ok

23:18:02.0441 6904 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

23:18:02.0472 6904 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

23:18:02.0472 6904 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

23:18:03.0143 6904 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

23:18:03.0252 6904 flpydisk - ok

23:18:03.0720 6904 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

23:18:03.0783 6904 FltMgr - ok

23:18:05.0077 6904 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll

23:18:05.0717 6904 FontCache - ok

23:18:06.0029 6904 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:18:06.0045 6904 FontCache3.0.0.0 - ok

23:18:06.0232 6904 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys

23:18:06.0279 6904 Fs_Rec - ok

23:18:06.0528 6904 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

23:18:06.0559 6904 gagp30kx - ok

23:18:06.0669 6904 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys

23:18:06.0700 6904 GEARAspiWDM - ok

23:18:07.0464 6904 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll

23:18:07.0761 6904 gpsvc - ok

23:18:08.0041 6904 gupdate1c98b1ccc2f0af0 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

23:18:08.0057 6904 gupdate1c98b1ccc2f0af0 - ok

23:18:08.0088 6904 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

23:18:08.0104 6904 gupdatem - ok

23:18:08.0291 6904 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

23:18:08.0307 6904 gusvc - ok

23:18:09.0430 6904 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

23:18:09.0726 6904 HDAudBus - ok

23:18:09.0804 6904 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

23:18:09.0882 6904 HidBth - ok

23:18:09.0945 6904 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

23:18:10.0023 6904 HidIr - ok

23:18:10.0054 6904 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll

23:18:10.0085 6904 hidserv - ok

23:18:10.0163 6904 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

23:18:10.0194 6904 HidUsb - ok

23:18:10.0381 6904 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll

23:18:10.0444 6904 hkmsvc - ok

23:18:10.0584 6904 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

23:18:10.0631 6904 HpCISSs - ok

23:18:12.0675 6904 HSF_DPV (8774d021a3fffe44150f8510381deee6) C:\Windows\system32\DRIVERS\CAX_DPV.sys

23:18:13.0330 6904 HSF_DPV - ok

23:18:14.0203 6904 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

23:18:14.0328 6904 HTTP - ok

23:18:14.0359 6904 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

23:18:14.0375 6904 i2omp - ok

23:18:14.0437 6904 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

23:18:14.0469 6904 i8042prt - ok

23:18:14.0500 6904 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

23:18:14.0515 6904 iaStorV - ok

23:18:14.0640 6904 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:18:14.0734 6904 idsvc - ok

23:18:15.0124 6904 igfx (50f15f9aee2e7692dfe58917e2d40498) C:\Windows\system32\DRIVERS\igdkmd64.sys

23:18:15.0654 6904 igfx - ok

23:18:15.0857 6904 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

23:18:15.0873 6904 iirsp - ok

23:18:15.0997 6904 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll

23:18:16.0091 6904 IKEEXT - ok

23:18:16.0200 6904 IntcAzAudAddService (04c6489a44e340574daae64a6062541c) C:\Windows\system32\drivers\RTKVHD64.sys

23:18:16.0434 6904 IntcAzAudAddService - ok

23:18:16.0512 6904 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

23:18:16.0528 6904 intelide - ok

23:18:16.0559 6904 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

23:18:16.0606 6904 intelppm - ok

23:18:16.0777 6904 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

23:18:16.0793 6904 IntuitUpdateService - ok

23:18:16.0918 6904 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

23:18:16.0933 6904 IntuitUpdateServiceV4 - ok

23:18:17.0043 6904 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll

23:18:17.0121 6904 IPBusEnum - ok

23:18:17.0214 6904 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:18:17.0277 6904 IpFilterDriver - ok

23:18:17.0370 6904 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll

23:18:17.0386 6904 iphlpsvc - ok

23:18:17.0401 6904 IpInIp - ok

23:18:17.0433 6904 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

23:18:17.0464 6904 IPMIDRV - ok

23:18:17.0495 6904 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

23:18:17.0526 6904 IPNAT - ok

23:18:17.0635 6904 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe

23:18:17.0667 6904 iPod Service - ok

23:18:17.0698 6904 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

23:18:17.0729 6904 IRENUM - ok

23:18:17.0776 6904 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

23:18:17.0791 6904 isapnp - ok

23:18:17.0854 6904 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

23:18:17.0885 6904 iScsiPrt - ok

23:18:17.0901 6904 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

23:18:17.0916 6904 iteatapi - ok

23:18:17.0947 6904 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

23:18:17.0963 6904 iteraid - ok

23:18:17.0979 6904 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

23:18:17.0994 6904 kbdclass - ok

23:18:18.0057 6904 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

23:18:18.0072 6904 kbdhid - ok

23:18:18.0135 6904 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

23:18:18.0166 6904 KeyIso - ok

23:18:18.0228 6904 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys

23:18:18.0259 6904 KSecDD - ok

23:18:18.0306 6904 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

23:18:18.0353 6904 ksthunk - ok

23:18:18.0431 6904 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll

23:18:18.0509 6904 KtmRm - ok

23:18:18.0556 6904 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll

23:18:18.0587 6904 LanmanServer - ok

23:18:18.0618 6904 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll

23:18:18.0649 6904 LanmanWorkstation - ok

23:18:18.0852 6904 LiveUpdate (63ed50a6ed61829c2def5b733d258a05) C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE

