Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SecurityShield


  • Please log in to reply
9 replies to this topic

#1 GuardUp

GuardUp

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 20 June 2012 - 02:04 PM

Hi,

Recently I have had something malicious get past my AV and FW software 4 times. It was definitely the SecurityShield virus the 3rd time and previously and since the symptons were almost identical.

The 1st time something called 0.07676739.exe appeared in my C:\Users\**name**\AppData\Local\Temp folder. The 1st I knew of it was when it tried to connect to the internet. It also installed something called RxxWvgjh in my C:\Users\**name**Local folder and startup folder. I had to takeown these folders and delete them manually in safe mode. This 1st time MBAM would not run until these start-up files were removed.

The 2nd time it was something called liquid95000281.exe - again this appeared in the C:\Users\**Name**\AppData\Local\Temp folder. There were no start-up files this time though.

The 3rd time it caused something to fail in my © server ?? - some kind of service pop-up alert. It then attacked the webpage (apparently..). Picture here.

The 4th time it was again called something like oygw.exe and it tried to connect to the net. I noticed on 2 of these occasions the Java applet appearing in the taskbar in the right hand side. I ran secunia and it id'd Java as being old so I've updated it using CP.

All these attacks happened on the same page, on a forum. I have notified their admin and a few others have had similar programs. I think I've sorted it as I read the remove SecurityShield thread on this website and I didn't have the same symptoms it was describing, but I'm still concerned that something could get onto the system so easily.

I am running Avira Free AV and PC Tools Firewall. Malwarebytes is used occasionally for scanning and Windows Defender is there as well. I also used ESET online scanner after a couple of these attacks as I think AVIRA has been a bit damaged by this. It scans very slowly now.

Also I'm on Vista 32 bit using IE9.

Any help would be appreciated.

Edited by GuardUp, 20 June 2012 - 04:50 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:21 AM

Posted 20 June 2012 - 10:13 PM

Hello and welcome..

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.





Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 GuardUp

GuardUp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 21 June 2012 - 12:11 PM

Hi,

Thanks for the fast reply! Here is the MiniToolbox report:

MiniToolBox by Farbar Version: 09-06-2012
Ran by (administrator) on 21-06-2012 at 17:56:30
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Whizzard
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet
Physical Address. . . . . . . . . : 00-1A-92-7D-11-07
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 21 June 2012 17:41:14
Lease Expires . . . . . . . . . . : 29 July 2148 00:24:53
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 2a00:1450:4009:803::1001
173.194.34.99
173.194.34.100
173.194.34.101
173.194.34.102
173.194.34.103
173.194.34.104
173.194.34.105
173.194.34.110
173.194.34.96
173.194.34.97
173.194.34.98



Pinging google.com [173.194.41.161] with 32 bytes of data:

Reply from 173.194.41.161: bytes=32 time=37ms TTL=54

Reply from 173.194.41.161: bytes=32 time=33ms TTL=54



Ping statistics for 173.194.41.161:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 33ms, Maximum = 37ms, Average = 35ms

Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=152ms TTL=43

Reply from 209.191.122.70: bytes=32 time=157ms TTL=43



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 152ms, Maximum = 157ms, Average = 154ms

Server: UnKnown
Address: 192.168.2.1

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
8 ...00 1a 92 7d 11 07 ...... NVIDIA nForce 10/100/1000 Mbps Ethernet
1 ........................... Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.2 276
192.168.2.2 255.255.255.255 On-link 192.168.2.2 276
192.168.2.255 255.255.255.255 On-link 192.168.2.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\nvLsp.dll [270336] (NVIDIA)
Catalog9 02 C:\Windows\system32\nvLsp.dll [270336] (NVIDIA)
Catalog9 03 C:\Windows\system32\nvLsp.dll [270336] (NVIDIA)
Catalog9 04 C:\Windows\system32\nvLsp.dll [270336] (NVIDIA)
Catalog9 05 C:\Windows\system32\nvLsp.dll [270336] (NVIDIA)
Catalog9 06 C:\Windows\system32\nvLsp.dll [270336] (NVIDIA)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\nvLsp.dll [270336] (NVIDIA)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/21/2012 00:06:39 AM) (Source: Application Error) (User: )
Description: Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4fd10b64, faulting module filesystem_steam.dll_unloaded, version 0.0.0.0, time stamp 0x4fd10baa, exception code 0xc0000005, fault offset 0x66f6e3c9,
process id 0x47c, application start time 0xhl2.exe0.

Error: (06/20/2012 07:53:50 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16446, time stamp 0x4fb57c8f, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x032e0f72,
process id 0xad4, application start time 0xiexplore.exe0.

Error: (06/20/2012 05:42:35 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16446 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: b5c
Start Time: 01cd4f021ad51e1c
Termination Time: 32

Error: (06/18/2012 11:45:37 PM) (Source: Application Error) (User: )
Description: Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4fd10b64, faulting module filesystem_steam.dll_unloaded, version 0.0.0.0, time stamp 0x4fd10baa, exception code 0xc0000005, fault offset 0x6443e3c9,
process id 0xfd0, application start time 0xhl2.exe0.

Error: (06/18/2012 06:20:32 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/18/2012 01:00:28 AM) (Source: Application Error) (User: )
Description: Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4fd10b64, faulting module filesystem_steam.dll_unloaded, version 0.0.0.0, time stamp 0x4fd10baa, exception code 0xc0000005, fault offset 0x67a0e3c9,
process id 0x1ddc, application start time 0xhl2.exe0.

Error: (06/17/2012 11:07:07 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\username\APPDATA\ROAMING\AZUREUS\TABLES.CONFIG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (06/17/2012 05:46:10 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\username\APPDATA\ROAMING\AZUREUS\TABLES.CONFIG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (06/17/2012 04:15:45 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16446 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: c74
Start Time: 01cd4c9419f11f2d
Termination Time: 23

Error: (06/17/2012 00:43:42 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog


System errors:
=============
Error: (06/21/2012 05:41:50 PM) (Source: Service Control Manager) (User: )
Description: General Purpose USB Driver (adildr.sys)%%1058

Error: (06/20/2012 11:10:53 PM) (Source: Service Control Manager) (User: )
Description: Steam Client Service%%1053

Error: (06/20/2012 11:10:53 PM) (Source: Service Control Manager) (User: )
Description: 30000Steam Client Service

Error: (06/20/2012 10:27:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070643Security Update for Microsoft Visual C++ 2010 Redistributable Package (KB2467173){D68E0CB2-9501-405E-AF9C-156F352D6735}106

Error: (06/20/2012 05:25:49 PM) (Source: Service Control Manager) (User: )
Description: General Purpose USB Driver (adildr.sys)%%1058

Error: (06/20/2012 05:25:17 PM) (Source: LSM) (User: )
Description: Terminal Service start failed. The relevant status code was The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.

