Jump to content

Recommended Posts

About a month ago Microsoft Security Essentials removed TojanDownloader:Java/OpenConnection.OI off my netbook. Apparently, it was too late...as I'm infected with something. My netbook is running very slow, especially when on the internet using Firefox. When I go to Google on a desktop connected to the same router as the netbook, I'm told a computer on my network is sending a lot of activity to Google. When I turn off my netbook, this error stops occurring. Then, today when I first started my computer, there were blank words and bits of text were missing(!) when visiting websites and within Windows programs as well. I've run ESET Online Scan which detected nothing and, per the instructions in this forum, ran Malwarebytes Anti-Malware, which also did not detect any problems. After I ran DeFogger, I ran DDS and GMER Rootkit Scanner. I also ran TDSSKiller.exe. The required information from all of these are below/attached. Thanks for any help...maybe it's nothing, but something seems fishy.

Thanks,

Ryan

----------------------------- DDS.txt ------------------------------------

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27

Run by Ryan at 15:33:59 on 2011-09-23

Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.382 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\taskhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\igfxext.exe

C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\windows\servicing\TrustedInstaller.exe

C:\windows\System32\svchost.exe -k swprv

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [RtHDVBg] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE3

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL

mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe

mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun

mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe

mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe

mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytesanti-malware\mbamgui.exe /install /silent

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

Trusted Zone: intuit.com\ttlc

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

TCP: DhcpNameServer = 207.69.188.185 207.69.180.186 207.69.188.186

TCP: Interfaces\{51C0198C-D157-4FEF-ADF9-4D9B9FFA9592} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{5E716AA3-D6CF-45AB-AA71-4476005C2EC1} : DhcpNameServer = 207.69.188.185 207.69.180.186 207.69.188.186

TCP: Interfaces\{5E716AA3-D6CF-45AB-AA71-4476005C2EC1}\2375942554031313 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{5E716AA3-D6CF-45AB-AA71-4476005C2EC1}\452554E444E65647633383 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{5E716AA3-D6CF-45AB-AA71-4476005C2EC1}\4656661657C647 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{5E716AA3-D6CF-45AB-AA71-4476005C2EC1}\4656661657C647162636 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{5E716AA3-D6CF-45AB-AA71-4476005C2EC1}\46C696E6B6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{5E716AA3-D6CF-45AB-AA71-4476005C2EC1}\478696273747 : DhcpNameServer = 192.168.0.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\ryan\appdata\roaming\mozilla\firefox\profiles\aq08fusm.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]

R1 MpKsl388b801f;MpKsl388b801f;c:\programdata\microsoft\microsoft antimalware\definition updates\{69614c5c-ba88-40e9-81c6-70db7ed218fc}\MpKsl388b801f.sys [2011-9-23 28752]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-7-18 24064]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2010-2-5 111960]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2010-7-27 20704]

S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]

S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2011-2-19 13312]

S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [2010-12-12 45608]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-7-18 189984]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-2-19 96416]

S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-7-18 54136]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-15 52224]

.

=============== Created Last 30 ================

.

2011-09-23 22:26:03 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{69614c5c-ba88-40e9-81c6-70db7ed218fc}\MpKsl388b801f.sys

2011-09-23 22:25:29 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{69614c5c-ba88-40e9-81c6-70db7ed218fc}\offreg.dll

2011-09-23 22:25:23 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{69614c5c-ba88-40e9-81c6-70db7ed218fc}\mpengine.dll

2011-09-23 20:16:04 -------- d-----w- c:\programdata\Malwarebytes

2011-09-23 20:16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-23 20:16:00 -------- d-----w- c:\program files\MalwarebytesAnti-Malware

2011-09-23 17:39:10 -------- d-----w- c:\program files\ESET

2011-09-23 17:03:50 -------- d-----w- c:\users\ryan\appdata\roaming\Malwarebytes

2011-09-23 17:03:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-23 14:32:15 -------- d-----w- c:\users\ryan\appdata\local\Adobe

2011-09-23 10:13:17 -------- d-----w- c:\program files\SystemRequirementsLab

2011-09-23 08:42:44 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-09-23 08:07:30 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2011-09-15 09:35:55 -------- d-----w- c:\users\ryan\appdata\local\ManyCam

2011-09-15 09:35:48 -------- d-----w- c:\users\ryan\appdata\roaming\ManyCam

2011-09-15 09:34:36 -------- d-----w- c:\program files\ManyCam

2011-09-15 08:16:56 -------- d-----w- c:\users\ryan\appdata\local\LogMeIn

2011-09-15 08:16:56 -------- d-----w- c:\programdata\LogMeIn

2011-09-14 08:32:12 -------- d-----w- C:\perflogs

2011-09-08 09:51:48 94208 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll

2011-09-08 09:51:48 140864 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll

2011-09-08 09:51:28 -------- d-----w- c:\program files\Real Alternative

2011-09-08 08:57:19 -------- d-----w- c:\program files\ConvertHelper

2011-09-08 07:00:55 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9bf2072b-73e2-48b7-9b51-ed5ef217b567}\gapaengine.dll

2011-09-07 08:48:31 -------- d-----w- c:\users\ryan\dwhelper

2011-09-05 17:04:56 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-08-29 07:55:13 -------- d-----w- c:\users\ryan\.yawcam

2011-08-29 07:54:53 -------- d-----w- c:\program files\Yawcam

2011-08-29 04:19:19 -------- d-----w- c:\windows\en

2011-08-29 04:16:56 18328 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll

2011-08-25 18:56:17 -------- d-----w- c:\users\ryan\.thumbnails

2011-08-25 08:54:49 -------- d-----w- c:\users\ryan\.rssowl2

2011-08-25 08:54:04 -------- d-----w- c:\program files\RSSOwl

2011-08-25 08:52:15 -------- d-----w- c:\users\ryan\appdata\local\Microsoft_Corporation

2011-08-24 23:56:05 2048 ----a-w- c:\windows\system32\tzres.dll

.

==================== Find3M ====================

.

2011-09-23 08:42:09 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-23 08:38:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

============= FINISH: 15:34:48.28 ===============

----------------- TDSSKiller ----------------

16:37:46.0079 2388 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37

16:37:47.0093 2388 ============================================================

16:37:47.0093 2388 Current date / time: 2011/09/23 16:37:47.0093

16:37:47.0093 2388 SystemInfo:

16:37:47.0093 2388

16:37:47.0093 2388 OS Version: 6.1.7601 ServicePack: 1.0

16:37:47.0093 2388 Product type: Workstation

16:37:47.0093 2388 ComputerName: CABALLITOJR

16:37:47.0093 2388 UserName: Ryan

16:37:47.0093 2388 Windows directory: C:\windows

16:37:47.0093 2388 System windows directory: C:\windows

16:37:47.0093 2388 Processor architecture: Intel x86

16:37:47.0093 2388 Number of processors: 2

16:37:47.0093 2388 Page size: 0x1000

16:37:47.0093 2388 Boot type: Normal boot

16:37:47.0093 2388 ============================================================

16:37:48.0872 2388 Initialize success

16:38:03.0458 3164 ============================================================

16:38:03.0458 3164 Scan started

16:38:03.0458 3164 Mode: Manual;