23:18:18.0946 6904 LiveUpdate - ok

23:18:19.0024 6904 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

23:18:19.0055 6904 lltdio - ok

23:18:19.0102 6904 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll

23:18:19.0149 6904 lltdsvc - ok

23:18:19.0227 6904 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll

23:18:19.0258 6904 lmhosts - ok

23:18:19.0429 6904 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

23:18:19.0445 6904 LSI_FC - ok

23:18:19.0648 6904 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

23:18:19.0679 6904 LSI_SAS - ok

23:18:19.0851 6904 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

23:18:19.0882 6904 LSI_SCSI - ok

23:18:20.0007 6904 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

23:18:20.0053 6904 luafv - ok

23:18:20.0194 6904 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll

23:18:20.0209 6904 Mcx2Svc - ok

23:18:20.0287 6904 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

23:18:20.0319 6904 mdmxsdk - ok

23:18:20.0397 6904 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

23:18:20.0428 6904 megasas - ok

23:18:20.0537 6904 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

23:18:20.0568 6904 MegaSR - ok

23:18:20.0615 6904 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

23:18:20.0662 6904 MMCSS - ok

23:18:20.0724 6904 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

23:18:20.0755 6904 Modem - ok

23:18:20.0865 6904 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

23:18:20.0896 6904 monitor - ok

23:18:20.0943 6904 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

23:18:20.0958 6904 mouclass - ok

23:18:21.0036 6904 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

23:18:21.0099 6904 mouhid - ok

23:18:21.0208 6904 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

23:18:21.0270 6904 MountMgr - ok

23:18:21.0364 6904 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

23:18:21.0395 6904 mpio - ok

23:18:21.0535 6904 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

23:18:21.0582 6904 mpsdrv - ok

23:18:22.0425 6904 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll

23:18:22.0549 6904 MpsSvc - ok

23:18:22.0627 6904 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

23:18:22.0659 6904 Mraid35x - ok

23:18:22.0924 6904 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

23:18:22.0986 6904 MRxDAV - ok

23:18:23.0205 6904 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

23:18:23.0267 6904 mrxsmb - ok

23:18:23.0610 6904 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:18:23.0641 6904 mrxsmb10 - ok

23:18:23.0891 6904 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:18:23.0938 6904 mrxsmb20 - ok

23:18:24.0063 6904 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

23:18:24.0094 6904 msahci - ok

23:18:24.0172 6904 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

23:18:24.0187 6904 msdsm - ok

23:18:24.0343 6904 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe

23:18:24.0406 6904 MSDTC - ok

23:18:24.0468 6904 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

23:18:24.0515 6904 Msfs - ok

23:18:24.0640 6904 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

23:18:24.0655 6904 msisadrv - ok

23:18:24.0858 6904 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll

23:18:24.0936 6904 MSiSCSI - ok

23:18:24.0936 6904 msiserver - ok

23:18:25.0014 6904 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

23:18:25.0061 6904 MSKSSRV - ok

23:18:25.0123 6904 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

23:18:25.0186 6904 MSPCLOCK - ok

23:18:25.0248 6904 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

23:18:25.0311 6904 MSPQM - ok

23:18:25.0841 6904 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

23:18:25.0888 6904 MsRPC - ok

23:18:25.0997 6904 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

23:18:26.0013 6904 mssmbios - ok

23:18:26.0091 6904 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

23:18:26.0153 6904 MSTEE - ok

23:18:26.0278 6904 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

23:18:26.0293 6904 Mup - ok

23:18:26.0730 6904 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll

23:18:26.0902 6904 napagent - ok

23:18:27.0323 6904 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

23:18:27.0370 6904 NativeWifiP - ok

23:18:28.0056 6904 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

23:18:28.0119 6904 NDIS - ok

23:18:28.0197 6904 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

23:18:28.0243 6904 NdisTapi - ok

23:18:28.0290 6904 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

23:18:28.0337 6904 Ndisuio - ok

23:18:28.0493 6904 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

23:18:28.0540 6904 NdisWan - ok

23:18:28.0649 6904 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

23:18:28.0680 6904 NDProxy - ok

23:18:28.0774 6904 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

23:18:28.0821 6904 NetBIOS - ok

23:18:29.0101 6904 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

23:18:29.0164 6904 netbt - ok

23:18:29.0257 6904 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

23:18:29.0289 6904 Netlogon - ok

23:18:29.0835 6904 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll

23:18:29.0897 6904 Netman - ok

23:18:30.0334 6904 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll

23:18:30.0412 6904 netprofm - ok

23:18:30.0786 6904 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

23:18:30.0833 6904 NetTcpPortSharing - ok

23:18:30.0942 6904 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

23:18:30.0973 6904 nfrd960 - ok

23:18:31.0285 6904 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll

23:18:31.0363 6904 NlaSvc - ok

23:18:31.0519 6904 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

23:18:31.0566 6904 Npfs - ok

23:18:31.0644 6904 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll

23:18:31.0691 6904 nsi - ok

23:18:31.0769 6904 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

23:18:31.0816 6904 nsiproxy - ok

23:18:33.0516 6904 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

23:18:33.0875 6904 Ntfs - ok

23:18:34.0421 6904 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

23:18:34.0468 6904 Null - ok

23:18:34.0593 6904 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

23:18:34.0624 6904 nvraid - ok

23:18:34.0686 6904 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

23:18:34.0717 6904 nvstor - ok

23:18:34.0873 6904 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

23:18:34.0905 6904 nv_agp - ok

23:18:34.0905 6904 NwlnkFlt - ok

23:18:34.0920 6904 NwlnkFwd - ok

23:18:35.0497 6904 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

23:18:35.0591 6904 odserv - ok

23:18:35.0778 6904 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys

23:18:35.0856 6904 ohci1394 - ok

23:18:35.0997 6904 OKI OPHC DCS Loader (b9c8dd896fa7646edcc69c2c51f95254) C:\Windows\system32\spool\DRIVERS\x64\3\OPHCLDCS.EXE

23:18:35.0997 6904 OKI OPHC DCS Loader ( UnsignedFile.Multi.Generic ) - warning

23:18:35.0997 6904 OKI OPHC DCS Loader - detected UnsignedFile.Multi.Generic (1)

23:18:36.0137 6904 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:18:36.0153 6904 ose - ok

