Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Another "Windows Security Center Is Turned Off" Help Request


15 Dec 2011   #1

Windows 7 Home Premium 64
 
 
Another "Windows Security Center Is Turned Off" Help Request

I'm at my wits end. I'm retired Air Force with 25+ years IT and System Security background from the Air Force. Earlier today I took a Trojan hit on my home computer. I have searched this forum and tried applying every corrective fix I could find here...no resoulution. As a last resort, I'm going to post what happened, what I've tried, and hope someone can offer a solution.

(OS: Windows 7 Home Premium 64)

My computer had Eset Nod32 Antivirus for Windows 7 64-bit running at the time. All functions of my computer were running fine security-wise. During an Internet session Eset popped up saying it had blocked and quarrantined a Trojan. From that point on, all heck broke loose. I began receiving pop-ups on my desktop from something called "Windows 7 Security 2012". It would begin "running" a very official-looking antivirus scan, showing that I had hundreds of "bad stuff" on my computer. If I closed the window, I would get periodic other pop-ups with other warnings. These were all obviously fake, as the only options I was allowed to choose were "Continue at your own risk" or "Register the software".

I ran an "on demand" antivirus check of my entire computer using Eset. It identified 5 errors. The first one was a file called "b**.exe" in one of my C:/User folders. Eset identified the other 4 errors as "trojan" files in other locations. My apologies, but I did not write down the file names (thus, the asterisks above). At the end of the scan, Eset offered to delete the 4 Trojans, but did not list any action to take for the "b**.exe" file in my User's folder. I let Eset delete the 4 trojans. I manually deleted the "b**.exe" file myself, but then discovered I could not open ANY program using my desktop icons. I also could not open Windows Explorer. Attempts to do either resulted in the Windows "Which program do you want to use to open this file?" window popping up. So I restored the "b**.exe" file back to my User's folder, and my desktop icons and Windows Explorer "worked" again.

Immediately after that, the Eset icon in my taskbar turned red. I clicked on it and encountered the issue where the Security Center was turned off and I was unable to turn it on. Interstingly, my Control Panel Security Center now shows ONLY the Security Center block of info. There is nothing showing for my Windows Firewall or any other security options.

Also, Eset informed me that I was no longer protected for "web browsing" due to it's inability to monitor HTTP and POP activities. Using the Eset Advanced Settings options, the ability to turn this function back on was "greyed out", so I could not correct that problem in Eset either.

So I attempted to "fix" Eset by deleting the program, going to the Eset website to re-download my registered version of the program, and re-install it. Re-download worked fine. But I can not install it...it keeps saying "the computer has not been restarted since a program uninstall" (I tried several times AFTER an full reboot), or "unable to install at this time, please try again later."

I'm totally stuck right now. I'm not sure how long a single post can be here, so I am going to close this post now and continue with a second post that describes what I have tried so far from searching this forum. I will include log results, etc from what I got doing it. Please wait until I finish the second post, as it may save a lot of time recommending things I have already tried.

(To Be Continued)...

My System SpecsSystem Spec
.

15 Dec 2011   #2

Windows 7 Home Premium 64
 
 

(Continued)...

Attempted Resolutions:

I have tried numerous things from different threads here pertaining to the same problem. Some of them are (many recommended by Jaycee):

1. An Eset on-line virus scan. Results showed no items identified.

2. Spybot Search and Destroy: Results identified about a dozen items, many of which were Windows Registry entries that seemed to coincide with the names of the 4 Trojan files Eset originally identified and deleted. I had Spybot repair all items found, and Spybot reported they were "fixed".

3. Tried running Command Prompt "sc query wscsvc" and "net start wscsvc". Results were "The specified service does not exist as an installed service" and "The service name is invalid".

4. Ran the command that lists all services and their status. Security Center does not show up in the list anywhere, so I can't choose whether to have it run "automatically" or otherwise.

5. As a last resort, I tried the "cut/paste to Notepad" of the batch file Jaycee recommended in one of the other threads. Ran it, it seemed to "do it's thing", but the problem isn't solved.

6. I have a HijackThis log I ran. I'm fairly familiar with using it...have done so in the past to correct Internet Browser hijacks, etc. I have to admit though...this current log has a few things in it I don't recognize, so I'm not comfy starting to guess at removing any of the entries. I can post the log if somebody would like me to.

That's it for now. I'm totally stumped and frustrated at how to fix this mess. Currently I have no antivirus program running (can't get Eset to re-install, even with my paid and registered download), and it appears there are no Windows Security Center apps.

Any help would be truely GREATLY appreciated.

EDIT: Forgot to list one other thing. I also downloaded and ran the RootKit Checker from Kapersky (sp?). Results were negative...nothing was identified in the scan.

I also filed a support request with ESET, but am awaiting a reply from them so I can send them logs of the failed ESET re-installations.
My System SpecsSystem Spec
16 Dec 2011   #3

Windows 7 Ultimate x64 SP1
 
 

FalconAF, the Windows 7 Home Security 2012 thing is supposed to be able to be removed with Malware Anti Malware Bytes. The problem is that if your system is infected, it will intercept the running of AMB. What seems to work is to rename the AMB executable to something else (this malware apparently knows the names of many of the AV programs which would track it down, and has a way to keep them from running). For more info go here (using another machine that is not infected)

Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide)
My System SpecsSystem Spec
.