Error: (06/20/2012 07:33:42 AM) (Source: Service Control Manager) (User: )
Description: General Purpose USB Driver (adildr.sys)%%1058

Error: (06/19/2012 06:22:46 PM) (Source: Service Control Manager) (User: )
Description: Advanced SystemCare Service1

Error: (06/19/2012 06:21:27 PM) (Source: Service Control Manager) (User: )
Description: General Purpose USB Driver (adildr.sys)%%1058

Error: (06/19/2012 06:20:51 PM) (Source: LSM) (User: )
Description: Terminal Service start failed. The relevant status code was The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Microsoft Office Sessions:
=========================
Error: (06/21/2012 00:06:39 AM) (Source: Application Error)(User: )
Description: hl2.exe0.0.0.04fd10b64filesystem_steam.dll_unloaded0.0.0.04fd10baac000000566f6e3c947c01cd4f31e297786c

Error: (06/20/2012 07:53:50 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164464fb57c8funknown0.0.0.000000000c0000005032e0f72ad401cd4f15b17d48cc

Error: (06/20/2012 05:42:35 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16446b5c01cd4f021ad51e1c32

Error: (06/18/2012 11:45:37 PM) (Source: Application Error)(User: )
Description: hl2.exe0.0.0.04fd10b64filesystem_steam.dll_unloaded0.0.0.04fd10baac00000056443e3c9fd001cd4d97629be71a

Error: (06/18/2012 06:20:32 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/18/2012 01:00:28 AM) (Source: Application Error)(User: )
Description: hl2.exe0.0.0.04fd10b64filesystem_steam.dll_unloaded0.0.0.04fd10baac000000567a0e3c91ddc01cd4ce0dd2bafa1

Error: (06/17/2012 11:07:07 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\username\APPDATA\ROAMING\AZUREUS\TABLES.CONFIG

Error: (06/17/2012 05:46:10 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\username\APPDATA\ROAMING\AZUREUS\TABLES.CONFIG

Error: (06/17/2012 04:15:45 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16446c7401cd4c9419f11f2d23

Error: (06/17/2012 00:43:42 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


=========================== Installed Programs ============================

3DMark06 (Version: 1.1.0)
4oD (Version: 2.0.23.0)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Activ ECDL & Unit E
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Amazon MP3 Downloader 1.0.9
AMD APP SDK Runtime (Version: 10.0.898.1)
AMD Catalyst Install Manager (Version: 3.0.868.0)
Apple Software Update (Version: 2.1.0.110)
ArcSoft PhotoStudio 5.5
Avira Free Antivirus (Version: 12.0.0.1125)
Azureus (Version: 2.5.0.4)
Battlefield 2™
Battlefield 2: Special Forces
Battlefield 3™ (Version: 1.0.0.0)
Battlelog Web Plugins (Version: 1.118.0)
BioShock (Version: 2.5.0000)
BlindWrite 6 (Version: 6.0.4)
BUFFALO TurboUSB for FLASH/HDD
Call of Duty - United Offensive (Version: 1.00.0000)
Call of Duty Game of the Year Edition
Call of Duty® 4 - Modern Warfare™ (Version: 1.6)
Canon MP Navigator 3.0
Canon MP160 User Registration
Canon Utilities Easy-PhotoPrint
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0214.2218.39913)
Catalyst Control Center Graphics Previews Common (Version: 2012.0214.2218.39913)
Catalyst Control Center InstallProxy (Version: 2012.0214.2218.39913)
Catalyst Control Center Localization All (Version: 2012.0214.2218.39913)
ccc-utility (Version: 2012.0214.2218.39913)
CCC Help Chinese Standard (Version: 2012.0214.2217.39913)
CCC Help Chinese Traditional (Version: 2012.0214.2217.39913)
CCC Help Czech (Version: 2012.0214.2217.39913)
CCC Help Danish (Version: 2012.0214.2217.39913)
CCC Help Dutch (Version: 2012.0214.2217.39913)
CCC Help English (Version: 2012.0214.2217.39913)
CCC Help Finnish (Version: 2012.0214.2217.39913)
CCC Help French (Version: 2012.0214.2217.39913)
CCC Help German (Version: 2012.0214.2217.39913)
CCC Help Greek (Version: 2012.0214.2217.39913)
CCC Help Hungarian (Version: 2012.0214.2217.39913)
CCC Help Italian (Version: 2012.0214.2217.39913)
CCC Help Japanese (Version: 2012.0214.2217.39913)
CCC Help Korean (Version: 2012.0214.2217.39913)
CCC Help Norwegian (Version: 2012.0214.2217.39913)
CCC Help Polish (Version: 2012.0214.2217.39913)
CCC Help Portuguese (Version: 2012.0214.2217.39913)
CCC Help Russian (Version: 2012.0214.2217.39913)
CCC Help Spanish (Version: 2012.0214.2217.39913)
CCC Help Swedish (Version: 2012.0214.2217.39913)
CCC Help Thai (Version: 2012.0214.2217.39913)
CCC Help Turkish (Version: 2012.0214.2217.39913)
CCleaner (Version: 3.16)
Colin McRae Rally 04 (Version: 1.00.000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Debugging Tools for Windows (x86) (Version: 6.9.3.113)
Defense Grid: The Awakening
Deus Ex: Human Revolution
DirectXInstallService (Version: 9.0.0)
DiRT Demo (Version: 1.00.0000)
Driver Sweeper version 2.8.5 (Version: 2.8.5)
DVDFab 6.0.4.0 (28/07/2009)
EMC 10 Content (Version: 1.0.015)
Enemy Territory - Quake Wars™
ESET Online Scanner v3
ESN Sonar (Version: 0.70.4)
Far Cry (Patch 1.3) (Version: 1.00.0000)
Far Cry (Patch 1.31) (Version: 1.00.0000)
Far Cry (Patch 1.33) (Version: 1.00.0000)
Far Cry (Version: 1.00.0000)
FEAR (Version: 1.00.0000)
Fraps
G-Force (Version: 3.7.1)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.111)
Half-Life
ImgBurn (Remove Only)
Jamestown
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
K-Lite Codec Pack 8.1.0 (Basic) (Version: 8.1.0)
Magic ISO Maker v5.4 (build 0251)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MediaMonkey 4.0 (Version: 4.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 (Version: 3.5.21022)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office FrontPage 2003 (Version: 11.0.8173.0)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Mozilla Firefox 4.0.1 (x86 en-US) (Version: 4.0.1)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyPhoneExplorer (Version: 1.7.4)
Next Generation Visualisations (Version: 1.0.0)
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager (Version: 1.00.6793)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenAL
Origin (Version: 8.5.2.23)
PC Tools Firewall Plus 6.0 (Version: 6.0)
PunkBuster Services (Version: 0.991)
Razer Diamondback (Version: 5.01)
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.5904)
Rome - Total War (Version: 1.5)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.1.0)
Roxio Central Audio (Version: 3.6.0)
Roxio Central Copy (Version: 3.6.0)
Roxio Central Core (Version: 3.6.0)
Roxio Central Data (Version: 3.6.0)
Roxio Central Tools (Version: 3.6.0)
Roxio CinePlayer (Version: 3.9)
Roxio CinePlayer Decoder Pack (Version: 4.3.0)
Roxio Disc Gallery (Version: 3.1)
Roxio Easy Media Creator 10 Suite (Version: 1.0.044)
Roxio File Backup (Version: 1.1.0)
Roxio MediaShare (Version: 1.0.0)
Roxio Update Manager (Version: 6.0.0)
S.T.A.L.K.E.R. - Shadow of Chernobyl (Version: 1.0000)
SAGEM F@st 800-840 (Version: 4.06.000)
ScanSoft OmniPage SE 4.0 (Version: 15.00.0020)
Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003)
Shockwave
SmartSound Quicktracks Plugin (Version: 3.0.8.0)
SopCast 3.4.0 (Version: 3.4.0)
Spotify (Version: 0.3.17)
Spotify (Version: 0.8.3.222.g317ab79d)
Steam (Version: 1.0.0.0)
System Requirements Lab CYRI (Version: 4.5.1.0)
Team Fortress 2
Terrafirma (Version: 1.9.7)
Terraria
Torchlight
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Veetle TV (Version: 0.9.18)
VLC media player 2.0.1 (Version: 2.0.1)
Windows Installer Clean Up (Version: 3.00.00.0000)
WinRAR archiver
Zip Motion Block Video codec (Remove Only)

========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 3069.82 MB
Available physical RAM: 1930.79 MB
Total Pagefile: 6370.64 MB
Available Pagefile: 5126.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.1 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:298.09 GB) (Free:142.98 GB) NTFS
7 Drive j: (HD-CEU2) (Fixed) (Total:465.76 GB) (Free:195.4 GB) NTFS

========================= Users: ========================================

User accounts for \\WHIZZARD

Administrator ASPNET username
Guest other user


**** End of log ****

#4 GuardUp

GuardUp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 21 June 2012 - 01:00 PM

Sorry,

A small question. After booting into safe mode with networking and downloading fixexe and allowing it to merge, do I have to boot back into normal windows? I am running Vista and in safe mode there is no right-click option for administrator!? How long should I stay in safe mode?

