Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZBOT


  • This topic is locked This topic is locked
10 replies to this topic

#1 manny_g

manny_g

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 20 July 2012 - 02:21 PM

About a week ago Microsoft Security Essentials popped up with a message stating I had a zbot infection. It went through a scan process and then stated it quarantined the files. After that I deleted them. However I find that I cannot visit a gardening forum ever since the incident. I am also worried that the virus I got took over my anti virus. I don't so much care for my computer as much as I do about my money. I read that the zbot basically steals bank information so I want to make sure its not on my computer.
As far as the DDS log my computer wont down load it even after clicking the 'click here' link. I tried running the DDS program that I downloaded a couple years ago from my first time asking for help here...(sorry, I do plan on applying for the training program because I feel ashamed I have only visited this forum in times of need and feel that I need to give back) but It only gives me the black box and does not produce any reports. I am not sure what script blocking software is or how to turn it off could this be effecting it?
I was able to download the gmer program (it did not download zipped) and is running as I type. I will attach that report when it finished.
Thanks in advance Bleeping Computer Team!
Edit:
Gmer Scan has been going on for about 11 hours still running but my computer is a lot slower.
Edit2:
After about a day it finally finished scanning. The file should be attached.

Attached Files

  • Attached File  ark.txt   32.68KB   1 downloads

Edited by manny_g, 21 July 2012 - 10:00 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:15 AM

Posted 25 July 2012 - 09:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.
Let me know also what operating system you have on this problem problem computer.

#3 manny_g

manny_g
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 25 July 2012 - 07:02 PM

Edit: got rid of abbriviations..sorryHi Nasdaq,
First off thanks for the help. My computers has been running slowly MSE did let me know of another file it quarantined after the event that initiated this help request. I took a screen shot(attached) of the files and OCR'd heres a list with all the files MSE has found(please refer to the pdf screen shot if this does not make sense:


+++++++
+++++++
El TrojanDownloader:Java/OpenStream.BZ Severe5-We 712112012 M5 PM Quarantined
D @ Exploit:Java;'C'vE-2012-1723.1 Severe 7;'15I2012 9: 17 AM Removed
D @ Exploit:JavaIBlacole.GD Severe 7;'15I2012 9: 17 AM Removed
D @ PWS:Win32IZbot Severe 7;'14I2012 11:02 PM Quarantined
D @PWS:Win32IZbot Severe 7;'14I2012 11:01 PM Removed
D @PWS:Win32IZbot Severe 7;'14I2012 11:01 PM Quarantined
D @ PWS:Win32IZbot Severe 7;'14I2012 11:00 PM Removed
D @ PWS:Win32IZbot Severe 7;'14I2012 11:00 PM Quarantined
D @ PWS:Win32IZbot Severe 7;'14I2012 11:00 PM Removed
D @ PWS:Win32IZbot Severe 7;'14I2012 10:59 PM Quarantined
D @ PWS:Win32IZbot Severe 7;'14I2012 10:59 PM Removed
D @ PWS:Win32IZbot Severe 7;'14I2012 10:58 PM Quarantined
D @ PWS:Win32IZbot Severe 7;'14I2012 10:56 PM Removed
D @ PWS:Win32IZbot Severe 7;'14I2012 10:56 PM Quarantined
D @ Trojan:Win32IDanginex Severe 7;'14I2012 10:23 PM Quarantined
D @ Trojan:Win32IDanginex Severe 7;'12I2012 3:38 AM Quarantined

++++++
++++++
Per your instruction please note the report from tdsskiller:

++++++
++++++

16:12:58.0604 1240 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
16:12:58.0979 1240 ============================================================
16:12:58.0980 1240 Current date / time: 2012/07/25 16:12:58.0979
16:12:58.0980 1240 SystemInfo:
16:12:58.0980 1240
16:12:58.0980 1240 OS Version: 6.0.6002 ServicePack: 2.0
16:12:58.0980 1240 Product type: Workstation
16:12:58.0980 1240 ComputerName: MANUELSLAPTOP
16:12:58.0980 1240 UserName: Liz
16:12:58.0980 1240 Windows directory: C:\Windows
16:12:58.0980 1240 System windows directory: C:\Windows
16:12:58.0980 1240 Processor architecture: Intel x86
16:12:58.0980 1240 Number of processors: 2
16:12:58.0980 1240 Page size: 0x1000
16:12:58.0980 1240 Boot type: Normal boot
16:12:58.0981 1240 ============================================================
16:13:01.0504 1240 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:13:01.0689 1240 ============================================================
16:13:01.0689 1240 \Device\Harddisk0\DR0:
16:13:01.0690 1240 MBR partitions:
16:13:01.0690 1240 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23E68FC1
16:13:01.0690 1240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23E69000, BlocksNum 0x15C4000
16:13:01.0690 1240 ============================================================
16:13:01.0707 1240 C: <-> \Device\Harddisk0\DR0\Partition0
16:13:01.0782 1240 D: <-> \Device\Harddisk0\DR0\Partition1
16:13:01.0783 1240 ============================================================
16:13:01.0783 1240 Initialize success
16:13:01.0783 1240 ============================================================
16:13:05.0730 2652 ============================================================
16:13:05.0730 2652 Scan started
16:13:05.0730 2652 Mode: Manual;
16:13:05.0730 2652 ============================================================
16:13:07.0998 2652 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
16:13:08.0002 2652 ACDaemon - ok
16:13:08.0995 2652 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:13:09.0001 2652 ACPI - ok
16:13:09.0067 2652 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:13:09.0087 2652 AdobeFlashPlayerUpdateSvc - ok
16:13:09.0165 2652 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:13:09.0180 2652 adp94xx - ok
16:13:09.0222 2652 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:13:09.0238 2652 adpahci - ok
16:13:09.0261 2652 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:13:09.0264 2652 adpu160m - ok
16:13:09.0288 2652 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:13:09.0308 2652 adpu320 - ok
16:13:09.0414 2652 AdvancedSystemCareService5 (1d8d19a29e695bdc07f1d4e7c90d1cac) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
16:13:09.0432 2652 AdvancedSystemCareService5 - ok
16:13:09.0452 2652 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
16:13:09.0455 2652 AeLookupSvc - ok
16:13:09.0511 2652 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:13:09.0531 2652 AFD - ok
16:13:09.0585 2652 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:13:09.0588 2652 agp440 - ok
16:13:09.0634 2652 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:13:09.0637 2652 aic78xx - ok
16:13:09.0658 2652 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
16:13:09.0662 2652 ALG - ok
16:13:09.0680 2652 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
16:13:09.0681 2652 aliide - ok
16:13:09.0727 2652 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:13:09.0731 2652 amdagp - ok
16:13:09.0739 2652 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
16:13:09.0740 2652 amdide - ok
16:13:09.0778 2652 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:13:09.0781 2652 AmdK7 - ok
16:13:09.0801 2652 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:13:09.0804 2652 AmdK8 - ok
16:13:09.0857 2652 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
16:13:09.0860 2652 Appinfo - ok
16:13:09.0884 2652 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:13:09.0893 2652 arc - ok
16:13:09.0917 2652 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:13:09.0920 2652 arcsas - ok
16:13:09.0956 2652 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:13:09.0958 2652 AsyncMac - ok
16:13:10.0008 2652 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:13:10.0009 2652 atapi - ok
16:13:10.0191 2652 athr (c8bb2e935a5d195692140e795ea9ac14) C:\Windows\system32\DRIVERS\athr.sys
16:13:10.0245 2652 athr - ok
16:13:10.0400 2652 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:13:10.0417 2652 AudioEndpointBuilder - ok
16:13:10.0424 2652 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:13:10.0428 2652 Audiosrv - ok
16:13:10.0476 2652 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:13:10.0478 2652 Beep - ok
16:13:10.0542 2652 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
16:13:10.0558 2652 BFE - ok
16:13:10.0615 2652 bgsvcgen (acc9c8c560c567fad6f79c977ab2ea09) C:\Windows\System32\bgsvcgen.exe
16:13:10.0709 2652 bgsvcgen - ok
16:13:10.0801 2652 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
16:13:10.0827 2652 BITS - ok
16:13:10.0864 2652 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:13:10.0867 2652 blbdrive - ok
16:13:10.0904 2652 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:13:10.0913 2652 bowser - ok
16:13:10.0975 2652 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:13:10.0978 2652 BrFiltLo - ok
16:13:10.0994 2652 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:13:10.0996 2652 BrFiltUp - ok
16:13:11.0032 2652 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
16:13:11.0036 2652 Browser - ok
16:13:11.0078 2652 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:13:11.0082 2652 Brserid - ok
16:13:11.0104 2652 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:13:11.0115 2652 BrSerWdm - ok
16:13:11.0195 2652 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:13:11.0198 2652 BrUsbMdm - ok
16:13:11.0207 2652 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:13:11.0210 2652 BrUsbSer - ok
16:13:11.0235 2652 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:13:11.0238 2652 BTHMODEM - ok
16:13:11.0282 2652 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:13:11.0285 2652 cdfs - ok
16:13:11.0320 2652 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys
16:13:11.0350 2652 cdrbsdrv - ok
16:13:11.0386 2652 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:13:11.0390 2652 cdrom - ok
16:13:11.0430 2652 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
16:13:11.0433 2652 CertPropSvc - ok
16:13:11.0457 2652 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:13:11.0460 2652 circlass - ok
16:13:11.0516 2652 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:13:11.0561 2652 CLFS - ok
16:13:11.0661 2652 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:13:11.0665 2652 clr_optimization_v2.0.50727_32 - ok
16:13:11.0745 2652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:13:11.0761 2652 clr_optimization_v4.0.30319_32 - ok
16:13:11.0785 2652 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:13:11.0787 2652 CmBatt - ok
16:13:11.0799 2652 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
16:13:11.0800 2652 cmdide - ok
16:13:11.0860 2652 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys
16:13:11.0879 2652 CnxtHdAudService - ok
16:13:11.0967 2652 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
16:13:11.0979 2652 Com4QLBEx - ok
16:13:11.0997 2652 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:13:11.0998 2652 Compbatt - ok
16:13:12.0003 2652 COMSysApp - ok
16:13:12.0014 2652 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:13:12.0015 2652 crcdisk - ok
16:13:12.0063 2652 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:13:12.0066 2652 Crusoe - ok
16:13:12.0119 2652 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
16:13:12.0124 2652 CryptSvc - ok
16:13:12.0342 2652 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
16:13:12.0371 2652 DcomLaunch - ok
16:13:12.0429 2652 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:13:12.0432 2652 DfsC - ok
16:13:12.0633 2652 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
16:13:12.0703 2652 DFSR - ok
16:13:12.0890 2652 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
16:13:12.0914 2652 Dhcp - ok
16:13:12.0967 2652 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:13:12.0969 2652 disk - ok
16:13:13.0178 2652 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
16:13:13.0181 2652 Dnscache - ok
16:13:13.0242 2652 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
16:13:13.0255 2652 dot3svc - ok
16:13:13.0292 2652 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
16:13:13.0297 2652 DPS - ok
16:13:13.0331 2652 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:13:13.0333 2652 drmkaud - ok
16:13:13.0421 2652 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:13:13.0442 2652 DXGKrnl - ok
16:13:13.0470 2652 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:13:13.0474 2652 E1G60 - ok
16:13:13.0497 2652 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
16:13:13.0500 2652 EapHost - ok
16:13:13.0562 2652 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:13:13.0566 2652 Ecache - ok
16:13:13.0623 2652 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
