Another "Windows Security Center Is Turned Off" Help Request

Page 1 of 2 12 LastLast

  1. FalconAF
    Posts : 11
    Windows 7 Home Premium 64
       New #1

    Another "Windows Security Center Is Turned Off" Help Request


    I'm at my wits end. I'm retired Air Force with 25+ years IT and System Security background from the Air Force. Earlier today I took a Trojan hit on my home computer. I have searched this forum and tried applying every corrective fix I could find here...no resoulution. As a last resort, I'm going to post what happened, what I've tried, and hope someone can offer a solution.

    (OS: Win7 Home Premium 64)

    My computer had Eset Nod32 Antivirus for Win7 64-bit running at the time. All functions of my computer were running fine security-wise. During an Internet session Eset popped up saying it had blocked and quarrantined a Trojan. From that point on, all heck broke loose. I began receiving pop-ups on my desktop from something called "Windows 7 Security 2012". It would begin "running" a very official-looking antivirus scan, showing that I had hundreds of "bad stuff" on my computer. If I closed the window, I would get periodic other pop-ups with other warnings. These were all obviously fake, as the only options I was allowed to choose were "Continue at your own risk" or "Register the software".

    I ran an "on demand" antivirus check of my entire computer using Eset. It identified 5 errors. The first one was a file called "b**.exe" in one of my C:/User folders. Eset identified the other 4 errors as "trojan" files in other locations. My apologies, but I did not write down the file names (thus, the asterisks above). At the end of the scan, Eset offered to delete the 4 Trojans, but did not list any action to take for the "b**.exe" file in my User's folder. I let Eset delete the 4 trojans. I manually deleted the "b**.exe" file myself, but then discovered I could not open ANY program using my desktop icons. I also could not open Windows Explorer. Attempts to do either resulted in the Windows "Which program do you want to use to open this file?" window popping up. So I restored the "b**.exe" file back to my User's folder, and my desktop icons and Windows Explorer "worked" again.

    Immediately after that, the Eset icon in my taskbar turned red. I clicked on it and encountered the issue where the Security Center was turned off and I was unable to turn it on. Interstingly, my Control Panel Security Center now shows ONLY the Security Center block of info. There is nothing showing for my Windows Firewall or any other security options.

    Also, Eset informed me that I was no longer protected for "web browsing" due to it's inability to monitor HTTP and POP activities. Using the Eset Advanced Settings options, the ability to turn this function back on was "greyed out", so I could not correct that problem in Eset either.

    So I attempted to "fix" Eset by deleting the program, going to the Eset website to re-download my registered version of the program, and re-install it. Re-download worked fine. But I can not install it...it keeps saying "the computer has not been restarted since a program uninstall" (I tried several times AFTER an full reboot), or "unable to install at this time, please try again later."

    I'm totally stuck right now. I'm not sure how long a single post can be here, so I am going to close this post now and continue with a second post that describes what I have tried so far from searching this forum. I will include log results, etc from what I got doing it. Please wait until I finish the second post, as it may save a lot of time recommending things I have already tried.

    (To Be Continued)...
      My Computer
    Quote Quote

  3. FalconAF
    Posts : 11
    Windows 7 Home Premium 64
    Thread Starter
       New #2

    (Continued)...

    Attempted Resolutions:

    I have tried numerous things from different threads here pertaining to the same problem. Some of them are (many recommended by Jaycee):

    1. An Eset on-line virus scan. Results showed no items identified.

    2. Spybot Search and Destroy: Results identified about a dozen items, many of which were Windows Registry entries that seemed to coincide with the names of the 4 Trojan files Eset originally identified and deleted. I had Spybot repair all items found, and Spybot reported they were "fixed".

    3. Tried running Command Prompt "sc query wscsvc" and "net start wscsvc". Results were "The specified service does not exist as an installed service" and "The service name is invalid".

    4. Ran the command that lists all services and their status. Security Center does not show up in the list anywhere, so I can't choose whether to have it run "automatically" or otherwise.

    5. As a last resort, I tried the "cut/paste to Notepad" of the batch file Jaycee recommended in one of the other threads. Ran it, it seemed to "do it's thing", but the problem isn't solved.

    6. I have a HijackThis log I ran. I'm fairly familiar with using it...have done so in the past to correct Internet Browser hijacks, etc. I have to admit though...this current log has a few things in it I don't recognize, so I'm not comfy starting to guess at removing any of the entries. I can post the log if somebody would like me to.

    That's it for now. I'm totally stumped and frustrated at how to fix this mess. Currently I have no antivirus program running (can't get Eset to re-install, even with my paid and registered download), and it appears there are no Windows Security Center apps.

    Any help would be truely GREATLY appreciated.

    EDIT: Forgot to list one other thing. I also downloaded and ran the RootKit Checker from Kapersky (sp?). Results were negative...nothing was identified in the scan.

    I also filed a support request with ESET, but am awaiting a reply from them so I can send them logs of the failed ESET re-installations.
    Last edited by FalconAF; 15 Dec 2011 at 22:51.
      My Computer
    Quote Quote

  4. tony22
    Posts : 169
    Windows 7 Ultimate x64 SP1
       New #3

    FalconAF, the Windows 7 Home Security 2012 thing is supposed to be able to be removed with Malware Anti Malware Bytes. The problem is that if your system is infected, it will intercept the running of AMB. What seems to work is to rename the AMB executable to something else (this malware apparently knows the names of many of the AV programs which would track it down, and has a way to keep them from running). For more info go here (using another machine that is not infected)

    Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide)
      My Computer
    Quote Quote

  6. Petey7
    Posts : 2,963
    Windows 7 Professional SP1 64-bit
       New #4

    Post the HijackThis Log.
      My Computer
    Quote Quote

  7. Orbital Shark
    Posts : 6,305
    Windows 7 Ultimate x64
       New #5

    Hi,

    It sounds very much like the b***.exe file has been given the file association for .exe files. Try the following tutorial and restore the original .exe file association and see if it has any effect.