16:38:03.0458 3164 ============================================================

16:38:03.0770 3164 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys

16:38:03.0785 3164 1394ohci - ok

16:38:03.0941 3164 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys

16:38:03.0941 3164 ACPI - ok

16:38:04.0066 3164 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys

16:38:04.0066 3164 AcpiPmi - ok

16:38:04.0238 3164 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys

16:38:04.0253 3164 adp94xx - ok

16:38:04.0362 3164 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys

16:38:04.0362 3164 adpahci - ok

16:38:04.0503 3164 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys

16:38:04.0503 3164 adpu320 - ok

16:38:04.0674 3164 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys

16:38:04.0674 3164 AFD - ok

16:38:04.0799 3164 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys

16:38:04.0799 3164 agp440 - ok

16:38:04.0908 3164 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys

16:38:04.0908 3164 aic78xx - ok

16:38:05.0033 3164 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys

16:38:05.0049 3164 aliide - ok

16:38:05.0158 3164 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys

16:38:05.0158 3164 amdagp - ok

16:38:05.0283 3164 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys

16:38:05.0283 3164 amdide - ok

16:38:05.0408 3164 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys

16:38:05.0408 3164 AmdK8 - ok

16:38:05.0501 3164 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys

16:38:05.0517 3164 AmdPPM - ok

16:38:05.0626 3164 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys

16:38:05.0642 3164 amdsata - ok

16:38:05.0735 3164 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys

16:38:05.0751 3164 amdsbs - ok

16:38:05.0860 3164 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys

16:38:05.0876 3164 amdxata - ok

16:38:05.0985 3164 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys

16:38:05.0985 3164 AppID - ok

16:38:06.0125 3164 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys

16:38:06.0125 3164 arc - ok

16:38:06.0234 3164 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys

16:38:06.0234 3164 arcsas - ok

16:38:06.0359 3164 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys

16:38:06.0359 3164 AsyncMac - ok

16:38:06.0500 3164 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys

16:38:06.0500 3164 atapi - ok

16:38:06.0656 3164 athr (0f4b6b99d6cdc1d93df1fa690796b2f7) C:\windows\system32\DRIVERS\athr.sys

16:38:06.0671 3164 athr - ok

16:38:06.0812 3164 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys

16:38:06.0827 3164 b06bdrv - ok

16:38:06.0936 3164 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys

16:38:06.0936 3164 b57nd60x - ok

16:38:07.0061 3164 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys

16:38:07.0077 3164 Beep - ok

16:38:07.0233 3164 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys

16:38:07.0233 3164 blbdrive - ok

16:38:07.0404 3164 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys

16:38:07.0404 3164 bowser - ok

16:38:07.0514 3164 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys

16:38:07.0514 3164 BrFiltLo - ok

16:38:07.0607 3164 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys

16:38:07.0607 3164 BrFiltUp - ok

16:38:07.0732 3164 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys

16:38:07.0748 3164 Brserid - ok

16:38:07.0841 3164 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys

16:38:07.0841 3164 BrSerWdm - ok

16:38:07.0950 3164 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys

16:38:07.0950 3164 BrUsbMdm - ok

16:38:08.0060 3164 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys

16:38:08.0060 3164 BrUsbSer - ok

16:38:08.0153 3164 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys

16:38:08.0169 3164 BTHMODEM - ok

16:38:08.0278 3164 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys

16:38:08.0294 3164 cdfs - ok

16:38:08.0403 3164 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys

16:38:08.0418 3164 cdrom - ok

16:38:08.0528 3164 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys

16:38:08.0528 3164 circlass - ok

16:38:08.0652 3164 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys

16:38:08.0652 3164 CLFS - ok

16:38:08.0793 3164 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys

16:38:08.0793 3164 CmBatt - ok

16:38:08.0918 3164 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys

16:38:08.0918 3164 cmdide - ok

16:38:09.0027 3164 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys

16:38:09.0042 3164 CNG - ok

16:38:09.0152 3164 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys

16:38:09.0167 3164 Compbatt - ok

16:38:09.0308 3164 CompFilter (710e0b82196c5e1f3407ea0b97c715ef) C:\windows\system32\DRIVERS\lvbusflt.sys

16:38:09.0308 3164 CompFilter - ok

16:38:09.0432 3164 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys

16:38:09.0432 3164 CompositeBus - ok

16:38:09.0557 3164 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys

16:38:09.0557 3164 crcdisk - ok

16:38:09.0729 3164 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys

16:38:09.0729 3164 DfsC - ok

16:38:09.0854 3164 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys

16:38:09.0854 3164 discache - ok

16:38:09.0963 3164 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys

16:38:09.0963 3164 Disk - ok

16:38:10.0088 3164 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys

16:38:10.0103 3164 drmkaud - ok

16:38:10.0275 3164 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys

16:38:10.0290 3164 DXGKrnl - ok

16:38:10.0478 3164 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys

16:38:10.0540 3164 ebdrv - ok

16:38:10.0665 3164 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys

16:38:10.0680 3164 elxstor - ok

16:38:10.0790 3164 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys

16:38:10.0805 3164 ErrDev - ok

16:38:10.0946 3164 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys

16:38:10.0946 3164 exfat - ok

16:38:11.0070 3164 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys

16:38:11.0070 3164 fastfat - ok

16:38:11.0195 3164 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys

16:38:11.0195 3164 fdc - ok

16:38:11.0351 3164 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys

16:38:11.0351 3164 FileInfo - ok

16:38:11.0460 3164 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys

16:38:11.0476 3164 Filetrace - ok

16:38:11.0570 3164 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys

16:38:11.0585 3164 flpydisk - ok

16:38:11.0694 3164 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys

16:38:11.0710 3164 FltMgr - ok

16:38:11.0850 3164 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys

16:38:11.0850 3164 FsDepends - ok

16:38:11.0975 3164 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys

16:38:11.0975 3164 Fs_Rec - ok

16:38:12.0116 3164 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys

16:38:12.0116 3164 fvevol - ok

16:38:12.0256 3164 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys

16:38:12.0272 3164 gagp30kx - ok

16:38:12.0396 3164 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys

16:38:12.0396 3164 hcw85cir - ok

16:38:12.0537 3164 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys

16:38:12.0552 3164 HdAudAddService - ok

16:38:12.0677 3164 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys

16:38:12.0677 3164 HDAudBus - ok

16:38:12.0786 3164 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys

16:38:12.0786 3164 HidBatt - ok

16:38:12.0896 3164 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys

16:38:12.0896 3164 HidBth - ok

16:38:13.0005 3164 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys

16:38:13.0005 3164 HidIr - ok

16:38:13.0145 3164 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys

16:38:13.0145 3164 HidUsb - ok

16:38:13.0332 3164 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys

16:38:13.0332 3164 HpSAMD - ok

16:38:13.0457 3164 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys

16:38:13.0473 3164 HTTP - ok

16:38:13.0598 3164 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys

16:38:13.0613 3164 hwpolicy - ok

16:38:13.0738 3164 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys

16:38:13.0738 3164 i8042prt - ok

16:38:13.0863 3164 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys

16:38:13.0863 3164 iaStor - ok

16:38:14.0003 3164 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys

16:38:14.0019 3164 iaStorV - ok

16:38:14.0284 3164 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\windows\system32\DRIVERS\igdkmd32.sys