16:13:13.0641 2652 ehRecvr - ok
16:13:13.0667 2652 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
16:13:13.0672 2652 ehSched - ok
16:13:13.0690 2652 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
16:13:13.0692 2652 ehstart - ok
16:13:13.0741 2652 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:13:13.0755 2652 elxstor - ok
16:13:13.0834 2652 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
16:13:13.0860 2652 EMDMgmt - ok
16:13:13.0878 2652 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:13:13.0891 2652 ErrDev - ok
16:13:13.0972 2652 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
16:13:13.0991 2652 EventSystem - ok
16:13:14.0049 2652 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:13:14.0054 2652 exfat - ok
16:13:14.0114 2652 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:13:14.0119 2652 fastfat - ok
16:13:14.0190 2652 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:13:14.0193 2652 fdc - ok
16:13:14.0245 2652 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
16:13:14.0249 2652 fdPHost - ok
16:13:14.0262 2652 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
16:13:14.0265 2652 FDResPub - ok
16:13:14.0278 2652 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:13:14.0281 2652 FileInfo - ok
16:13:14.0315 2652 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:13:14.0318 2652 Filetrace - ok
16:13:14.0466 2652 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:13:14.0495 2652 FLEXnet Licensing Service - ok
16:13:14.0536 2652 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:13:14.0539 2652 flpydisk - ok
16:13:14.0601 2652 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:13:14.0606 2652 FltMgr - ok
16:13:14.0711 2652 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
16:13:14.0736 2652 FontCache - ok
16:13:14.0809 2652 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:13:14.0811 2652 FontCache3.0.0.0 - ok
16:13:14.0856 2652 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
16:13:14.0859 2652 Fs_Rec - ok
16:13:14.0885 2652 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:13:14.0898 2652 gagp30kx - ok
16:13:14.0959 2652 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:13:14.0961 2652 GEARAspiWDM - ok
16:13:15.0084 2652 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
16:13:15.0110 2652 gpsvc - ok
16:13:15.0157 2652 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:13:15.0177 2652 HdAudAddService - ok
16:13:15.0266 2652 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:13:15.0294 2652 HDAudBus - ok
16:13:15.0338 2652 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:13:15.0342 2652 HidBth - ok
16:13:15.0357 2652 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:13:15.0360 2652 HidIr - ok
16:13:15.0438 2652 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
16:13:15.0442 2652 hidserv - ok
16:13:15.0453 2652 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:13:15.0455 2652 HidUsb - ok
16:13:15.0481 2652 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
16:13:15.0485 2652 hkmsvc - ok
16:13:15.0561 2652 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
16:13:15.0566 2652 HP Health Check Service - ok
16:13:15.0589 2652 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:13:15.0591 2652 HpCISSs - ok
16:13:15.0613 2652 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:13:15.0616 2652 HpqKbFiltr - ok
16:13:15.0654 2652 hpqwmiex (1665c7121a026df10c903db9bc5e9d43) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
16:13:15.0659 2652 hpqwmiex - ok
16:13:15.0747 2652 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:13:15.0783 2652 HSF_DPV - ok
16:13:15.0819 2652 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:13:15.0830 2652 HSXHWAZL - ok
16:13:15.0902 2652 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:13:15.0991 2652 HTTP - ok
16:13:16.0043 2652 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:13:16.0044 2652 i2omp - ok
16:13:16.0059 2652 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:13:16.0063 2652 i8042prt - ok
16:13:16.0105 2652 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:13:16.0143 2652 iaStorV - ok
16:13:16.0584 2652 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:13:16.0596 2652 IDriverT - ok
16:13:16.0867 2652 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:13:16.0903 2652 idsvc - ok
16:13:17.0646 2652 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:13:17.0874 2652 igfx - ok
16:13:17.0995 2652 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:13:17.0997 2652 iirsp - ok
16:13:18.0072 2652 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
16:13:18.0093 2652 IKEEXT - ok
16:13:18.0120 2652 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
16:13:18.0124 2652 IntcHdmiAddService - ok
16:13:18.0139 2652 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
16:13:18.0140 2652 intelide - ok
16:13:18.0159 2652 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:13:18.0163 2652 intelppm - ok
16:13:18.0271 2652 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
16:13:18.0304 2652 IPBusEnum - ok
16:13:18.0358 2652 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:13:18.0361 2652 IpFilterDriver - ok
16:13:18.0413 2652 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
16:13:18.0424 2652 iphlpsvc - ok
16:13:18.0429 2652 IpInIp - ok
16:13:18.0468 2652 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:13:18.0471 2652 IPMIDRV - ok
16:13:18.0504 2652 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:13:18.0509 2652 IPNAT - ok
16:13:18.0961 2652 iPod Service (8e5e5a8cc84da3f683e3bbc045138d52) C:\Program Files\iPod\bin\iPodService.exe
16:13:18.0993 2652 iPod Service - ok
16:13:19.0167 2652 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:13:19.0169 2652 IRENUM - ok
16:13:19.0221 2652 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:13:19.0222 2652 isapnp - ok
16:13:19.0278 2652 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:13:19.0290 2652 iScsiPrt - ok
16:13:19.0314 2652 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:13:19.0316 2652 iteatapi - ok
16:13:19.0332 2652 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:13:19.0335 2652 iteraid - ok
16:13:19.0346 2652 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:13:19.0349 2652 kbdclass - ok
16:13:19.0402 2652 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:13:19.0405 2652 kbdhid - ok
16:13:19.0447 2652 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:13:19.0485 2652 KeyIso - ok
16:13:19.0741 2652 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
16:13:19.0756 2652 KSecDD - ok
16:13:19.0812 2652 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
16:13:19.0836 2652 KtmRm - ok
16:13:19.0896 2652 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
16:13:19.0922 2652 LanmanServer - ok
16:13:20.0031 2652 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
16:13:20.0044 2652 LanmanWorkstation - ok
16:13:20.0131 2652 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:13:20.0135 2652 LightScribeService - ok
16:13:20.0195 2652 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:13:20.0199 2652 lltdio - ok
16:13:20.0238 2652 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
16:13:20.0257 2652 lltdsvc - ok
16:13:20.0276 2652 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
16:13:20.0279 2652 lmhosts - ok
16:13:20.0300 2652 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:13:20.0303 2652 LSI_FC - ok
16:13:20.0325 2652 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:13:20.0328 2652 LSI_SAS - ok
16:13:20.0350 2652 LSI_SCSI (3580139e0e822659af23ccee2c1dc7bb) C:\Windows\system32\drivers\lsi_scsi.sys
16:13:20.0352 2652 LSI_SCSI - ok
16:13:20.0367 2652 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:13:20.0369 2652 luafv - ok
16:13:20.0444 2652 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
16:13:20.0447 2652 MBAMSwissArmy - ok
16:13:20.0525 2652 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
16:13:20.0529 2652 Mcx2Svc - ok
16:13:20.0623 2652 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:13:20.0625 2652 mdmxsdk - ok
16:13:20.0779 2652 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:13:20.0780 2652 megasas - ok
16:13:20.0943 2652 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:13:21.0090 2652 MegaSR - ok
16:13:21.0134 2652 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
16:13:21.0139 2652 mferkdk - ok
16:13:21.0305 2652 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
16:13:21.0308 2652 mfesmfk - ok
16:13:21.0420 2652 Microsoft SharePoint Workspace Audit Service - ok
16:13:21.0450 2652 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:13:21.0455 2652 MMCSS - ok
16:13:21.0471 2652 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:13:21.0475 2652 Modem - ok
16:13:21.0496 2652 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:13:21.0500 2652 monitor - ok
16:13:21.0524 2652 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:13:21.0528 2652 mouclass - ok
16:13:21.0544 2652 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:13:21.0548 2652 mouhid - ok
16:13:21.0571 2652 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:13:21.0574 2652 MountMgr - ok