    Default File Type Associations - Restore

    You may also want to look as following some of the steps in the advice I gave in a later post

    MSDT.exe Corrupt file virus? And explorer not working right
      My Computer
    Quote Quote

  8. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #6

    You most likely are dealing with a Rootkit.



    Download TDSSKiller http://support.kaspersky.com/faq/?qid=208283363 and save it to your Desktop.
    • Extract the file and run it. If it won't run, rename it.
    • Once completed it will create a log in the root directory (usually C:\).
    • Please post the contents of that log in your next reply.
      My Computer
    Quote Quote

  10. FalconAF
    Posts : 11
    Windows 7 Home Premium 64
    Thread Starter
       New #7

    Thanks to all that have replied. I found some of the "fixes" mentioned above and ran them while waiting for any replies here (then took a nap 'cos I was worn out). Additionally I also managed to get AVG (free) to install (haven't heard back from ESET yet) and ran a scan with it. It found a couple things and quarrantined them, and it also says in it's interface I have a working firewall, email, and Internet security running (AVG says all my security in working now) so at least I have "something" going for me now.

    As to the rest of the recommendations above:

    1. Found the same link Tony22 listed after I posted my questions. Followed all the instructions in that link and ran Anti Malware Bytes. It identified a few things as "trojans" and eliminated them.

    2. Ran TDSSKiller during the above process, and the first time it did identify something and "fixed" it.

    3. Ran HijackThis after the above, and it has stuff in the report I've never seen before on my computer.

    My Action Center in Win7 is still showing the Security Center is disabled and won't let me "turn it on". Note that is ALL it is showing (I don't have the "old" info that showed Firewall, UAC, and Anti-virus info that I had with ESET installed before the "hack" happened). From what else I've been able to find on the 'net, it sounds like I may be "trojan free" but my Registry is still corrupted (I'm guessing based on what I read on the 'net and the looks of the HijackThis log, but I'm not sure so haven't gone any farther).

    So, MWB says I'm "clean", TDSSKiller finds nothing now, and my HijackThis log looks like a disaster based on my previous experience using it. And I'm still unable to "turn on Security Center" in the Control Panel.

    Here are the latest TDSSKiller and HijackThis logs I just ran. Feel like I'm getting close to solving everything, and trying to laugh it all off yet. But not sure what needs to be done yet.