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:21 AM

Posted 21 June 2012 - 01:23 PM

OK, then do it in Normal mode. We can go back later if needed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 GuardUp

GuardUp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 21 June 2012 - 02:39 PM

Ok,

Everything seems clean. Here are the results:

RKill


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 21/06/2012 at 19:35:23.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:


Rkill completed on 21/06/2012 at 19:35:27.

TDSSKiller


19:37:31.0484 3100 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
19:37:33.0512 3100 ============================================================
19:37:33.0512 3100 Current date / time: 2012/06/21 19:37:33.0512
19:37:33.0512 3100 SystemInfo:
19:37:33.0512 3100
19:37:33.0512 3100 OS Version: 6.0.6002 ServicePack: 2.0
19:37:33.0512 3100 Product type: Workstation
19:37:33.0512 3100 ComputerName: WHIZZARD
19:37:33.0512 3100 UserName: username
19:37:33.0512 3100 Windows directory: C:\Windows
19:37:33.0512 3100 System windows directory: C:\Windows
19:37:33.0512 3100 Processor architecture: Intel x86
19:37:33.0512 3100 Number of processors: 2
19:37:33.0512 3100 Page size: 0x1000
19:37:33.0512 3100 Boot type: Normal boot
19:37:33.0512 3100 ============================================================
19:37:34.0027 3100 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:37:34.0042 3100 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:37:34.0074 3100 ============================================================
19:37:34.0074 3100 \Device\Harddisk0\DR0:
19:37:34.0074 3100 MBR partitions:
19:37:34.0074 3100 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
19:37:34.0074 3100 \Device\Harddisk1\DR1:
19:37:34.0074 3100 MBR partitions:
19:37:34.0074 3100 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
19:37:34.0074 3100 ============================================================
19:37:34.0089 3100 C: <-> \Device\Harddisk0\DR0\Partition0
19:37:34.0152 3100 J: <-> \Device\Harddisk1\DR1\Partition0
19:37:34.0152 3100 ============================================================
19:37:34.0152 3100 Initialize success
19:37:34.0152 3100 ============================================================
19:37:53.0589 0736 ============================================================
19:37:53.0589 0736 Scan started
19:37:53.0589 0736 Mode: Manual; TDLFS;
19:37:53.0589 0736 ============================================================
19:37:54.0057 0736 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:37:54.0057 0736 ACPI - ok
19:37:54.0104 0736 adiusbaw (b944ad9f92d31285dba3d190deb43883) C:\Windows\system32\DRIVERS\adiusbaw.sys
19:37:54.0104 0736 adiusbaw - ok
19:37:54.0182 0736 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:37:54.0198 0736 AdobeARMservice - ok
19:37:54.0244 0736 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
19:37:54.0276 0736 adp94xx - ok
19:37:54.0307 0736 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
19:37:54.0322 0736 adpahci - ok
19:37:54.0338 0736 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
19:37:54.0354 0736 adpu160m - ok
19:37:54.0369 0736 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
19:37:54.0385 0736 adpu320 - ok
19:37:54.0416 0736 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:37:54.0416 0736 AeLookupSvc - ok
19:37:54.0478 0736 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:37:54.0494 0736 AFD - ok
19:37:54.0525 0736 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
19:37:54.0541 0736 agp440 - ok
19:37:54.0556 0736 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:37:54.0556 0736 aic78xx - ok
19:37:54.0603 0736 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:37:54.0603 0736 ALG - ok
19:37:54.0619 0736 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
19:37:54.0619 0736 aliide - ok
19:37:54.0650 0736 AMD External Events Utility (cde41d99db840ff9454fc981ebd0ec50) C:\Windows\system32\atiesrxx.exe
19:37:54.0666 0736 AMD External Events Utility - ok
19:37:54.0697 0736 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
19:37:54.0697 0736 amdagp - ok
19:37:54.0728 0736 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
19:37:54.0728 0736 amdide - ok
19:37:54.0744 0736 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
19:37:54.0759 0736 AmdK7 - ok
19:37:54.0775 0736 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
19:37:54.0775 0736 AmdK8 - ok
19:37:55.0243 0736 amdkmdag (ffd082f1f1d4ff5c87f66df62486bcfa) C:\Windows\system32\DRIVERS\atikmdag.sys
19:37:55.0633 0736 amdkmdag - ok
19:37:55.0758 0736 amdkmdap (c541da5b72fa638469e8dc1e66079330) C:\Windows\system32\DRIVERS\atikmpag.sys
19:37:55.0773 0736 amdkmdap - ok
19:37:55.0836 0736 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:37:55.0851 0736 AntiVirSchedulerService - ok
19:37:55.0914 0736 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:37:55.0914 0736 AntiVirService - ok
19:37:55.0960 0736 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:37:55.0960 0736 Appinfo - ok
19:37:55.0976 0736 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
19:37:55.0992 0736 arc - ok
19:37:56.0023 0736 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
19:37:56.0038 0736 arcsas - ok
19:37:56.0070 0736 AsIO (663f2fb92608073824ee3106886120f3) C:\Windows\system32\drivers\AsIO.sys
19:37:56.0070 0736 AsIO - ok
19:37:56.0179 0736 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:37:56.0194 0736 aspnet_state - ok
19:37:56.0226 0736 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:37:56.0226 0736 AsyncMac - ok
19:37:56.0257 0736 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:37:56.0257 0736 atapi - ok
19:37:56.0304 0736 AtiHDAudioService (9f7ccf1d6faf646f71f029a30ded2dc7) C:\Windows\system32\drivers\AtihdLH3.sys
19:37:56.0319 0736 AtiHDAudioService - ok
19:37:56.0350 0736 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:37:56.0397 0736 AudioEndpointBuilder - ok
19:37:56.0397 0736 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:37:56.0413 0736 Audiosrv - ok
19:37:56.0444 0736 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
19:37:56.0460 0736 avgntflt - ok
19:37:56.0475 0736 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
19:37:56.0491 0736 avipbb - ok
19:37:56.0522 0736 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
19:37:56.0522 0736 avkmgr - ok
19:37:56.0569 0736 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:37:56.0569 0736 Beep - ok
19:37:56.0647 0736 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:37:56.0694 0736 BFE - ok
19:37:56.0740 0736 bfturboh (94a5e2424bc8b94d02f88dea0702246b) C:\Windows\system32\drivers\bfturboh.sys
19:37:56.0740 0736 bfturboh - ok
19:37:56.0834 0736 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
19:37:56.0912 0736 BITS - ok
19:37:56.0912 0736 blbdrive - ok
19:37:56.0990 0736 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:37:56.0990 0736 bowser - ok
19:37:57.0052 0736 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:37:57.0052 0736 BrFiltLo - ok
19:37:57.0084 0736 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:37:57.0084 0736 BrFiltUp - ok
19:37:57.0115 0736 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:37:57.0115 0736 Browser - ok
19:37:57.0146 0736 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:37:57.0146 0736 Brserid - ok
19:37:57.0193 0736 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:37:57.0193 0736 BrSerWdm - ok
19:37:57.0224 0736 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:37:57.0224 0736 BrUsbMdm - ok
19:37:57.0255 0736 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:37:57.0255 0736 BrUsbSer - ok
19:37:57.0271 0736 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:37:57.0271 0736 BTHMODEM - ok
19:37:57.0364 0736 c2scsi (f07baaa5447980beb357239da05e74b3) C:\Windows\system32\DRIVERS\c2scsi.sys
19:37:57.0380 0736 c2scsi - ok
19:37:57.0411 0736 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:37:57.0411 0736 cdfs - ok
19:37:57.0474 0736 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:37:57.0489 0736 cdrom - ok
19:37:57.0552 0736 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:37:57.0552 0736 CertPropSvc - ok
19:37:57.0567 0736 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
19:37:57.0583 0736 circlass - ok
19:37:57.0614 0736 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:37:57.0630 0736 CLFS - ok
19:37:57.0723 0736 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:37:57.0723 0736 clr_optimization_v2.0.50727_32 - ok
19:37:57.0786 0736 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:37:57.0786 0736 clr_optimization_v4.0.30319_32 - ok
19:37:57.0832 0736 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
19:37:57.0832 0736 cmdide - ok
19:37:57.0848 0736 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
19:37:57.0848 0736 Compbatt - ok
19:37:57.0848 0736 COMSysApp - ok
19:37:57.0879 0736 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
19:37:57.0895 0736 crcdisk - ok
19:37:57.0910 0736 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
