I somehow got Internet Security on my laptop. I think I thought it was a Windows update and that is how it got downloaded? I can't use the internet unless in Safe Mode with Networking, which I am in now. I also can't open some programs like my security software (TrendMicro) and Quicken. I have Windows 7 and my husband and I have separate log ins. So far it just seems to affect my area. When I log in to his area I can get on the internet and don't see the pop-up and scan. I did not buy anything when asked by Internet Security.
Here are my logs:
checkup.txt :
Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Windows Media DRM Reset
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 20
Java version out of date!
Adobe Flash Player 10.0.32.18 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385
Run by Nora at 14:25:05 on 2012-03-15
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2935 [GMT -4:00]
.
AV: Titanium Maximum Security *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Titanium Maximum Security *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\splwow64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://asus.msn.com
uSearch Bar =
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
BHO: ShopSafeBrowserHelper Class: {333f6b96-3992-4d58-a499-145a10fe48c3} - C:\Program Files (x86)\ShopSafe\BhoSSafe.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: TBSB03657 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\iGive Button\tbunszC569.tmp\tbcore3.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: iGive Button: {43989788-13d1-4be7-8404-db58166e06cd} - C:\Program Files (x86)\iGive Button\tbunszC569.tmp\tbcore3.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Internet Security] C:\Users\Nora\AppData\Roaming\isecurity.exe
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ShopSafe] C:\PROGRA~2\ShopSafe\ShopSafe.exe /dontopenmycards
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun: [RoxioNowMediaManagerApp] C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe -start
StartupFolder: C:\Users\Nora\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Nora\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEM~1.LNK - C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: cinemanow.com
Trusted Zone: roxio.com
Trusted Zone: roxionow.com
Trusted Zone: sonic.com
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://danscameracity.lifepics.com/net/Uploader/LPUploader57.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://greenfaith.webex.com/client/T27LC/nbr/ieatgpc1.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{501CAAD6-5868-4A51-9D2D-38DA670A8E83} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{501CAAD6-5868-4A51-9D2D-38DA670A8E83}\27E6462637 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{501CAAD6-5868-4A51-9D2D-38DA670A8E83}\84945485 : DhcpNameServer = 65.167.41.2 65.167.41.3 4.2.2.1
TCP: Interfaces\{501CAAD6-5868-4A51-9D2D-38DA670A8E83}\C454D4147457563747 : DhcpNameServer = 204.186.110.76
TCP: Interfaces\{501CAAD6-5868-4A51-9D2D-38DA670A8E83}\C696E6B6379737 : DhcpNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{ACEFAB31-3EE0-4A65-8ECC-BA53266ACA6C} : DhcpNameServer = 192.168.1.1
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: ShopSafeBrowserHelper Class: {333F6B96-3992-4D58-A499-145A10FE48C3} - C:\Program Files (x86)\ShopSafe\BhoSSafe.dll
BHO-X64: ShopSafe Shared Browser Helper Object - No File
BHO-X64: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO-X64: Trend Micro Toolbar BHO - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: TBSB03657 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\iGive Button\tbunszC569.tmp\tbcore3.dll
BHO-X64: TBSB03657 - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: iGive Button: {43989788-13D1-4BE7-8404-DB58166E06CD} - C:\Program Files (x86)\iGive Button\tbunszC569.tmp\tbcore3.dll
TB-X64: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ShopSafe] C:\PROGRA~2\ShopSafe\ShopSafe.exe /dontopenmycards
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun-x64: [RoxioNowMediaManagerApp] C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe -start
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
S1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
S2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-1-26 275912]
S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-5 136176]
S2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-3-24 290832]
S2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2011-7-5 400368]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-2-1 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-2-1 185640]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-5 136176]
S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 tmeevw;tmeevw;C:\Windows\system32\DRIVERS\tmeevw.sys --> C:\Windows\system32\DRIVERS\tmeevw.sys [?]
S3 tmnciesc;tmnciesc;C:\Windows\system32\DRIVERS\tmnciesc.sys --> C:\Windows\system32\DRIVERS\tmnciesc.sys [?]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-15 03:36:12 864768 ----a-w- C:\Users\Nora\AppData\Roaming\isecurity.exe
2012-03-14 12:11:19 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 12:11:19 3957616 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 12:11:16 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 01:06:48 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 01:06:47 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 01:06:46 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-14 01:06:46 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-14 01:06:46 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-14 01:06:46 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 01:06:45 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-14 01:06:45 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-14 01:06:45 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-14 01:06:45 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-03-14 01:06:45 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-14 01:05:17 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 01:05:17 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 01:05:16 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 01:05:16 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 01:05:15 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 01:05:14 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 01:05:14 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-06 15:14:54 162664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-16 14:09:01 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-16 14:09:01 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-16 14:09:00 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-16 14:09:00 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
.
==================== Find3M ====================
.
2012-03-14 22:54:31 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-02-28 17:41:45 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-26 15:58:07 56 ----a-w- C:\Windows\System32\SupportTool.exe.bat
2012-01-26 14:32:55 91920 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
2012-01-26 14:32:55 70928 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2012-01-26 14:32:55 67344 ----a-w- C:\Windows\System32\drivers\tmeevw.sys
2012-01-26 14:32:55 210704 ----a-w- C:\Windows\System32\drivers\tmnciesc.sys
2012-01-26 14:32:55 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2012-01-26 14:32:55 105744 ----a-w- C:\Windows\System32\drivers\tmtdi.sys
2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 14:26:25.46 ===============
Attach log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/7/2010 9:56:25 PM
System Uptime: 3/15/2012 1:16:15 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K60IJ
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | Socket 478 | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 449 GiB total, 394.064 GiB free.