16:38:14.0440 3164 igfx - ok

16:38:14.0549 3164 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys

16:38:14.0549 3164 iirsp - ok

16:38:14.0768 3164 IntcAzAudAddService (c4b1d45fe135286155b9e6aa0db4e4d3) C:\windows\system32\drivers\RTKVHDA.sys

16:38:14.0830 3164 IntcAzAudAddService - ok

16:38:14.0939 3164 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys

16:38:14.0939 3164 intelide - ok

16:38:15.0064 3164 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys

16:38:15.0064 3164 intelppm - ok

16:38:15.0204 3164 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys

16:38:15.0220 3164 IpFilterDriver - ok

16:38:15.0329 3164 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys

16:38:15.0329 3164 IPMIDRV - ok

16:38:15.0438 3164 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys

16:38:15.0454 3164 IPNAT - ok

16:38:15.0548 3164 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys

16:38:15.0548 3164 IRENUM - ok

16:38:15.0672 3164 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys

16:38:15.0672 3164 isapnp - ok

16:38:15.0782 3164 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys

16:38:15.0782 3164 iScsiPrt - ok

16:38:15.0906 3164 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys

16:38:15.0906 3164 kbdclass - ok

16:38:16.0031 3164 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\DRIVERS\kbdhid.sys

16:38:16.0047 3164 kbdhid - ok

16:38:16.0187 3164 KMWDFILTERx86 (4476fe98aaf505acdcd3ee6360aabec1) C:\windows\system32\DRIVERS\KMWDFILTER.sys

16:38:16.0203 3164 KMWDFILTERx86 - ok

16:38:16.0328 3164 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys

16:38:16.0328 3164 KSecDD - ok

16:38:16.0437 3164 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys

16:38:16.0452 3164 KSecPkg - ok

16:38:16.0593 3164 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys

16:38:16.0608 3164 lltdio - ok

16:38:16.0733 3164 LPCFilter (6adab14d7ad12b35bdc665b35278099b) C:\windows\system32\DRIVERS\LPCFilter.sys

16:38:16.0733 3164 LPCFilter - ok

16:38:16.0858 3164 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys

16:38:16.0858 3164 LSI_FC - ok

16:38:16.0983 3164 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys

16:38:16.0998 3164 LSI_SAS - ok

16:38:17.0092 3164 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys

16:38:17.0108 3164 LSI_SAS2 - ok

16:38:17.0217 3164 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys

16:38:17.0217 3164 LSI_SCSI - ok

16:38:17.0357 3164 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys

16:38:17.0357 3164 luafv - ok

16:38:17.0482 3164 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\windows\system32\DRIVERS\lvpopflt.sys

16:38:17.0498 3164 lvpopflt - ok

16:38:17.0638 3164 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\windows\system32\DRIVERS\lvrs.sys

16:38:17.0654 3164 LVRS - ok

16:38:17.0778 3164 lvselsus (227e30912d5db820bde18418f5b9be01) C:\windows\system32\DRIVERS\lvselsus.sys

16:38:17.0794 3164 lvselsus - ok

16:38:18.0090 3164 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\windows\system32\DRIVERS\lvuvc.sys

16:38:18.0262 3164 LVUVC - ok

16:38:18.0387 3164 ManyCam (c6d085c7045200143528136a43a65fde) C:\windows\system32\DRIVERS\ManyCam.sys

16:38:18.0387 3164 ManyCam - ok

16:38:18.0496 3164 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys

16:38:18.0496 3164 megasas - ok

16:38:18.0605 3164 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys

16:38:18.0621 3164 MegaSR - ok

16:38:18.0746 3164 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys

16:38:18.0746 3164 Modem - ok

16:38:18.0855 3164 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys

16:38:18.0871 3164 monitor - ok

16:38:18.0980 3164 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys

16:38:18.0980 3164 mouclass - ok

16:38:19.0089 3164 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys

16:38:19.0105 3164 mouhid - ok

16:38:19.0229 3164 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys

16:38:19.0229 3164 mountmgr - ok

16:38:19.0354 3164 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\windows\system32\DRIVERS\MpFilter.sys

16:38:19.0354 3164 MpFilter - ok

16:38:19.0495 3164 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys

16:38:19.0495 3164 mpio - ok

16:38:19.0588 3164 MpKsl0253a9a1 - ok

16:38:19.0682 3164 MpKsl02afd47a - ok

16:38:19.0775 3164 MpKsl0eb181c5 - ok

16:38:19.0885 3164 MpKsl1111800a - ok

16:38:19.0963 3164 MpKsl1b2dfcc6 - ok

16:38:20.0087 3164 MpKsl2419eb44 - ok

16:38:20.0181 3164 MpKsl2c9eb4c5 - ok

16:38:20.0197 3164 MpKsl2e1f454f - ok

16:38:20.0306 3164 MpKsl3090639d - ok

16:38:20.0399 3164 MpKsl35a09227 - ok

16:38:20.0524 3164 MpKsl36cc7938 - ok

16:38:20.0618 3164 MpKsl387f9a40 - ok

16:38:20.0758 3164 MpKsl388b801f (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{69614C5C-BA88-40E9-81C6-70DB7ED218FC}\MpKsl388b801f.sys