    ***** CURRENT TDSSKiller LOG *****

    11:19:11.0788 5016 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
    11:19:12.0740 5016 ============================================================
    11:19:12.0740 5016 Current date / time: 2011/12/16 11:19:12.0740
    11:19:12.0740 5016 SystemInfo:
    11:19:12.0740 5016
    11:19:12.0740 5016 OS Version: 6.1.7601 ServicePack: 1.0
    11:19:12.0740 5016 Product type: Workstation
    11:19:12.0740 5016 ComputerName: RICKS-JETLINE
    11:19:12.0740 5016 UserName: Rick Ryan
    11:19:12.0740 5016 Windows directory: C:\Windows
    11:19:12.0740 5016 System windows directory: C:\Windows
    11:19:12.0740 5016 Running under WOW64
    11:19:12.0740 5016 Processor architecture: Intel x64
    11:19:12.0740 5016 Number of processors: 4
    11:19:12.0740 5016 Page size: 0x1000
    11:19:12.0740 5016 Boot type: Normal boot
    11:19:12.0740 5016 ============================================================
    11:19:29.0198 5016 Initialize success
    11:19:54.0813 4720 ============================================================
    11:19:54.0813 4720 Scan started
    11:19:54.0813 4720 Mode: Manual;
    11:19:54.0813 4720 ============================================================
    11:19:55.0281 4720 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    11:19:55.0281 4720 1394ohci - ok
    11:19:55.0297 4720 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    11:19:55.0297 4720 ACPI - ok
    11:19:55.0312 4720 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    11:19:55.0312 4720 AcpiPmi - ok
    11:19:55.0328 4720 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    11:19:55.0328 4720 adp94xx - ok
    11:19:55.0343 4720 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    11:19:55.0343 4720 adpahci - ok
    11:19:55.0359 4720 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    11:19:55.0359 4720 adpu320 - ok
    11:19:55.0390 4720 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    11:19:55.0390 4720 AFD - ok
    11:19:55.0390 4720 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    11:19:55.0390 4720 agp440 - ok
    11:19:55.0406 4720 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    11:19:55.0406 4720 aliide - ok
    11:19:55.0406 4720 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    11:19:55.0406 4720 amdide - ok
    11:19:55.0421 4720 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    11:19:55.0421 4720 AmdK8 - ok
    11:19:55.0421 4720 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    11:19:55.0421 4720 AmdPPM - ok
    11:19:55.0437 4720 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    11:19:55.0437 4720 amdsata - ok
    11:19:55.0437 4720 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    11:19:55.0453 4720 amdsbs - ok
    11:19:55.0453 4720 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    11:19:55.0453 4720 amdxata - ok
    11:19:55.0468 4720 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    11:19:55.0468 4720 AppID - ok
    11:19:55.0484 4720 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    11:19:55.0484 4720 arc - ok
    11:19:55.0499 4720 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    11:19:55.0499 4720 arcsas - ok
    11:19:55.0499 4720 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    11:19:55.0499 4720 AsyncMac - ok
    11:19:55.0515 4720 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    11:19:55.0515 4720 atapi - ok
    11:19:55.0546 4720 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
    11:19:55.0546 4720 Avgfwfd - ok
    11:19:55.0577 4720 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    11:19:55.0577 4720 AVGIDSDriver - ok
    11:19:55.0593 4720 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    11:19:55.0593 4720 AVGIDSEH - ok
    11:19:55.0609 4720 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    11:19:55.0609 4720 AVGIDSFilter - ok
    11:19:55.0624 4720 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
    11:19:55.0624 4720 Avgldx64 - ok
    11:19:55.0655 4720 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
    11:19:55.0671 4720 Avgmfx64 - ok
    11:19:55.0671 4720 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
    11:19:55.0671 4720 Avgrkx64 - ok
    11:19:55.0702 4720 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
    11:19:55.0702 4720 Avgtdia - ok
    11:19:55.0733 4720 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    11:19:55.0733 4720 b06bdrv - ok
    11:19:55.0749 4720 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    11:19:55.0749 4720 b57nd60a - ok
    11:19:55.0765 4720 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    11:19:55.0765 4720 Beep - ok
    11:19:55.0780 4720 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    11:19:55.0780 4720 blbdrive - ok
    11:19:55.0811 4720 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    11:19:55.0811 4720 bowser - ok
    11:19:55.0811 4720 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    11:19:55.0811 4720 BrFiltLo - ok
    11:19:55.0811 4720 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    11:19:55.0811 4720 BrFiltUp - ok
    11:19:55.0843 4720 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    11:19:55.0843 4720 Brserid - ok
    11:19:55.0843 4720 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    11:19:55.0843 4720 BrSerWdm - ok
    11:19:55.0858 4720 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    11:19:55.0858 4720 BrUsbMdm - ok
    11:19:55.0858 4720 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    11:19:55.0858 4720 BrUsbSer - ok
    11:19:55.0858 4720 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    11:19:55.0858 4720 BTHMODEM - ok
    11:19:55.0874 4720 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    11:19:55.0874 4720 cdfs - ok
    11:19:55.0905 4720 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    11:19:55.0905 4720 cdrom - ok
    11:19:55.0905 4720 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    11:19:55.0905 4720 circlass - ok
    11:19:55.0936 4720 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    11:19:55.0936 4720 CLFS - ok
    11:19:55.0952 4720 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    11:19:55.0952 4720 CmBatt - ok
    11:19:55.0952 4720 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    11:19:55.0952 4720 cmdide - ok
    11:19:55.0999 4720 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    11:19:55.0999 4720 CNG - ok
    11:19:55.0999 4720 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    11:19:55.0999 4720 Compbatt - ok
    11:19:56.0014 4720 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    11:19:56.0014 4720 CompositeBus - ok
    11:19:56.0030 4720 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys
    11:19:56.0030 4720 cpuz134 - ok
    11:19:56.0092 4720 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    11:19:56.0092 4720 crcdisk - ok