D: is Removable
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4700 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&4240F00&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&4240F00&0&01
Service: vwifimp
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C4700 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP148: 2/17/2012 9:33:09 AM - Windows Update
RP149: 2/24/2012 2:00:02 PM - Scheduled Checkpoint
RP150: 3/3/2012 3:23:06 PM - Scheduled Checkpoint
RP152: 3/14/2012 8:08:33 AM - Windows Modules Installer
RP153: 3/14/2012 8:09:50 AM - Windows Modules Installer
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.2 MUI
Alcor Micro USB Card Reader
Apple Application Support
Apple Software Update
ASUS AI Recovery
ASUS CopyProtect
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ATK Package
Best Buy Software Installer
BlackBerry Desktop Software 6.0.2
BufferChm
C4700
Choice Guard
Compatibility Pack for the 2007 Office system
ControlDeck
Coupon Printer for Windows
Destinations
DeviceDiscovery
eReg
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HP Photo Creations
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
iGive Button
IHA_MessageCenter
ImageMixer 3 SE Ver.6 Transfer Utility
ImageMixer 3 SE Ver.6 Video Tools
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
MarketResearch
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSXML 4.0 SP3 Parser (KB973685)
OpenOffice.org 3.2
PHOTOfunSTUDIO -viewer-
Platform
PS_AIO_06_C4700_SW_Min
Quicken 2011
QuickTime
QuickTransfer
Roxio Burn
Roxio Roxio Burn
Roxio Update Manager
RoxioNow Player
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
ShopSafe
SmartWebPrinting
SolutionCenter
Status
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Verizon Download Manager
VIA Platform Device Manager
Vz In Home Agent
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Toolbar
Windows Live Writer
Windows Media DRM Reset
WinFlash
Winkflash Transporter
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
3/15/2012 8:52:29 AM, Error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
3/15/2012 2:23:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
3/15/2012 2:23:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/15/2012 2:23:01 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/15/2012 1:17:01 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/15/2012 1:16:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/15/2012 1:16:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/15/2012 1:16:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/15/2012 1:16:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/15/2012 1:16:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr tmactmon tmcomm tmevtmgr tmtdi Wanarpv6
3/14/2012 10:57:06 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
3/14/2012 10:57:06 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
3/13/2012 1:06:33 PM, Error: Service Control Manager [7034] - The HP Network Devices Support service terminated unexpectedly. It has done this 2 time(s).
3/12/2012 9:26:56 PM, Error: Service Control Manager [7034] - The HP Network Devices Support service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
Hi, cetronia. Welcome to LandzDown Forum.
We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.
If you have questions regarding any of the instructions or problems running any tools, please let us know.
Rest assured that the rogue did
not get installed on your computer when you did Microsoft Updates! Most likely it was due to a vulnerability in the outdated/vulnerable Java or Adobe software on your computer. Before we deal with that, lets give you some breathing room. Please do the following.
1. Please restart the computer in
Safe Mode with Networking. (To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard. Using the arrow keys on your keyboard, select Safe Mode with Networking and press Enter on your keyboard. Windows will now boot into safe mode with networking and prompt you to login as a user.)
2. Please download rkill from one of the following links and save to your Desktop:
One (http://download.bleepingcomputer.com/grinler/rkill.exe), Two (http://download.bleepingcomputer.com/grinler/rkill.com),Three (http://download.bleepingcomputer.com/grinler/rkill.scr) or Four (http://download.bleepingcomputer.com/grinler/rkill.pif)
- Double-click rkill to run.
- A command window will open then disappear upon completion, this is normal.
- Please leave rkill on the Desktop until otherwise advised.
- Do NOT restart your computer after running rkill as the malware program(s) will start again.
Note: If you you receive security warnings about rkill, please ignore and allow the download to continue.
2. Please download the
TDSSKiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) by Kaspersky... save it to your Desktop.
<-Important!!!- Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista - W7 users: Right-click and select "Run As Administrator".
If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
If you don't see file extensions, please see: How to change the file extension (http://www.mediacollege.com/microsoft/windows/extension-change.html).
- Click the Start Scan button. Do not use the computer during the scan!
- If the scan completes with nothing found, click Close to exit.
- If malicious objects are found, they will show in the "Scan results - Select action for found objects[/b]" and offer 3 options.
- Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
- A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
- Copy and paste the contents of that file in your next reply.
3. Please download
Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam.php) to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware and
Launch Malwarebytes' Anti-Malware - Click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, be sure Quick scan is selected, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FMBAM_SR.png&hash=38adbab18bc0003ecf543fafb564e34dadece253) - Click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Please post contents of that file in your next reply.
** Note **If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click
OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
When I get to the step to download Malwarebytes' Anti-Malware I am taken to a site where I click on the download button and I am taken to another site - MajorGeeks.com (http://majorgeeks.com/download.php?det=5756). Is this correct? I am not sure what I am supposed to download on this majorgeeks site and want to make sure this is correct.
Yes, MajorGeeks is one of the official download sites for MBAM.
Here are my logs from the steps I was sent.
