False Java Update notification - MS Antispyware - de-activated windows 7 etc

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
  
• Click on the Log tab.
  
• In the Write to log box select the following items.
  
  
  
  • Process << Selected
    
  • Kernel Modules << Selected
    
  • SSDT << Selected
    
  • Kernel Hooks << Selected
    
  • IRP Hooks << NOT Selected
    
  • Ports << NOT Selected
    
  • Hidden Files << Selected
    
  
  
• At the bottom of the page
  
  
  
  • Hidden Objects Only << Selected
    
  
  
• Click on the Create Log button on the bottom right.
  
• After a few seconds a new window should appear.
  
• Select Scan Root Drive. Click on the Start button.
  
• When it is complete a new window will appear to indicate that the scan is finished.
  
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
  

I tried it - ran as admin etc - still gives me an error:
failed to start service.

SysProt AntiRootkit need to be run with Admin priveleges!

Seams to run but no activity. Is not listed as being compatible with Windows 7.....

Ok. Let's try this.

Please download RootRepeal from GooglePages.com.

• Extract the program file to your Desktop.
  
• Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
  
  
  
• Select ALL of the checkboxes and then click OK and it will start scanning your system.
  
  
• If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  
• When done, click on Save Report
  
• Save it to the Desktop.
  
• Please copy/paste the contents of the report in your next reply.
  

Please remove any e-mail address in the RootRepeal report (if present).

FYI, on restart - startup failed and had to repair startup with most recent restore point - apparently due to SysProt Antirootkit.

I tried RootRepeal ......

Well when I attempt to run it with or without admin privileges I get the following:

RootReal Error
Attempt to write to address: 0x013fe000

RootReal Error
Attempt to read from address: 0xf11b6f2e

By the way.... Symptoms still occurring.....

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Intel
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ECS
System Product Name: 945GCT-M
Logical Drives Mask: 0x0000017d