16:13:21.0648 2652 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
16:13:21.0652 2652 MpFilter - ok
16:13:21.0915 2652 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:13:21.0935 2652 mpio - ok
16:13:22.0104 2652 MpKsl49ec1b38 - ok
16:13:22.0510 2652 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:13:22.0541 2652 mpsdrv - ok
16:13:23.0226 2652 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
16:13:23.0239 2652 MpsSvc - ok
16:13:23.0268 2652 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:13:23.0270 2652 Mraid35x - ok
16:13:23.0322 2652 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:13:23.0326 2652 MRxDAV - ok
16:13:23.0584 2652 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:13:23.0587 2652 mrxsmb - ok
16:13:23.0658 2652 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:13:23.0668 2652 mrxsmb10 - ok
16:13:23.0691 2652 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:13:23.0695 2652 mrxsmb20 - ok
16:13:23.0733 2652 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
16:13:23.0734 2652 msahci - ok
16:13:23.0765 2652 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:13:23.0769 2652 msdsm - ok
16:13:23.0821 2652 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
16:13:23.0827 2652 MSDTC - ok
16:13:23.0843 2652 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:13:23.0844 2652 Msfs - ok
16:13:23.0884 2652 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:13:23.0885 2652 msisadrv - ok
16:13:23.0919 2652 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
16:13:23.0927 2652 MSiSCSI - ok
16:13:23.0932 2652 msiserver - ok
16:13:23.0971 2652 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:13:23.0974 2652 MSKSSRV - ok
16:13:24.0025 2652 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:13:24.0028 2652 MsMpSvc - ok
16:13:24.0069 2652 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:13:24.0078 2652 MSPCLOCK - ok
16:13:24.0111 2652 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:13:24.0113 2652 MSPQM - ok
16:13:24.0161 2652 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:13:24.0165 2652 MsRPC - ok
16:13:24.0183 2652 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:13:24.0186 2652 mssmbios - ok
16:13:24.0226 2652 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:13:24.0230 2652 MSTEE - ok
16:13:24.0267 2652 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:13:24.0268 2652 Mup - ok
16:13:24.0325 2652 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
16:13:24.0342 2652 napagent - ok
16:13:24.0390 2652 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:13:24.0396 2652 NativeWifiP - ok
16:13:24.0461 2652 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:13:24.0484 2652 NDIS - ok
16:13:24.0497 2652 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:13:24.0500 2652 NdisTapi - ok
16:13:24.0518 2652 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:13:24.0521 2652 Ndisuio - ok
16:13:24.0554 2652 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:13:24.0559 2652 NdisWan - ok
16:13:24.0570 2652 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:13:24.0574 2652 NDProxy - ok
16:13:24.0590 2652 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:13:24.0592 2652 NetBIOS - ok
16:13:24.0641 2652 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:13:24.0654 2652 netbt - ok
16:13:24.0699 2652 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:13:24.0701 2652 Netlogon - ok
16:13:24.0810 2652 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
16:13:24.0831 2652 Netman - ok
16:13:24.0862 2652 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
16:13:24.0882 2652 netprofm - ok
16:13:25.0018 2652 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:13:25.0023 2652 NetTcpPortSharing - ok
16:13:25.0271 2652 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
16:13:25.0342 2652 NETw3v32 - ok
16:13:25.0482 2652 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:13:25.0484 2652 nfrd960 - ok
16:13:25.0535 2652 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:13:25.0539 2652 NisDrv - ok
16:13:25.0640 2652 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
16:13:25.0651 2652 NisSrv - ok
16:13:25.0708 2652 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
16:13:25.0776 2652 NlaSvc - ok
16:13:25.0819 2652 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:13:25.0821 2652 Npfs - ok
16:13:25.0845 2652 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
16:13:25.0849 2652 nsi - ok
16:13:25.0875 2652 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:13:25.0907 2652 nsiproxy - ok
16:13:26.0034 2652 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:13:26.0065 2652 Ntfs - ok
16:13:26.0107 2652 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:13:26.0192 2652 ntrigdigi - ok
16:13:26.0277 2652 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
16:13:26.0281 2652 NuidFltr - ok
16:13:26.0326 2652 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:13:26.0329 2652 Null - ok
16:13:26.0355 2652 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:13:26.0359 2652 nvraid - ok
16:13:26.0378 2652 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:13:26.0381 2652 nvstor - ok
16:13:26.0425 2652 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:13:26.0429 2652 nv_agp - ok
16:13:26.0435 2652 NwlnkFlt - ok
16:13:26.0443 2652 NwlnkFwd - ok
16:13:26.0509 2652 OA004Ufd (a015dd2ba6009c8bdd00a6c431302d06) C:\Windows\system32\DRIVERS\OA004Ufd.sys
16:13:26.0521 2652 OA004Ufd - ok
16:13:26.0562 2652 OA004Vid (12a4366ff51befbdf018f654ff8b22b8) C:\Windows\system32\DRIVERS\OA004Vid.sys
16:13:26.0578 2652 OA004Vid - ok
16:13:26.0623 2652 odserv - ok
16:13:26.0660 2652 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
16:13:26.0664 2652 ohci1394 - ok
16:13:26.0724 2652 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:13:26.0730 2652 ose - ok
16:13:27.0163 2652 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:13:27.0309 2652 osppsvc - ok
16:13:27.0558 2652 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:13:27.0587 2652 p2pimsvc - ok
16:13:27.0600 2652 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:13:27.0609 2652 p2psvc - ok
16:13:27.0682 2652 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:13:27.0686 2652 Parport - ok
16:13:27.0723 2652 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
16:13:27.0726 2652 partmgr - ok
16:13:27.0763 2652 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:13:27.0766 2652 Parvdm - ok
16:13:27.0819 2652 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
16:13:27.0823 2652 PcaSvc - ok
16:13:27.0879 2652 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:13:27.0967 2652 pci - ok
16:13:27.0983 2652 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
16:13:27.0984 2652 pciide - ok
16:13:28.0023 2652 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:13:28.0029 2652 pcmcia - ok
16:13:28.0116 2652 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:13:28.0151 2652 PEAUTH - ok
16:13:28.0331 2652 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
16:13:28.0374 2652 pla - ok
16:13:28.0523 2652 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
16:13:28.0545 2652 PlugPlay - ok
16:13:28.0769 2652 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:13:28.0778 2652 PNRPAutoReg - ok
16:13:28.0789 2652 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:13:28.0797 2652 PNRPsvc - ok
16:13:28.0865 2652 Point32 (5b6f99087cc1342b3d193e8155f26b6f) C:\Windows\system32\DRIVERS\point32k.sys
16:13:28.0868 2652 Point32 - ok
16:13:28.0936 2652 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
16:13:29.0029 2652 PolicyAgent - ok
16:13:29.0066 2652 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:13:29.0069 2652 PptpMiniport - ok
16:13:29.0105 2652 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:13:29.0108 2652 Processor - ok
16:13:29.0153 2652 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
16:13:29.0160 2652 ProfSvc - ok
16:13:29.0196 2652 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:13:29.0198 2652 ProtectedStorage - ok
16:13:29.0251 2652 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:13:29.0254 2652 PSched - ok
16:13:29.0259 2652 PTHSBUS - ok
16:13:29.0268 2652 PTHSMDM - ok
16:13:29.0276 2652 PTHSVSP - ok
16:13:29.0379 2652 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:13:29.0419 2652 ql2300 - ok
16:13:29.0443 2652 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:13:29.0446 2652 ql40xx - ok
16:13:29.0486 2652 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
16:13:29.0506 2652 QWAVE - ok
16:13:29.0522 2652 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:13:29.0525 2652 QWAVEdrv - ok
16:13:29.0608 2652 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
16:13:29.0621 2652 RapiMgr - ok
16:13:29.0636 2652 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:13:29.0639 2652 RasAcd - ok
16:13:29.0680 2652 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
16:13:29.0686 2652 RasAuto - ok
16:13:29.0706 2652 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:13:29.0711 2652 Rasl2tp - ok
16:13:29.0780 2652 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
16:13:29.0798 2652 RasMan - ok
16:13:29.0822 2652 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:13:29.0825 2652 RasPppoe - ok