19:37:57.0910 0736 Crusoe - ok
19:37:57.0957 0736 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
19:37:57.0957 0736 CryptSvc - ok
19:37:58.0020 0736 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:37:58.0035 0736 DcomLaunch - ok
19:37:58.0066 0736 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:37:58.0066 0736 DfsC - ok
19:37:58.0207 0736 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:37:58.0254 0736 DFSR - ok
19:37:58.0394 0736 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:37:58.0425 0736 Dhcp - ok
19:37:58.0472 0736 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:37:58.0472 0736 disk - ok
19:37:58.0519 0736 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:37:58.0534 0736 Dnscache - ok
19:37:58.0566 0736 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:37:58.0566 0736 dot3svc - ok
19:37:58.0612 0736 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:37:58.0612 0736 DPS - ok
19:37:58.0644 0736 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:37:58.0659 0736 drmkaud - ok
19:37:58.0706 0736 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:37:58.0722 0736 DXGKrnl - ok
19:37:58.0768 0736 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:37:58.0768 0736 E1G60 - ok
19:37:58.0800 0736 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:37:58.0800 0736 EapHost - ok
19:37:58.0862 0736 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:37:58.0878 0736 Ecache - ok
19:37:58.0940 0736 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:37:58.0956 0736 ehRecvr - ok
19:37:58.0971 0736 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:37:58.0971 0736 ehSched - ok
19:37:58.0987 0736 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:37:58.0987 0736 ehstart - ok
19:37:59.0034 0736 ELOADER (9a3a8614859fb77767b63a82a017ccc6) C:\Windows\system32\Drivers\adildr.sys
19:37:59.0034 0736 ELOADER - ok
19:37:59.0065 0736 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
19:37:59.0096 0736 elxstor - ok
19:37:59.0143 0736 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:37:59.0174 0736 EMDMgmt - ok
19:37:59.0205 0736 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\Windows\system32\DRIVERS\ENTECH.sys
19:37:59.0205 0736 ENTECH - ok
19:37:59.0252 0736 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:37:59.0252 0736 EventSystem - ok
19:37:59.0299 0736 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:37:59.0314 0736 exfat - ok
19:37:59.0346 0736 ezplay (73e701e0fa4d2fc7d22efceff276c50a) C:\Windows\system32\Drivers\ezplay.sys
19:37:59.0361 0736 ezplay - ok
19:37:59.0377 0736 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:37:59.0392 0736 fastfat - ok
19:37:59.0424 0736 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:37:59.0424 0736 fdc - ok
19:37:59.0455 0736 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:37:59.0455 0736 fdPHost - ok
19:37:59.0470 0736 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:37:59.0470 0736 FDResPub - ok
19:37:59.0502 0736 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:37:59.0517 0736 FileInfo - ok
19:37:59.0533 0736 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:37:59.0533 0736 Filetrace - ok
19:37:59.0548 0736 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:37:59.0548 0736 flpydisk - ok
19:37:59.0595 0736 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:37:59.0611 0736 FltMgr - ok
19:37:59.0689 0736 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:37:59.0704 0736 FontCache - ok
19:37:59.0767 0736 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:37:59.0782 0736 FontCache3.0.0.0 - ok
19:37:59.0814 0736 ForceWare Intelligent Application Manager (IAM) - ok
19:37:59.0829 0736 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
19:37:59.0845 0736 Fs_Rec - ok
19:37:59.0876 0736 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
19:37:59.0892 0736 gagp30kx - ok
19:37:59.0938 0736 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:37:59.0954 0736 gpsvc - ok
19:38:00.0048 0736 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:38:00.0048 0736 gupdate - ok
19:38:00.0063 0736 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:38:00.0063 0736 gupdatem - ok
19:38:00.0110 0736 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
19:38:00.0126 0736 HdAudAddService - ok
19:38:00.0188 0736 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:38:00.0204 0736 HDAudBus - ok
19:38:00.0235 0736 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:38:00.0235 0736 HidBth - ok
19:38:00.0250 0736 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:38:00.0266 0736 HidIr - ok
19:38:00.0282 0736 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
19:38:00.0282 0736 hidserv - ok
19:38:00.0297 0736 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:38:00.0313 0736 HidUsb - ok
19:38:00.0328 0736 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:38:00.0344 0736 hkmsvc - ok
19:38:00.0360 0736 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
19:38:00.0360 0736 HpCISSs - ok
19:38:00.0391 0736 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:38:00.0406 0736 HTTP - ok
19:38:00.0422 0736 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
19:38:00.0422 0736 i2omp - ok
19:38:00.0469 0736 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:38:00.0484 0736 i8042prt - ok
19:38:00.0500 0736 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
19:38:00.0516 0736 iaStorV - ok
19:38:00.0625 0736 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:38:00.0656 0736 idsvc - ok
19:38:00.0672 0736 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:38:00.0672 0736 iirsp - ok
19:38:00.0718 0736 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:38:00.0734 0736 IKEEXT - ok
19:38:00.0937 0736 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\Windows\system32\drivers\RTKVHDA.sys
19:38:01.0046 0736 IntcAzAudAddService - ok
19:38:01.0155 0736 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
19:38:01.0155 0736 intelide - ok
19:38:01.0186 0736 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:38:01.0186 0736 intelppm - ok
19:38:01.0202 0736 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:38:01.0218 0736 IPBusEnum - ok
19:38:01.0233 0736 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:38:01.0233 0736 IpFilterDriver - ok
19:38:01.0264 0736 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:38:01.0264 0736 iphlpsvc - ok
19:38:01.0280 0736 IpInIp - ok
19:38:01.0296 0736 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
19:38:01.0296 0736 IPMIDRV - ok
19:38:01.0327 0736 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:38:01.0327 0736 IPNAT - ok
19:38:01.0342 0736 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:38:01.0342 0736 IRENUM - ok
19:38:01.0374 0736 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
19:38:01.0374 0736 isapnp - ok
19:38:01.0420 0736 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:38:01.0420 0736 iScsiPrt - ok
19:38:01.0436 0736 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:38:01.0436 0736 iteatapi - ok
19:38:01.0452 0736 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:38:01.0452 0736 iteraid - ok
19:38:01.0483 0736 k600bus (53d606019bb0f0c6b3e6ec9d2e0f7622) C:\Windows\system32\DRIVERS\k600bus.sys
19:38:01.0498 0736 k600bus - ok
19:38:01.0530 0736 k600mdfl (c0d81f66557847bbb7f5b9980bc2ea2e) C:\Windows\system32\DRIVERS\k600mdfl.sys
19:38:01.0530 0736 k600mdfl - ok
19:38:01.0545 0736 k600mdm (646900b2921bad4757b427d2d328ec96) C:\Windows\system32\DRIVERS\k600mdm.sys
19:38:01.0545 0736 k600mdm - ok
19:38:01.0576 0736 k600mgmt (3990320cfef38b038c012029257e2300) C:\Windows\system32\DRIVERS\k600mgmt.sys
19:38:01.0576 0736 k600mgmt - ok
19:38:01.0592 0736 k600obex (1578cb8176d08cc4d3dbe094c62fc236) C:\Windows\system32\DRIVERS\k600obex.sys
19:38:01.0608 0736 k600obex - ok
19:38:01.0623 0736 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:38:01.0623 0736 kbdclass - ok
19:38:01.0639 0736 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
19:38:01.0654 0736 kbdhid - ok
19:38:01.0670 0736 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:38:01.0686 0736 KeyIso - ok
19:38:01.0717 0736 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:38:01.0748 0736 KSecDD - ok
19:38:01.0951 0736 KService (62cef3ca80ff1e3af738dd11e3505db1) C:\Program Files\Kontiki\KService.exe
19:38:02.0013 0736 KService - ok
19:38:02.0138 0736 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:38:02.0154 0736 KtmRm - ok
19:38:02.0169 0736 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
19:38:02.0185 0736 LanmanServer - ok
19:38:02.0216 0736 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:38:02.0232 0736 LanmanWorkstation - ok
19:38:02.0310 0736 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:38:02.0310 0736 lltdio - ok
19:38:02.0356 0736 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:38:02.0372 0736 lltdsvc - ok
19:38:02.0388 0736 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:38:02.0403 0736 lmhosts - ok
19:38:02.0434 0736 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