16 Dec 2011   #4

Windows 7 Professional SP1 64-bit
 
 

Post the HijackThis Log.
My System SpecsSystem Spec
16 Dec 2011   #5

 
 

Hi,

It sounds very much like the b***.exe file has been given the file association for .exe files. Try the following tutorial and restore the original .exe file association and see if it has any effect.

Default File Type Associations - Restore

You may also want to look as following some of the steps in the advice I gave in a later post

MSDT.exe Corrupt file virus? And explorer not working right
My System SpecsSystem Spec
16 Dec 2011   #6
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

You most likely are dealing with a Rootkit.



Download TDSSKiller http://support.kaspersky.com/faq/?qid=208283363 and save it to your Desktop.
  • Extract the file and run it. If it won't run, rename it.
  • Once completed it will create a log in the root directory (usually C:\).
  • Please post the contents of that log in your next reply.
My System SpecsSystem Spec
16 Dec 2011   #7

Windows 7 Home Premium 64
 
 

Thanks to all that have replied. I found some of the "fixes" mentioned above and ran them while waiting for any replies here (then took a nap 'cos I was worn out). Additionally I also managed to get AVG (free) to install (haven't heard back from ESET yet) and ran a scan with it. It found a couple things and quarrantined them, and it also says in it's interface I have a working firewall, email, and Internet security running (AVG says all my security in working now) so at least I have "something" going for me now.

As to the rest of the recommendations above:

1. Found the same link Tony22 listed after I posted my questions. Followed all the instructions in that link and ran Anti Malware Bytes. It identified a few things as "trojans" and eliminated them.

2. Ran TDSSKiller during the above process, and the first time it did identify something and "fixed" it.

3. Ran HijackThis after the above, and it has stuff in the report I've never seen before on my computer.

My Action Center in Windows 7 is still showing the Security Center is disabled and won't let me "turn it on". Note that is ALL it is showing (I don't have the "old" info that showed Firewall, UAC, and Anti-virus info that I had with ESET installed before the "hack" happened). From what else I've been able to find on the 'net, it sounds like I may be "trojan free" but my Registry is still corrupted (I'm guessing based on what I read on the 'net and the looks of the HijackThis log, but I'm not sure so haven't gone any farther).

So, MWB says I'm "clean", TDSSKiller finds nothing now, and my HijackThis log looks like a disaster based on my previous experience using it. And I'm still unable to "turn on Security Center" in the Control Panel.

Here are the latest TDSSKiller and HijackThis logs I just ran. Feel like I'm getting close to solving everything, and trying to laugh it all off yet. But not sure what needs to be done yet.