16:38:20.0758 3164 MpKsl388b801f - ok

16:38:20.0852 3164 MpKsl3b5e637f - ok

16:38:20.0945 3164 MpKsl3d31852f - ok

16:38:21.0055 3164 MpKsl3f4c2ba0 - ok

16:38:21.0148 3164 MpKsl420440cb - ok

16:38:21.0257 3164 MpKsl422ab6f3 - ok

16:38:21.0398 3164 MpKsl453f6258 - ok

16:38:21.0491 3164 MpKsl474fcbf7 - ok

16:38:21.0585 3164 MpKsl4b37e6d0 - ok

16:38:21.0694 3164 MpKsl5546c762 - ok

16:38:21.0788 3164 MpKsl58ea9141 - ok

16:38:21.0881 3164 MpKsl6042581e - ok

16:38:21.0975 3164 MpKsl605f5bf6 - ok

16:38:22.0084 3164 MpKsl6923202c - ok

16:38:22.0115 3164 MpKsl6b7642a0 - ok

16:38:22.0209 3164 MpKsl6d123cc3 - ok

16:38:22.0318 3164 MpKsl7108b0dd - ok

16:38:22.0396 3164 MpKsl73ac282e - ok

16:38:22.0490 3164 MpKsl78578c66 - ok

16:38:22.0599 3164 MpKsl78afab31 - ok

16:38:22.0708 3164 MpKsl844a2cc5 - ok

16:38:22.0786 3164 MpKsl8603ac90 - ok

16:38:22.0880 3164 MpKsl87f03176 - ok

16:38:22.0973 3164 MpKsl89aad77a - ok

16:38:23.0051 3164 MpKsl89c9dddf - ok

16:38:23.0176 3164 MpKsl8b7b7bc5 - ok

16:38:23.0270 3164 MpKsl92e8b9a6 - ok

16:38:23.0363 3164 MpKsl9494f180 - ok

16:38:23.0488 3164 MpKsl97b34142 - ok

16:38:23.0597 3164 MpKsl992b737c - ok

16:38:23.0691 3164 MpKsl9ca672da - ok

16:38:23.0785 3164 MpKsl9cfb5012 - ok

16:38:23.0863 3164 MpKsl9f74799c - ok

16:38:23.0941 3164 MpKsl9f79394e - ok

16:38:24.0065 3164 MpKsla8fad8a8 - ok

16:38:24.0159 3164 MpKslac359cae - ok

16:38:24.0237 3164 MpKslb7f72af2 - ok

16:38:24.0331 3164 MpKslba7943a9 - ok

16:38:24.0440 3164 MpKslc3347f13 - ok

16:38:24.0533 3164 MpKslc6000296 - ok

16:38:24.0627 3164 MpKsld550e2fc - ok

16:38:24.0721 3164 MpKsld5942d4c - ok

16:38:24.0799 3164 MpKsle90036b5 - ok

16:38:24.0892 3164 MpKsle934d142 - ok

16:38:25.0017 3164 MpKslec835aa5 - ok

16:38:25.0095 3164 MpKslecb1dcd8 - ok

16:38:25.0189 3164 MpKsled968e5d - ok

16:38:25.0282 3164 MpKslf18b3b11 - ok

16:38:25.0376 3164 MpKslf404b03e - ok

16:38:25.0454 3164 MpKslf6276147 - ok

16:38:25.0547 3164 MpKslfa4e91e6 - ok

16:38:25.0641 3164 MpKslfe2c8d3e - ok

16:38:25.0735 3164 MpKslfe68e122 - ok

16:38:25.0859 3164 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\windows\system32\DRIVERS\MpNWMon.sys

16:38:25.0859 3164 MpNWMon - ok

16:38:25.0969 3164 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys

16:38:25.0969 3164 mpsdrv - ok

16:38:26.0093 3164 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys

16:38:26.0093 3164 MRxDAV - ok

16:38:26.0234 3164 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys

16:38:26.0234 3164 mrxsmb - ok

16:38:26.0374 3164 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys

16:38:26.0390 3164 mrxsmb10 - ok

16:38:26.0530 3164 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys

16:38:26.0530 3164 mrxsmb20 - ok

16:38:26.0655 3164 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys

16:38:26.0655 3164 msahci - ok

16:38:26.0780 3164 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys

16:38:26.0795 3164 msdsm - ok

16:38:26.0951 3164 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys

16:38:26.0951 3164 Msfs - ok

16:38:27.0076 3164 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys

16:38:27.0076 3164 mshidkmdf - ok

16:38:27.0201 3164 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\windows\system32\Drivers\nx6000.sys

16:38:27.0201 3164 MSHUSBVideo - ok

16:38:27.0310 3164 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys

16:38:27.0310 3164 msisadrv - ok

16:38:27.0451 3164 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys

16:38:27.0451 3164 MSKSSRV - ok

16:38:27.0575 3164 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys

16:38:27.0591 3164 MSPCLOCK - ok

16:38:27.0700 3164 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys

16:38:27.0700 3164 MSPQM - ok

16:38:27.0825 3164 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys

16:38:27.0825 3164 MsRPC - ok

16:38:27.0950 3164 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys

16:38:27.0965 3164 mssmbios - ok

16:38:28.0059 3164 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys

16:38:28.0059 3164 MSTEE - ok

16:38:28.0168 3164 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys

16:38:28.0168 3164 MTConfig - ok

16:38:28.0277 3164 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys

16:38:28.0293 3164 Mup - ok

16:38:28.0433 3164 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys

16:38:28.0433 3164 NativeWifiP - ok

16:38:28.0589 3164 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys

16:38:28.0605 3164 NDIS - ok

16:38:28.0714 3164 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys

16:38:28.0714 3164 NdisCap - ok

16:38:28.0839 3164 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys

16:38:28.0839 3164 NdisTapi - ok

16:38:28.0979 3164 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys

16:38:28.0979 3164 Ndisuio - ok

16:38:29.0104 3164 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys

16:38:29.0120 3164 NdisWan - ok

16:38:29.0260 3164 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys

16:38:29.0260 3164 NDProxy - ok

16:38:29.0385 3164 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys

16:38:29.0401 3164 NetBIOS - ok

16:38:29.0541 3164 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys

16:38:29.0557 3164 NetBT - ok

16:38:29.0744 3164 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys

16:38:29.0744 3164 nfrd960 - ok

16:38:29.0869 3164 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\windows\system32\DRIVERS\NisDrvWFP.sys

16:38:29.0869 3164 NisDrv - ok

16:38:30.0025 3164 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys

16:38:30.0025 3164 Npfs - ok

16:38:30.0149 3164 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys

16:38:30.0165 3164 nsiproxy - ok

16:38:30.0321 3164 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys

16:38:30.0352 3164 Ntfs - ok

16:38:30.0461 3164 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys

16:38:30.0461 3164 Null - ok

16:38:30.0586 3164 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys

16:38:30.0586 3164 nvraid - ok

16:38:30.0727 3164 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys

16:38:30.0727 3164 nvstor - ok

16:38:30.0851 3164 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys

16:38:30.0867 3164 nv_agp - ok

16:38:30.0992 3164 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys

16:38:30.0992 3164 ohci1394 - ok

16:38:31.0163 3164 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys

16:38:31.0163 3164 Parport - ok

16:38:31.0288 3164 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys

16:38:31.0288 3164 partmgr - ok

16:38:31.0397 3164 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys

16:38:31.0413 3164 Parvdm - ok

16:38:31.0538 3164 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys

16:38:31.0538 3164 pci - ok

16:38:31.0663 3164 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys

16:38:31.0663 3164 pciide - ok

16:38:31.0772 3164 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys

16:38:31.0772 3164 pcmcia - ok

16:38:31.0897 3164 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys

16:38:31.0897 3164 pcw - ok

16:38:32.0021 3164 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys

16:38:32.0037 3164 PEAUTH - ok

16:38:32.0177 3164 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys

16:38:32.0193 3164 PGEffect - ok

16:38:32.0318 3164 pneteth (088335b06f75adbcbb81575c7cae6c43) C:\windows\system32\DRIVERS\pneteth.sys

16:38:32.0333 3164 pneteth - ok

16:38:32.0489 3164 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys

16:38:32.0489 3164 PptpMiniport - ok

16:38:32.0599 3164 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys

16:38:32.0599 3164 Processor - ok

16:38:32.0739 3164 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys

16:38:32.0739 3164 Psched - ok

16:38:32.0911 3164 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys

16:38:32.0942 3164 ql2300 - ok

16:38:33.0067 3164 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys

16:38:33.0067 3164 ql40xx - ok

16:38:33.0191 3164 qrkis (3b68696914e467bbe827d2552b5b85ef) C:\windows\system32\DRIVERS\qrkis.sys