TDSS Log:
19:55:35.0076 1036 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
19:55:35.0435 1036 ============================================================
19:55:35.0435 1036 Current date / time: 2012/03/15 19:55:35.0435
19:55:35.0435 1036 SystemInfo:
19:55:35.0435 1036
19:55:35.0435 1036 OS Version: 6.1.7600 ServicePack: 0.0
19:55:35.0435 1036 Product type: Workstation
19:55:35.0435 1036 ComputerName: NORA-PC
19:55:35.0435 1036 UserName: Nora
19:55:35.0435 1036 Windows directory: C:\Windows
19:55:35.0435 1036 System windows directory: C:\Windows
19:55:35.0435 1036 Running under WOW64
19:55:35.0435 1036 Processor architecture: Intel x64
19:55:35.0435 1036 Number of processors: 2
19:55:35.0435 1036 Page size: 0x1000
19:55:35.0435 1036 Boot type: Safe boot with network
19:55:35.0435 1036 ============================================================
19:55:35.0981 1036 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:55:35.0981 1036 \Device\Harddisk0\DR0:
19:55:35.0981 1036 MBR used
19:55:35.0981 1036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x21333B7, BlocksNum 0x38252479
19:55:36.0028 1036 Initialize success
19:55:36.0028 1036 ============================================================
19:57:16.0133 1964 ============================================================
19:57:16.0133 1964 Scan started
19:57:16.0133 1964 Mode: Manual;
19:57:16.0133 1964 ============================================================
19:57:16.0414 1964 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:57:16.0414 1964 1394ohci - ok
19:57:16.0477 1964 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:57:16.0492 1964 ACPI - ok
19:57:16.0523 1964 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:57:16.0523 1964 AcpiPmi - ok
19:57:16.0586 1964 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:57:16.0601 1964 adp94xx - ok
19:57:16.0664 1964 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:57:16.0679 1964 adpahci - ok
19:57:16.0726 1964 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:57:16.0726 1964 adpu320 - ok
19:57:16.0789 1964 Afc - ok
19:57:16.0898 1964 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
19:57:16.0898 1964 AFD - ok
19:57:16.0960 1964 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:57:16.0960 1964 agp440 - ok
19:57:17.0023 1964 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:57:17.0023 1964 aliide - ok
19:57:17.0054 1964 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:57:17.0069 1964 amdide - ok
19:57:17.0116 1964 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:57:17.0132 1964 AmdK8 - ok
19:57:17.0163 1964 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:57:17.0163 1964 AmdPPM - ok
19:57:17.0225 1964 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
19:57:17.0225 1964 amdsata - ok
19:57:17.0272 1964 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:57:17.0288 1964 amdsbs - ok
19:57:17.0350 1964 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
19:57:17.0350 1964 amdxata - ok
19:57:17.0459 1964 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
19:57:17.0459 1964 AmUStor - ok
19:57:17.0553 1964 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:57:17.0553 1964 AppID - ok
19:57:17.0615 1964 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:57:17.0615 1964 arc - ok
19:57:17.0662 1964 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:57:17.0662 1964 arcsas - ok
19:57:17.0725 1964 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
19:57:17.0725 1964 AsDsm - ok
19:57:17.0834 1964 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
19:57:17.0834 1964 ASMMAP64 - ok
19:57:17.0912 1964 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:57:17.0912 1964 AsyncMac - ok
19:57:17.0959 1964 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:57:17.0974 1964 atapi - ok
19:57:18.0037 1964 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
19:57:18.0083 1964 athr - ok
19:57:18.0208 1964 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:57:18.0208 1964 b06bdrv - ok
19:57:18.0271 1964 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:57:18.0271 1964 b57nd60a - ok
19:57:18.0349 1964 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:57:18.0349 1964 Beep - ok
19:57:18.0427 1964 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:57:18.0427 1964 blbdrive - ok
19:57:18.0505 1964 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:57:18.0505 1964 bowser - ok
19:57:18.0567 1964 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:57:18.0567 1964 BrFiltLo - ok
19:57:18.0614 1964 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:57:18.0614 1964 BrFiltUp - ok
19:57:18.0676 1964 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:57:18.0676 1964 Brserid - ok
19:57:18.0723 1964 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:57:18.0723 1964 BrSerWdm - ok
19:57:18.0754 1964 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:57:18.0754 1964 BrUsbMdm - ok
19:57:18.0801 1964 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:57:18.0801 1964 BrUsbSer - ok
19:57:18.0848 1964 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:57:18.0848 1964 BTHMODEM - ok
19:57:18.0910 1964 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:57:18.0910 1964 cdfs - ok
19:57:18.0957 1964 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:57:18.0957 1964 cdrom - ok
19:57:19.0035 1964 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:57:19.0035 1964 circlass - ok
19:57:19.0097 1964 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:57:19.0129 1964 CLFS - ok
19:57:19.0222 1964 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:57:19.0222 1964 CmBatt - ok
19:57:19.0253 1964 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:57:19.0253 1964 cmdide - ok
19:57:19.0300 1964 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
19:57:19.0316 1964 CNG - ok
19:57:19.0378 1964 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:57:19.0378 1964 Compbatt - ok
19:57:19.0409 1964 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:57:19.0409 1964 CompositeBus - ok
19:57:19.0456 1964 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:57:19.0456 1964 crcdisk - ok
19:57:19.0550 1964 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:57:19.0550 1964 DfsC - ok
19:57:19.0581 1964 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:57:19.0597 1964 discache - ok
19:57:19.0628 1964 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:57:19.0643 1964 Disk - ok