    11:19:56.0123 4720 CT20XUT (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\system32\drivers\CT20XUT.SYS
    11:19:56.0123 4720 CT20XUT - ok
    11:19:56.0139 4720 CT20XUT.SYS (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\System32\drivers\CT20XUT.SYS
    11:19:56.0139 4720 CT20XUT.SYS - ok
    11:19:56.0170 4720 ctac32k (397fbd4454e5b2fb77e55d1013df548c) C:\Windows\system32\drivers\ctac32k.sys
    11:19:56.0170 4720 ctac32k - ok
    11:19:56.0186 4720 ctaud2k (50a8cd4df066fe57d0c473a2645988cc) C:\Windows\system32\drivers\ctaud2k.sys
    11:19:56.0201 4720 ctaud2k - ok
    11:19:56.0233 4720 CTEXFIFX (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\system32\drivers\CTEXFIFX.SYS
    11:19:56.0233 4720 CTEXFIFX - ok
    11:19:56.0279 4720 CTEXFIFX.SYS (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\System32\drivers\CTEXFIFX.SYS
    11:19:56.0279 4720 CTEXFIFX.SYS - ok
    11:19:56.0279 4720 CTHWIUT (ae78ca7ee865a28ac841211db655acf3) C:\Windows\system32\drivers\CTHWIUT.SYS
    11:19:56.0295 4720 CTHWIUT - ok
    11:19:56.0295 4720 CTHWIUT.SYS (ae78ca7ee865a28ac841211db655acf3) C:\Windows\System32\drivers\CTHWIUT.SYS
    11:19:56.0295 4720 CTHWIUT.SYS - ok
    11:19:56.0311 4720 ctprxy2k (757776e207ca5e71e4a16bd1260ae1f2) C:\Windows\system32\drivers\ctprxy2k.sys
    11:19:56.0311 4720 ctprxy2k - ok
    11:19:56.0326 4720 ctsfm2k (9b111ee2f488a8d9c21a13ed4c777795) C:\Windows\system32\drivers\ctsfm2k.sys
    11:19:56.0326 4720 ctsfm2k - ok
    11:19:56.0357 4720 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    11:19:56.0357 4720 DfsC - ok
    11:19:56.0373 4720 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    11:19:56.0373 4720 discache - ok
    11:19:56.0389 4720 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    11:19:56.0389 4720 Disk - ok
    11:19:56.0420 4720 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    11:19:56.0420 4720 drmkaud - ok
    11:19:56.0451 4720 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    11:19:56.0451 4720 DXGKrnl - ok
    11:19:56.0513 4720 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    11:19:56.0513 4720 ebdrv - ok
    11:19:56.0576 4720 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    11:19:56.0576 4720 elxstor - ok
    11:19:56.0591 4720 emupia (683dcaf0d4efc3f95a32e8924849202d) C:\Windows\system32\drivers\emupia2k.sys
    11:19:56.0607 4720 emupia - ok
    11:19:56.0607 4720 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    11:19:56.0607 4720 ErrDev - ok
    11:19:56.0638 4720 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    11:19:56.0638 4720 exfat - ok
    11:19:56.0654 4720 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    11:19:56.0654 4720 fastfat - ok
    11:19:56.0654 4720 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    11:19:56.0654 4720 fdc - ok
    11:19:56.0669 4720 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    11:19:56.0669 4720 FileInfo - ok
    11:19:56.0685 4720 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    11:19:56.0685 4720 Filetrace - ok
    11:19:56.0701 4720 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    11:19:56.0701 4720 flpydisk - ok
    11:19:56.0716 4720 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    11:19:56.0716 4720 FltMgr - ok
    11:19:56.0747 4720 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    11:19:56.0747 4720 FsDepends - ok
    11:19:56.0763 4720 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    11:19:56.0763 4720 Fs_Rec - ok
    11:19:56.0779 4720 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    11:19:56.0779 4720 fvevol - ok
    11:19:56.0794 4720 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    11:19:56.0794 4720 gagp30kx - ok
    11:19:56.0841 4720 ha20x22k (076f366b87575adc7d152c7a34acb3dc) C:\Windows\system32\drivers\ha20x22k.sys
    11:19:56.0841 4720 ha20x22k - ok
    11:19:56.0872 4720 ha20x2k (4a7533eb52dc9d1847e7f78dee1ce322) C:\Windows\system32\drivers\ha20x2k.sys
    11:19:56.0903 4720 ha20x2k - ok
    11:19:56.0935 4720 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    11:19:56.0935 4720 hcw85cir - ok
    11:19:56.0966 4720 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    11:19:56.0966 4720 HdAudAddService - ok
    11:19:56.0981 4720 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    11:19:56.0981 4720 HDAudBus - ok
    11:19:56.0981 4720 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    11:19:56.0981 4720 HidBatt - ok
    11:19:56.0997 4720 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    11:19:56.0997 4720 HidBth - ok
    11:19:56.0997 4720 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    11:19:56.0997 4720 HidIr - ok
    11:19:57.0013 4720 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    11:19:57.0013 4720 HidUsb - ok
    11:19:57.0028 4720 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    11:19:57.0028 4720 HpSAMD - ok
    11:19:57.0059 4720 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    11:19:57.0059 4720 HTTP - ok
    11:19:57.0075 4720 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    11:19:57.0075 4720 hwpolicy - ok
    11:19:57.0091 4720 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    11:19:57.0091 4720 i8042prt - ok
    11:19:57.0106 4720 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    11:19:57.0106 4720 iaStorV - ok
    11:19:57.0122 4720 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    11:19:57.0122 4720 iirsp - ok
    11:19:57.0137 4720 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    11:19:57.0137 4720 intelide - ok
    11:19:57.0153 4720 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    11:19:57.0153 4720 intelppm - ok
    11:19:57.0169 4720 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    11:19:57.0169 4720 IpFilterDriver - ok
    11:19:57.0184 4720 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    11:19:57.0184 4720 IPMIDRV - ok
    11:19:57.0184 4720 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    11:19:57.0184 4720 IPNAT - ok
    11:19:57.0200 4720 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    11:19:57.0200 4720 IRENUM - ok
    11:19:57.0200 4720 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    11:19:57.0200 4720 isapnp - ok
    11:19:57.0215 4720 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    11:19:57.0215 4720 iScsiPrt - ok
    11:19:57.0231 4720 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    11:19:57.0231 4720 kbdclass - ok
    11:19:57.0262 4720 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    11:19:57.0262 4720 kbdhid - ok
    11:19:57.0278 4720 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    11:19:57.0278 4720 KSecDD - ok
    11:19:57.0293 4720 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    11:19:57.0293 4720 KSecPkg - ok
    11:19:57.0309 4720 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    11:19:57.0325 4720 ksthunk - ok