16:38:33.0207 3164 qrkis - ok

16:38:33.0332 3164 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys

16:38:33.0347 3164 QWAVEdrv - ok

16:38:33.0457 3164 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys

16:38:33.0457 3164 RasAcd - ok

16:38:33.0597 3164 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys

16:38:33.0597 3164 RasAgileVpn - ok

16:38:33.0737 3164 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys

16:38:33.0737 3164 Rasl2tp - ok

16:38:33.0862 3164 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys

16:38:33.0862 3164 RasPppoe - ok

16:38:33.0987 3164 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys

16:38:33.0987 3164 RasSstp - ok

16:38:34.0143 3164 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys

16:38:34.0143 3164 rdbss - ok

16:38:34.0252 3164 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys

16:38:34.0252 3164 rdpbus - ok

16:38:34.0377 3164 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys

16:38:34.0377 3164 RDPCDD - ok

16:38:34.0502 3164 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys

16:38:34.0517 3164 RDPENCDD - ok

16:38:34.0627 3164 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys

16:38:34.0627 3164 RDPREFMP - ok

16:38:34.0767 3164 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys

16:38:34.0783 3164 RDPWD - ok

16:38:34.0892 3164 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys

16:38:34.0907 3164 rdyboost - ok

16:38:35.0063 3164 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys

16:38:35.0079 3164 rspndr - ok

16:38:35.0204 3164 RSUSBSTOR (5bef0fd9b6e57bbc6f7920e3118ae108) C:\windows\system32\Drivers\RtsUStor.sys

16:38:35.0219 3164 RSUSBSTOR - ok

16:38:35.0344 3164 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\windows\system32\DRIVERS\Rt86win7.sys

16:38:35.0360 3164 RTL8167 - ok

16:38:35.0516 3164 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys

16:38:35.0516 3164 sbp2port - ok

16:38:35.0641 3164 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys

16:38:35.0641 3164 scfilter - ok

16:38:35.0812 3164 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

16:38:35.0812 3164 secdrv - ok

16:38:35.0937 3164 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys

16:38:35.0937 3164 Serenum - ok

16:38:36.0062 3164 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys

16:38:36.0062 3164 Serial - ok

16:38:36.0187 3164 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys

16:38:36.0187 3164 sermouse - ok

16:38:36.0358 3164 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys

16:38:36.0374 3164 sffdisk - ok

16:38:36.0483 3164 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys

16:38:36.0483 3164 sffp_mmc - ok

16:38:36.0623 3164 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys

16:38:36.0623 3164 sffp_sd - ok

16:38:36.0748 3164 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys

16:38:36.0748 3164 sfloppy - ok

16:38:36.0889 3164 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys

16:38:36.0904 3164 sisagp - ok

16:38:37.0013 3164 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys

16:38:37.0013 3164 SiSRaid2 - ok

16:38:37.0123 3164 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys

16:38:37.0138 3164 SiSRaid4 - ok

16:38:37.0247 3164 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys

16:38:37.0247 3164 Smb - ok

16:38:37.0403 3164 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys

16:38:37.0419 3164 spldr - ok

16:38:37.0591 3164 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys

16:38:37.0591 3164 srv - ok

16:38:37.0747 3164 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys

16:38:37.0762 3164 srv2 - ok

16:38:37.0887 3164 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys

16:38:37.0887 3164 srvnet - ok

16:38:38.0012 3164 ssadbus (a7de7b61e6e95a3bc5b9238a3d2f2079) C:\windows\system32\DRIVERS\ssadbus.sys

16:38:38.0012 3164 ssadbus - ok

16:38:38.0152 3164 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys

16:38:38.0168 3164 stexstor - ok

16:38:38.0293 3164 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys

16:38:38.0293 3164 swenum - ok

16:38:38.0433 3164 SynTP (9a28f1c47ce0c8bbc02aaf5941ab44cd) C:\windows\system32\DRIVERS\SynTP.sys

16:38:38.0449 3164 SynTP - ok

16:38:38.0636 3164 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\windows\system32\drivers\tcpip.sys

16:38:38.0667 3164 Tcpip - ok

16:38:38.0807 3164 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\windows\system32\DRIVERS\tcpip.sys

16:38:38.0839 3164 TCPIP6 - ok

16:38:38.0963 3164 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys

16:38:38.0963 3164 tcpipreg - ok

16:38:39.0104 3164 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys

16:38:39.0104 3164 tdcmdpst - ok

16:38:39.0229 3164 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys

16:38:39.0229 3164 TDPIPE - ok

16:38:39.0353 3164 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys

16:38:39.0353 3164 TDTCP - ok

16:38:39.0509 3164 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys

16:38:39.0525 3164 tdx - ok

16:38:39.0650 3164 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys

16:38:39.0665 3164 TermDD - ok

16:38:39.0915 3164 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys

16:38:39.0915 3164 tssecsrv - ok

16:38:40.0040 3164 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys

16:38:40.0055 3164 TsUsbFlt - ok

16:38:40.0180 3164 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys

16:38:40.0196 3164 tunnel - ok

16:38:40.0289 3164 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS

16:38:40.0289 3164 TVALZ - ok

16:38:40.0414 3164 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys

16:38:40.0414 3164 uagp35 - ok

16:38:40.0539 3164 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys

16:38:40.0555 3164 udfs - ok

16:38:40.0711 3164 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys

16:38:40.0711 3164 uliagpkx - ok

16:38:40.0835 3164 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys

16:38:40.0835 3164 umbus - ok

16:38:40.0945 3164 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys

16:38:40.0945 3164 UmPass - ok

16:38:41.0101 3164 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\windows\system32\drivers\usbaudio.sys

16:38:41.0116 3164 usbaudio - ok

16:38:41.0257 3164 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys

16:38:41.0257 3164 usbccgp - ok

16:38:41.0397 3164 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys

16:38:41.0397 3164 usbcir - ok

16:38:41.0522 3164 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys

16:38:41.0522 3164 usbehci - ok

16:38:41.0662 3164 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys

16:38:41.0678 3164 usbhub - ok

16:38:41.0803 3164 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys

16:38:41.0803 3164 usbohci - ok

16:38:41.0896 3164 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys

16:38:41.0896 3164 usbprint - ok

16:38:42.0005 3164 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys

16:38:42.0021 3164 usbscan - ok

16:38:42.0130 3164 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS

16:38:42.0130 3164 USBSTOR - ok

16:38:42.0255 3164 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys

16:38:42.0255 3164 usbuhci - ok

16:38:42.0380 3164 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys

16:38:42.0395 3164 usbvideo - ok

16:38:42.0551 3164 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\windows\system32\DRIVERS\VClone.sys