16:13:29.0863 2652 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:13:29.0867 2652 RasSstp - ok
16:13:29.0922 2652 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:13:30.0031 2652 rdbss - ok
16:13:30.0064 2652 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:13:30.0067 2652 RDPCDD - ok
16:13:30.0128 2652 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:13:30.0149 2652 rdpdr - ok
16:13:30.0155 2652 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:13:30.0157 2652 RDPENCDD - ok
16:13:30.0213 2652 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
16:13:30.0220 2652 RDPWD - ok
16:13:30.0337 2652 Recovery Service for Windows (0d362785bef9bdf5a6e1f4628d06716d) C:\Program Files\SMINST\BLService.exe
16:13:30.0361 2652 Recovery Service for Windows - ok
16:13:30.0409 2652 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
16:13:30.0415 2652 RemoteAccess - ok
16:13:30.0464 2652 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
16:13:30.0470 2652 RemoteRegistry - ok
16:13:30.0528 2652 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files\CyberLink\Shared files\RichVideo.exe
16:13:30.0546 2652 RichVideo - ok
16:13:30.0591 2652 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
16:13:30.0595 2652 RimUsb - ok
16:13:30.0648 2652 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
16:13:30.0652 2652 RimVSerPort - ok
16:13:30.0674 2652 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
16:13:30.0677 2652 ROOTMODEM - ok
16:13:30.0727 2652 RoxLiveShare9 - ok
16:13:30.0755 2652 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
16:13:30.0759 2652 RpcLocator - ok
16:13:30.0842 2652 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
16:13:30.0850 2652 RpcSs - ok
16:13:30.0879 2652 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:13:30.0963 2652 rspndr - ok
16:13:31.0005 2652 RTL8169 (d6fae13afacef23a6471d23284b8a164) C:\Windows\system32\DRIVERS\Rtlh86.sys
16:13:31.0018 2652 RTL8169 - ok
16:13:31.0070 2652 RTSTOR (08c3394391ab0aff65d75ae65d4207e1) C:\Windows\system32\drivers\RTSTOR.SYS
16:13:31.0074 2652 RTSTOR - ok
16:13:31.0117 2652 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:13:31.0119 2652 SamSs - ok
16:13:31.0223 2652 SASDIFSV - ok
16:13:31.0230 2652 SASKUTIL - ok
16:13:31.0252 2652 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:13:31.0255 2652 sbp2port - ok
16:13:31.0309 2652 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
16:13:31.0316 2652 SCardSvr - ok
16:13:31.0344 2652 SCDEmu (c23dbd9bfba8b1170706e0896b3cf7da) C:\Windows\system32\drivers\SCDEmu.sys
16:13:31.0483 2652 SCDEmu - ok
16:13:31.0574 2652 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
16:13:31.0599 2652 Schedule - ok
16:13:31.0672 2652 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
16:13:31.0673 2652 SCPolicySvc - ok
16:13:31.0731 2652 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
16:13:31.0736 2652 sdbus - ok
16:13:31.0788 2652 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
16:13:31.0795 2652 SDRSVC - ok
16:13:31.0834 2652 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:13:31.0838 2652 secdrv - ok
16:13:31.0883 2652 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
16:13:31.0913 2652 seclogon - ok
16:13:31.0984 2652 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
16:13:31.0989 2652 SENS - ok
16:13:32.0028 2652 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:13:32.0031 2652 Serenum - ok
16:13:32.0067 2652 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:13:32.0071 2652 Serial - ok
16:13:32.0099 2652 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:13:32.0102 2652 sermouse - ok
16:13:32.0154 2652 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
16:13:32.0160 2652 SessionEnv - ok
16:13:32.0202 2652 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
16:13:32.0205 2652 sffdisk - ok
16:13:32.0222 2652 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:13:32.0225 2652 sffp_mmc - ok
16:13:32.0238 2652 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
16:13:32.0241 2652 sffp_sd - ok
16:13:32.0255 2652 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:13:32.0259 2652 sfloppy - ok
16:13:32.0348 2652 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
16:13:32.0366 2652 SharedAccess - ok
16:13:32.0432 2652 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
16:13:32.0452 2652 ShellHWDetection - ok
16:13:32.0483 2652 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:13:32.0487 2652 sisagp - ok
16:13:32.0509 2652 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:13:32.0512 2652 SiSRaid2 - ok
16:13:32.0531 2652 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:13:32.0534 2652 SiSRaid4 - ok
16:13:32.0850 2652 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
16:13:32.0941 2652 slsvc - ok
16:13:33.0117 2652 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
16:13:33.0123 2652 SLUINotify - ok
16:13:33.0165 2652 SmartDefragDriver (46b40982af166bf89c3f51fb13e60d6d) C:\Windows\system32\Drivers\SmartDefragDriver.sys
16:13:33.0166 2652 SmartDefragDriver - ok
16:13:33.0207 2652 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:13:33.0211 2652 Smb - ok
16:13:33.0229 2652 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
16:13:33.0233 2652 SNMPTRAP - ok
16:13:33.0258 2652 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:13:33.0259 2652 spldr - ok
16:13:33.0315 2652 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
16:13:33.0323 2652 Spooler - ok
16:13:33.0389 2652 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:13:33.0408 2652 srv - ok
16:13:33.0597 2652 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:13:33.0663 2652 srv2 - ok
16:13:33.0704 2652 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:13:33.0708 2652 srvnet - ok
16:13:34.0011 2652 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
16:13:34.0033 2652 SSDPSRV - ok
16:13:34.0062 2652 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
16:13:34.0069 2652 SstpSvc - ok
16:13:34.0152 2652 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
16:13:34.0172 2652 stisvc - ok
16:13:34.0269 2652 SupportSoft RemoteAssist (42fef84684d217870f3c8813b6f58276) C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
16:13:34.0290 2652 SupportSoft RemoteAssist - ok
16:13:34.0311 2652 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:13:34.0314 2652 swenum - ok
16:13:34.0393 2652 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
16:13:34.0409 2652 swprv - ok
16:13:34.0422 2652 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:13:34.0426 2652 Symc8xx - ok
16:13:34.0439 2652 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:13:34.0440 2652 Sym_hi - ok
16:13:34.0462 2652 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:13:34.0465 2652 Sym_u3 - ok
16:13:34.0499 2652 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
16:13:34.0517 2652 SynTP - ok
16:13:34.0601 2652 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
16:13:34.0617 2652 SysMain - ok
16:13:34.0653 2652 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
16:13:34.0659 2652 TabletInputService - ok
16:13:35.0018 2652 TabletServicePen (629021756c8fc4c579849a823c471cb3) C:\Windows\system32\Pen_Tablet.exe
16:13:35.0727 2652 TabletServicePen - ok
16:13:35.0885 2652 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
16:13:35.0919 2652 TapiSrv - ok
16:13:35.0948 2652 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
16:13:35.0955 2652 TBS - ok
16:13:36.0093 2652 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
16:13:36.0223 2652 Tcpip - ok
16:13:36.0240 2652 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
16:13:36.0250 2652 Tcpip6 - ok
16:13:36.0296 2652 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
16:13:36.0299 2652 tcpipreg - ok
16:13:36.0373 2652 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:13:36.0376 2652 TDPIPE - ok
16:13:36.0396 2652 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:13:36.0399 2652 TDTCP - ok
16:13:36.0442 2652 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:13:36.0446 2652 tdx - ok
16:13:36.0497 2652 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:13:36.0500 2652 TermDD - ok
16:13:36.0573 2652 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
16:13:36.0594 2652 TermService - ok
16:13:36.0653 2652 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
16:13:36.0658 2652 Themes - ok
16:13:36.0683 2652 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:13:36.0686 2652 THREADORDER - ok
16:13:36.0711 2652 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
16:13:36.0718 2652 TrkWks - ok
16:13:36.0780 2652 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
16:13:36.0782 2652 TrustedInstaller - ok
16:13:36.0834 2652 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:13:36.0837 2652 tssecsrv - ok
16:13:36.0879 2652 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:13:36.0882 2652 tunmp - ok
16:13:36.0937 2652 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:13:37.0025 2652 tunnel - ok
16:13:37.0084 2652 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:13:37.0088 2652 uagp35 - ok
16:13:37.0149 2652 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:13:37.0168 2652 udfs - ok