***** CURRENT TDSSKiller LOG *****

11:19:11.0788 5016 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
11:19:12.0740 5016 ============================================================
11:19:12.0740 5016 Current date / time: 2011/12/16 11:19:12.0740
11:19:12.0740 5016 SystemInfo:
11:19:12.0740 5016
11:19:12.0740 5016 OS Version: 6.1.7601 ServicePack: 1.0
11:19:12.0740 5016 Product type: Workstation
11:19:12.0740 5016 ComputerName: RICKS-JETLINE
11:19:12.0740 5016 UserName: Rick Ryan
11:19:12.0740 5016 Windows directory: C:\Windows
11:19:12.0740 5016 System windows directory: C:\Windows
11:19:12.0740 5016 Running under WOW64
11:19:12.0740 5016 Processor architecture: Intel x64
11:19:12.0740 5016 Number of processors: 4
11:19:12.0740 5016 Page size: 0x1000
11:19:12.0740 5016 Boot type: Normal boot
11:19:12.0740 5016 ============================================================
11:19:29.0198 5016 Initialize success
11:19:54.0813 4720 ============================================================
11:19:54.0813 4720 Scan started
11:19:54.0813 4720 Mode: Manual;
11:19:54.0813 4720 ============================================================
11:19:55.0281 4720 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:19:55.0281 4720 1394ohci - ok
11:19:55.0297 4720 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:19:55.0297 4720 ACPI - ok
11:19:55.0312 4720 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:19:55.0312 4720 AcpiPmi - ok
11:19:55.0328 4720 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:19:55.0328 4720 adp94xx - ok
11:19:55.0343 4720 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:19:55.0343 4720 adpahci - ok
11:19:55.0359 4720 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:19:55.0359 4720 adpu320 - ok
11:19:55.0390 4720 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:19:55.0390 4720 AFD - ok
11:19:55.0390 4720 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:19:55.0390 4720 agp440 - ok
11:19:55.0406 4720 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:19:55.0406 4720 aliide - ok
11:19:55.0406 4720 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:19:55.0406 4720 amdide - ok
11:19:55.0421 4720 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:19:55.0421 4720 AmdK8 - ok
11:19:55.0421 4720 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:19:55.0421 4720 AmdPPM - ok
11:19:55.0437 4720 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:19:55.0437 4720 amdsata - ok
11:19:55.0437 4720 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:19:55.0453 4720 amdsbs - ok
11:19:55.0453 4720 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:19:55.0453 4720 amdxata - ok
11:19:55.0468 4720 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:19:55.0468 4720 AppID - ok
11:19:55.0484 4720 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:19:55.0484 4720 arc - ok
11:19:55.0499 4720 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:19:55.0499 4720 arcsas - ok
11:19:55.0499 4720 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:19:55.0499 4720 AsyncMac - ok
11:19:55.0515 4720 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:19:55.0515 4720 atapi - ok
11:19:55.0546 4720 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
11:19:55.0546 4720 Avgfwfd - ok
11:19:55.0577 4720 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
11:19:55.0577 4720 AVGIDSDriver - ok
11:19:55.0593 4720 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
11:19:55.0593 4720 AVGIDSEH - ok
11:19:55.0609 4720 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
11:19:55.0609 4720 AVGIDSFilter - ok
11:19:55.0624 4720 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
11:19:55.0624 4720 Avgldx64 - ok
11:19:55.0655 4720 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
11:19:55.0671 4720 Avgmfx64 - ok
11:19:55.0671 4720 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
11:19:55.0671 4720 Avgrkx64 - ok
11:19:55.0702 4720 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
11:19:55.0702 4720 Avgtdia - ok
11:19:55.0733 4720 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:19:55.0733 4720 b06bdrv - ok
11:19:55.0749 4720 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:19:55.0749 4720 b57nd60a - ok
11:19:55.0765 4720 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:19:55.0765 4720 Beep - ok
11:19:55.0780 4720 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:19:55.0780 4720 blbdrive - ok
11:19:55.0811 4720 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:19:55.0811 4720 bowser - ok
11:19:55.0811 4720 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:19:55.0811 4720 BrFiltLo - ok
11:19:55.0811 4720 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:19:55.0811 4720 BrFiltUp - ok
11:19:55.0843 4720 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:19:55.0843 4720 Brserid - ok
11:19:55.0843 4720 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:19:55.0843 4720 BrSerWdm - ok
11:19:55.0858 4720 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:19:55.0858 4720 BrUsbMdm - ok
11:19:55.0858 4720 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:19:55.0858 4720 BrUsbSer - ok
11:19:55.0858 4720 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:19:55.0858 4720 BTHMODEM - ok
11:19:55.0874 4720 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:19:55.0874 4720 cdfs - ok
11:19:55.0905 4720 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:19:55.0905 4720 cdrom - ok
11:19:55.0905 4720 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:19:55.0905 4720 circlass - ok
11:19:55.0936 4720 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:19:55.0936 4720 CLFS - ok
11:19:55.0952 4720 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:19:55.0952 4720 CmBatt - ok
11:19:55.0952 4720 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:19:55.0952 4720 cmdide - ok
11:19:55.0999 4720 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
11:19:55.0999 4720 CNG - ok
11:19:55.0999 4720 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:19:55.0999 4720 Compbatt - ok
11:19:56.0014 4720 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:19:56.0014 4720 CompositeBus - ok
11:19:56.0030 4720 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys
11:19:56.0030 4720 cpuz134 - ok
11:19:56.0092 4720 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:19:56.0092 4720 crcdisk - ok