16:38:42.0567 3164 VClone - ok

16:38:42.0692 3164 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys

16:38:42.0692 3164 vdrvroot - ok

16:38:42.0817 3164 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys

16:38:42.0817 3164 vga - ok

16:38:42.0941 3164 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys

16:38:42.0957 3164 VgaSave - ok

16:38:43.0066 3164 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys

16:38:43.0066 3164 vhdmp - ok

16:38:43.0175 3164 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys

16:38:43.0191 3164 viaagp - ok

16:38:43.0300 3164 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys

16:38:43.0300 3164 ViaC7 - ok

16:38:43.0425 3164 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys

16:38:43.0425 3164 viaide - ok

16:38:43.0550 3164 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys

16:38:43.0550 3164 volmgr - ok

16:38:43.0675 3164 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys

16:38:43.0690 3164 volmgrx - ok

16:38:43.0815 3164 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys

16:38:43.0831 3164 volsnap - ok

16:38:43.0940 3164 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys

16:38:43.0940 3164 vsmraid - ok

16:38:44.0065 3164 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys

16:38:44.0065 3164 vwifibus - ok

16:38:44.0189 3164 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys

16:38:44.0189 3164 vwififlt - ok

16:38:44.0314 3164 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys

16:38:44.0314 3164 vwifimp - ok

16:38:44.0439 3164 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys

16:38:44.0439 3164 WacomPen - ok

16:38:44.0564 3164 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

16:38:44.0564 3164 WANARP - ok

16:38:44.0579 3164 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

16:38:44.0595 3164 Wanarpv6 - ok

16:38:44.0735 3164 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys

16:38:44.0735 3164 Wd - ok

16:38:44.0860 3164 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

16:38:44.0860 3164 Wdf01000 - ok

16:38:45.0032 3164 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys

16:38:45.0047 3164 WfpLwf - ok

16:38:45.0157 3164 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys

16:38:45.0157 3164 WIMMount - ok

16:38:45.0359 3164 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys

16:38:45.0375 3164 WinUsb - ok

16:38:45.0515 3164 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys

16:38:45.0531 3164 WmiAcpi - ok

16:38:45.0687 3164 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys

16:38:45.0687 3164 ws2ifsl - ok

16:38:45.0874 3164 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys

16:38:45.0874 3164 WudfPf - ok

16:38:45.0999 3164 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys

16:38:45.0999 3164 WUDFRd - ok

16:38:46.0093 3164 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

16:38:46.0108 3164 \Device\Harddisk0\DR0 - ok

16:38:46.0108 3164 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR1

16:38:46.0561 3164 \Device\Harddisk1\DR1 - ok

16:38:46.0592 3164 Boot (0x1200) (6b9376ae63008b21968de9b6f269e43d) \Device\Harddisk0\DR0\Partition0

16:38:46.0592 3164 \Device\Harddisk0\DR0\Partition0 - ok

16:38:46.0607 3164 Boot (0x1200) (d56c91a44e6ffa454dbed194f9ba67fa) \Device\Harddisk1\DR1\Partition0

16:38:46.0607 3164 \Device\Harddisk1\DR1\Partition0 - ok

16:38:46.0607 3164 ============================================================

16:38:46.0607 3164 Scan finished

16:38:46.0607 3164 ============================================================

16:38:46.0639 2044 Detected object count: 0

16:38:46.0639 2044 Actual detected object count: 0

16:39:32.0128 3536 Deinitialize success

attach.zip

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please do not attach the scan results from Combofx. Use copy/paste.

DO NOT use any TOOLS such as Combofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

I ran both programs as instructed and below is the ComboFix log. Performance seems better in Mozilla, and haven't experienced the Google warning on my desktop computer (although this was an intermittent problem, although the netbook was always on and had performance issues during that time). Thanks for your help! - Ryan

ComboFix 11-09-27.01 - Ryan 09/27/2011 12:54:56.1.2 - x86

Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.321 [GMT -7:00]

Running from: c:\users\Ryan\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\xp

c:\programdata\xp\EBLib.dll

c:\programdata\xp\TPwSav.sys

c:\windows\security\Database\tmp.edb

D:\autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))

.

.

2011-09-27 19:49 . 2011-09-27 19:49 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4D411D1-8A36-4D4F-A723-CA51950E10D2}\MpKslccb7997e.sys

2011-09-27 19:49 . 2011-09-27 19:49 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4D411D1-8A36-4D4F-A723-CA51950E10D2}\offreg.dll

2011-09-26 21:03 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4D411D1-8A36-4D4F-A723-CA51950E10D2}\mpengine.dll

2011-09-23 20:16 . 2011-09-23 20:16 -------- d-----w- c:\programdata\Malwarebytes

2011-09-23 20:16 . 2011-09-23 20:16 -------- d-----w- c:\program files\MalwarebytesAnti-Malware

2011-09-23 20:16 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-23 17:39 . 2011-09-23 17:39 -------- d-----w- c:\program files\ESET

2011-09-23 17:03 . 2011-09-23 17:03 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes

2011-09-23 10:13 . 2011-09-23 10:13 -------- d-----w- c:\program files\SystemRequirementsLab

2011-09-23 10:13 . 2011-09-23 10:13 -------- d-----w- c:\users\Ryan\AppData\Roaming\SystemRequirementsLab

2011-09-23 08:43 . 2011-09-23 08:43 -------- d-----w- c:\program files\Common Files\Java

2011-09-23 08:42 . 2011-09-23 08:42 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-09-23 08:42 . 2011-09-23 08:42 -------- d-----w- c:\program files\Java

2011-09-23 08:07 . 2011-09-23 08:07 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2011-09-15 09:35 . 2011-09-15 09:37 -------- d-----w- c:\users\Ryan\AppData\Local\ManyCam

2011-09-15 09:35 . 2011-09-15 09:37 -------- d-----w- c:\users\Ryan\AppData\Roaming\ManyCam

2011-09-15 09:34 . 2011-09-15 09:36 -------- d-----w- c:\program files\ManyCam

2011-09-15 08:16 . 2011-09-15 08:16 -------- d-----w- c:\users\Ryan\AppData\Local\LogMeIn

2011-09-15 08:16 . 2011-09-15 08:16 -------- d-----w- c:\programdata\LogMeIn

2011-09-14 08:32 . 2011-09-14 08:32 -------- d-----w- C:\perflogs

2011-09-08 09:51 . 2010-02-15 18:00 94208 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll

2011-09-08 09:51 . 2010-02-15 18:00 140864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll

2011-09-08 09:51 . 2011-09-08 09:51 -------- d-----w- c:\program files\Real Alternative

2011-09-08 08:57 . 2011-09-08 08:57 -------- d-----w- c:\program files\ConvertHelper

2011-09-08 07:00 . 2011-01-30 11:24 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9BF2072B-73E2-48B7-9B51-ED5EF217B567}\gapaengine.dll

2011-09-07 08:48 . 2011-09-07 18:22 -------- d-----w- c:\users\Ryan\dwhelper

2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-09-02 04:34 . 2011-09-02 04:35 -------- d-----w- c:\program files\Common Files\Adobe

2011-08-29 07:55 . 2011-08-29 07:57 -------- d-----w- c:\users\Ryan\.yawcam

2011-08-29 07:54 . 2011-08-29 07:55 -------- d-----w- c:\program files\Yawcam

2011-08-29 04:19 . 2011-08-29 04:19 -------- d-----w- c:\windows\en

2011-08-29 04:16 . 2011-08-29 04:16 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-23 08:42 . 2010-10-02 09:32 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-23 08:38 . 2011-06-03 06:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-12 23:14 . 2010-11-27 08:53 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-08-25 08:28 . 2011-08-22 03:51 563744 ----a-w- c:\programdata\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll

2011-07-22 02:54 . 2011-08-09 23:42 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48 . 2011-08-09 23:42 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44 . 2011-08-09 23:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:27 . 2011-08-09 23:27 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 04:15 . 2011-08-09 23:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 23:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 23:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 23:27 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 23:27 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 23:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-13 03:39 . 2011-07-27 23:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-07-09 04:29 . 2011-08-24 23:56 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 02:30 . 2011-08-09 23:28 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-09-07 11:01 . 2011-04-28 09:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-14 8555040]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-14 694816]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-11 1697064]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 425984]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 480608]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-25 742712]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]

"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 611672]

"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-03-19 467816]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux7"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

2010-05-20 22:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]

2009-07-28 21:00 460088 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 20:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosReelTimeMonitor]

2010-03-03 19:17 30040 ----a-w- c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

.

R1 MpKsl0253a9a1;MpKsl0253a9a1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5630EFD-7DD8-4466-BA2A-2B131C52C681}\MpKsl0253a9a1.sys [x]

R1 MpKsl02afd47a;MpKsl02afd47a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7FE5536-C525-4F50-B4AB-C3715B9633E4}\MpKsl02afd47a.sys [x]

R1 MpKsl0eb181c5;MpKsl0eb181c5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{247E1B93-8546-4C6A-BAF3-F6B280A62DC2}\MpKsl0eb181c5.sys [x]

R1 MpKsl1111800a;MpKsl1111800a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0C89CC0-48CE-460A-8711-4AAB85A7BB71}\MpKsl1111800a.sys [x]

R1 MpKsl1b2dfcc6;MpKsl1b2dfcc6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{107F7E98-ACC0-4F2A-A168-514E3DB552AE}\MpKsl1b2dfcc6.sys [x]

R1 MpKsl2419eb44;MpKsl2419eb44;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C7EB11B-E487-4714-99C6-1840B784974C}\MpKsl2419eb44.sys [x]

R1 MpKsl2c9eb4c5;MpKsl2c9eb4c5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85DB6140-1053-465F-8143-4C257C740B9B}\MpKsl2c9eb4c5.sys [x]

R1 MpKsl2e1f454f;MpKsl2e1f454f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{00A34E35-6D3F-4968-89A2-83A2B6815735}\MpKsl2e1f454f.sys [x]

R1 MpKsl3090639d;MpKsl3090639d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6C4E1F7-170D-4EBD-950A-8A90C0F9B5BB}\MpKsl3090639d.sys [x]

R1 MpKsl35a09227;MpKsl35a09227;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7055293C-18E9-43E3-A4D7-F1C9FB17C755}\MpKsl35a09227.sys [x]

R1 MpKsl36cc7938;MpKsl36cc7938;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75D8E850-305C-403A-9EAB-DBEA01C839BE}\MpKsl36cc7938.sys [x]

R1 MpKsl387f9a40;MpKsl387f9a40;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2E709F3-3187-4C20-9E9B-DDAC6F1A1B5A}\MpKsl387f9a40.sys [x]

R1 MpKsl3b5e637f;MpKsl3b5e637f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B58FB27A-99D3-40EE-8E94-3835D8518ED5}\MpKsl3b5e637f.sys [x]

R1 MpKsl3d31852f;MpKsl3d31852f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09B62671-C18E-45A3-814C-F84801B387AB}\MpKsl3d31852f.sys [x]

R1 MpKsl3f4c2ba0;MpKsl3f4c2ba0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2CDBECAF-0104-49DC-ACC8-1F8CAD6E26B6}\MpKsl3f4c2ba0.sys [x]

R1 MpKsl420440cb;MpKsl420440cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B7E46CC-35D0-4684-9BDE-0C866EB217FB}\MpKsl420440cb.sys [x]

R1 MpKsl422ab6f3;MpKsl422ab6f3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5079BE7B-2DDC-4565-8146-81F0DCEC1E4A}\MpKsl422ab6f3.sys [x]

R1 MpKsl453f6258;MpKsl453f6258;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7289DBCE-0086-4090-A5B6-0A5CA12A7057}\MpKsl453f6258.sys [x]

R1 MpKsl474fcbf7;MpKsl474fcbf7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42CC159F-8C7A-47A6-977A-AB7B5C304561}\MpKsl474fcbf7.sys [x]

R1 MpKsl4b37e6d0;MpKsl4b37e6d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C78BDDFB-64E8-4C13-87A4-C5EF18148368}\MpKsl4b37e6d0.sys [x]

R1 MpKsl5546c762;MpKsl5546c762;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5C8B4A2-256C-43AB-901B-84FCAEEDCED6}\MpKsl5546c762.sys [x]

R1 MpKsl58ea9141;MpKsl58ea9141;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{875C38F4-35E5-4F22-873D-8D7A97612275}\MpKsl58ea9141.sys [x]

R1 MpKsl6042581e;MpKsl6042581e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46CA23E0-CE52-492F-892F-ED37D0A9AC78}\MpKsl6042581e.sys [x]

R1 MpKsl605f5bf6;MpKsl605f5bf6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C822B870-F91D-4150-A2CE-5C4E999B601F}\MpKsl605f5bf6.sys [x]

R1 MpKsl6923202c;MpKsl6923202c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D1216FCC-3397-4708-86AB-6D434A965D8E}\MpKsl6923202c.sys [x]

R1 MpKsl6b7642a0;MpKsl6b7642a0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91681DAE-3AD5-42A7-BF60-FD3D87AA6019}\MpKsl6b7642a0.sys [x]

R1 MpKsl6d123cc3;MpKsl6d123cc3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD088513-0ECD-4FB6-B320-5F12BA978566}\MpKsl6d123cc3.sys [x]

R1 MpKsl7108b0dd;MpKsl7108b0dd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C7EB11B-E487-4714-99C6-1840B784974C}\MpKsl7108b0dd.sys [x]

R1 MpKsl73ac282e;MpKsl73ac282e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C822B870-F91D-4150-A2CE-5C4E999B601F}\MpKsl73ac282e.sys [x]

R1 MpKsl78578c66;MpKsl78578c66;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B6262F76-24EB-46D0-AAD8-175473E81E98}\MpKsl78578c66.sys [x]

R1 MpKsl78afab31;MpKsl78afab31;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{247E1B93-8546-4C6A-BAF3-F6B280A62DC2}\MpKsl78afab31.sys [x]

R1 MpKsl8603ac90;MpKsl8603ac90;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9274D51A-80E6-4D8A-B2CC-1B5D746C37F8}\MpKsl8603ac90.sys [x]

R1 MpKsl87f03176;MpKsl87f03176;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E99AC863-2005-4FBB-9287-3765F8DAD58A}\MpKsl87f03176.sys [x]

R1 MpKsl89aad77a;MpKsl89aad77a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DC92D1D-A1BE-45B0-923D-CF4A95F43BA0}\MpKsl89aad77a.sys [x]