16:13:37.0217 2652 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
16:13:37.0223 2652 UI0Detect - ok
16:13:37.0268 2652 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:13:37.0273 2652 uliagpkx - ok
16:13:37.0342 2652 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:13:37.0359 2652 uliahci - ok
16:13:37.0379 2652 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:13:37.0384 2652 UlSata - ok
16:13:37.0403 2652 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:13:37.0406 2652 ulsata2 - ok
16:13:37.0426 2652 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:13:37.0430 2652 umbus - ok
16:13:37.0463 2652 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
16:13:37.0483 2652 upnphost - ok
16:13:37.0502 2652 usbbus - ok
16:13:37.0534 2652 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:13:37.0538 2652 usbccgp - ok
16:13:37.0567 2652 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:13:37.0572 2652 usbcir - ok
16:13:37.0578 2652 UsbDiag - ok
16:13:37.0628 2652 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:13:37.0631 2652 usbehci - ok
16:13:37.0661 2652 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:13:37.0679 2652 usbhub - ok
16:13:37.0685 2652 USBModem - ok
16:13:37.0755 2652 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:13:37.0758 2652 usbohci - ok
16:13:37.0798 2652 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:13:37.0802 2652 usbprint - ok
16:13:37.0848 2652 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:13:37.0852 2652 usbscan - ok
16:13:37.0894 2652 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:13:37.0948 2652 USBSTOR - ok
16:13:38.0028 2652 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:13:38.0031 2652 usbuhci - ok
16:13:38.0083 2652 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:13:38.0088 2652 usbvideo - ok
16:13:38.0125 2652 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
16:13:38.0128 2652 usb_rndisx - ok
16:13:38.0186 2652 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
16:13:38.0191 2652 UxSms - ok
16:13:38.0261 2652 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
16:13:38.0284 2652 vds - ok
16:13:38.0330 2652 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:13:38.0333 2652 vga - ok
16:13:38.0372 2652 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:13:38.0376 2652 VgaSave - ok
16:13:38.0410 2652 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:13:38.0414 2652 viaagp - ok
16:13:38.0428 2652 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:13:38.0432 2652 ViaC7 - ok
16:13:38.0466 2652 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
16:13:38.0467 2652 viaide - ok
16:13:38.0482 2652 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:13:38.0485 2652 volmgr - ok
16:13:38.0548 2652 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:13:38.0567 2652 volmgrx - ok
16:13:38.0629 2652 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:13:38.0638 2652 volsnap - ok
16:13:38.0676 2652 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:13:38.0680 2652 vsmraid - ok
16:13:38.0797 2652 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
16:13:38.0830 2652 VSS - ok
16:13:38.0921 2652 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
16:13:38.0983 2652 W32Time - ok
16:13:39.0175 2652 wacmoumonitor (826a053968d0faf39afd8aecff580cb6) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
16:13:39.0178 2652 wacmoumonitor - ok
16:13:39.0227 2652 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
16:13:39.0230 2652 wacommousefilter - ok
16:13:39.0277 2652 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:13:39.0280 2652 WacomPen - ok
16:13:39.0318 2652 wacomvhid (51d580f30d1a1f2ea4965af6abc2bcb2) C:\Windows\system32\DRIVERS\wacomvhid.sys
16:13:39.0321 2652 wacomvhid - ok
16:13:39.0340 2652 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\Windows\system32\DRIVERS\WacomVKHid.sys
16:13:39.0342 2652 WacomVKHid - ok
16:13:39.0373 2652 WacomVTHid (799c84ce3bd9600172aa53b4ead8357a) C:\Windows\system32\DRIVERS\WacomVTHid.sys
16:13:39.0376 2652 WacomVTHid - ok
16:13:39.0391 2652 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:13:39.0395 2652 Wanarp - ok
16:13:39.0400 2652 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:13:39.0401 2652 Wanarpv6 - ok
16:13:39.0487 2652 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
16:13:39.0500 2652 WcesComm - ok
16:13:39.0596 2652 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
16:13:39.0629 2652 wcncsvc - ok
16:13:39.0650 2652 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
16:13:39.0658 2652 WcsPlugInService - ok
16:13:39.0689 2652 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:13:39.0691 2652 Wd - ok
16:13:39.0784 2652 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:13:39.0804 2652 Wdf01000 - ok
16:13:39.0836 2652 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:13:39.0843 2652 WdiServiceHost - ok
16:13:39.0848 2652 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:13:39.0853 2652 WdiSystemHost - ok
16:13:39.0907 2652 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
16:13:39.0930 2652 WebClient - ok
16:13:39.0980 2652 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
16:13:39.0995 2652 Wecsvc - ok
16:13:40.0016 2652 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
16:13:40.0022 2652 wercplsupport - ok
16:13:40.0067 2652 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
16:13:40.0074 2652 WerSvc - ok
16:13:40.0143 2652 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:13:40.0170 2652 winachsf - ok
16:13:40.0275 2652 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
16:13:40.0295 2652 WinDefend - ok
16:13:40.0303 2652 WinHttpAutoProxySvc - ok
16:13:40.0402 2652 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
16:13:40.0407 2652 Winmgmt - ok
16:13:40.0540 2652 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
16:13:40.0579 2652 WinRM - ok
16:13:40.0672 2652 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
16:13:40.0677 2652 WinUSB - ok
16:13:40.0770 2652 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
16:13:40.0799 2652 Wlansvc - ok
16:13:40.0984 2652 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:13:41.0092 2652 wlidsvc - ok
16:13:41.0230 2652 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:13:41.0234 2652 WmiAcpi - ok
16:13:41.0312 2652 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
16:13:41.0317 2652 wmiApSrv - ok
16:13:41.0432 2652 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:13:41.0461 2652 WMPNetworkSvc - ok
16:13:41.0533 2652 WMZuneComm (a3ba4712ebf768edfbccec09fa120b6f) C:\Program Files\Zune\WMZuneComm.exe
16:13:41.0552 2652 WMZuneComm - ok
16:13:41.0715 2652 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
16:13:41.0730 2652 WPCSvc - ok
16:13:41.0778 2652 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
16:13:41.0785 2652 WPDBusEnum - ok
16:13:41.0867 2652 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:13:41.0871 2652 WpdUsb - ok
16:13:42.0137 2652 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:13:42.0164 2652 WPFFontCache_v0400 - ok
16:13:42.0217 2652 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:13:42.0220 2652 ws2ifsl - ok
16:13:42.0270 2652 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
16:13:42.0275 2652 wscsvc - ok
16:13:42.0281 2652 WSearch - ok
16:13:42.0378 2652 WTouchService (f37569c373a4475007835ed77593475c) C:\Program Files\WTouch\WTouchService.exe
16:13:42.0455 2652 WTouchService - ok
16:13:42.0642 2652 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
16:13:42.0696 2652 wuauserv - ok
16:13:42.0851 2652 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
16:13:42.0856 2652 WudfPf - ok
16:13:42.0889 2652 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:13:42.0897 2652 WUDFRd - ok
16:13:42.0968 2652 wudfsvc (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
16:13:42.0974 2652 wudfsvc - ok
16:13:43.0005 2652 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
16:13:43.0008 2652 XAudio - ok
16:13:43.0060 2652 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
16:13:43.0085 2652 XAudioService - ok
16:13:43.0144 2652 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
16:13:43.0155 2652 yukonwlh - ok
16:13:43.0721 2652 ZuneNetworkSvc (5bdcacd5b2b0fb972bc570e70f616acf) C:\Program Files\Zune\ZuneNss.exe
16:13:43.0901 2652 ZuneNetworkSvc - ok
16:13:43.0961 2652 ZuneWlanCfgSvc (e22e48654a66aa3e24f4646c6bc1756c) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
16:13:43.0985 2652 ZuneWlanCfgSvc - ok
16:13:44.0030 2652 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
16:13:44.0287 2652 \Device\Harddisk0\DR0 - ok
16:13:44.0314 2652 Boot (0x1200) (9dcdaf7f471265c30d24dfcfe84401fc) \Device\Harddisk0\DR0\Partition0
16:13:44.0317 2652 \Device\Harddisk0\DR0\Partition0 - ok
16:13:44.0328 2652 Boot (0x1200) (af6515439ab0fba694ca740f33b75058) \Device\Harddisk0\DR0\Partition1
16:13:44.0354 2652 \Device\Harddisk0\DR0\Partition1 - ok
16:13:44.0355 2652 ============================================================
16:13:44.0355 2652 Scan finished
16:13:44.0355 2652 ============================================================
16:13:44.0377 4696 Detected object count: 0
16:13:44.0377 4696 Actual detected object count: 0