23:18:36.0886 6904 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

23:18:37.0120 6904 p2pimsvc - ok

23:18:37.0135 6904 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

23:18:37.0260 6904 p2psvc - ok

23:18:37.0385 6904 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

23:18:37.0479 6904 Parport - ok

23:18:37.0603 6904 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys

23:18:37.0619 6904 partmgr - ok

23:18:37.0822 6904 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll

23:18:37.0853 6904 PcaSvc - ok

23:18:38.0602 6904 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

23:18:38.0695 6904 pci - ok

23:18:38.0867 6904 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys

23:18:38.0883 6904 pciide - ok

23:18:39.0148 6904 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

23:18:39.0195 6904 pcmcia - ok

23:18:40.0209 6904 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

23:18:40.0443 6904 PEAUTH - ok

23:18:40.0755 6904 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe

23:18:40.0833 6904 PerfHost - ok

23:18:40.0864 6904 pfc - ok

23:18:41.0316 6904 PID_0928 (b47dee29b5e6e1939567a926c7a3e6a4) C:\Windows\system32\DRIVERS\LV561V64.SYS

23:18:41.0394 6904 PID_0928 - ok

23:18:42.0424 6904 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll

23:18:42.0751 6904 pla - ok

23:18:42.0907 6904 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll

23:18:42.0954 6904 PlugPlay - ok

23:18:43.0765 6904 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

23:18:44.0062 6904 PNRPAutoReg - ok

23:18:44.0077 6904 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

23:18:44.0140 6904 PNRPsvc - ok

23:18:44.0467 6904 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll

23:18:44.0545 6904 PolicyAgent - ok

23:18:44.0889 6904 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

23:18:44.0951 6904 PptpMiniport - ok

23:18:45.0029 6904 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

23:18:45.0076 6904 Processor - ok

23:18:45.0310 6904 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll

23:18:45.0357 6904 ProfSvc - ok

23:18:45.0450 6904 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

23:18:45.0481 6904 ProtectedStorage - ok

23:18:45.0622 6904 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

23:18:45.0669 6904 PSched - ok

23:18:45.0825 6904 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys

23:18:45.0856 6904 PxHlpa64 - ok

23:18:46.0839 6904 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

23:18:47.0307 6904 ql2300 - ok

23:18:47.0463 6904 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

23:18:47.0494 6904 ql40xx - ok

23:18:47.0806 6904 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll

23:18:47.0853 6904 QWAVE - ok

23:18:47.0899 6904 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

23:18:47.0946 6904 QWAVEdrv - ok

23:18:49.0210 6904 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys

23:18:49.0818 6904 R300 - ok

23:18:50.0848 6904 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

23:18:50.0879 6904 RasAcd - ok

23:18:51.0004 6904 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll

23:18:51.0051 6904 RasAuto - ok

23:18:51.0097 6904 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

23:18:51.0129 6904 Rasl2tp - ok

23:18:51.0144 6904 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll

23:18:51.0175 6904 RasMan - ok

23:18:51.0207 6904 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

23:18:51.0222 6904 RasPppoe - ok

23:18:51.0238 6904 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

23:18:51.0253 6904 RasSstp - ok

23:18:51.0300 6904 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

23:18:51.0331 6904 rdbss - ok

23:18:51.0347 6904 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

23:18:51.0378 6904 RDPCDD - ok

23:18:51.0409 6904 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

23:18:51.0456 6904 rdpdr - ok

23:18:51.0456 6904 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

23:18:51.0487 6904 RDPENCDD - ok

23:18:51.0534 6904 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys

23:18:51.0581 6904 RDPWD - ok

23:18:51.0612 6904 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll

23:18:51.0643 6904 RemoteAccess - ok

23:18:51.0706 6904 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll

23:18:51.0737 6904 RemoteRegistry - ok

23:18:51.0753 6904 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe

23:18:51.0784 6904 RpcLocator - ok

23:18:51.0862 6904 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

23:18:51.0909 6904 RpcSs - ok

23:18:51.0971 6904 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

23:18:52.0018 6904 rspndr - ok

23:18:52.0065 6904 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

23:18:52.0096 6904 SamSs - ok

23:18:52.0127 6904 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

23:18:52.0143 6904 sbp2port - ok

23:18:52.0158 6904 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll

23:18:52.0189 6904 SCardSvr - ok

23:18:52.0252 6904 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll

23:18:52.0299 6904 Schedule - ok

23:18:52.0345 6904 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

23:18:52.0377 6904 SCPolicySvc - ok

23:18:52.0392 6904 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll

23:18:52.0408 6904 SDRSVC - ok

23:18:52.0423 6904 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

23:18:52.0470 6904 secdrv - ok

23:18:52.0486 6904 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll

23:18:52.0517 6904 seclogon - ok

23:18:52.0517 6904 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll

23:18:52.0564 6904 SENS - ok

23:18:52.0579 6904 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

23:18:52.0626 6904 Serenum - ok

23:18:52.0657 6904 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

23:18:52.0735 6904 Serial - ok

23:18:52.0751 6904 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

23:18:52.0782 6904 sermouse - ok

23:18:52.0798 6904 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll

23:18:52.0829 6904 SessionEnv - ok

23:18:52.0845 6904 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

23:18:52.0876 6904 sffdisk - ok

23:18:52.0876 6904 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

23:18:52.0923 6904 sffp_mmc - ok

23:18:52.0938 6904 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

23:18:52.0969 6904 sffp_sd - ok

23:18:52.0985 6904 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

23:18:53.0032 6904 sfloppy - ok

23:18:53.0047 6904 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll

23:18:53.0094 6904 SharedAccess - ok

23:18:53.0141 6904 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll

23:18:53.0172 6904 ShellHWDetection - ok

23:18:53.0188 6904 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

23:18:53.0203 6904 SiSRaid2 - ok

23:18:53.0219 6904 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

23:18:53.0235 6904 SiSRaid4 - ok

23:18:53.0297 6904 SIUSBXP (4c9f8e72f87f50a6125aaa31b63b2d18) C:\Windows\system32\drivers\SiUSBXp.sys