19:38:02.0450 0736 LSI_FC - ok
19:38:02.0450 0736 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
19:38:02.0466 0736 LSI_SAS - ok
19:38:02.0497 0736 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
19:38:02.0497 0736 LSI_SCSI - ok
19:38:02.0528 0736 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:38:02.0544 0736 luafv - ok
19:38:02.0559 0736 mcdbus - ok
19:38:02.0575 0736 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:38:02.0590 0736 Mcx2Svc - ok
19:38:02.0606 0736 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
19:38:02.0606 0736 megasas - ok
19:38:02.0622 0736 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:38:02.0622 0736 MMCSS - ok
19:38:02.0637 0736 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:38:02.0653 0736 Modem - ok
19:38:02.0684 0736 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:38:02.0684 0736 monitor - ok
19:38:02.0715 0736 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:38:02.0731 0736 mouclass - ok
19:38:02.0746 0736 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:38:02.0746 0736 mouhid - ok
19:38:02.0778 0736 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:38:02.0778 0736 MountMgr - ok
19:38:02.0809 0736 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
19:38:02.0809 0736 mpio - ok
19:38:02.0840 0736 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:38:02.0840 0736 mpsdrv - ok
19:38:02.0887 0736 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
19:38:02.0934 0736 MpsSvc - ok
19:38:02.0949 0736 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:38:02.0965 0736 Mraid35x - ok
19:38:02.0980 0736 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:38:02.0980 0736 MRxDAV - ok
19:38:03.0027 0736 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:38:03.0043 0736 mrxsmb - ok
19:38:03.0058 0736 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:38:03.0090 0736 mrxsmb10 - ok
19:38:03.0105 0736 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:38:03.0105 0736 mrxsmb20 - ok
19:38:03.0136 0736 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
19:38:03.0152 0736 msahci - ok
19:38:03.0168 0736 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
19:38:03.0183 0736 msdsm - ok
19:38:03.0199 0736 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:38:03.0199 0736 MSDTC - ok
19:38:03.0230 0736 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:38:03.0230 0736 Msfs - ok
19:38:03.0261 0736 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:38:03.0261 0736 msisadrv - ok
19:38:03.0277 0736 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:38:03.0308 0736 MSiSCSI - ok
19:38:03.0324 0736 msiserver - ok
19:38:03.0355 0736 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:38:03.0355 0736 MSKSSRV - ok
19:38:03.0370 0736 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:38:03.0370 0736 MSPCLOCK - ok
19:38:03.0386 0736 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:38:03.0386 0736 MSPQM - ok
19:38:03.0417 0736 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:38:03.0433 0736 MsRPC - ok
19:38:03.0464 0736 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:38:03.0464 0736 mssmbios - ok
19:38:03.0480 0736 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:38:03.0480 0736 MSTEE - ok
19:38:03.0495 0736 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
19:38:03.0495 0736 MTsensor - ok
19:38:03.0511 0736 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:38:03.0526 0736 Mup - ok
19:38:03.0558 0736 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:38:03.0573 0736 napagent - ok
19:38:03.0604 0736 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:38:03.0620 0736 NativeWifiP - ok
19:38:03.0667 0736 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:38:03.0682 0736 NDIS - ok
19:38:03.0698 0736 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:38:03.0714 0736 NdisTapi - ok
19:38:03.0729 0736 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:38:03.0729 0736 Ndisuio - ok
19:38:03.0760 0736 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:38:03.0792 0736 NdisWan - ok
19:38:03.0807 0736 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:38:03.0807 0736 NDProxy - ok
19:38:03.0823 0736 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:38:03.0823 0736 NetBIOS - ok
19:38:03.0854 0736 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:38:03.0870 0736 netbt - ok
19:38:03.0901 0736 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:38:03.0901 0736 Netlogon - ok
19:38:03.0932 0736 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:38:03.0948 0736 Netman - ok
19:38:04.0026 0736 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:38:04.0041 0736 NetMsmqActivator - ok
19:38:04.0041 0736 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:38:04.0041 0736 NetPipeActivator - ok
19:38:04.0088 0736 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:38:04.0104 0736 netprofm - ok
19:38:04.0104 0736 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:38:04.0104 0736 NetTcpActivator - ok
19:38:04.0104 0736 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:38:04.0104 0736 NetTcpPortSharing - ok
19:38:04.0135 0736 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:38:04.0135 0736 nfrd960 - ok
19:38:04.0166 0736 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:38:04.0166 0736 NlaSvc - ok
19:38:04.0213 0736 nlsX86cc (7bfa0c5d8a4a2f1c46a6a3a698bde3e5) C:\Windows\system32\NLSSRV32.EXE
19:38:04.0228 0736 nlsX86cc - ok
19:38:04.0244 0736 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:38:04.0244 0736 Npfs - ok
19:38:04.0275 0736 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:38:04.0275 0736 nsi - ok
19:38:04.0306 0736 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:38:04.0306 0736 nsiproxy - ok
19:38:04.0353 0736 nSvcIp - ok
19:38:04.0431 0736 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:38:04.0494 0736 Ntfs - ok
19:38:04.0509 0736 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:38:04.0509 0736 ntrigdigi - ok
19:38:04.0540 0736 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:38:04.0540 0736 Null - ok
19:38:04.0634 0736 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
19:38:04.0712 0736 NVENETFD - ok
19:38:04.0743 0736 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
19:38:04.0759 0736 nvraid - ok
19:38:04.0774 0736 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:38:04.0790 0736 nvstor - ok
19:38:04.0806 0736 nvstor32 (8ee374b6fb3cb2bb8d70395218b464a5) C:\Windows\system32\DRIVERS\nvstor32.sys
19:38:04.0821 0736 nvstor32 - ok
19:38:04.0837 0736 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
19:38:04.0837 0736 nv_agp - ok
19:38:04.0852 0736 NwlnkFlt - ok
19:38:04.0852 0736 NwlnkFwd - ok
19:38:04.0884 0736 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:38:04.0884 0736 ohci1394 - ok
19:38:04.0946 0736 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:38:04.0962 0736 ose - ok
19:38:05.0024 0736 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:38:05.0040 0736 p2pimsvc - ok
19:38:05.0055 0736 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:38:05.0055 0736 p2psvc - ok
19:38:05.0102 0736 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
19:38:05.0118 0736 Parport - ok
19:38:05.0133 0736 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
19:38:05.0149 0736 partmgr - ok
19:38:05.0164 0736 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
19:38:05.0164 0736 Parvdm - ok
19:38:05.0180 0736 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:38:05.0196 0736 PcaSvc - ok
19:38:05.0211 0736 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:38:05.0227 0736 pci - ok
19:38:05.0242 0736 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
19:38:05.0242 0736 pciide - ok
19:38:05.0274 0736 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:38:05.0289 0736 pcmcia - ok
19:38:05.0320 0736 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
19:38:05.0320 0736 pcouffin - ok
19:38:05.0367 0736 PCTAppEvent (cc174f32cc9c18ea3109c4b0fc2ca8df) C:\Windows\system32\drivers\PCTAppEvent.sys
19:38:05.0367 0736 PCTAppEvent - ok
19:38:05.0414 0736 PCTFW-DNS (0afd401e45033c6264080989647989d2) C:\Windows\system32\drivers\pctNdis-DNS.sys
19:38:05.0414 0736 PCTFW-DNS - ok
19:38:05.0445 0736 PCTFW-PacketFilter (4a7ef973fcd9c6cad6040ebb61262a5c) C:\Windows\system32\drivers\pctNdis-PacketFilter.sys
19:38:05.0445 0736 PCTFW-PacketFilter - ok
19:38:05.0476 0736 pctgntdi (39e8623f9f29dbc9e053a696d85f8ac6) C:\Windows\System32\drivers\pctgntdi.sys
19:38:05.0492 0736 pctgntdi - ok
19:38:05.0523 0736 pctNDIS (8bbe917bc4da64b0ba8db33d4c0e0b7d) C:\Windows\system32\DRIVERS\pctNdis.sys
19:38:05.0523 0736 pctNDIS - ok
19:38:05.0617 0736 PCToolsFirewallPlus (c45ed958d60b95e98bacb45f4f2f1649) C:\Program Files\PC Tools Firewall Plus\FWService.exe
19:38:05.0632 0736 PCToolsFirewallPlus - ok
19:38:05.0664 0736 pctplfw (6d74df36716a458619a62dd764fc4f8b) C:\Windows\System32\drivers\pctplfw.sys
19:38:05.0679 0736 pctplfw - ok
19:38:05.0757 0736 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:38:05.0820 0736 PEAUTH - ok