    11:19:57.0340 4720 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
    11:19:57.0340 4720 LGBusEnum - ok
    11:19:57.0356 4720 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
    11:19:57.0356 4720 LGVirHid - ok
    11:19:57.0371 4720 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    11:19:57.0371 4720 lltdio - ok
    11:19:57.0371 4720 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    11:19:57.0371 4720 LSI_FC - ok
    11:19:57.0387 4720 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    11:19:57.0387 4720 LSI_SAS - ok
    11:19:57.0387 4720 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    11:19:57.0387 4720 LSI_SAS2 - ok
    11:19:57.0403 4720 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    11:19:57.0403 4720 LSI_SCSI - ok
    11:19:57.0418 4720 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    11:19:57.0418 4720 luafv - ok
    11:19:57.0434 4720 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    11:19:57.0434 4720 megasas - ok
    11:19:57.0434 4720 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    11:19:57.0449 4720 MegaSR - ok
    11:19:57.0449 4720 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    11:19:57.0465 4720 Modem - ok
    11:19:57.0465 4720 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    11:19:57.0465 4720 monitor - ok
    11:19:57.0481 4720 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    11:19:57.0481 4720 mouclass - ok
    11:19:57.0496 4720 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    11:19:57.0496 4720 mouhid - ok
    11:19:57.0512 4720 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    11:19:57.0512 4720 mountmgr - ok
    11:19:57.0527 4720 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    11:19:57.0527 4720 mpio - ok
    11:19:57.0527 4720 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    11:19:57.0543 4720 mpsdrv - ok
    11:19:57.0559 4720 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    11:19:57.0559 4720 MRxDAV - ok
    11:19:57.0574 4720 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    11:19:57.0574 4720 mrxsmb - ok
    11:19:57.0590 4720 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    11:19:57.0605 4720 mrxsmb10 - ok
    11:19:57.0637 4720 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    11:19:57.0637 4720 mrxsmb20 - ok
    11:19:57.0652 4720 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    11:19:57.0652 4720 msahci - ok
    11:19:57.0668 4720 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    11:19:57.0668 4720 msdsm - ok
    11:19:57.0683 4720 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    11:19:57.0699 4720 Msfs - ok
    11:19:57.0699 4720 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    11:19:57.0699 4720 mshidkmdf - ok
    11:19:57.0715 4720 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    11:19:57.0715 4720 msisadrv - ok
    11:19:57.0730 4720 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    11:19:57.0730 4720 MSKSSRV - ok
    11:19:57.0730 4720 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    11:19:57.0730 4720 MSPCLOCK - ok
    11:19:57.0746 4720 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    11:19:57.0746 4720 MSPQM - ok
    11:19:57.0761 4720 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    11:19:57.0761 4720 MsRPC - ok
    11:19:57.0777 4720 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    11:19:57.0777 4720 mssmbios - ok
    11:19:57.0793 4720 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    11:19:57.0793 4720 MSTEE - ok
    11:19:57.0793 4720 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    11:19:57.0793 4720 MTConfig - ok
    11:19:57.0808 4720 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    11:19:57.0808 4720 Mup - ok
    11:19:57.0824 4720 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    11:19:57.0824 4720 NativeWifiP - ok
    11:19:57.0871 4720 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    11:19:57.0871 4720 NDIS - ok
    11:19:57.0871 4720 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    11:19:57.0871 4720 NdisCap - ok
    11:19:57.0886 4720 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    11:19:57.0886 4720 NdisTapi - ok
    11:19:57.0917 4720 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    11:19:57.0917 4720 Ndisuio - ok
    11:19:57.0933 4720 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    11:19:57.0933 4720 NdisWan - ok
    11:19:57.0949 4720 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    11:19:57.0949 4720 NDProxy - ok
    11:19:57.0964 4720 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    11:19:57.0964 4720 NetBIOS - ok
    11:19:57.0980 4720 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    11:19:57.0980 4720 NetBT - ok
    11:19:58.0042 4720 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    11:19:58.0042 4720 nfrd960 - ok
    11:19:58.0058 4720 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    11:19:58.0058 4720 Npfs - ok
    11:19:58.0073 4720 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    11:19:58.0073 4720 nsiproxy - ok
    11:19:58.0105 4720 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    11:19:58.0136 4720 Ntfs - ok
    11:19:58.0151 4720 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    11:19:58.0151 4720 Null - ok
    11:19:58.0323 4720 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    11:19:58.0354 4720 nvlddmkm - ok
    11:19:58.0385 4720 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    11:19:58.0385 4720 nvraid - ok
    11:19:58.0385 4720 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    11:19:58.0385 4720 nvstor - ok
    11:19:58.0401 4720 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    11:19:58.0401 4720 nv_agp - ok
    11:19:58.0417 4720 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    11:19:58.0417 4720 ohci1394 - ok
    11:19:58.0448 4720 oodisr (02342c06c0890efc14bfdd5289fc5d23) C:\Windows\system32\DRIVERS\oodisr.sys
    11:19:58.0448 4720 oodisr - ok
    11:19:58.0463 4720 oodisrh (329cf5af343d38ca965bd10142cf5fff) C:\Windows\system32\DRIVERS\oodisrh.sys
    11:19:58.0463 4720 oodisrh - ok
    11:19:58.0479 4720 oodivd (edfd6b7cd2cb104699ecf5362eee9c36) C:\Windows\system32\DRIVERS\oodivd.sys
    11:19:58.0479 4720 oodivd - ok
    11:19:58.0495 4720 oodivdh (d60972d53cbfa29fa6a8dc5e0287a53e) C:\Windows\system32\DRIVERS\oodivdh.sys
    11:19:58.0495 4720 oodivdh - ok
    11:19:58.0526 4720 ossrv (a29a80a1cf63d0dc27eefcaf27d34664) C:\Windows\system32\drivers\ctoss2k.sys
    11:19:58.0526 4720 ossrv - ok
    11:19:58.0541 4720 papycpu2 - ok
    11:19:58.0541 4720 papyjoy - ok
    11:19:58.0557 4720 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    11:19:58.0557 4720 Parport - ok
    11:19:58.0573 4720 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    11:19:58.0573 4720 partmgr - ok
    11:19:58.0588 4720 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    11:19:58.0588 4720 pci - ok