23:18:53.0313 6904 SIUSBXP - ok

23:18:53.0469 6904 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe

23:18:53.0578 6904 slsvc - ok

23:18:53.0656 6904 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll

23:18:53.0687 6904 SLUINotify - ok

23:18:53.0781 6904 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

23:18:53.0812 6904 Smb - ok

23:18:53.0843 6904 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe

23:18:53.0859 6904 SNMPTRAP - ok

23:18:53.0921 6904 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

23:18:53.0937 6904 spldr - ok

23:18:53.0983 6904 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe

23:18:53.0999 6904 Spooler - ok

23:18:54.0061 6904 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

23:18:54.0155 6904 srv - ok

23:18:54.0233 6904 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

23:18:54.0264 6904 srv2 - ok

23:18:54.0327 6904 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

23:18:54.0358 6904 srvnet - ok

23:18:54.0358 6904 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll

23:18:54.0420 6904 SSDPSRV - ok

23:18:54.0483 6904 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll

23:18:54.0514 6904 SstpSvc - ok

23:18:54.0561 6904 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll

23:18:54.0607 6904 stisvc - ok

23:18:54.0717 6904 stllssvr (7489520e98a119b5a9a00857f4f87d16) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

23:18:54.0732 6904 stllssvr - ok

23:18:54.0763 6904 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

23:18:54.0779 6904 swenum - ok

23:18:54.0841 6904 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll

23:18:54.0888 6904 swprv - ok

23:18:54.0904 6904 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

23:18:54.0919 6904 Symc8xx - ok

23:18:54.0919 6904 SymIM - ok

23:18:54.0919 6904 SymIMMP - ok

23:18:54.0951 6904 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

23:18:54.0966 6904 Sym_hi - ok

23:18:54.0982 6904 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

23:18:54.0997 6904 Sym_u3 - ok

23:18:55.0044 6904 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll

23:18:55.0122 6904 SysMain - ok

23:18:55.0169 6904 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll

23:18:55.0200 6904 TabletInputService - ok

23:18:55.0231 6904 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll

23:18:55.0278 6904 TapiSrv - ok

23:18:55.0278 6904 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll

23:18:55.0309 6904 TBS - ok

23:18:55.0419 6904 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys

23:18:55.0512 6904 Tcpip - ok

23:18:55.0528 6904 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys

23:18:55.0637 6904 Tcpip6 - ok

23:18:55.0715 6904 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

23:18:55.0731 6904 tcpipreg - ok

23:18:55.0746 6904 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

23:18:55.0777 6904 TDPIPE - ok

23:18:55.0793 6904 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

23:18:55.0840 6904 TDTCP - ok

23:18:55.0871 6904 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

23:18:55.0902 6904 tdx - ok

23:18:55.0949 6904 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

23:18:55.0965 6904 TermDD - ok

23:18:55.0996 6904 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll

23:18:56.0058 6904 TermService - ok

23:18:56.0121 6904 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll

23:18:56.0136 6904 Themes - ok

23:18:56.0167 6904 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

23:18:56.0214 6904 THREADORDER - ok

23:18:56.0245 6904 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys

23:18:56.0261 6904 tmactmon - ok

23:18:56.0323 6904 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys

23:18:56.0339 6904 tmcomm - ok

23:18:56.0370 6904 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys

23:18:56.0401 6904 tmevtmgr - ok

23:18:56.0417 6904 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys

23:18:56.0433 6904 tmtdi - ok

23:18:56.0464 6904 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll

23:18:56.0511 6904 TrkWks - ok

23:18:56.0542 6904 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe

23:18:56.0573 6904 TrustedInstaller - ok

23:18:56.0604 6904 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

23:18:56.0635 6904 tssecsrv - ok

23:18:56.0682 6904 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

23:18:56.0698 6904 tunmp - ok

23:18:56.0745 6904 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

23:18:56.0760 6904 tunnel - ok

23:18:56.0776 6904 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

23:18:56.0791 6904 uagp35 - ok

23:18:57.0291 6904 uagqecsvc (90ea2f8a920ee567029089b6a3c05c96) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe

23:18:57.0306 6904 uagqecsvc - ok

23:18:57.0649 6904 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

23:18:57.0712 6904 udfs - ok

23:18:57.0759 6904 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe

23:18:57.0821 6904 UI0Detect - ok

23:18:57.0883 6904 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

23:18:57.0915 6904 uliagpkx - ok

23:18:57.0993 6904 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

23:18:58.0039 6904 uliahci - ok

23:18:58.0336 6904 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

23:18:58.0367 6904 UlSata - ok

23:18:58.0398 6904 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

23:18:58.0429 6904 ulsata2 - ok

23:18:58.0461 6904 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

23:18:58.0507 6904 umbus - ok

23:18:58.0539 6904 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll

23:18:58.0585 6904 upnphost - ok

23:18:58.0648 6904 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

23:18:58.0679 6904 USBAAPL64 - ok

23:18:58.0741 6904 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys

23:18:58.0788 6904 usbaudio - ok

23:18:58.0835 6904 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

23:18:58.0866 6904 usbccgp - ok

23:18:59.0069 6904 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

23:18:59.0163 6904 usbcir - ok

23:18:59.0241 6904 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

23:18:59.0272 6904 usbehci - ok

23:18:59.0365 6904 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

23:18:59.0428 6904 usbhub - ok

23:18:59.0506 6904 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

23:18:59.0599 6904 usbohci - ok

23:18:59.0646 6904 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

23:18:59.0693 6904 usbprint - ok

23:18:59.0771 6904 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

23:18:59.0802 6904 usbscan - ok

23:18:59.0865 6904 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:18:59.0911 6904 USBSTOR - ok