11:19:56.0123 4720 CT20XUT (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\system32\drivers\CT20XUT.SYS
11:19:56.0123 4720 CT20XUT - ok
11:19:56.0139 4720 CT20XUT.SYS (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\System32\drivers\CT20XUT.SYS
11:19:56.0139 4720 CT20XUT.SYS - ok
11:19:56.0170 4720 ctac32k (397fbd4454e5b2fb77e55d1013df548c) C:\Windows\system32\drivers\ctac32k.sys
11:19:56.0170 4720 ctac32k - ok
11:19:56.0186 4720 ctaud2k (50a8cd4df066fe57d0c473a2645988cc) C:\Windows\system32\drivers\ctaud2k.sys
11:19:56.0201 4720 ctaud2k - ok
11:19:56.0233 4720 CTEXFIFX (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\system32\drivers\CTEXFIFX.SYS
11:19:56.0233 4720 CTEXFIFX - ok
11:19:56.0279 4720 CTEXFIFX.SYS (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\System32\drivers\CTEXFIFX.SYS
11:19:56.0279 4720 CTEXFIFX.SYS - ok
11:19:56.0279 4720 CTHWIUT (ae78ca7ee865a28ac841211db655acf3) C:\Windows\system32\drivers\CTHWIUT.SYS
11:19:56.0295 4720 CTHWIUT - ok
11:19:56.0295 4720 CTHWIUT.SYS (ae78ca7ee865a28ac841211db655acf3) C:\Windows\System32\drivers\CTHWIUT.SYS
11:19:56.0295 4720 CTHWIUT.SYS - ok
11:19:56.0311 4720 ctprxy2k (757776e207ca5e71e4a16bd1260ae1f2) C:\Windows\system32\drivers\ctprxy2k.sys
11:19:56.0311 4720 ctprxy2k - ok
11:19:56.0326 4720 ctsfm2k (9b111ee2f488a8d9c21a13ed4c777795) C:\Windows\system32\drivers\ctsfm2k.sys
11:19:56.0326 4720 ctsfm2k - ok
11:19:56.0357 4720 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:19:56.0357 4720 DfsC - ok
11:19:56.0373 4720 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:19:56.0373 4720 discache - ok
11:19:56.0389 4720 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:19:56.0389 4720 Disk - ok
11:19:56.0420 4720 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:19:56.0420 4720 drmkaud - ok
11:19:56.0451 4720 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:19:56.0451 4720 DXGKrnl - ok
11:19:56.0513 4720 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:19:56.0513 4720 ebdrv - ok
11:19:56.0576 4720 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:19:56.0576 4720 elxstor - ok
11:19:56.0591 4720 emupia (683dcaf0d4efc3f95a32e8924849202d) C:\Windows\system32\drivers\emupia2k.sys
11:19:56.0607 4720 emupia - ok
11:19:56.0607 4720 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:19:56.0607 4720 ErrDev - ok
11:19:56.0638 4720 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:19:56.0638 4720 exfat - ok
11:19:56.0654 4720 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:19:56.0654 4720 fastfat - ok
11:19:56.0654 4720 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:19:56.0654 4720 fdc - ok
11:19:56.0669 4720 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:19:56.0669 4720 FileInfo - ok
11:19:56.0685 4720 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:19:56.0685 4720 Filetrace - ok
11:19:56.0701 4720 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:19:56.0701 4720 flpydisk - ok
11:19:56.0716 4720 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:19:56.0716 4720 FltMgr - ok
11:19:56.0747 4720 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:19:56.0747 4720 FsDepends - ok
11:19:56.0763 4720 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:19:56.0763 4720 Fs_Rec - ok
11:19:56.0779 4720 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:19:56.0779 4720 fvevol - ok
11:19:56.0794 4720 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:19:56.0794 4720 gagp30kx - ok
11:19:56.0841 4720 ha20x22k (076f366b87575adc7d152c7a34acb3dc) C:\Windows\system32\drivers\ha20x22k.sys
11:19:56.0841 4720 ha20x22k - ok
11:19:56.0872 4720 ha20x2k (4a7533eb52dc9d1847e7f78dee1ce322) C:\Windows\system32\drivers\ha20x2k.sys
11:19:56.0903 4720 ha20x2k - ok
11:19:56.0935 4720 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:19:56.0935 4720 hcw85cir - ok
11:19:56.0966 4720 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:19:56.0966 4720 HdAudAddService - ok
11:19:56.0981 4720 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:19:56.0981 4720 HDAudBus - ok
11:19:56.0981 4720 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:19:56.0981 4720 HidBatt - ok
11:19:56.0997 4720 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:19:56.0997 4720 HidBth - ok
11:19:56.0997 4720 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:19:56.0997 4720 HidIr - ok
11:19:57.0013 4720 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:19:57.0013 4720 HidUsb - ok
11:19:57.0028 4720 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:19:57.0028 4720 HpSAMD - ok
11:19:57.0059 4720 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:19:57.0059 4720 HTTP - ok
11:19:57.0075 4720 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:19:57.0075 4720 hwpolicy - ok
11:19:57.0091 4720 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:19:57.0091 4720 i8042prt - ok
11:19:57.0106 4720 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:19:57.0106 4720 iaStorV - ok
11:19:57.0122 4720 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:19:57.0122 4720 iirsp - ok
11:19:57.0137 4720 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:19:57.0137 4720 intelide - ok
11:19:57.0153 4720 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:19:57.0153 4720 intelppm - ok
11:19:57.0169 4720 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:19:57.0169 4720 IpFilterDriver - ok
11:19:57.0184 4720 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:19:57.0184 4720 IPMIDRV - ok
11:19:57.0184 4720 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:19:57.0184 4720 IPNAT - ok
11:19:57.0200 4720 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:19:57.0200 4720 IRENUM - ok
11:19:57.0200 4720 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:19:57.0200 4720 isapnp - ok
11:19:57.0215 4720 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:19:57.0215 4720 iScsiPrt - ok
11:19:57.0231 4720 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:19:57.0231 4720 kbdclass - ok
11:19:57.0262 4720 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:19:57.0262 4720 kbdhid - ok
11:19:57.0278 4720 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
11:19:57.0278 4720 KSecDD - ok
11:19:57.0293 4720 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
11:19:57.0293 4720 KSecPkg - ok
11:19:57.0309 4720 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:19:57.0325 4720 ksthunk - ok