19:57:19.0706 1964 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
19:57:19.0721 1964 Dot4 - ok
19:57:19.0768 1964 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:57:19.0768 1964 Dot4Print - ok
19:57:19.0815 1964 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
19:57:19.0815 1964 dot4usb - ok
19:57:19.0877 1964 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:57:19.0877 1964 drmkaud - ok
19:57:19.0940 1964 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:57:19.0987 1964 DXGKrnl - ok
19:57:20.0080 1964 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:57:20.0174 1964 ebdrv - ok
19:57:20.0283 1964 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:57:20.0299 1964 elxstor - ok
19:57:20.0345 1964 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:57:20.0345 1964 ErrDev - ok
19:57:20.0408 1964 ETD (3c38648375b7f3988691f53a7aae10a9) C:\Windows\system32\DRIVERS\ETD.sys
19:57:20.0408 1964 ETD - ok
19:57:20.0455 1964 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:57:20.0470 1964 exfat - ok
19:57:20.0501 1964 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:57:20.0517 1964 fastfat - ok
19:57:20.0564 1964 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:57:20.0564 1964 fdc - ok
19:57:20.0611 1964 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:57:20.0611 1964 FileInfo - ok
19:57:20.0642 1964 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:57:20.0657 1964 Filetrace - ok
19:57:20.0689 1964 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:57:20.0689 1964 flpydisk - ok
19:57:20.0751 1964 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:57:20.0767 1964 FltMgr - ok
19:57:20.0798 1964 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:57:20.0798 1964 FsDepends - ok
19:57:20.0876 1964 fssfltr (5814011b2f6e088e29d689b5fcd49b8f) C:\Windows\system32\DRIVERS\fssfltr.sys
19:57:20.0876 1964 fssfltr - ok
19:57:20.0923 1964 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:57:20.0923 1964 Fs_Rec - ok
19:57:21.0001 1964 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:57:21.0016 1964 fvevol - ok
19:57:21.0047 1964 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:57:21.0063 1964 gagp30kx - ok
19:57:21.0203 1964 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:57:21.0203 1964 hcw85cir - ok
19:57:21.0250 1964 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:57:21.0266 1964 HdAudAddService - ok
19:57:21.0313 1964 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:57:21.0313 1964 HDAudBus - ok
19:57:21.0359 1964 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:57:21.0359 1964 HidBatt - ok
19:57:21.0406 1964 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:57:21.0406 1964 HidBth - ok
19:57:21.0453 1964 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:57:21.0453 1964 HidIr - ok
19:57:21.0500 1964 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:57:21.0500 1964 HidUsb - ok
19:57:21.0562 1964 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:57:21.0562 1964 HpSAMD - ok
19:57:21.0656 1964 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:57:21.0671 1964 HTTP - ok
19:57:21.0703 1964 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:57:21.0703 1964 hwpolicy - ok
19:57:21.0734 1964 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:57:21.0734 1964 i8042prt - ok
19:57:21.0812 1964 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
19:57:21.0827 1964 iaStor - ok
19:57:21.0890 1964 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:57:21.0890 1964 iaStorV - ok
19:57:22.0171 1964 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:57:22.0389 1964 igfx - ok
19:57:22.0498 1964 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:57:22.0498 1964 iirsp - ok
19:57:22.0545 1964 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:57:22.0545 1964 intelide - ok
19:57:22.0607 1964 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:57:22.0607 1964 intelppm - ok
19:57:22.0654 1964 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:57:22.0654 1964 IpFilterDriver - ok
19:57:22.0701 1964 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:57:22.0701 1964 IPMIDRV - ok
19:57:22.0748 1964 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:57:22.0748 1964 IPNAT - ok
19:57:22.0795 1964 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:57:22.0810 1964 IRENUM - ok
19:57:22.0841 1964 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:57:22.0841 1964 isapnp - ok
19:57:22.0904 1964 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:57:22.0904 1964 iScsiPrt - ok
19:57:22.0966 1964 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:57:22.0966 1964 kbdclass - ok
19:57:23.0013 1964 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:57:23.0013 1964 kbdhid - ok
19:57:23.0075 1964 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
19:57:23.0075 1964 kbfiltr - ok
19:57:23.0122 1964 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
19:57:23.0122 1964 KSecDD - ok
19:57:23.0169 1964 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
19:57:23.0185 1964 KSecPkg - ok
19:57:23.0231 1964 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:57:23.0247 1964 ksthunk - ok
19:57:23.0309 1964 L1E (b8e670d7ef61615fa03104552854fac9) C:\Windows\system32\DRIVERS\L1E62x64.sys
19:57:23.0309 1964 L1E - ok
19:57:23.0403 1964 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:57:23.0403 1964 LHidFilt - ok
19:57:23.0465 1964 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:57:23.0465 1964 lltdio - ok
19:57:23.0512 1964 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:57:23.0512 1964 LMouFilt - ok
19:57:23.0590 1964 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:57:23.0590 1964 LSI_FC - ok
19:57:23.0637 1964 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:57:23.0637 1964 LSI_SAS - ok
19:57:23.0684 1964 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:57:23.0684 1964 LSI_SAS2 - ok
19:57:23.0731 1964 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:57:23.0731 1964 LSI_SCSI - ok
19:57:23.0777 1964 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:57:23.0777 1964 luafv - ok
19:57:23.0824 1964 lullaby (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys
19:57:23.0840 1964 lullaby - ok
19:57:23.0871 1964 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:57:23.0871 1964 megasas - ok
19:57:23.0918 1964 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:57:23.0918 1964 MegaSR - ok