23:18:59.0927 6904 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

23:18:59.0958 6904 usbuhci - ok

23:19:00.0021 6904 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll

23:19:00.0067 6904 UxSms - ok

23:19:00.0114 6904 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe

23:19:00.0192 6904 vds - ok

23:19:00.0223 6904 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

23:19:00.0270 6904 vga - ok

23:19:00.0301 6904 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

23:19:00.0348 6904 VgaSave - ok

23:19:00.0395 6904 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

23:19:00.0426 6904 viaide - ok

23:19:00.0489 6904 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

23:19:00.0504 6904 volmgr - ok

23:19:00.0629 6904 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

23:19:00.0660 6904 volmgrx - ok

23:19:00.0723 6904 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

23:19:00.0754 6904 volsnap - ok

23:19:00.0816 6904 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

23:19:00.0847 6904 vsmraid - ok

23:19:01.0612 6904 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe

23:19:01.0737 6904 VSS - ok

23:19:01.0861 6904 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll

23:19:01.0908 6904 W32Time - ok

23:19:01.0955 6904 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

23:19:02.0033 6904 WacomPen - ok

23:19:02.0127 6904 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

23:19:02.0158 6904 Wanarp - ok

23:19:02.0158 6904 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

23:19:02.0189 6904 Wanarpv6 - ok

23:19:02.0782 6904 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll

23:19:02.0844 6904 wcncsvc - ok

23:19:02.0860 6904 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll

23:19:02.0907 6904 WcsPlugInService - ok

23:19:03.0016 6904 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

23:19:03.0063 6904 Wd - ok

23:19:03.0359 6904 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

23:19:03.0453 6904 Wdf01000 - ok

23:19:03.0468 6904 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

23:19:03.0515 6904 WdiServiceHost - ok

23:19:03.0515 6904 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

23:19:03.0577 6904 WdiSystemHost - ok

23:19:03.0687 6904 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll

23:19:03.0702 6904 WebClient - ok

23:19:03.0749 6904 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll

23:19:03.0796 6904 Wecsvc - ok

23:19:03.0796 6904 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll

23:19:03.0827 6904 wercplsupport - ok

23:19:03.0827 6904 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll

23:19:03.0858 6904 WerSvc - ok

23:19:04.0451 6904 winachsf (47e8fe123d0a99dc0e172f89425b9342) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

23:19:04.0513 6904 winachsf - ok

23:19:04.0545 6904 WinDefend - ok

23:19:04.0545 6904 WinHttpAutoProxySvc - ok

23:19:04.0825 6904 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll

23:19:04.0872 6904 Winmgmt - ok

23:19:06.0666 6904 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll

23:19:06.0760 6904 WinRM - ok

23:19:07.0540 6904 winusb (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.SYS

23:19:07.0571 6904 winusb - ok

23:19:07.0945 6904 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll

23:19:08.0008 6904 Wlansvc - ok

23:19:08.0086 6904 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

23:19:08.0133 6904 WmiAcpi - ok

23:19:08.0445 6904 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe

23:19:08.0476 6904 wmiApSrv - ok

23:19:08.0507 6904 WMPNetworkSvc - ok

23:19:08.0647 6904 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll

23:19:08.0679 6904 WPCSvc - ok

23:19:08.0710 6904 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll

23:19:08.0757 6904 WPDBusEnum - ok

23:19:08.0788 6904 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

23:19:08.0819 6904 WpdUsb - ok

23:19:09.0100 6904 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

23:19:09.0193 6904 WPFFontCache_v0400 - ok

23:19:09.0256 6904 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

23:19:09.0318 6904 ws2ifsl - ok

23:19:09.0427 6904 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll

23:19:09.0474 6904 wscsvc - ok

23:19:09.0474 6904 WSearch - ok

23:19:10.0176 6904 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll

23:19:10.0332 6904 wuauserv - ok

23:19:10.0551 6904 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

23:19:10.0597 6904 WUDFRd - ok

23:19:10.0707 6904 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll

23:19:10.0753 6904 wudfsvc - ok

23:19:10.0816 6904 XAudio (e288fa83c178a3458bac1fa80b346c06) C:\Windows\system32\DRIVERS\xaudio64.sys

23:19:10.0831 6904 XAudio - ok

23:19:10.0863 6904 XAudioService (510652a925b5d6c3892379d263a87f00) C:\Windows\system32\DRIVERS\xaudio64.exe

23:19:10.0909 6904 XAudioService - ok

23:19:10.0987 6904 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

23:19:15.0199 6904 \Device\Harddisk0\DR0 - ok

23:19:15.0231 6904 Boot (0x1200) (604ebd5fe397a8bd824bc4ea2689abd8) \Device\Harddisk0\DR0\Partition0

23:19:15.0231 6904 \Device\Harddisk0\DR0\Partition0 - ok

23:19:15.0246 6904 Boot (0x1200) (0b8f8da242653f2976dfba9d860ea6cc) \Device\Harddisk0\DR0\Partition1

23:19:15.0246 6904 \Device\Harddisk0\DR0\Partition1 - ok

23:19:15.0246 6904 ============================================================

23:19:15.0246 6904 Scan finished

23:19:15.0246 6904 ============================================================

23:19:15.0262 6740 Detected object count: 3

23:19:15.0262 6740 Actual detected object count: 3

23:21:30.0003 6740 AllShare ( UnsignedFile.Multi.Generic ) - skipped by user

23:21:30.0018 6740 AllShare ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:21:30.0018 6740 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

23:21:30.0018 6740 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:21:30.0018 6740 OKI OPHC DCS Loader ( UnsignedFile.Multi.Generic ) - skipped by user