11:19:57.0340 4720 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
11:19:57.0340 4720 LGBusEnum - ok
11:19:57.0356 4720 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
11:19:57.0356 4720 LGVirHid - ok
11:19:57.0371 4720 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:19:57.0371 4720 lltdio - ok
11:19:57.0371 4720 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:19:57.0371 4720 LSI_FC - ok
11:19:57.0387 4720 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:19:57.0387 4720 LSI_SAS - ok
11:19:57.0387 4720 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:19:57.0387 4720 LSI_SAS2 - ok
11:19:57.0403 4720 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:19:57.0403 4720 LSI_SCSI - ok
11:19:57.0418 4720 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:19:57.0418 4720 luafv - ok
11:19:57.0434 4720 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:19:57.0434 4720 megasas - ok
11:19:57.0434 4720 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:19:57.0449 4720 MegaSR - ok
11:19:57.0449 4720 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:19:57.0465 4720 Modem - ok
11:19:57.0465 4720 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:19:57.0465 4720 monitor - ok
11:19:57.0481 4720 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:19:57.0481 4720 mouclass - ok
11:19:57.0496 4720 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:19:57.0496 4720 mouhid - ok
11:19:57.0512 4720 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:19:57.0512 4720 mountmgr - ok
11:19:57.0527 4720 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:19:57.0527 4720 mpio - ok
11:19:57.0527 4720 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:19:57.0543 4720 mpsdrv - ok
11:19:57.0559 4720 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:19:57.0559 4720 MRxDAV - ok
11:19:57.0574 4720 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:19:57.0574 4720 mrxsmb - ok
11:19:57.0590 4720 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:19:57.0605 4720 mrxsmb10 - ok
11:19:57.0637 4720 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:19:57.0637 4720 mrxsmb20 - ok
11:19:57.0652 4720 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:19:57.0652 4720 msahci - ok
11:19:57.0668 4720 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:19:57.0668 4720 msdsm - ok
11:19:57.0683 4720 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:19:57.0699 4720 Msfs - ok
11:19:57.0699 4720 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:19:57.0699 4720 mshidkmdf - ok
11:19:57.0715 4720 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:19:57.0715 4720 msisadrv - ok
11:19:57.0730 4720 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:19:57.0730 4720 MSKSSRV - ok
11:19:57.0730 4720 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:19:57.0730 4720 MSPCLOCK - ok
11:19:57.0746 4720 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:19:57.0746 4720 MSPQM - ok
11:19:57.0761 4720 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:19:57.0761 4720 MsRPC - ok
11:19:57.0777 4720 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:19:57.0777 4720 mssmbios - ok
11:19:57.0793 4720 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:19:57.0793 4720 MSTEE - ok
11:19:57.0793 4720 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:19:57.0793 4720 MTConfig - ok
11:19:57.0808 4720 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:19:57.0808 4720 Mup - ok
11:19:57.0824 4720 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:19:57.0824 4720 NativeWifiP - ok
11:19:57.0871 4720 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:19:57.0871 4720 NDIS - ok
11:19:57.0871 4720 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:19:57.0871 4720 NdisCap - ok
11:19:57.0886 4720 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:19:57.0886 4720 NdisTapi - ok
11:19:57.0917 4720 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:19:57.0917 4720 Ndisuio - ok
11:19:57.0933 4720 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:19:57.0933 4720 NdisWan - ok
11:19:57.0949 4720 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:19:57.0949 4720 NDProxy - ok
11:19:57.0964 4720 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:19:57.0964 4720 NetBIOS - ok
11:19:57.0980 4720 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:19:57.0980 4720 NetBT - ok
11:19:58.0042 4720 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:19:58.0042 4720 nfrd960 - ok
11:19:58.0058 4720 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:19:58.0058 4720 Npfs - ok
11:19:58.0073 4720 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:19:58.0073 4720 nsiproxy - ok
11:19:58.0105 4720 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:19:58.0136 4720 Ntfs - ok
11:19:58.0151 4720 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:19:58.0151 4720 Null - ok
11:19:58.0323 4720 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:19:58.0354 4720 nvlddmkm - ok
11:19:58.0385 4720 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:19:58.0385 4720 nvraid - ok
11:19:58.0385 4720 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:19:58.0385 4720 nvstor - ok
11:19:58.0401 4720 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:19:58.0401 4720 nv_agp - ok
11:19:58.0417 4720 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:19:58.0417 4720 ohci1394 - ok
11:19:58.0448 4720 oodisr (02342c06c0890efc14bfdd5289fc5d23) C:\Windows\system32\DRIVERS\oodisr.sys
11:19:58.0448 4720 oodisr - ok
11:19:58.0463 4720 oodisrh (329cf5af343d38ca965bd10142cf5fff) C:\Windows\system32\DRIVERS\oodisrh.sys
11:19:58.0463 4720 oodisrh - ok
11:19:58.0479 4720 oodivd (edfd6b7cd2cb104699ecf5362eee9c36) C:\Windows\system32\DRIVERS\oodivd.sys
11:19:58.0479 4720 oodivd - ok
11:19:58.0495 4720 oodivdh (d60972d53cbfa29fa6a8dc5e0287a53e) C:\Windows\system32\DRIVERS\oodivdh.sys
11:19:58.0495 4720 oodivdh - ok
11:19:58.0526 4720 ossrv (a29a80a1cf63d0dc27eefcaf27d34664) C:\Windows\system32\drivers\ctoss2k.sys
11:19:58.0526 4720 ossrv - ok
11:19:58.0541 4720 papycpu2 - ok
11:19:58.0541 4720 papyjoy - ok
11:19:58.0557 4720 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:19:58.0557 4720 Parport - ok
11:19:58.0573 4720 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:19:58.0573 4720 partmgr - ok
11:19:58.0588 4720 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:19:58.0588 4720 pci - ok