19:57:23.0965 1964 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:57:23.0965 1964 Modem - ok
19:57:24.0011 1964 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:57:24.0011 1964 monitor - ok
19:57:24.0058 1964 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:57:24.0058 1964 mouclass - ok
19:57:24.0105 1964 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:57:24.0105 1964 mouhid - ok
19:57:24.0136 1964 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:57:24.0136 1964 mountmgr - ok
19:57:24.0183 1964 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:57:24.0183 1964 mpio - ok
19:57:24.0230 1964 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:57:24.0230 1964 mpsdrv - ok
19:57:24.0277 1964 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:57:24.0277 1964 MRxDAV - ok
19:57:24.0323 1964 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:57:24.0323 1964 mrxsmb - ok
19:57:24.0386 1964 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:57:24.0386 1964 mrxsmb10 - ok
19:57:24.0433 1964 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:57:24.0433 1964 mrxsmb20 - ok
19:57:24.0479 1964 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:57:24.0479 1964 msahci - ok
19:57:24.0526 1964 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:57:24.0526 1964 msdsm - ok
19:57:24.0573 1964 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:57:24.0573 1964 Msfs - ok
19:57:24.0620 1964 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:57:24.0620 1964 mshidkmdf - ok
19:57:24.0635 1964 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:57:24.0635 1964 msisadrv - ok
19:57:24.0698 1964 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:57:24.0698 1964 MSKSSRV - ok
19:57:24.0745 1964 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:57:24.0745 1964 MSPCLOCK - ok
19:57:24.0791 1964 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:57:24.0791 1964 MSPQM - ok
19:57:24.0838 1964 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:57:24.0838 1964 MsRPC - ok
19:57:24.0885 1964 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:57:24.0885 1964 mssmbios - ok
19:57:24.0916 1964 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:57:24.0916 1964 MSTEE - ok
19:57:24.0963 1964 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:57:24.0979 1964 MTConfig - ok
19:57:25.0025 1964 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
19:57:25.0025 1964 MTsensor - ok
19:57:25.0103 1964 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:57:25.0103 1964 Mup - ok
19:57:25.0166 1964 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:57:25.0166 1964 NativeWifiP - ok
19:57:25.0244 1964 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:57:25.0259 1964 NDIS - ok
19:57:25.0306 1964 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:57:25.0306 1964 NdisCap - ok
19:57:25.0353 1964 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:57:25.0353 1964 NdisTapi - ok
19:57:25.0400 1964 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:57:25.0400 1964 Ndisuio - ok
19:57:25.0447 1964 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:57:25.0447 1964 NdisWan - ok
19:57:25.0478 1964 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:57:25.0493 1964 NDProxy - ok
19:57:25.0540 1964 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:57:25.0540 1964 NetBIOS - ok
19:57:25.0571 1964 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:57:25.0587 1964 NetBT - ok
19:57:25.0634 1964 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:57:25.0634 1964 nfrd960 - ok
19:57:25.0681 1964 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:57:25.0681 1964 Npfs - ok
19:57:25.0712 1964 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:57:25.0712 1964 nsiproxy - ok
19:57:25.0805 1964 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:57:25.0852 1964 Ntfs - ok
19:57:25.0883 1964 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:57:25.0883 1964 Null - ok
19:57:25.0946 1964 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:57:25.0946 1964 nvraid - ok
19:57:25.0993 1964 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:57:26.0008 1964 nvstor - ok
19:57:26.0055 1964 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:57:26.0055 1964 nv_agp - ok
19:57:26.0117 1964 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:57:26.0117 1964 ohci1394 - ok
19:57:26.0180 1964 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:57:26.0180 1964 Parport - ok
19:57:26.0227 1964 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:57:26.0227 1964 partmgr - ok
19:57:26.0273 1964 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:57:26.0273 1964 pci - ok
19:57:26.0305 1964 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:57:26.0305 1964 pciide - ok
19:57:26.0336 1964 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:57:26.0351 1964 pcmcia - ok
19:57:26.0383 1964 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:57:26.0383 1964 pcw - ok
19:57:26.0429 1964 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:57:26.0445 1964 PEAUTH - ok
19:57:26.0570 1964 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:57:26.0570 1964 PptpMiniport - ok
19:57:26.0617 1964 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:57:26.0632 1964 Processor - ok
19:57:26.0663 1964 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:57:26.0679 1964 Psched - ok
19:57:26.0710 1964 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
19:57:26.0726 1964 PxHlpa64 - ok
19:57:26.0788 1964 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:57:26.0835 1964 ql2300 - ok
19:57:26.0866 1964 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:57:26.0866 1964 ql40xx - ok
19:57:26.0913 1964 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:57:26.0929 1964 QWAVEdrv - ok
19:57:26.0960 1964 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:57:26.0960 1964 RasAcd - ok
19:57:27.0007 1964 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:57:27.0007 1964 RasAgileVpn - ok
19:57:27.0053 1964 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:57:27.0053 1964 Rasl2tp - ok
19:57:27.0085 1964 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:57:27.0100 1964 RasPppoe - ok
19:57:27.0131 1964 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:57:27.0131 1964 RasSstp - ok
19:57:27.0178 1964 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
19:57:27.0178 1964 rcmirror - ok