    11:19:58.0588 4720 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    11:19:58.0588 4720 pciide - ok
    11:19:58.0604 4720 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    11:19:58.0604 4720 pcmcia - ok
    11:19:58.0619 4720 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    11:19:58.0619 4720 pcw - ok
    11:19:58.0635 4720 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    11:19:58.0635 4720 PEAUTH - ok
    11:19:58.0682 4720 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    11:19:58.0682 4720 PptpMiniport - ok
    11:19:58.0697 4720 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    11:19:58.0697 4720 Processor - ok
    11:19:58.0713 4720 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    11:19:58.0713 4720 Psched - ok
    11:19:58.0744 4720 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    11:19:58.0744 4720 ql2300 - ok
    11:19:58.0760 4720 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    11:19:58.0760 4720 ql40xx - ok
    11:19:58.0775 4720 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    11:19:58.0775 4720 QWAVEdrv - ok
    11:19:58.0791 4720 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    11:19:58.0791 4720 RasAcd - ok
    11:19:58.0807 4720 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    11:19:58.0807 4720 RasAgileVpn - ok
    11:19:58.0822 4720 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    11:19:58.0822 4720 Rasl2tp - ok
    11:19:58.0838 4720 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    11:19:58.0838 4720 RasPppoe - ok
    11:19:58.0838 4720 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    11:19:58.0838 4720 RasSstp - ok
    11:19:58.0869 4720 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    11:19:58.0869 4720 rdbss - ok
    11:19:58.0869 4720 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    11:19:58.0869 4720 rdpbus - ok
    11:19:58.0885 4720 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    11:19:58.0885 4720 RDPCDD - ok
    11:19:58.0900 4720 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    11:19:58.0900 4720 RDPENCDD - ok
    11:19:58.0900 4720 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    11:19:58.0900 4720 RDPREFMP - ok
    11:19:58.0931 4720 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    11:19:58.0931 4720 RDPWD - ok
    11:19:58.0947 4720 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    11:19:58.0947 4720 rdyboost - ok
    11:19:59.0009 4720 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    11:19:59.0009 4720 rspndr - ok
    11:19:59.0041 4720 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
    11:19:59.0041 4720 RTL8167 - ok
    11:19:59.0056 4720 SaidA2AE (fec058631edce08127a7de3e0ce33abc) C:\Windows\system32\DRIVERS\SaidA2AE.sys
    11:19:59.0056 4720 SaidA2AE - ok
    11:19:59.0072 4720 SaiH0BAC (231a3700154b1a49c2f05cb0da4b2747) C:\Windows\system32\DRIVERS\SaiH0BAC.sys
    11:19:59.0072 4720 SaiH0BAC - ok
    11:19:59.0087 4720 SaiH0C2D (231a3700154b1a49c2f05cb0da4b2747) C:\Windows\system32\DRIVERS\SaiH0C2D.sys
    11:19:59.0087 4720 SaiH0C2D - ok
    11:19:59.0119 4720 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    11:19:59.0119 4720 sbp2port - ok
    11:19:59.0150 4720 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    11:19:59.0150 4720 scfilter - ok
    11:19:59.0165 4720 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    11:19:59.0165 4720 secdrv - ok
    11:19:59.0181 4720 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    11:19:59.0181 4720 Serenum - ok
    11:19:59.0181 4720 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    11:19:59.0197 4720 Serial - ok
    11:19:59.0197 4720 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    11:19:59.0197 4720 sermouse - ok
    11:19:59.0212 4720 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    11:19:59.0212 4720 sffdisk - ok
    11:19:59.0212 4720 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    11:19:59.0212 4720 sffp_mmc - ok
    11:19:59.0228 4720 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    11:19:59.0228 4720 sffp_sd - ok
    11:19:59.0228 4720 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    11:19:59.0228 4720 sfloppy - ok
    11:19:59.0243 4720 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    11:19:59.0243 4720 SiSRaid2 - ok
    11:19:59.0259 4720 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    11:19:59.0259 4720 SiSRaid4 - ok
    11:19:59.0259 4720 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    11:19:59.0259 4720 Smb - ok
    11:19:59.0275 4720 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    11:19:59.0275 4720 spldr - ok
    11:19:59.0306 4720 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    11:19:59.0306 4720 srv - ok
    11:19:59.0321 4720 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    11:19:59.0321 4720 srv2 - ok
    11:19:59.0337 4720 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    11:19:59.0337 4720 srvnet - ok
    11:19:59.0384 4720 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
    11:19:59.0384 4720 SSPORT - ok
    11:19:59.0399 4720 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    11:19:59.0399 4720 stexstor - ok
    11:19:59.0415 4720 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    11:19:59.0415 4720 swenum - ok
    11:19:59.0477 4720 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    11:19:59.0477 4720 Tcpip - ok
    11:19:59.0524 4720 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    11:19:59.0524 4720 TCPIP6 - ok
    11:19:59.0555 4720 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    11:19:59.0555 4720 tcpipreg - ok
    11:19:59.0571 4720 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    11:19:59.0571 4720 TDPIPE - ok
    11:19:59.0571 4720 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    11:19:59.0571 4720 TDTCP - ok
    11:19:59.0602 4720 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    11:19:59.0602 4720 tdx - ok
    11:19:59.0618 4720 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    11:19:59.0618 4720 TermDD - ok
    11:19:59.0649 4720 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    11:19:59.0649 4720 tssecsrv - ok
    11:19:59.0665 4720 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    11:19:59.0665 4720 TsUsbFlt - ok
    11:19:59.0696 4720 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    11:19:59.0696 4720 tunnel - ok
    11:19:59.0727 4720 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    11:19:59.0727 4720 uagp35 - ok
    11:19:59.0743 4720 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    11:19:59.0743 4720 udfs - ok
    11:19:59.0758 4720 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    11:19:59.0758 4720 uliagpkx - ok
    11:19:59.0774 4720 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    11:19:59.0774 4720 umbus - ok