23:21:30.0018 6740 OKI OPHC DCS Loader ( UnsignedFile.Multi.Generic ) - User select action: Skip

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-06-19 23:24:58

-----------------------------

23:24:58.117 OS Version: Windows x64 6.0.6002 Service Pack 2

23:24:58.117 Number of processors: 4 586 0xF0B

23:24:58.117 ComputerName: STATHAKIS-PC UserName: Alex

23:25:00.894 Initialize success

23:25:51.493 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

23:25:51.493 Disk 0 Vendor: WDC_WD6400AAKS-75A7B0 01.03B01 Size: 610480MB BusType: 3

23:25:51.508 Disk 0 MBR read successfully

23:25:51.508 Disk 0 MBR scan

23:25:51.508 Disk 0 Windows XP default MBR code

23:25:51.524 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63

23:25:51.540 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2048 MB offset 112640

23:25:51.555 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 608376 MB offset 4306944

23:25:51.571 Disk 0 scanning C:\Windows\system32\drivers

23:26:00.241 Service scanning

23:26:13.532 Modules scanning

23:26:13.532 Disk 0 trace - called modules:

23:26:13.563 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

23:26:13.563 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80075231d0]

23:26:14.078 3 CLASSPNP.SYS[fffffa6000dcdc33] -> nt!IofCallDriver -> [0xfffffa8006113520]

23:26:14.078 5 acpi.sys[fffffa60008f4fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005602940]

23:26:14.078 Scan finished successfully

23:28:22.367 Disk 0 MBR has been saved successfully to "C:\Users\Alex\Desktop\MBR.dat"

23:28:22.367 The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR.txt"

DDS Log:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Alex at 23:33:28 on 2012-06-19

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6132.3885 [GMT -5:00]

.

AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler64.exe

C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Fitbit\fitbit.exe

C:\Windows\system32\spool\DRIVERS\x64\3\OPHCLDCS.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio64.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\conime.exe

C:\Windows\RAVCpl64.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Fitbit\fitbit-tray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files (x86)\Digital Line Detect\DLG.exe

C:\Program Files (x86)\PIXELA\ImageMixer3\HDDCameraMonitor.exe

C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe

C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe

C:\Program Files (x86)\Freecorder\FLVSrvc.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Windows\splwow64.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Search_URL = hxxp://ie.search.msn.com

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uCustomizeSearch = hxxp://ie.search.msn.com

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll

BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Facebook Update] "C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe

mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

mRun: [ReminderApp] C:\Program Files (x86)\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEM~1.LNK - C:\Program Files (x86)\PIXELA\ImageMixer3\HDDCameraMonitor.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxps://sisportal.maine207.org/Classroom/Reserved.ReportViewerWebControl.axd?ReportSession=my0ckk55ekkjdq55inudna45&ControlID=ef5d6b4ebd47423282911269a5a78151&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {3BF72F68-72D8-461D-A884-329D936C5581} - hxxp://www.totsites.com/admin2/includes/imageuploader5_5_6/ImageUploader5.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://fileserver.maine207.org/InternalSite/WhlCompMgr.cab

DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://taskstreamhelp.webex.com/client/T26L/event/ieatgpc1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{527048B8-AAC7-4BA2-BD4C-F55D70C4D564} : DhcpNameServer = 192.168.1.1

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll

BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO-X64: NCO 2.0 IE BHO - No File

BHO-X64: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll

BHO-X64: Freecorder Toolbar - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll

BHO-X64: TmBpIeBHO - No File

BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

BHO-X64: Google Gears Helper - No File

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll

TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

mRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun-x64: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

mRun-x64: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

mRun-x64: [ReminderApp] C:\Program Files (x86)\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2008-7-30 52760]

R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 AllShare;SAMSUNG AllShare Service;C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-7-16 6638080]

R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-11-27 275912]

R2 Fitbit;Fitbit Data Uploader;C:\Program Files (x86)\Fitbit\fitbit.exe [2012-2-28 788000]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 OKI OPHC DCS Loader;OKI OPHC DCS Loader;C:\Windows\System32\spool\drivers\x64\3\OPHCLDCS.EXE [2005-9-12 19968]

R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2011-9-22 150928]

R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]

R3 SIUSBXP;SIUSBXP;C:\Windows\system32\drivers\SiUSBXp.sys --> C:\Windows\system32\drivers\SiUSBXp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate1c98b1ccc2f0af0;Google Update Service (gupdate1c98b1ccc2f0af0);C:\Program Files (x86)\google\Update\GoogleUpdate.exe [2009-2-9 133104]

S3 DMService;Microsoft Forefront UAG Endpoint Component Manager;C:\Windows\DOWNLO~1\DMService.exe [2011-9-22 487824]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\google\Update\GoogleUpdate.exe [2009-2-9 133104]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-06-20 04:09:00 -------- d-sh--w- C:\$RECYCLE.BIN

2012-06-19 13:29:07 98816 ----a-w- C:\Windows\sed.exe

2012-06-19 13:29:07 518144 ----a-w- C:\Windows\SWREG.exe

2012-06-19 13:29:07 256000 ----a-w- C:\Windows\PEV.exe

2012-06-19 13:29:07 208896 ----a-w- C:\Windows\MBR.exe

2012-06-19 13:28:59 -------- d-----w- C:\ComboFix

2012-06-14 08:15:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2012-06-14 08:15:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll

2012-06-14 08:15:59 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll

2012-06-13 21:48:34 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-13 21:48:33 2767360 ----a-w- C:\Windows\System32\win32k.sys

2012-06-13 21:48:21 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-13 21:48:21 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-13 21:48:21 174592 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-13 21:48:21 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-13 21:48:21 132096 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-13 21:48:21 1267200 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-12 05:22:27 35928 ----a-w- C:\Windows\System32\AdobePDF64.dll

.