19:57:27.0225 1964 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:57:27.0225 1964 rdbss - ok
19:57:27.0272 1964 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:57:27.0272 1964 rdpbus - ok
19:57:27.0303 1964 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:57:27.0303 1964 RDPCDD - ok
19:57:27.0365 1964 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:57:27.0365 1964 RDPENCDD - ok
19:57:27.0397 1964 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:57:27.0397 1964 RDPREFMP - ok
19:57:27.0443 1964 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
19:57:27.0459 1964 RDPWD - ok
19:57:27.0506 1964 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:57:27.0506 1964 rdyboost - ok
19:57:27.0568 1964 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
19:57:27.0568 1964 RimUsb - ok
19:57:27.0646 1964 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
19:57:27.0646 1964 RimVSerPort - ok
19:57:27.0724 1964 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
19:57:27.0724 1964 ROOTMODEM - ok
19:57:27.0833 1964 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:57:27.0833 1964 rspndr - ok
19:57:27.0880 1964 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:57:27.0880 1964 sbp2port - ok
19:57:27.0927 1964 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:57:27.0927 1964 scfilter - ok
19:57:27.0974 1964 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:57:27.0974 1964 secdrv - ok
19:57:28.0036 1964 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:57:28.0036 1964 Serenum - ok
19:57:28.0083 1964 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:57:28.0083 1964 Serial - ok
19:57:28.0114 1964 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:57:28.0114 1964 sermouse - ok
19:57:28.0177 1964 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:57:28.0177 1964 sffdisk - ok
19:57:28.0208 1964 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:57:28.0223 1964 sffp_mmc - ok
19:57:28.0255 1964 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:57:28.0255 1964 sffp_sd - ok
19:57:28.0301 1964 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:57:28.0301 1964 sfloppy - ok
19:57:28.0364 1964 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
19:57:28.0364 1964 SiSGbeLH - ok
19:57:28.0395 1964 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:57:28.0411 1964 SiSRaid2 - ok
19:57:28.0457 1964 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:57:28.0457 1964 SiSRaid4 - ok
19:57:28.0504 1964 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:57:28.0504 1964 Smb - ok
19:57:28.0613 1964 SNP2UVC (f06a6de8438f7446bff9e61f31356521) C:\Windows\system32\DRIVERS\snp2uvc.sys
19:57:28.0660 1964 SNP2UVC - ok
19:57:28.0691 1964 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:57:28.0691 1964 spldr - ok
19:57:28.0785 1964 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:57:28.0801 1964 srv - ok
19:57:28.0847 1964 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:57:28.0847 1964 srv2 - ok
19:57:28.0910 1964 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:57:28.0910 1964 srvnet - ok
19:57:28.0988 1964 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:57:28.0988 1964 stexstor - ok
19:57:29.0050 1964 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
19:57:29.0050 1964 StillCam - ok
19:57:29.0081 1964 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:57:29.0081 1964 swenum - ok
19:57:29.0206 1964 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
19:57:29.0253 1964 Tcpip - ok
19:57:29.0331 1964 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
19:57:29.0331 1964 TCPIP6 - ok
19:57:29.0393 1964 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:57:29.0409 1964 tcpipreg - ok
19:57:29.0456 1964 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:57:29.0456 1964 TDPIPE - ok
19:57:29.0503 1964 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
19:57:29.0503 1964 TDTCP - ok
19:57:29.0549 1964 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:57:29.0549 1964 tdx - ok
19:57:29.0581 1964 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:57:29.0581 1964 TermDD - ok
19:57:29.0674 1964 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
19:57:29.0674 1964 tmactmon - ok
19:57:29.0752 1964 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
19:57:29.0768 1964 tmcomm - ok
19:57:29.0830 1964 tmeevw (1161f882b3cfa8076870a09924e0adc2) C:\Windows\system32\DRIVERS\tmeevw.sys
19:57:29.0830 1964 tmeevw - ok
19:57:29.0893 1964 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
19:57:29.0893 1964 tmevtmgr - ok
19:57:29.0955 1964 tmnciesc (f0ae672ee91e7f1ef24644621b57ca7f) C:\Windows\system32\DRIVERS\tmnciesc.sys
19:57:29.0955 1964 tmnciesc - ok
19:57:30.0033 1964 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
19:57:30.0033 1964 tmtdi - ok
19:57:30.0080 1964 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:57:30.0080 1964 tssecsrv - ok
19:57:30.0142 1964 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:57:30.0142 1964 tunnel - ok
19:57:30.0189 1964 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:57:30.0189 1964 uagp35 - ok
19:57:30.0251 1964 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:57:30.0251 1964 udfs - ok
19:57:30.0314 1964 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:57:30.0314 1964 uliagpkx - ok
19:57:30.0361 1964 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:57:30.0361 1964 umbus - ok
19:57:30.0392 1964 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:57:30.0392 1964 UmPass - ok
19:57:30.0454 1964 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
19:57:30.0454 1964 usbccgp - ok
19:57:30.0501 1964 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:57:30.0501 1964 usbcir - ok
19:57:30.0563 1964 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
19:57:30.0563 1964 usbehci - ok
19:57:30.0626 1964 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
19:57:30.0626 1964 usbhub - ok
19:57:30.0704 1964 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
19:57:30.0704 1964 usbohci - ok
19:57:30.0766 1964 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:57:30.0766 1964 usbprint - ok
19:57:30.0813 1964 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:57:30.0829 1964 usbscan - ok
19:57:30.0875 1964 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:57:30.0875 1964 USBSTOR - ok
19:57:30.0938 1964 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:57:30.0938 1964 usbuhci - ok
19:57:31.0000 1964 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