    11:19:59.0789 4720 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    11:19:59.0789 4720 UmPass - ok
    11:19:59.0821 4720 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    11:19:59.0821 4720 usbccgp - ok
    11:19:59.0836 4720 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    11:19:59.0836 4720 usbcir - ok
    11:19:59.0852 4720 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    11:19:59.0852 4720 usbehci - ok
    11:19:59.0867 4720 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    11:19:59.0867 4720 usbhub - ok
    11:19:59.0883 4720 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    11:19:59.0883 4720 usbohci - ok
    11:19:59.0977 4720 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    11:19:59.0977 4720 usbprint - ok
    11:20:00.0023 4720 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
    11:20:00.0023 4720 USBSTOR - ok
    11:20:00.0023 4720 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    11:20:00.0023 4720 usbuhci - ok
    11:20:00.0055 4720 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    11:20:00.0055 4720 vdrvroot - ok
    11:20:00.0055 4720 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    11:20:00.0055 4720 vga - ok
    11:20:00.0070 4720 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    11:20:00.0070 4720 VgaSave - ok
    11:20:00.0086 4720 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    11:20:00.0086 4720 vhdmp - ok
    11:20:00.0086 4720 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    11:20:00.0086 4720 viaide - ok
    11:20:00.0101 4720 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    11:20:00.0101 4720 volmgr - ok
    11:20:00.0117 4720 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    11:20:00.0117 4720 volmgrx - ok
    11:20:00.0133 4720 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    11:20:00.0133 4720 volsnap - ok
    11:20:00.0180 4720 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    11:20:00.0180 4720 vsmraid - ok
    11:20:00.0195 4720 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    11:20:00.0195 4720 vwifibus - ok
    11:20:00.0211 4720 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    11:20:00.0211 4720 WacomPen - ok
    11:20:00.0226 4720 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    11:20:00.0226 4720 WANARP - ok
    11:20:00.0226 4720 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    11:20:00.0226 4720 Wanarpv6 - ok
    11:20:00.0242 4720 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    11:20:00.0242 4720 Wd - ok
    11:20:00.0273 4720 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    11:20:00.0273 4720 Wdf01000 - ok
    11:20:00.0289 4720 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    11:20:00.0289 4720 WfpLwf - ok
    11:20:00.0304 4720 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    11:20:00.0304 4720 WIMMount - ok
    11:20:00.0336 4720 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
    11:20:00.0336 4720 WmBEnum - ok
    11:20:00.0351 4720 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
    11:20:00.0351 4720 WmFilter - ok
    11:20:00.0367 4720 WmHidLo (ac4331af118a720f13c9c5cabbfe27bd) C:\Windows\system32\drivers\WmHidLo.sys
    11:20:00.0367 4720 WmHidLo - ok
    11:20:00.0382 4720 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    11:20:00.0382 4720 WmiAcpi - ok
    11:20:00.0398 4720 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
    11:20:00.0398 4720 WmVirHid - ok
    11:20:00.0398 4720 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
    11:20:00.0398 4720 WmXlCore - ok
    11:20:00.0429 4720 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    11:20:00.0429 4720 ws2ifsl - ok
    11:20:00.0460 4720 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    11:20:00.0460 4720 WudfPf - ok
    11:20:00.0476 4720 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    11:20:00.0476 4720 WUDFRd - ok
    11:20:00.0523 4720 {B154377D-700F-42cc-9474-23858FBDF4BD} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
    11:20:00.0523 4720 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
    11:20:00.0523 4720 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    11:20:00.0538 4720 \Device\Harddisk0\DR0 - ok
    11:20:00.0538 4720 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
    11:20:00.0538 4720 \Device\Harddisk1\DR1 - ok
    11:20:00.0538 4720 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
    11:20:00.0538 4720 \Device\Harddisk2\DR2 - ok
    11:20:00.0554 4720 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk3\DR3
    11:20:00.0554 4720 \Device\Harddisk3\DR3 - ok
    11:20:00.0570 4720 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4
    11:20:00.0570 4720 \Device\Harddisk4\DR4 - ok
    11:20:00.0585 4720 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4
    11:20:00.0585 4720 \Device\Harddisk4\DR4 - ok
    11:20:00.0601 4720 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR5
    11:20:00.0601 4720 \Device\Harddisk5\DR5 - ok
    11:20:00.0616 4720 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR6
    11:20:00.0616 4720 \Device\Harddisk6\DR6 - ok
    11:20:00.0616 4720 Boot (0x1200) (225c39065345cdd9db866e94e0516adb) \Device\Harddisk0\DR0\Partition0
    11:20:00.0616 4720 \Device\Harddisk0\DR0\Partition0 - ok
    11:20:00.0632 4720 Boot (0x1200) (939601861c3a961b0c64c602e1176a66) \Device\Harddisk0\DR0\Partition1
    11:20:00.0632 4720 \Device\Harddisk0\DR0\Partition1 - ok
    11:20:00.0632 4720 Boot (0x1200) (c14f707d7dc3465185e9697e31385b76) \Device\Harddisk1\DR1\Partition0
    11:20:00.0632 4720 \Device\Harddisk1\DR1\Partition0 - ok
    11:20:00.0632 4720 Boot (0x1200) (5b074a8224ae7a970fb5a1eaf0f4fa96) \Device\Harddisk2\DR2\Partition0
    11:20:00.0632 4720 \Device\Harddisk2\DR2\Partition0 - ok
    11:20:00.0632 4720 Boot (0x1200) (7a90dce39cd48a2919927aa343504512) \Device\Harddisk3\DR3\Partition0
    11:20:00.0648 4720 \Device\Harddisk3\DR3\Partition0 - ok
    11:20:00.0648 4720 Boot (0x1200) (fb7da76905f7945251e51a1f26bf7ecd) \Device\Harddisk4\DR4\Partition0
    11:20:00.0648 4720 \Device\Harddisk4\DR4\Partition0 - ok
    11:20:00.0648 4720 Boot (0x1200) (fb7da76905f7945251e51a1f26bf7ecd) \Device\Harddisk4\DR4\Partition0
    11:20:00.0648 4720 \Device\Harddisk4\DR4\Partition0 - ok
    11:20:00.0663 4720 Boot (0x1200) (be12cd60c6ea0a72f3c18e5485831c45) \Device\Harddisk5\DR5\Partition0
    11:20:00.0663 4720 \Device\Harddisk5\DR5\Partition0 - ok
    11:20:00.0663 4720 Boot (0x1200) (b8cb8c932e14a25b425ea4ffef12eb5b) \Device\Harddisk6\DR6\Partition0
    11:20:00.0663 4720 \Device\Harddisk6\DR6\Partition0 - ok
    11:20:00.0663 4720 ============================================================
    11:20:00.0663 4720 Scan finished
    11:20:00.0663 4720 ============================================================
    11:20:00.0679 0924 Detected object count: 0
    11:20:00.0679 0924 Actual detected object count: 0
    11:20:12.0472 3188 Deinitialize success