==================== Find3M ====================

.

2012-05-28 17:43:55 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-28 17:43:55 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-03 08:22:15 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 23:33:52.30 ===============

Attach Log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 6/19/2008 3:32:32 AM

System Uptime: 6/19/2012 10:13:15 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0FM586

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 594 GiB total, 166.266 GiB free.

D: is FIXED (NTFS) - 2 GiB total, 1.003 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

Acrobat.com

Add or Remove Adobe Creative Suite 3 Master Collection

Adobe Acrobat 8 Professional

Adobe Acrobat 8.3.1 - CPSID_83708

Adobe Acrobat 8.3.1 Professional

Adobe After Effects CS3

Adobe After Effects CS3 Presets

Adobe After Effects CS3 Template Projects & Footage

Adobe After Effects CS3 Third Party Content

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe BridgeTalk Plugin CS3

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Contribute CS3

Adobe Creative Suite 3 Master Collection

Adobe Default Language CS3

Adobe Device Central CS3

Adobe Dreamweaver CS3

Adobe Encore CS3

Adobe Encore CS3 Codecs

Adobe Encore CS3 Library

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Fireworks CS3

Adobe Flash CS3

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Flash Player 9 Plugin

Adobe Flash Video Encoder

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Illustrator CS3

Adobe InDesign CS3

Adobe InDesign CS3 Icon Handler

Adobe Linguistics CS3

Adobe MotionPicture Color Files

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Premiere Pro CS3

Adobe Premiere Pro CS3 Functional Content

Adobe Premiere Pro CS3 Third Party Content

Adobe Reader X (10.1.3)

Adobe Setup

Adobe Shockwave Player 11.5

Adobe SING CS3

Adobe Soundbooth CS3

Adobe Soundbooth CS3 Codecs

Adobe Soundbooth CS3 Scores

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe Version Cue CS3 Server {ko_KR}

Adobe Video Profiles

Adobe WAS CS3

Adobe WinSoft Linguistics Plugin

Adobe XMP DVA Panels CS3

Adobe XMP Panels CS3

AHV content for Acrobat and Flash

Amazon MP3 Downloader 1.0.12

AnswerWorks 5.0 English Runtime

Any Video Converter 3.1.8

Apple Application Support

Apple Software Update

Ask Toolbar

Ask Toolbar Updater

Audacity 1.2.6

AVI-FLV-MP4-WMV Converter 1.2

C3200n Series GDI Driver from OKI® Printing Solutions for Windows

Canon MP Navigator EX 1.0

Canon MP210 series User Registration

Canon Utilities Easy-PhotoPrint EX

Canon Utilities Solution Menu

Compatibility Pack for the 2007 Office system

Dell Getting Started Guide

Digital Line Detect

EDocs

Facebook Video Calling 1.2.0.159

Fitbit Base Station (Driver Removal)

Fitbit v2.1.0

Freecorder 5

Freecorder Toolbar

Google Chrome

Google Earth

Google Gears

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

Google Video Uploader

GoToMeeting 5.1.0.880

HandBrake 0.9.5

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

ImageMixer3

Java Auto Updater

Java 6 Update 30

LEGO MINDSTORMS Edu NXT - English Language Pack

LEGO MINDSTORMS Edu NXT Software v2.1

LiveUpdate (Symantec Corporation)

Logitech Harmony Remote Software 7

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Forefront UAG endpoint components v4.0.0

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Move Media Player

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NetWaiting

PDF Settings

Photo Transport

Photo Viewer V208G2

Quicken 2008

QuickTime

Realtek High Definition Audio Driver

Remote Control USB Driver

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

SAMSUNG PC Share Manager

ScanSoft OmniPage SE 4

Scrapbook Factory Deluxe 4.0

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Smartparts Desktop

Spelling Dictionaries Support For Adobe Reader 8

StartNow Toolbar

TurboTax 2008

TurboTax 2008 wiliper

TurboTax 2008 WinPerFedFormset

TurboTax 2008 WinPerProgramHelp

TurboTax 2008 WinPerReleaseEngine

TurboTax 2008 WinPerTaxSupport

TurboTax 2008 WinPerUserEducation

TurboTax 2008 wrapper

TurboTax 2009

TurboTax 2009 wiliper

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wrapper

TurboTax 2010

TurboTax 2010 wiliper

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

TurboTax 2011

TurboTax 2011 wiliper

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wrapper

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

WebEx

.

==== End Of File ===========================

Link to post
Share on other sites

Step 1

Please uninstall the following applications:

Freecorder Toolbar

StartNow Toolbar

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

Thanks again for the assistance. I followed the steps above (I actually deleted Freecorder altogether besides just deleting the toolbar), and then StartNow said it was already deleted once I had done that. OTL appeared to work, but at the end of the whole process when it was creating logs, it got to what appeared was almost done, and then the following error window came up:

"Win32 Error. Code: 23. Data error (cyclic redundancy check)"

Any idea what this is or how to get the log files if they didn't pop up automatically? I know it was supposed to be a short process for OTL to scan, but it was almost 15 minutes. It took an ESPECIALLY long time when it was scanning Google Chrome. (Note that in my original problem with the opening random webpages from Google, this only seems to occur in Chrome right now, not in IE).

Thanks!

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Hi,

I ran the program successfully, but the text file you spoke of did not appear to exist. I found the Eset folder under C:\programfiles(x86)\eset\esteonlinescanner, but the only txt file in there was a setup file. I was able to create a text file of the quarantined files, though, so hopefully that is what you were looking for:

C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToOLbar32.dll.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined

C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\7dad89f5-1d7d67a1 a variant of Win32/Kryptik.WDX trojan cleaned by deleting - quarantined

Let me know if you need me to look for something else. Again, I really appreciate all the help!

Link to post
Share on other sites

That's it!