Kernel Drivers (total 221):
0x82C3C000 \SystemRoot\system32\ntoskrnl.exe
0x82C05000 \SystemRoot\system32\halmacpi.dll
0x80BBE000 \SystemRoot\system32\kdcom.dll
0x8C02F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8C0B4000 \SystemRoot\system32\PSHED.dll
0x8C0C5000 \SystemRoot\system32\BOOTVID.dll
0x8C0CD000 \SystemRoot\system32\CLFS.SYS
0x8C10F000 \SystemRoot\system32\CI.dll
0x8C1BA000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8C22B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8C239000 \SystemRoot\system32\drivers\ACPI.sys
0x8C281000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8C28A000 \SystemRoot\system32\drivers\msisadrv.sys
0x8C292000 \SystemRoot\system32\drivers\pci.sys
0x8C2BC000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8C2C7000 \SystemRoot\System32\drivers\partmgr.sys
0x8C2D8000 \SystemRoot\system32\drivers\volmgr.sys
0x8C2E8000 \SystemRoot\System32\drivers\volmgrx.sys
0x8C333000 \SystemRoot\system32\drivers\intelide.sys
0x8C33A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8C348000 \SystemRoot\System32\drivers\mountmgr.sys
0x8C35E000 \SystemRoot\system32\drivers\vmbus.sys
0x8C388000 \SystemRoot\system32\drivers\winhv.sys
0x8C39A000 \SystemRoot\system32\drivers\atapi.sys
0x8C3A3000 \SystemRoot\system32\drivers\ataport.SYS
0x8C3C6000 \SystemRoot\system32\drivers\amdxata.sys
0x8C42F000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C463000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C474000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x8C483000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8C48D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C5BC000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C5E7000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C5FA000 \SystemRoot\System32\Drivers\cng.sys
0x8C657000 \SystemRoot\System32\drivers\pcw.sys
0x8C665000 \SystemRoot\system32\drivers\eufs.sys
0x8C66E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C677000 \SystemRoot\system32\drivers\ndis.sys
0x8C72E000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C76C000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C83F000 \SystemRoot\System32\drivers\tcpip.sys
0x8C989000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C9BA000 \SystemRoot\system32\drivers\vmstorfl.sys
0x8C9C3000 \SystemRoot\system32\drivers\volsnap.sys
0x8CA02000 \SystemRoot\System32\Drivers\spldr.sys
0x8CA0A000 \SystemRoot\System32\drivers\rdyboost.sys
0x8CA37000 \SystemRoot\System32\Drivers\mup.sys
0x8CA47000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8CA4F000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8CA81000 \SystemRoot\system32\drivers\eubakup.sys
0x8CA8B000 \SystemRoot\system32\DRIVERS\disk.sys
0x8CA9C000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8CAF3000 \SystemRoot\system32\DRIVERS\c2scsi.sys
0x8CB30000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8CB56000 \SystemRoot\system32\drivers\cdrom.sys
0x8CB75000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8CB9C000 \SystemRoot\System32\Drivers\Null.SYS
0x8CBA3000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CBAA000 \SystemRoot\System32\drivers\vga.sys
0x8CBB6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CBD7000 \SystemRoot\System32\drivers\watchdog.sys
0x8CBE4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CBEC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CBF4000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8C800000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C80B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C819000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C830000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C791000 \SystemRoot\system32\drivers\afd.sys
0x93017000 \SystemRoot\System32\DRIVERS\netbt.sys
0x93049000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x93052000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x93059000 \SystemRoot\system32\DRIVERS\pacer.sys
0x93078000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x93088000 \SystemRoot\system32\DRIVERS\netbios.sys
0x93096000 \SystemRoot\system32\DRIVERS\serial.sys
0x930B0000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x930EB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x930FE000 \SystemRoot\system32\drivers\vpcvmm.sys
0x93145000 \SystemRoot\system32\drivers\termdd.sys
0x93156000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x93178000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9317E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x931BF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x931C9000 \SystemRoot\system32\drivers\mssmbios.sys
0x931D3000 \SystemRoot\System32\drivers\discache.sys
0x931DF000 \SystemRoot\system32\drivers\csc.sys
0x93243000 \SystemRoot\System32\Drivers\dfsc.sys
0x9325B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x93269000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x9328A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x96021000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x96A4E000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x96A52000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x96B09000 \SystemRoot\System32\drivers\dxgmms1.sys
0x96B42000 \SystemRoot\system32\drivers\HDAudBus.sys
0x96B61000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x96BC3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9329C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x96BCE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x96BDD000 \SystemRoot\system32\DRIVERS\fdc.sys
0x96BE8000 \SystemRoot\system32\DRIVERS\parport.sys
0x96000000 \SystemRoot\system32\DRIVERS\serenum.sys
0x9600A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x96010000 \SystemRoot\system32\drivers\CompositeBus.sys
0x932E7000 \SystemRoot\System32\Drivers\KUSBusByTCPMasterBus.sys