19:57:31.0000 1964 usbvideo - ok
19:57:31.0063 1964 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:57:31.0063 1964 vdrvroot - ok
19:57:31.0109 1964 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:57:31.0109 1964 vga - ok
19:57:31.0141 1964 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:57:31.0141 1964 VgaSave - ok
19:57:31.0187 1964 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:57:31.0203 1964 vhdmp - ok
19:57:31.0265 1964 VIAHdAudAddService (fe595d1a1b781190bb483444b62cc607) C:\Windows\system32\drivers\viahduaa.sys
19:57:31.0297 1964 VIAHdAudAddService - ok
19:57:31.0343 1964 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:57:31.0343 1964 viaide - ok
19:57:31.0375 1964 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:57:31.0375 1964 volmgr - ok
19:57:31.0421 1964 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:57:31.0421 1964 volmgrx - ok
19:57:31.0468 1964 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:57:31.0468 1964 volsnap - ok
19:57:31.0499 1964 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:57:31.0515 1964 vsmraid - ok
19:57:31.0546 1964 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:57:31.0546 1964 vwifibus - ok
19:57:31.0577 1964 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:57:31.0577 1964 vwififlt - ok
19:57:31.0640 1964 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:57:31.0640 1964 vwifimp - ok
19:57:31.0687 1964 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:57:31.0687 1964 WacomPen - ok
19:57:31.0765 1964 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:57:31.0765 1964 WANARP - ok
19:57:31.0765 1964 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:57:31.0765 1964 Wanarpv6 - ok
19:57:31.0827 1964 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:57:31.0843 1964 Wd - ok
19:57:31.0889 1964 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:57:31.0905 1964 Wdf01000 - ok
19:57:31.0983 1964 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:57:31.0983 1964 WfpLwf - ok
19:57:32.0030 1964 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
19:57:32.0030 1964 WimFltr - ok
19:57:32.0077 1964 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:57:32.0077 1964 WIMMount - ok
19:57:32.0155 1964 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:57:32.0155 1964 WmiAcpi - ok
19:57:32.0217 1964 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:57:32.0217 1964 ws2ifsl - ok
19:57:32.0264 1964 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:57:32.0264 1964 WudfPf - ok
19:57:32.0311 1964 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:57:32.0311 1964 WUDFRd - ok
19:57:32.0357 1964 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:57:32.0435 1964 \Device\Harddisk0\DR0 - ok
19:57:32.0451 1964 Boot (0x1200) (fa818cc26ce19af2a454be3535829f77) \Device\Harddisk0\DR0\Partition0
19:57:32.0451 1964 \Device\Harddisk0\DR0\Partition0 - ok
19:57:32.0451 1964 ============================================================
19:57:32.0451 1964 Scan finished
19:57:32.0451 1964 ============================================================
19:57:32.0467 0952 Detected object count: 0
19:57:32.0467 0952 Actual detected object count: 0
19:57:57.0941 1460 Deinitialize success
MBAM Log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.16.01
Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7600.16385
Nora :: NORA-PC [administrator]
3/15/2012 10:51:37 PM
mbam-log-2012-03-15 (22-51-37).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214176
Time elapsed: 3 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Internet Security (Backdoor.IRCBot) -> Data: C:\Users\Nora\AppData\Roaming\isecurity.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|GrpConv (Trojan.Agent.Gen) -> Data: grpconv -o -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\Users\Nora\AppData\Local\Temp\C16C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Nora\AppData\Local\Temp\CDEB.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Nora\AppData\Roaming\isecurity.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Windows\System32\grpconv.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
(end)
Hi, cetronia.
Good work! Now you need to take care of the vulnerable software on your computer.
Internet Explorer 8 Out of date: I strongly advise that you upgrade to Internet Explorer 9. It has been out for well over a year. See Internet Explorer 9, Privacy and Security Enhancements (http://securitygarden.blogspot.com/2011/02/internet-explorer-9-privacy-and.html) for additional information.
Java: The current version of Java is JRE6u31. Please get the latest version here: http://java.com/en/download/index.jsp
Adobe Flash Player: Even though you have a 64-bit operating system, using the standard IE browser is 32-bit. Please download and install the following. (Note: You will need to close your browser to install the update.)
IE 32-Bit: http://fpdownload.macromedia.com/get/flashplayer/pdc/11.1.102.63/install_flash_player_ax_32bit.exe
Adobe Reader: The current version of Adobe Reader is 10.1.2. Install the latest version of Adobe Reader from http://www.adobe.com/products/reader/
or switch to an alternate PDF reader. There are a number of open source readers available from http://pdfreaders.org/. Others include Nitro Reader (http://www.nitropdf.com/free/index.htm) and Sumatra PDF (http://blog.kowalczyk.info/software/sumatrapdf/free-pdf-reader.html).
Note: Make sure UNcheck any prechecked unwanted toolbars or programs during installation if offered, including the McAfee Plus scan.
Personally, I would not allow any programs in the Trusted Zone. After all, even well known sites can be the victim of an SQL injection, hidden scripts, and more.If you elect to remove the entries from the Trusted Zone, please do the following:
- Launch Internet Explorer, click Internet Options on the Tools menu, and then click the Security tab.
- Click Trusted Sites, and then click Sites.
- Click the site you want to delete, and then click Remove.
Since I am not familiar with Trend's "Titanium Maximum Security 2012", I did a bit of checking since it allowed a 2-month old rogue to infiltrate your computer. Although most reviews didn't have anything negative to say about it, I did note the following from PC Magazine (http://www.pcmag.com/article2/0,2817,2391436,00.asp):
QuoteHowever, its core antivirus protection rates poorly in my test and independent tests.