R1 MpKsl89c9dddf;MpKsl89c9dddf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8108E890-FB9B-4153-BB55-A2CE064C10D3}\MpKsl89c9dddf.sys [x]

R1 MpKsl8b7b7bc5;MpKsl8b7b7bc5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E7A561AA-E237-4A6A-9A73-00770D618F55}\MpKsl8b7b7bc5.sys [x]

R1 MpKsl92e8b9a6;MpKsl92e8b9a6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4AEF75E0-D381-4DCC-96CD-8F1100301A43}\MpKsl92e8b9a6.sys [x]

R1 MpKsl9494f180;MpKsl9494f180;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE34695D-4F8E-4D38-A5A0-88FCE9B0B09E}\MpKsl9494f180.sys [x]

R1 MpKsl97b34142;MpKsl97b34142;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F52F946B-F28A-4B49-A30C-17D28378FDB8}\MpKsl97b34142.sys [x]

R1 MpKsl992b737c;MpKsl992b737c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C99F5BA3-9CFC-4084-8CC6-536FAF2A3AAF}\MpKsl992b737c.sys [x]

R1 MpKsl9ca672da;MpKsl9ca672da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9274D51A-80E6-4D8A-B2CC-1B5D746C37F8}\MpKsl9ca672da.sys [x]

R1 MpKsl9cfb5012;MpKsl9cfb5012;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4482E58C-88AC-4394-8745-E6B2B838AA1B}\MpKsl9cfb5012.sys [x]

R1 MpKsl9f74799c;MpKsl9f74799c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DC4C280-CD11-43E4-BFE8-88FBB51E31A5}\MpKsl9f74799c.sys [x]

R1 MpKsl9f79394e;MpKsl9f79394e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7E16D7A-D446-4CAB-B72D-C976FE957D8D}\MpKsl9f79394e.sys [x]

R1 MpKsla8fad8a8;MpKsla8fad8a8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D646983-7682-445E-AF16-DB5198C6CE18}\MpKsla8fad8a8.sys [x]

R1 MpKslac359cae;MpKslac359cae;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A9E24C14-5F9C-4531-8B73-10F897D9DD3B}\MpKslac359cae.sys [x]

R1 MpKslb7f72af2;MpKslb7f72af2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B7B3959-44C3-4BB3-8843-2C970B233C9A}\MpKslb7f72af2.sys [x]

R1 MpKslba7943a9;MpKslba7943a9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9DA0AB7-49BF-4D3E-A809-A10DA0B1419E}\MpKslba7943a9.sys [x]

R1 MpKslc3347f13;MpKslc3347f13;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DDA6DD7-082D-42D3-B5BF-6ACB2E58C47B}\MpKslc3347f13.sys [x]

R1 MpKslc6000296;MpKslc6000296;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B9EE5DC9-1C19-475F-BAB3-E2A0C3D0ABCE}\MpKslc6000296.sys [x]

R1 MpKsld550e2fc;MpKsld550e2fc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1246D3B-C82D-4C81-91BE-AB6C2E0F4E2B}\MpKsld550e2fc.sys [x]

R1 MpKsld5942d4c;MpKsld5942d4c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B7B3959-44C3-4BB3-8843-2C970B233C9A}\MpKsld5942d4c.sys [x]

R1 MpKsle90036b5;MpKsle90036b5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DD60905C-87D1-4CC5-824A-0E28F691B9A7}\MpKsle90036b5.sys [x]

R1 MpKsle934d142;MpKsle934d142;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{844F2296-442F-464D-8AB2-313830428E60}\MpKsle934d142.sys [x]

R1 MpKslec835aa5;MpKslec835aa5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CBF1530-45F7-4AB0-9646-BF1E1A35D10B}\MpKslec835aa5.sys [x]

R1 MpKslecb1dcd8;MpKslecb1dcd8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{024D10DA-A294-42D6-A649-DABDE79F480F}\MpKslecb1dcd8.sys [x]

R1 MpKsled968e5d;MpKsled968e5d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FD4FFF2-824E-433B-AD20-757E9CE2F4D8}\MpKsled968e5d.sys [x]

R1 MpKslf18b3b11;MpKslf18b3b11;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1175186-80EC-47C2-8489-76053158B742}\MpKslf18b3b11.sys [x]

R1 MpKslf404b03e;MpKslf404b03e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67F15B37-B820-4563-B8C4-CB20836DCD22}\MpKslf404b03e.sys [x]

R1 MpKslf6276147;MpKslf6276147;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64204B85-979E-4456-B2C1-957D256C2731}\MpKslf6276147.sys [x]

R1 MpKslfa4e91e6;MpKslfa4e91e6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2001DA2D-8993-488B-A4D2-31EAF2DF68CE}\MpKslfa4e91e6.sys [x]

R1 MpKslfe2c8d3e;MpKslfe2c8d3e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64BCB060-1B50-435E-BC7D-7C51B9BDA6A5}\MpKslfe2c8d3e.sys [x]

R1 MpKslfe68e122;MpKslfe68e122;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F52F946B-F28A-4B49-A30C-17D28378FDB8}\MpKslfe68e122.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2010-07-27 20704]

R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 30576]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-03 13312]

R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [2010-11-17 45608]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 189984]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-01-29 96416]

R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

S1 MpKslccb7997e;MpKslccb7997e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4D411D1-8A36-4D4F-A723-CA51950E10D2}\MpKslccb7997e.sys [2011-09-27 28752]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 111960]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLCCB7997E

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 207.69.188.185 207.69.180.186 207.69.188.186

FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\aq08fusm.default\

FF - prefs.js: browser.startup.homepage - www.google.com

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

MSConfigStartUp-Classic - c:\program files\ZapWallPaper\Classic\ZapWallPaper-Classic.exe

MSConfigStartUp-DNS7reminder - c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe

MSConfigStartUp-Google Update - c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe

MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

MSConfigStartUp-SSBkgdUpdate - c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

MSConfigStartUp-StarterBackgroundChanger - c:\program files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe

AddRemove-Best Buy pc app - c:\programdata\{CD365A7B-CF03-4BDA-BFCA-FC24F7407C39}\Best Buy pc app Setup.exe

AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{CD365A7B-CF03-4BDA-BFCA-FC24F7407C39}\Best Buy pc app Setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-09-27 13:14:29

ComboFix-quarantined-files.txt 2011-09-27 20:14

.

Pre-Run: 55,554,482,176 bytes free

Post-Run: 55,559,573,504 bytes free

.

- - End Of File - - 1D61A1A84273E58710AD6BC5999F236E

Link to post
Share on other sites

MBAM Scan run and nothing detected.

The system has been running well, with no slowness while using Firefox or when connected online. The messages from Google on the other computer are gone as well, and I haven't seen anymore missing letters/words, etc. It seems that everything is clear. Thanks!

Here's the log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7825

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

9/29/2011 2:35:12 AM

mbam-log-2011-09-29 (02-35-12).txt

Scan type: Quick scan

Objects scanned: 173694

Time elapsed: 6 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

    •Free browser plug-in for Internet Explorer and Firefox

    •Real-time safety ratings

    •Ideal for Facebook, Twitter and LinkedIn

    [*] JAVA Click this link and click on the Free JAVA Download

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.