19:38:05.0913 0736 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:38:05.0991 0736 pla - ok
19:38:06.0100 0736 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:38:06.0116 0736 PlugPlay - ok
19:38:06.0147 0736 PnkBstrA (205e1b699fd3f2f9b036eea2ec30c620) C:\Windows\system32\PnkBstrA.exe
19:38:06.0163 0736 PnkBstrA - ok
19:38:06.0225 0736 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:38:06.0225 0736 PNRPAutoReg - ok
19:38:06.0241 0736 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:38:06.0241 0736 PNRPsvc - ok
19:38:06.0272 0736 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:38:06.0288 0736 PolicyAgent - ok
19:38:06.0334 0736 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:38:06.0350 0736 PptpMiniport - ok
19:38:06.0381 0736 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
19:38:06.0381 0736 Processor - ok
19:38:06.0412 0736 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:38:06.0428 0736 ProfSvc - ok
19:38:06.0444 0736 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:38:06.0444 0736 ProtectedStorage - ok
19:38:06.0475 0736 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:38:06.0475 0736 PSched - ok
19:38:06.0522 0736 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
19:38:06.0522 0736 PSI - ok
19:38:06.0537 0736 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
19:38:06.0537 0736 PxHelp20 - ok
19:38:06.0615 0736 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
19:38:06.0662 0736 ql2300 - ok
19:38:06.0693 0736 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:38:06.0693 0736 ql40xx - ok
19:38:06.0740 0736 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:38:06.0740 0736 QWAVE - ok
19:38:06.0771 0736 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:38:06.0771 0736 QWAVEdrv - ok
19:38:06.0802 0736 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:38:06.0802 0736 RasAcd - ok
19:38:06.0834 0736 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:38:06.0834 0736 RasAuto - ok
19:38:06.0865 0736 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:38:06.0865 0736 Rasl2tp - ok
19:38:06.0912 0736 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:38:06.0912 0736 RasMan - ok
19:38:06.0958 0736 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:38:06.0958 0736 RasPppoe - ok
19:38:06.0990 0736 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:38:06.0990 0736 RasSstp - ok
19:38:07.0036 0736 Razerlow (116c340acf37602d12cac6de6b8107cd) C:\Windows\system32\Drivers\Razerlow.sys
19:38:07.0052 0736 Razerlow - ok
19:38:07.0083 0736 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:38:07.0099 0736 rdbss - ok
19:38:07.0130 0736 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:38:07.0130 0736 RDPCDD - ok
19:38:07.0161 0736 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
19:38:07.0177 0736 rdpdr - ok
19:38:07.0192 0736 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:38:07.0192 0736 RDPENCDD - ok
19:38:07.0239 0736 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
19:38:07.0255 0736 RDPWD - ok
19:38:07.0286 0736 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:38:07.0286 0736 RemoteAccess - ok
19:38:07.0317 0736 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:38:07.0333 0736 RemoteRegistry - ok
19:38:07.0411 0736 Roxio UPnP Renderer 10 (85b5159d86ac06ad744ee9d3c288aeee) C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
19:38:07.0411 0736 Roxio UPnP Renderer 10 - ok
19:38:07.0442 0736 Roxio Upnp Server 10 (0db43caf2d77b809a86e9d7e1bcc6d76) C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
19:38:07.0458 0736 Roxio Upnp Server 10 - ok
19:38:07.0504 0736 RoxLiveShare10 (7958affc64e4f284068eb6575cc64dcf) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
19:38:07.0520 0736 RoxLiveShare10 - ok
19:38:07.0582 0736 RoxMediaDB10 (ed69cd4ab4be607abf768a60e4ac79da) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
19:38:07.0645 0736 RoxMediaDB10 - ok
19:38:07.0676 0736 RoxWatch10 (0da14ee2c0e274fea5a6545181851c16) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
19:38:07.0676 0736 RoxWatch10 - ok
19:38:07.0785 0736 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:38:07.0785 0736 RpcLocator - ok
19:38:07.0832 0736 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:38:07.0848 0736 RpcSs - ok
19:38:07.0894 0736 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:38:07.0910 0736 rspndr - ok
19:38:07.0926 0736 RxFilter (80cae340f37b52d1cb75ff74e6a087cd) C:\Windows\system32\DRIVERS\RxFilter.sys
19:38:07.0926 0736 RxFilter - ok
19:38:07.0957 0736 s115mgmt (eb02ab4ca8bccecfde236cad8fc6e135) C:\Windows\system32\DRIVERS\s115mgmt.sys
19:38:07.0972 0736 s115mgmt - ok
19:38:08.0019 0736 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:38:08.0019 0736 SamSs - ok
19:38:08.0035 0736 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:38:08.0050 0736 sbp2port - ok
19:38:08.0082 0736 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:38:08.0082 0736 SCardSvr - ok
19:38:08.0128 0736 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:38:08.0160 0736 Schedule - ok
19:38:08.0175 0736 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:38:08.0175 0736 SCPolicySvc - ok
19:38:08.0206 0736 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:38:08.0206 0736 SDRSVC - ok
19:38:08.0238 0736 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:38:08.0253 0736 secdrv - ok
19:38:08.0269 0736 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:38:08.0284 0736 seclogon - ok
19:38:08.0472 0736 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files\Secunia\PSI\PSIA.exe
19:38:08.0518 0736 Secunia PSI Agent - ok
19:38:08.0550 0736 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
19:38:08.0550 0736 SENS - ok
19:38:08.0565 0736 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
19:38:08.0581 0736 Serenum - ok
19:38:08.0612 0736 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
19:38:08.0628 0736 Serial - ok
19:38:08.0643 0736 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:38:08.0643 0736 sermouse - ok
19:38:08.0690 0736 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:38:08.0690 0736 SessionEnv - ok
19:38:08.0737 0736 SessionLauncher - ok
19:38:08.0768 0736 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
19:38:08.0784 0736 sffdisk - ok
19:38:08.0784 0736 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
19:38:08.0799 0736 sffp_mmc - ok
19:38:08.0815 0736 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
19:38:08.0815 0736 sffp_sd - ok
19:38:08.0830 0736 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:38:08.0830 0736 sfloppy - ok
19:38:08.0862 0736 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:38:08.0877 0736 SharedAccess - ok
19:38:08.0908 0736 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:38:08.0908 0736 ShellHWDetection - ok
19:38:08.0940 0736 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
19:38:08.0940 0736 sisagp - ok
19:38:08.0971 0736 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
19:38:08.0971 0736 SiSRaid2 - ok
19:38:09.0002 0736 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
19:38:09.0018 0736 SiSRaid4 - ok
19:38:09.0189 0736 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:38:09.0252 0736 slsvc - ok
19:38:09.0361 0736 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:38:09.0361 0736 SLUINotify - ok
19:38:09.0408 0736 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:38:09.0423 0736 Smb - ok
19:38:09.0439 0736 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:38:09.0454 0736 SNMPTRAP - ok
19:38:09.0470 0736 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:38:09.0470 0736 spldr - ok
19:38:09.0501 0736 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:38:09.0501 0736 Spooler - ok
19:38:09.0548 0736 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:38:09.0579 0736 srv - ok
19:38:09.0610 0736 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:38:09.0642 0736 srv2 - ok
19:38:09.0688 0736 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:38:09.0704 0736 srvnet - ok
19:38:09.0735 0736 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:38:09.0735 0736 SSDPSRV - ok
19:38:09.0751 0736 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:38:09.0766 0736 ssmdrv - ok
19:38:09.0798 0736 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:38:09.0813 0736 SstpSvc - ok
19:38:09.0860 0736 Steam Client Service - ok
19:38:09.0922 0736 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:38:09.0938 0736 stisvc - ok
19:38:09.0969 0736 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:38:09.0969 0736 swenum - ok
19:38:10.0032 0736 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:38:10.0032 0736 swprv - ok
19:38:10.0063 0736 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:38:10.0078 0736 Symc8xx - ok
19:38:10.0078 0736 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:38:10.0094 0736 Sym_hi - ok
19:38:10.0110 0736 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:38:10.0110 0736 Sym_u3 - ok
19:38:10.0156 0736 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:38:10.0188 0736 SysMain - ok