++++++
++++++
Avast Scan
++++++
++++++

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-25 17:56:38
-----------------------------
17:56:38.975 OS Version: Windows 6.0.6002 Service Pack 2
17:56:38.975 Number of processors: 2 586 0x170A
17:56:38.976 ComputerName: MANUELSLAPTOP UserName: Liz
17:56:51.556 Initialize success
17:58:17.462 AVAST engine defs: 12072502
17:58:43.963 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:58:43.965 Disk 0 Vendor: ST9320320AS HP07 Size: 305245MB BusType: 3
17:58:44.043 Disk 0 MBR read successfully
17:58:44.046 Disk 0 MBR scan
17:58:44.053 Disk 0 unknown MBR code
17:58:44.057 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294097 MB offset 63
17:58:44.123 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11144 MB offset 602312704
17:58:44.200 Disk 0 scanning sectors +625135616
17:58:44.333 Disk 0 scanning C:\Windows\system32\drivers
17:59:18.523 Service scanning
17:59:46.564 Service MpKslb1a6c4b7 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97691A0A-DB4C-4083-A91F-821C2E368363}\MpKslb1a6c4b7.sys **LOCKED** 32
18:00:24.431 Modules scanning
18:00:37.299 Disk 0 trace - called modules:
18:00:37.421 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
18:00:37.422 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86807030]
18:00:37.422 3 CLASSPNP.SYS[805df8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8672db98]
18:00:40.003 AVAST engine scan C:\Windows
18:00:51.808 AVAST engine scan C:\Windows\system32
18:11:36.635 AVAST engine scan C:\Windows\system32\drivers
18:13:34.491 AVAST engine scan C:\Users\Liz
18:21:08.524 File: C:\Users\Liz\AppData\Local\Temp\CR_34CB0.tmp\setup.exe **INFECTED** Win32:Malware-gen
18:21:12.265 File: C:\Users\Liz\AppData\Local\Temp\CR_62486.tmp\setup.exe **INFECTED** Win32:Malware-gen
18:21:22.318 File: C:\Users\Liz\AppData\Local\Temp\CR_DCD16.tmp\setup.exe **INFECTED** Win32:Malware-gen
18:44:25.417 Disk 0 MBR has been saved successfully to "C:\Users\Liz\Desktop\MBR.dat"
18:44:25.710 The log file has been saved successfully to "C:\Users\Liz\Desktop\aswMBR.txt"

++++++
++++++
Finally this computer has Windows Vista 32 Home Premium SP2

Please forgive me if I overlooked something.
-Manny

Attached Files

  • Attached File  ss.zip   133.29KB   1 downloads

Edited by manny_g, 25 July 2012 - 07:04 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:15 AM

Posted 26 July 2012 - 09:16 AM

D @ PWS:Win32IZbot Severe 7;'14I2012 11:02 PM Quarantined

This refers to a PassWord Stealer trojan.