11:19:58.0588 4720 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:19:58.0588 4720 pciide - ok
11:19:58.0604 4720 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:19:58.0604 4720 pcmcia - ok
11:19:58.0619 4720 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:19:58.0619 4720 pcw - ok
11:19:58.0635 4720 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:19:58.0635 4720 PEAUTH - ok
11:19:58.0682 4720 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:19:58.0682 4720 PptpMiniport - ok
11:19:58.0697 4720 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:19:58.0697 4720 Processor - ok
11:19:58.0713 4720 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:19:58.0713 4720 Psched - ok
11:19:58.0744 4720 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:19:58.0744 4720 ql2300 - ok
11:19:58.0760 4720 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:19:58.0760 4720 ql40xx - ok
11:19:58.0775 4720 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:19:58.0775 4720 QWAVEdrv - ok
11:19:58.0791 4720 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:19:58.0791 4720 RasAcd - ok
11:19:58.0807 4720 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:19:58.0807 4720 RasAgileVpn - ok
11:19:58.0822 4720 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:19:58.0822 4720 Rasl2tp - ok
11:19:58.0838 4720 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:19:58.0838 4720 RasPppoe - ok
11:19:58.0838 4720 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:19:58.0838 4720 RasSstp - ok
11:19:58.0869 4720 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:19:58.0869 4720 rdbss - ok
11:19:58.0869 4720 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:19:58.0869 4720 rdpbus - ok
11:19:58.0885 4720 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:19:58.0885 4720 RDPCDD - ok
11:19:58.0900 4720 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:19:58.0900 4720 RDPENCDD - ok
11:19:58.0900 4720 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:19:58.0900 4720 RDPREFMP - ok
11:19:58.0931 4720 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:19:58.0931 4720 RDPWD - ok
11:19:58.0947 4720 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:19:58.0947 4720 rdyboost - ok
11:19:59.0009 4720 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:19:59.0009 4720 rspndr - ok
11:19:59.0041 4720 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:19:59.0041 4720 RTL8167 - ok
11:19:59.0056 4720 SaidA2AE (fec058631edce08127a7de3e0ce33abc) C:\Windows\system32\DRIVERS\SaidA2AE.sys
11:19:59.0056 4720 SaidA2AE - ok
11:19:59.0072 4720 SaiH0BAC (231a3700154b1a49c2f05cb0da4b2747) C:\Windows\system32\DRIVERS\SaiH0BAC.sys
11:19:59.0072 4720 SaiH0BAC - ok
11:19:59.0087 4720 SaiH0C2D (231a3700154b1a49c2f05cb0da4b2747) C:\Windows\system32\DRIVERS\SaiH0C2D.sys
11:19:59.0087 4720 SaiH0C2D - ok
11:19:59.0119 4720 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:19:59.0119 4720 sbp2port - ok
11:19:59.0150 4720 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:19:59.0150 4720 scfilter - ok
11:19:59.0165 4720 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:19:59.0165 4720 secdrv - ok
11:19:59.0181 4720 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:19:59.0181 4720 Serenum - ok
11:19:59.0181 4720 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:19:59.0197 4720 Serial - ok
11:19:59.0197 4720 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:19:59.0197 4720 sermouse - ok
11:19:59.0212 4720 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:19:59.0212 4720 sffdisk - ok
11:19:59.0212 4720 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:19:59.0212 4720 sffp_mmc - ok
11:19:59.0228 4720 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:19:59.0228 4720 sffp_sd - ok
11:19:59.0228 4720 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:19:59.0228 4720 sfloppy - ok
11:19:59.0243 4720 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:19:59.0243 4720 SiSRaid2 - ok
11:19:59.0259 4720 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:19:59.0259 4720 SiSRaid4 - ok
11:19:59.0259 4720 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:19:59.0259 4720 Smb - ok
11:19:59.0275 4720 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:19:59.0275 4720 spldr - ok
11:19:59.0306 4720 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:19:59.0306 4720 srv - ok
11:19:59.0321 4720 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:19:59.0321 4720 srv2 - ok
11:19:59.0337 4720 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:19:59.0337 4720 srvnet - ok
11:19:59.0384 4720 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
11:19:59.0384 4720 SSPORT - ok
11:19:59.0399 4720 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:19:59.0399 4720 stexstor - ok
11:19:59.0415 4720 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:19:59.0415 4720 swenum - ok
11:19:59.0477 4720 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:19:59.0477 4720 Tcpip - ok
11:19:59.0524 4720 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:19:59.0524 4720 TCPIP6 - ok
11:19:59.0555 4720 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:19:59.0555 4720 tcpipreg - ok
11:19:59.0571 4720 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:19:59.0571 4720 TDPIPE - ok
11:19:59.0571 4720 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:19:59.0571 4720 TDTCP - ok
11:19:59.0602 4720 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:19:59.0602 4720 tdx - ok
11:19:59.0618 4720 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:19:59.0618 4720 TermDD - ok
11:19:59.0649 4720 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:19:59.0649 4720 tssecsrv - ok
11:19:59.0665 4720 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:19:59.0665 4720 TsUsbFlt - ok
11:19:59.0696 4720 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:19:59.0696 4720 tunnel - ok
11:19:59.0727 4720 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:19:59.0727 4720 uagp35 - ok
11:19:59.0743 4720 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:19:59.0743 4720 udfs - ok
11:19:59.0758 4720 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:19:59.0758 4720 uliagpkx - ok
11:19:59.0774 4720 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:19:59.0774 4720 umbus - ok
11:19:59.0789 4720 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:19:59.0789 4720 UmPass - ok