19:38:10.0219 0736 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:38:10.0219 0736 TabletInputService - ok
19:38:10.0250 0736 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:38:10.0266 0736 TapiSrv - ok
19:38:10.0281 0736 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:38:10.0281 0736 TBS - ok
19:38:10.0359 0736 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
19:38:10.0422 0736 Tcpip - ok
19:38:10.0437 0736 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
19:38:10.0437 0736 Tcpip6 - ok
19:38:10.0468 0736 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:38:10.0484 0736 tcpipreg - ok
19:38:10.0515 0736 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:38:10.0515 0736 TDPIPE - ok
19:38:10.0546 0736 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:38:10.0546 0736 TDTCP - ok
19:38:10.0578 0736 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:38:10.0578 0736 tdx - ok
19:38:10.0593 0736 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:38:10.0609 0736 TermDD - ok
19:38:10.0656 0736 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:38:10.0718 0736 TermService - ok
19:38:10.0749 0736 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:38:10.0749 0736 Themes - ok
19:38:10.0780 0736 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:38:10.0780 0736 THREADORDER - ok
19:38:10.0796 0736 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:38:10.0812 0736 TrkWks - ok
19:38:10.0858 0736 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:38:10.0858 0736 TrustedInstaller - ok
19:38:10.0874 0736 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:38:10.0874 0736 tssecsrv - ok
19:38:10.0921 0736 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:38:10.0921 0736 tunnel - ok
19:38:10.0936 0736 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
19:38:10.0952 0736 uagp35 - ok
19:38:10.0983 0736 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:38:10.0999 0736 udfs - ok
19:38:11.0030 0736 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:38:11.0030 0736 UI0Detect - ok
19:38:11.0046 0736 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
19:38:11.0061 0736 uliagpkx - ok
19:38:11.0108 0736 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
19:38:11.0124 0736 uliahci - ok
19:38:11.0139 0736 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:38:11.0139 0736 UlSata - ok
19:38:11.0155 0736 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:38:11.0186 0736 ulsata2 - ok
19:38:11.0202 0736 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:38:11.0202 0736 umbus - ok
19:38:11.0248 0736 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:38:11.0248 0736 upnphost - ok
19:38:11.0280 0736 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:38:11.0280 0736 usbccgp - ok
19:38:11.0295 0736 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:38:11.0311 0736 usbcir - ok
19:38:11.0342 0736 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:38:11.0342 0736 usbehci - ok
19:38:11.0389 0736 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:38:11.0404 0736 usbhub - ok
19:38:11.0420 0736 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
19:38:11.0420 0736 usbohci - ok
19:38:11.0436 0736 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:38:11.0451 0736 usbprint - ok
19:38:11.0482 0736 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:38:11.0482 0736 usbscan - ok
19:38:11.0498 0736 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:38:11.0514 0736 USBSTOR - ok
19:38:11.0529 0736 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
19:38:11.0545 0736 usbuhci - ok
19:38:11.0560 0736 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:38:11.0560 0736 UxSms - ok
19:38:11.0607 0736 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:38:11.0623 0736 vds - ok
19:38:11.0638 0736 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:38:11.0638 0736 vga - ok
19:38:11.0670 0736 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:38:11.0685 0736 VgaSave - ok
19:38:11.0748 0736 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
19:38:11.0748 0736 viaagp - ok
19:38:11.0763 0736 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
19:38:11.0763 0736 ViaC7 - ok
19:38:11.0779 0736 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
19:38:11.0779 0736 viaide - ok
19:38:11.0810 0736 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:38:11.0826 0736 volmgr - ok
19:38:11.0857 0736 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:38:11.0888 0736 volmgrx - ok
19:38:11.0935 0736 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:38:11.0950 0736 volsnap - ok
19:38:11.0966 0736 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
19:38:11.0982 0736 vsmraid - ok
19:38:12.0060 0736 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:38:12.0075 0736 VSS - ok
19:38:12.0122 0736 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:38:12.0138 0736 W32Time - ok
19:38:12.0169 0736 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:38:12.0169 0736 WacomPen - ok
19:38:12.0200 0736 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:38:12.0216 0736 Wanarp - ok
19:38:12.0216 0736 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:38:12.0216 0736 Wanarpv6 - ok
19:38:12.0247 0736 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:38:12.0262 0736 wcncsvc - ok
19:38:12.0278 0736 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:38:12.0294 0736 WcsPlugInService - ok
19:38:12.0309 0736 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
19:38:12.0325 0736 Wd - ok
19:38:12.0372 0736 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:38:12.0418 0736 Wdf01000 - ok
19:38:12.0434 0736 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:38:12.0434 0736 WdiServiceHost - ok
19:38:12.0450 0736 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:38:12.0450 0736 WdiSystemHost - ok
19:38:12.0481 0736 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:38:12.0512 0736 WebClient - ok
19:38:12.0543 0736 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:38:12.0543 0736 Wecsvc - ok
19:38:12.0559 0736 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:38:12.0574 0736 wercplsupport - ok
19:38:12.0606 0736 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:38:12.0606 0736 WerSvc - ok
19:38:12.0699 0736 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:38:12.0762 0736 WinDefend - ok
19:38:12.0762 0736 WinHttpAutoProxySvc - ok
19:38:12.0824 0736 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:38:12.0824 0736 Winmgmt - ok
19:38:12.0902 0736 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:38:12.0933 0736 WinRM - ok
19:38:12.0980 0736 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:38:12.0996 0736 Wlansvc - ok
19:38:13.0042 0736 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
19:38:13.0058 0736 WmiAcpi - ok
19:38:13.0136 0736 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:38:13.0136 0736 wmiApSrv - ok
19:38:13.0230 0736 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:38:13.0245 0736 WMPNetworkSvc - ok
19:38:13.0261 0736 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:38:13.0276 0736 WPCSvc - ok
19:38:13.0308 0736 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:38:13.0308 0736 WPDBusEnum - ok
19:38:13.0354 0736 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:38:13.0354 0736 WpdUsb - ok
19:38:13.0479 0736 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:38:13.0495 0736 WPFFontCache_v0400 - ok
19:38:13.0542 0736 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:38:13.0542 0736 ws2ifsl - ok
19:38:13.0573 0736 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
19:38:13.0573 0736 wscsvc - ok
19:38:13.0573 0736 WSearch - ok
19:38:13.0698 0736 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
19:38:13.0807 0736 wuauserv - ok
19:38:13.0932 0736 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:38:13.0947 0736 WUDFRd - ok
19:38:13.0963 0736 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:38:13.0978 0736 wudfsvc - ok
19:38:14.0025 0736 xnacc (69d5c58a3a03f86196db66ee95435652) C:\Windows\system32\DRIVERS\xnacc.sys
19:38:14.0072 0736 xnacc - ok
19:38:14.0103 0736 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys
19:38:14.0103 0736 xusb21 - ok
19:38:14.0119 0736 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:38:14.0384 0736 \Device\Harddisk0\DR0 - ok
19:38:14.0384 0736 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
19:38:14.0478 0736 \Device\Harddisk1\DR1 - ok
19:38:14.0478 0736 Boot (0x1200) (76c76c046d3a657bd819d86b2c0fff44) \Device\Harddisk0\DR0\Partition0
19:38:14.0478 0736 \Device\Harddisk0\DR0\Partition0 - ok
19:38:14.0493 0736 Boot (0x1200) (a5ee26bfd2250bc0b9ae3407ca823c0e) \Device\Harddisk1\DR1\Partition0
19:38:14.0493 0736 \Device\Harddisk1\DR1\Partition0 - ok
19:38:14.0493 0736 ============================================================
19:38:14.0493 0736 Scan finished
19:38:14.0493 0736 ============================================================
19:38:14.0493 3660 Detected object count: 0
19:38:14.0493 3660 Actual detected object count: 0