If you do any online banking I strongly suggest you change your password.

===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============


Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#5 manny_g

manny_g
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 26 July 2012 - 05:26 PM

Hi,
I ran the program and stepped away this was open in notepad when I came back:


ComboFix 12-07-27.02 - Liz 07/26/2012 16:19:38.1.2 - x86
Running from: c:\users\Liz\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Liz\AppData\Roaming\Idemzy\meico.exe
c:\users\Liz\Documents\~WRL3554.tmp
c:\users\Liz\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
.
.
2012-07-26 21:30 . 2012-07-26 21:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-26 14:23 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16692A95-D4BB-484F-81F3-51811A3F9222}\mpengine.dll
2012-07-25 14:23 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-12 13:39 . 2012-07-12 13:40 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-12 13:35 . 2012-07-15 04:03 -------- d-----w- c:\users\Liz\AppData\Roaming\Idemzy
2012-07-12 13:35 . 2012-07-15 03:18 -------- d-----w- c:\users\Liz\AppData\Roaming\Daafx
2012-07-12 08:11 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 10:57 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 10:56 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 10:56 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 10:55 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 10:55 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 10:55 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 01:12 . 2012-07-10 01:12 -------- d-----w- c:\users\Liz\AppData\Local\KodakGallery
2012-07-10 01:11 . 2012-07-10 01:11 -------- d-----w- c:\users\Liz\AppData\Roaming\Skinux
2012-07-10 01:00 . 2012-07-10 01:00 -------- d-----w- c:\users\Liz\AppData\Roaming\ArcSoft
2012-07-10 01:00 . 2012-07-10 01:00 -------- d-----w- c:\users\Liz\AppData\Local\ArcSoft
2012-07-10 01:00 . 2012-07-11 01:10 -------- d-----w- c:\programdata\ArcSoft
2012-07-10 00:58 . 2012-07-10 01:00 -------- d-----w- c:\program files\Common Files\ArcSoft
2012-07-10 00:58 . 2012-07-10 00:58 -------- d-----w- c:\program files\ArcSoft
2012-07-10 00:52 . 2012-07-10 00:55 -------- d-----w- c:\program files\Common Files\Kodak
2012-07-10 00:51 . 2012-07-10 00:56 -------- d-----w- c:\program files\Kodak
2012-07-10 00:47 . 2012-07-10 01:02 -------- d-----w- c:\programdata\Kodak
2012-07-06 15:24 . 2012-07-06 15:24 -------- d-----w- c:\users\Liz\AppData\Local\Macromedia
2012-07-03 20:42 . 2012-02-11 04:05 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F755084-80BB-48EA-8180-3E8D640D2E49}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 23:03 . 2012-04-20 23:35 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-11 23:03 . 2011-06-22 14:01 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 18:46 . 2010-09-21 10:47 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 19:13 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 19:13 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 19:13 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 19:13 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 19:13 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 19:13 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 19:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-21 19:13 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12 . 2012-06-21 19:13 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-01 14:03 . 2012-06-13 22:18 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-03 12:22 . 2011-05-20 18:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-11 619352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HD Writer AE.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer AE.lnk
backup=c:\windows\pss\HD Writer AE.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Liz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-03-27 10:40 40376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 20:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2008-06-10 19:56 1406024 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 21:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RockMelt Update]
2010-11-17 01:33 136336 ----atw- c:\users\Liz\AppData\Local\RockMelt\Update\RockMeltUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 18:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 26449203
*NewlyCreated* - ASWMBR
*Deregistered* - 26449203
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 23:03]
.
2012-07-10 c:\windows\Tasks\HPCeeScheduleForLiz.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
2012-07-26 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-10875277-2476401698-3151253719-1000Core.job
- c:\users\Liz\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2010-11-17 01:33]
.
2012-07-26 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-10875277-2476401698-3151253719-1000UA.job
- c:\users\Liz\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2010-11-17 01:33]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.bankofamerica.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: vizzed.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Liz\AppData\Roaming\Mozilla\Firefox\Profiles\wjtegg9p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-{2F46C5F7-D42D-426B-6ED7-77F4827833C6} - c:\users\Liz\AppData\Roaming\Idemzy\meico.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-26 16:31
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Liz\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-07-26 16:34:52
ComboFix-quarantined-files.txt 2012-07-26 21:34
.
Pre-Run: 96,338,169,856 bytes free
Post-Run: 96,987,131,904 bytes free
.
- - End Of File - - 8279CD83ECF963EF2F16833BAB92CECB

++++++++
++++++++



Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java DB 10.5.3.0
Java™ 6 Update 30
Java™ SE Development Kit 6 Update 21
Java version out of Date!
Adobe Flash Player 11.3.300.265
Mozilla Firefox (3.6.13) Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

The computer itself seems fine. MSE has not alerted me to any new malware. As far as the banking situation should I wait until this computer is clean;to change pws?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:15 AM

Posted 27 July 2012 - 09:32 AM

Your log is clean.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java DB 10.5.3.0
Java™ 6 Update 30
Java™ SE Development Kit 6 Update 21


===

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#7 manny_g

manny_g
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 27 July 2012 - 12:20 PM

Ok, I have completed all your instructions including updating java and firefox. Is there anything else I need to do? I know that no one can guarantee the computer is clean but in all practicality can we say it sure looks that way?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:15 AM

Posted 28 July 2012 - 07:00 AM

For you peace of mind run this scan.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


#9 manny_g

manny_g
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 28 July 2012 - 07:13 PM

I ran the scan before I left to work. When I came home this was the result:

C:\Users\Liz\AppData\Local\RockMelt\User Data\1156033932\Cache\f_000dda a variant of Win32/Adware.iBryte.C application cleaned by deleting - quarantined
+++++++
Is this from a root kit, it seems like the first stuff I had.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:15 AM

Posted 29 July 2012 - 08:42 AM

No it's a variant of Win32/Adware.iBryte.C

#11 manny_g

manny_g
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 30 July 2012 - 11:30 PM

great to know I should not be worried then rihgt?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users