11:19:59.0821 4720 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:19:59.0821 4720 usbccgp - ok
11:19:59.0836 4720 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:19:59.0836 4720 usbcir - ok
11:19:59.0852 4720 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:19:59.0852 4720 usbehci - ok
11:19:59.0867 4720 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:19:59.0867 4720 usbhub - ok
11:19:59.0883 4720 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:19:59.0883 4720 usbohci - ok
11:19:59.0977 4720 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:19:59.0977 4720 usbprint - ok
11:20:00.0023 4720 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
11:20:00.0023 4720 USBSTOR - ok
11:20:00.0023 4720 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
11:20:00.0023 4720 usbuhci - ok
11:20:00.0055 4720 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:20:00.0055 4720 vdrvroot - ok
11:20:00.0055 4720 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:20:00.0055 4720 vga - ok
11:20:00.0070 4720 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:20:00.0070 4720 VgaSave - ok
11:20:00.0086 4720 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:20:00.0086 4720 vhdmp - ok
11:20:00.0086 4720 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:20:00.0086 4720 viaide - ok
11:20:00.0101 4720 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:20:00.0101 4720 volmgr - ok
11:20:00.0117 4720 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:20:00.0117 4720 volmgrx - ok
11:20:00.0133 4720 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:20:00.0133 4720 volsnap - ok
11:20:00.0180 4720 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:20:00.0180 4720 vsmraid - ok
11:20:00.0195 4720 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:20:00.0195 4720 vwifibus - ok
11:20:00.0211 4720 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:20:00.0211 4720 WacomPen - ok
11:20:00.0226 4720 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:20:00.0226 4720 WANARP - ok
11:20:00.0226 4720 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:20:00.0226 4720 Wanarpv6 - ok
11:20:00.0242 4720 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:20:00.0242 4720 Wd - ok
11:20:00.0273 4720 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:20:00.0273 4720 Wdf01000 - ok
11:20:00.0289 4720 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:20:00.0289 4720 WfpLwf - ok
11:20:00.0304 4720 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:20:00.0304 4720 WIMMount - ok
11:20:00.0336 4720 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
11:20:00.0336 4720 WmBEnum - ok
11:20:00.0351 4720 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
11:20:00.0351 4720 WmFilter - ok
11:20:00.0367 4720 WmHidLo (ac4331af118a720f13c9c5cabbfe27bd) C:\Windows\system32\drivers\WmHidLo.sys
11:20:00.0367 4720 WmHidLo - ok
11:20:00.0382 4720 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:20:00.0382 4720 WmiAcpi - ok
11:20:00.0398 4720 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
11:20:00.0398 4720 WmVirHid - ok
11:20:00.0398 4720 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
11:20:00.0398 4720 WmXlCore - ok
11:20:00.0429 4720 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:20:00.0429 4720 ws2ifsl - ok
11:20:00.0460 4720 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:20:00.0460 4720 WudfPf - ok
11:20:00.0476 4720 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:20:00.0476 4720 WUDFRd - ok
11:20:00.0523 4720 {B154377D-700F-42cc-9474-23858FBDF4BD} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
11:20:00.0523 4720 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
11:20:00.0523 4720 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:20:00.0538 4720 \Device\Harddisk0\DR0 - ok
11:20:00.0538 4720 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
11:20:00.0538 4720 \Device\Harddisk1\DR1 - ok
11:20:00.0538 4720 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
11:20:00.0538 4720 \Device\Harddisk2\DR2 - ok
11:20:00.0554 4720 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk3\DR3
11:20:00.0554 4720 \Device\Harddisk3\DR3 - ok
11:20:00.0570 4720 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4
11:20:00.0570 4720 \Device\Harddisk4\DR4 - ok
11:20:00.0585 4720 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4
11:20:00.0585 4720 \Device\Harddisk4\DR4 - ok
11:20:00.0601 4720 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR5
11:20:00.0601 4720 \Device\Harddisk5\DR5 - ok
11:20:00.0616 4720 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR6
11:20:00.0616 4720 \Device\Harddisk6\DR6 - ok
11:20:00.0616 4720 Boot (0x1200) (225c39065345cdd9db866e94e0516adb) \Device\Harddisk0\DR0\Partition0
11:20:00.0616 4720 \Device\Harddisk0\DR0\Partition0 - ok
11:20:00.0632 4720 Boot (0x1200) (939601861c3a961b0c64c602e1176a66) \Device\Harddisk0\DR0\Partition1
11:20:00.0632 4720 \Device\Harddisk0\DR0\Partition1 - ok
11:20:00.0632 4720 Boot (0x1200) (c14f707d7dc3465185e9697e31385b76) \Device\Harddisk1\DR1\Partition0
11:20:00.0632 4720 \Device\Harddisk1\DR1\Partition0 - ok
11:20:00.0632 4720 Boot (0x1200) (5b074a8224ae7a970fb5a1eaf0f4fa96) \Device\Harddisk2\DR2\Partition0
11:20:00.0632 4720 \Device\Harddisk2\DR2\Partition0 - ok
11:20:00.0632 4720 Boot (0x1200) (7a90dce39cd48a2919927aa343504512) \Device\Harddisk3\DR3\Partition0
11:20:00.0648 4720 \Device\Harddisk3\DR3\Partition0 - ok
11:20:00.0648 4720 Boot (0x1200) (fb7da76905f7945251e51a1f26bf7ecd) \Device\Harddisk4\DR4\Partition0
11:20:00.0648 4720 \Device\Harddisk4\DR4\Partition0 - ok
11:20:00.0648 4720 Boot (0x1200) (fb7da76905f7945251e51a1f26bf7ecd) \Device\Harddisk4\DR4\Partition0
11:20:00.0648 4720 \Device\Harddisk4\DR4\Partition0 - ok
11:20:00.0663 4720 Boot (0x1200) (be12cd60c6ea0a72f3c18e5485831c45) \Device\Harddisk5\DR5\Partition0
11:20:00.0663 4720 \Device\Harddisk5\DR5\Partition0 - ok
11:20:00.0663 4720 Boot (0x1200) (b8cb8c932e14a25b425ea4ffef12eb5b) \Device\Harddisk6\DR6\Partition0
11:20:00.0663 4720 \Device\Harddisk6\DR6\Partition0 - ok
11:20:00.0663 4720 ============================================================
11:20:00.0663 4720 Scan finished
11:20:00.0663 4720 ============================================================
11:20:00.0679 0924 Detected object count: 0
11:20:00.0679 0924 Actual detected object count: 0
11:20:12.0472 3188 Deinitialize success