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

<p>All right--after 24 hours of scanning, below is the Detected Threats report!:</p>

<p> </p>

<p> </p>

<div>Status: Disinfected   (events: 9)<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.OSX.Smid.b<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.OSX.Smid.b<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4/AppletX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128/mz1/my/CL.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce/mz1/my/CL.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.OpenStream.af<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.Java.Agent.f<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/AppletX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.OpenStream.af<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/LoaderX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div> </div>

<div> </div>

<div>Let me know what my next steps should be!  As always, I appreciate the time you're spending on this.</div>

Link to post
Share on other sites

<p>For some reason that last post was showing html.  Let me try this again:</p>

<p> </p>

<p> </p>

<div>Status: Disinfected   (events: 9)<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.OSX.Smid.b<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.OSX.Smid.b<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4/AppletX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128/mz1/my/CL.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>6/21/2012 9:23:15 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.Agent.al<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce/mz1/my/CL.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.OpenStream.af<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Exploit.Java.Agent.f<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/AppletX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>6/21/2012 9:23:16 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program Trojan-Downloader.Java.OpenStream.af<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/LoaderX.class<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div> </div>

Link to post
Share on other sites

Status: Disinfected (events: 9)

6/21/2012 9:23:15 AM Disinfected Trojan program Exploit.OSX.Smid.b C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4 High

6/21/2012 9:23:15 AM Disinfected Trojan program Exploit.OSX.Smid.b C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-4e23bea4/AppletX.class High

6/21/2012 9:23:16 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128 High

6/21/2012 9:23:16 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\22589776-3167b128/mz1/my/CL.class High

6/21/2012 9:23:15 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce High

6/21/2012 9:23:15 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-39231bce/mz1/my/CL.class High

6/21/2012 9:23:16 AM Disinfected Trojan program Trojan-Downloader.Java.OpenStream.af C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076 High

6/21/2012 9:23:16 AM Disinfected Trojan program Exploit.Java.Agent.f C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/AppletX.class High

6/21/2012 9:23:16 AM Disinfected Trojan program Trojan-Downloader.Java.OpenStream.af C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-51213076/myf/y/LoaderX.class High

Link to post
Share on other sites

A lot of Java exploits:

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

  1. Please download JavaRa to your desktop.
    • Click the Download button next to Windows Binary (.zip) Version 1.1.6. to download JavaRA and unzip it to its own folder.

[*]Run JavaRa.exe

[*]Pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts.

JavaRa1.png

[*]Open JavaRa.exe again and select Search For Updates.

[*]Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Link to post
Share on other sites

All right--the newest version of Java is running! I've done a few searches in Chrome using Google and it all of the links I click on take me to pages that I am choosing to go to. Do you think that this is the end of the trojan? Let me know if there are any other additional steps I need to be taking to ensure that the problem has ended--and to ensure that it doesn't occur again! (I currently use Trend Micro Titanium Internet security to prevent viruses, but obviously, it didn't work perfectly.)

Link to post
Share on other sites

Wait--unfortunately, I just found that it's still taking me to a new website when I check different links (Don't click on it, obviously, but this is one of the sites it's trying to take me to that is being blocked by Trend Micro: http://64.15.72.104/click.php?go=aHR0cDovL2NsaWNrLkdldC1BbnN3ZXJzLUZhc3QuY29tL2Fkcy1jbGlja3RyYWNrL2NsaWNrL2p1bXAxLmRvP3NpZD1CWnJBQUM0cFZXdm9WQ1EyaEZvODFUM01IazYlMkJleTNxNk9jOGVnUlN5ZDAlM0QmYWZmaWxpYXRlPTQ2MzU1JnN1YmlkPTg5MDlfMTIzMyZyYz0wJnRlcm1zPWxvcyBwb2xsaXRvcyBkaWNlbiBzb25n&b=MC4wMjg=&aff=8909&subaff=1233&time=1340387575&searcher_ip=67.149.143.234&cnt=21843&qq=los+pollitos+dicen+song&mode=&seid=fzwfj8M/33Q3TJfi+H2xwrq900gJ9R/Tluo1RgG0&se=YWJjc2VhcmNo&sid=9&pos=1)

Now what do you think we should do? Should I maybe delete Chrome since IE doesn't seem to have the problem?

Link to post
Share on other sites

Trend micro just alerted me that it stopped suspicious software from installing itself (I believe the j:/ one is the autorun flashdrive software, but I swear I deleted ComboFix, and I can't find the program in the location it says it exists. Should I uninstall OTL yet?)

Date/Time Name From Response ######## C:\Users\Alex\Downloads\ComboFix.exe <abbr title="Unknown" oncopy="event.clipboardData.setData('text/plain' 'Unknown');event.preventDefault();" >Unknown</abbr> Terminated ######## C:\Users\Alex\Desktop\OTL.exe <abbr title="Unknown" oncopy="event.clipboardData.setData('text/plain' 'Unknown');event.preventDefault();" >Unknown</abbr> Terminated ######## j:\install.bat <abbr title="Unknown" oncopy="event.clipboardData.setData('text/plain' 'Unknown');event.preventDefault();" >Unknown</abbr> Denied

Link to post
Share on other sites

Delete them for now. We proceed further with some other additional scans:

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

Also, sorry for the multiple posts--but when you said "delete them for now," what exactly should I be deleting? The three programs that Trend Micro found? If so, it stopped them from installing, and I can't find where the ComboFix is since I deleted it before. I can uninstall OTL, I believe.

Link to post
Share on other sites

Okay, I've tried a bunch of times now, and when clicking links in Google from Google Chrome, I'm no longer redirected--I think the problem has been solved! Do you think that the trojan was only attached to Chrome, or should I worry that it's still hidden somewhere in the computer? What do you think my next steps should be to make sure the computer isn't infected and that we never get infected again?

Thanks again for all of your time!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.