    ***** END OF TDSSKiller LOG *****


    ***** CURRENT HIJACK THIS LOG *****

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:25:38 AM, on 12/16/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Rick's Utilities - System Maintenance\Trend Micro\HiJackThis\HiJackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Matrox PowerDesk] "C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: AutorunsDisabled
    O4 - Startup: DesktopVideoPlayer.lnk = Rick Ryan\AppData\Local\vghd\bin\vghd.exe
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetect...etection32.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/soft...3/CTPIDPDE.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/soft...15/CTSUEng.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...5118/CTPID.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: ASO3DiskOptimizer - Systweak Inc., (www.systweak.com) - C:\Rick's Utilities - System Maintenance\Advanced System Optimizer 3.0 3\ASO3DefragSrv64.exe
    O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Matrox.Pdesk3.ServicesHost - Matrox Graphics Inc - C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Rick's Utilities - System Maintenance\O&O Software\O&O Defrag 12.5 Pro\oodag.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: Saitek DirectOutput (SaiDOutput) - Saitek - C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Samsung UPD Service - Unknown owner - C:\Windows\System32\SUPDSvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    --
    End of file - 8924 bytes

    ***** END OF HIJACK THIS LOG *****

    Thanks for continuing to help. This is the first time I've been "hacked" like this since I retired from the Air Force 9 years ago. My security software has always protected me...up until this. I think ESET may be trying to figure out if a new version of "Windows 7 Security 2012" got past their Nod32, and they may be scrambling to get a new signature file out for it or something. I still haven't heard back from them yet.
      My Computer
    Quote Quote

  11. tony22
    Posts : 169
    Windows 7 Ultimate x64 SP1
       New #8

    FalconAF, others may chime in on the analysis of the data, but keep in mind that if you have a restore Point which is known to be before this whole thing started you can always do a System Restore (preferably in Safe Mode).
      My Computer
    Quote Quote

  12. FalconAF
    Posts : 11
    Windows 7 Home Premium 64
    Thread Starter
       New #9

    Don't have a Windows one...I disable that on my computer (will reconsider that after this attack now). From what I've read, the trojan knocks those out anyhow. I do have a disk image from about a month ago (O&O Disk Image) but have made some changes since then that I'd like to keep if I can solve this without having to use it. Changes included software and hardware, so I *could* do it, but it wouldn't be ideal. Prefer it as a last resort short of a full Win7 re-install.
      My Computer
    Quote Quote

  13. Petey7
    Posts : 2,963
    Windows 7 Professional SP1 64-bit
       New #10

    On here we always recommend having System Restore on. I cannot tell you how many times I have solved a problem by simply using System Restore or how many times I have had to do a LOT more work on someones computer because they had System Restore off, then if they had left it on.
      My Computer
    Quote Quote

 
Page 1 of 2 12 LastLast

  Related Discussions
I continuously receive the following message within the Action Center: Turn on Windows Security Center service (Important) When I click on this message I get the error "The Windows Security Center service can't be started." I am trying to apply the solution at the link...
My wife is having her weekly PC issue... The Windows 7 Action Center is displaying the following message: Windows Security Center Service (Important) The Windows Security Center service is turned off. When I press the "Turn on now" button, I get the following error: The Windows Security...
I am not very tech savvy at all so please keep this in mind!! Over the last week I have had trouble with my laptop, it won't open certain programs, mainly my Panda Security anti virus software, aswell as google chrome. Internet explorer is having major issues and keeps having to refresh web...
Hello, I'm a new poster here and I discovered the forum while searching for a solution to a problem that I am having with my Windows Security Center being turned off. This is the last symptom of a problem that I noticed about a week ago. At that time my Google searches in Firefox were being...
I get an Action Center flag telling me to turn on WSC service, but when I try it tells me that it can't be started. I know -- this is a common issue, but I haven't found any threads that solve the problem for me. I'm running W7 home premium 32bit. It's a new install on a new hard drive (but...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 18:04.
Find Us