***** END OF TDSSKiller LOG *****


***** CURRENT HIJACK THIS LOG *****

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:25:38 AM, on 12/16/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Rick's Utilities - System Maintenance\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Matrox PowerDesk] "C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: AutorunsDisabled
O4 - Startup: DesktopVideoPlayer.lnk = Rick Ryan\AppData\Local\vghd\bin\vghd.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetect...etection32.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/soft...3/CTPIDPDE.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/soft...15/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...5118/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASO3DiskOptimizer - Systweak Inc., (www.systweak.com) - C:\Rick's Utilities - System Maintenance\Advanced System Optimizer 3.0 3\ASO3DefragSrv64.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Matrox.Pdesk3.ServicesHost - Matrox Graphics Inc - C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Rick's Utilities - System Maintenance\O&O Software\O&O Defrag 12.5 Pro\oodag.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Saitek DirectOutput (SaiDOutput) - Saitek - C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\Windows\System32\SUPDSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 8924 bytes

***** END OF HIJACK THIS LOG *****

Thanks for continuing to help. This is the first time I've been "hacked" like this since I retired from the Air Force 9 years ago. My security software has always protected me...up until this. I think ESET may be trying to figure out if a new version of "Windows 7 Security 2012" got past their Nod32, and they may be scrambling to get a new signature file out for it or something. I still haven't heard back from them yet.
My System SpecsSystem Spec
16 Dec 2011   #8

Windows 7 Ultimate x64 SP1
 
 

FalconAF, others may chime in on the analysis of the data, but keep in mind that if you have a restore Point which is known to be before this whole thing started you can always do a System Restore (preferably in Safe Mode).
My System SpecsSystem Spec
16 Dec 2011   #9

Windows 7 Home Premium 64
 
 

Don't have a Windows one...I disable that on my computer (will reconsider that after this attack now). From what I've read, the trojan knocks those out anyhow. I do have a disk image from about a month ago (O&O Disk Image) but have made some changes since then that I'd like to keep if I can solve this without having to use it. Changes included software and hardware, so I *could* do it, but it wouldn't be ideal. Prefer it as a last resort short of a full Windows 7 re-install.
My System SpecsSystem Spec
16 Dec 2011   #10

Windows 7 Professional SP1 64-bit
 
 

On here we always recommend having System Restore on. I cannot tell you how many times I have solved a problem by simply using System Restore or how many times I have had to do a LOT more work on someones computer because they had System Restore off, then if they had left it on.
My System SpecsSystem Spec
Reply

 Another "Windows Security Center Is Turned Off" Help Request




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Š Designer Media Ltd

All times are GMT -5. The time now is 07:37 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33