After completing the updates, please do the following:
Please go
here (http://www.eset.com/onlinescan/) to run an on-line scan from ESET.
- Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
- Turn off the real time scanner of any existing antivirus program while performing the online scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
- Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
- Click Scan
- Wait for the scan to finish
- Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
- Copy and paste that log as a reply to this topic.
How is your computer now?
First of all my computer is working great again - you are a lifesaver since I don't know much about computers!
I will make the updates you suggest. I have been getting prompts about updating IE, but I am always hesitant since I am afraid things are not going to work right after they are updated and as I said before, I don't know much about computers. As far as Java, I have a shield that pops up on my bottom tray several times a day and asks if I want to update - should I be clicking yes each time this pops up? Why is it so often?
I got rid of the sites in my Trusted Zone - don't know how they got there. What is the Trusted Zone? Can things get there without me doing anything?
I did a lot of research a few years back on security software and Trend's Titanium Security got very good reviews (I have just been renewing it, so maybe I should read reviews each year). That was my first thought when all this happened - my security software let this through! In the future, what software would you recommend?
I will make the updates and send the log you requested. I so appreciate all your help so far!!!!!
Hi, cetronia.
Before installing any software, create a fresh System Restore point. That way, if the program causes problems and uninstalling it doesn't solve the problems, you can restore your computer to the point before the install. See System Restore: frequently asked questions (http://windows.microsoft.com/en-US/windows7/System-Restore-frequently-asked-questions) for additional information.
The reason you have been getting the Java notice so frequently is because there has been 11 security updates since it was last updated on your computer! You have Java(TM) 6 Update 20 and the current version is Java(TM) 6 Update 31. If, on the other hand, you have allowed the update and approved the UAC prompt and Java keeps asking about updating, we'll need to take a closer look. After you have updated Java, verify your version here: http://www.java.com/en/download/testjava.jsp
A website gets added to a security zone via the Tools button > Internet Options > Security tab, and then selecting a security zone (Local intranet, Trusted sites, or Restricted sites). Although it is often recommended to add websites that you visit and you completely trust to the Trusted Zone, that zone allows ActiveX and scripting to be available for those sites but not for the Internet as a whole. As I indicated previously, should such a site be compromised, then there is a chance your computer could be too by allowing scripts to run.
I try not to "push" my preferences on others since, no matter what, "YMMV" (your mileage may vary) applies. So, if you are happy with Trend Micro, then don't let that review influence you. Much depends on the type of Internet surfing as well as the status of both Microsoft updates as well as third-party software. My personal favorite free antivirus software is Microsoft Security Essentials (http://www.microsoft.com/security_essentials/default.aspx) used in conjunction with the Windows 7 firewall. My favorite licensed antivirus software is ESET Smart Security (http://www.eset.com/us/home/products/smart-security/), although ESET NOD32 (http://www.eset.com/us/home/products/antivirus/) with the Windows 7 firewall would also be a good choice. I also have WinPatrol and Malwarebytes Pro.
I completed all the updates. Here are the results from the ESET scan:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Excellent, cetronia!
You can go ahead and remove Security Check and TDSSKiller.
To check if your system is missing security updates or has insecure applications, install Secunia Personal Software Inspector (http://secunia.com/vulnerability_scanning/personal/) or, alternatively, visit http://secunia.com/software_inspector/ . The Secunia Software Inspector runs through your browser with no installation or download required and does the following:
- Detects insecure versions of applications installed
- Verifies that all Microsoft patches are applied
- Assists you in updating your system and applications
Install and update SpywareBlaster to prevent the installation of spyware and other potentially unwanted software: http://www.javacoolsoftware.com/spywareblaster.html
My favorite security software is WinPatrol which includes the features described at http://www.winpatrol.com/features.html. If you have questions about WinPatrol, we have a forum here at LzD: WinPatrol Help & Information (http://www.landzdown.com/winpatrol-help-information/).
Please let me know if you have any questions.
Followed the latest instructions and made the necessary updates.
Do I need to keep the DDS, Attach, and checkup txt files on my desktop?
Do I do anything with the rkill, Malwardbytes-Anti-malware and SpywareBlaster downloads? Run them periodically?
Thank you so much for all your help!! I hope you know how appreciated your help is for those of us who have no idea what to do when these type of things happen to us and how lost we feel. I spent about a half of a day looking around the web trying to figure out if I could trust any of the sites I found with directions of how to rid my computer of Internet Security. Then I finally came across advice on garden web that directed me to you. I feel so lucky I found you. You really are a saint for helping people like me. Thank you for your time and goodwill!!
Hi, cetronia.
As to the DDS, RKill, and SecurityCheck, you can remove them.
SpywareBlaster will run in the background so all you need to do is periodically check for updates. To know when an update has been released, you could subscribe to the SpywareBlaster topic here at LandzDown. (Instructions here: Stay Current -- Subscribe to the Update Topics for your system software! (http://www.landzdown.com/software-updates/stay-current-subscribe-to-the-update-topics-for-your-system-software!/))
Although old, this tutorial at Bleeping Computer shows how to update SpywareBlaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware (http://www.bleepingcomputer.com/tutorials/use-spywareblaster-to-protect-your-computer/)
Malwarebytes Anti-Malware is an excellent program to run every week or so. Always update before running. Then run the scan as you did to remove the rogue. A licensed version is also available that provides real-time protection as well as additional features, including automatic updating.
You are most welcome. I am glad I was able to help. Now you know where to come when you have a question. If we don't know the answer, we'll try to find someone who does.