MalwareBytes

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.21.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
username :: WHIZZARD [administrator]

21/06/2012 19:43:42
mbam-log-2012-06-21 (19-43-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221677
Time elapsed: 6 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:21 AM

Posted 21 June 2012 - 03:17 PM

Just to be sure,a last look.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 GuardUp

GuardUp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 22 June 2012 - 02:51 PM

Hi,

Here is the ESET log:
C:\Users\username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3P6BRNDX\;ID=nemexia-468;size=468x60;setID=16;type=1;source=149691918;pub=482195;pub=482195[1].js HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\username\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\877c433-121e2424 Java/Exploit.CVE-2012-0507.BR trojan cleaned by deleting - quarantined
C:\Users\username\Downloads\DriverSweeper_3.2.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
J:\Downloads\DriverSweeper_2.8.5.exe Win32/OpenCandy application cleaned by deleting - quarantined
J:\Stuff\KeyFinderInstaller.exe Win32/OpenCandy application cleaned by deleting - quarantined

Still things there after all....

Oh yeah, I think the KeyFinder was for an old PC with a genuine version of XP that wouldn't install with the product key. Nothing dodgy. Honest!

The Java thing seems the most dodgy, although the Iframe thing doesn't look too clever either.

Oh and I deleted the quarantined files.

Edited by GuardUp, 22 June 2012 - 02:53 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:21 AM

Posted 22 June 2012 - 07:35 PM

Hi this looks good now.
The Exploit:Java/CVE-2012-0507.BB is a malicious Java applet that attempts to exploit a vulnerability in the Java Runtime Environment (JRE) in order to download and install files of an attacker's choice onto your computer.

Most likely it squeezed in before you updated Java.


Yeah that key finder is not really an issue.
Your log shows detections related to OpenCandy.

OpenCandy is an advertising application distributed by the OpenCandy Software Network which displays ads in other programs. The use of advertisement is a way to promote software packages and recover development costs. OpenCandy is not installed on a computer, does not collect personally identifiable information and in most cases allows the user to choose whether or not to install advertised software recommended by the vendor. Although no personal information is collected, the software does collect anonymous statistics about events and other data during installation. See What information does OpenCandy collect?

This is what OpenCandy has to say about their product.

OpenCandy provides a plug-in that developers include in their software to earn money by showing recommendations for other software in their installers. Developers use this money to keep their software free and invest in further software development. The installer uses the OpenCandy plug-in to present a software recommendation...during installation. You have complete control to accept the software recommendation by selecting either the “Install” or “Do not install” options on the software recommendation screen.

What is OpenCandy?

The OpenCanday network has partnered with various popular and trusted software developers who bundle their product as part of the program's software installation package. A list of such developers can be found here. Some vendors will clearly advise the use of OpenCandy before downloading their software, while others may provide confusing or no information at all. An example would be SIW (System Information for Windows) which clearly indicates on their website the use of OpenCandy.

What is OpenCandy?
OpenCandy is similar to Google AdSense, except it displays advertisements in installation program instead of websites. These advertisements promote another software packages. The advertisements are selected by providers of software being installed. When user installing a software (SIW) chooses to install promoted package, revenue is generated and shared between OpenCandy and software providers (SIW developers).

SIW Home Edition is bundled with OpenCandy

OpenCandy is not a virus or malware. However, since it is responsible for displaying advertisements, it may be detected (and sometimes removed) by various anti-virus and other security scanning tools as Adware, a classification that broadly defines the term as any software package which automatically displays advertisements in any form in order to generate revenue. For example, the Microsoft Malware Protection Center (MMPC) detects the program as Adware:Win32/OpenCandy, a low level threat and so does McAfee.

In response to this detection, OpenCandy has provided the following information:Of course OpenCandy is in business to make money so they are going to defend their product and portray it in a positive light. For another opinion, you may want to read: OpenCandy: A New Kind of Adware/Spyware.

IMO, removal of OpenCandy detections is an optional choice. I have provided the information so you can make an informed decision as whether to remove it or not.


I had the same Malware infection (Vista Security 2012)....I wasn't sure whether to start a separate thread for the same issue so apologies if that is the case.

Yes, if you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members at the same time in the same thread. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.



If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 GuardUp

GuardUp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 23 June 2012 - 06:29 AM

I'm glad to hear it.

Do you think I should disable Java scripting, or is that unnecessary as long as Java is up-to-date? I'm going to uninstall Avira and re-install the latest version too. This means my security will be Avira Free, PC Pitstop FW free, MBAM and Windows own defender etc. These looked OK to me up until this all happened. Is there soemthing else you would recommend?

Another thing is that I recently got a laptop. When I followed some of your steps Panda Security 2012 (on the laptop) noticed a computer trying to access the wireless network. I thought it was a neighbour trying to jack the wi-fi, but the MAC address is from this computer. I take it these steps must have "reset" some core settings of the computer causing it to appear as a new PC? Is there a chance that a virus could have transferred to the laptop via the wireless router?

Everything is now up-to-date apart from Microsoft Visual C++. I have windows update KB2467173 waiting to install un WU, but it fails everytime. This update was published 24/1/12. Am I leaving myself open again?

Last and not least: Thank you very much for your time, clear instruction and patience in dealing with my problems - no doubt due to my own negligence in updating certain things!

Edited by GuardUp, 23 June 2012 - 06:30 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users