0x932F5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x93307000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9331F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9332A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9334C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x93364000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9337B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x93392000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x9339C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x933A9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9601D000 \SystemRoot\system32\drivers\swenum.sys
0x933B6000 \SystemRoot\system32\drivers\ks.sys
0x8C400000 \SystemRoot\system32\DRIVERS\EuDisk.sys
0x933EA000 \SystemRoot\system32\drivers\umbus.sys
0x8C3CF000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x93000000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x9601F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9300D000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys
0x93010000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0x98C0E000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x98C44000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x98C88000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x98C92000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x98CA3000 \SystemRoot\system32\drivers\HdAudio.sys
0x98CF3000 \SystemRoot\system32\drivers\portcls.sys
0x98D22000 \SystemRoot\system32\drivers\drmk.sys
0x98D3B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x98D52000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x98D5D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x98D70000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x98D77000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x98D85000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x98D90000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x98D9C000 \??\C:\Windows\system32\drivers\VMkbd.sys
0x98DA1000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x825B0000 \SystemRoot\System32\win32k.sys
0x98DAC000 \SystemRoot\System32\drivers\Dxapi.sys
0x98DB6000 \SystemRoot\System32\Drivers\crashdmp.sys
0x98DC3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x98DCE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x98DD7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x98DE8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82410000 \SystemRoot\System32\TSDDD.dll
0x82440000 \SystemRoot\System32\cdd.dll
0x82460000 \SystemRoot\System32\ATMFD.DLL
0x98DF3000 \SystemRoot\system32\drivers\luafv.sys
0x98E0E000 \SystemRoot\system32\drivers\WudfPf.sys
0x98E28000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0x98E36000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x98E46000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x98E59000 \SystemRoot\system32\drivers\HTTP.sys
0x98EDE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x98EF7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x98F09000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x98F2C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x98F67000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x98F82000 \??\C:\Windows\system32\drivers\hcmon.sys
0x98F8C000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x98F93000 \??\C:\Windows\system32\Drivers\vmci.sys
0x98FA3000 \??\C:\Windows\system32\Drivers\VMparport.sys
0xA4826000 \??\C:\Windows\system32\Drivers\vmx86.sys
0xA48F5000 \SystemRoot\system32\drivers\peauth.sys
0xA498C000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA4996000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA49B7000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA49C4000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
0xA49C9000 \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
0xA49CD000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA4A1D000 \SystemRoot\System32\DRIVERS\srv.sys
0xA4A75000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0xA4AEE000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA4AF7000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0xA4B01000 \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A41549B8-4F3B-4A43-A9F7-1D176C0FC14B}\MpKsle6c0334e.sys
0xA4B1F000 \??\C:\Windows\system32\drivers\rootrepeal.sys
0xA4B42000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA4B58000 \SystemRoot\System32\Drivers\fastfat.SYS
0x76DA0000 \Windows\System32\ntdll.dll
0x48530000 \Windows\System32\smss.exe
0x76FE0000 \Windows\System32\apisetschema.dll
0x002C0000 \Windows\System32\autochk.exe
0x76FC0000 \Windows\System32\normaliz.dll
0x76FA0000 \Windows\System32\imm32.dll
0x76C90000 \Windows\System32\urlmon.dll
0x76F40000 \Windows\System32\shlwapi.dll
0x76040000 \Windows\System32\shell32.dll
0x76EF0000 \Windows\System32\gdi32.dll
0x76EE0000 \Windows\System32\psapi.dll
0x76030000 \Windows\System32\lpk.dll
0x75F60000 \Windows\System32\msctf.dll
0x75EC0000 \Windows\System32\advapi32.dll
0x75E80000 \Windows\System32\ws2_32.dll
0x75DB0000 \Windows\System32\user32.dll
0x75D80000 \Windows\System32\imagehlp.dll
0x75CF0000 \Windows\System32\clbcatq.dll
0x75C90000 \Windows\System32\difxapi.dll
0x75BB0000 \Windows\System32\kernel32.dll
0x75B20000 \Windows\System32\oleaut32.dll
0x75A00000 \Windows\System32\wininet.dll
0x759F0000 \Windows\System32\nsi.dll
0x75950000 \Windows\System32\usp10.dll
0x757B0000 \Windows\System32\setupapi.dll
0x755F0000 \Windows\System32\iertutil.dll
0x75540000 \Windows\System32\rpcrt4.dll
0x753E0000 \Windows\System32\ole32.dll
0x75360000 \Windows\System32\comdlg32.dll
0x75310000 \Windows\System32\Wldap32.dll
0x75260000 \Windows\System32\msvcrt.dll
0x75240000 \Windows\System32\sechost.dll
0x751B0000 \Windows\System32\comctl32.dll
0x75190000 \Windows\System32\devobj.dll
0x75160000 \Windows\System32\wintrust.dll
0x75110000 \Windows\System32\KernelBase.dll
0x750E0000 \Windows\System32\cfgmgr32.dll
0x74FC0000 \Windows\System32\crypt32.dll
0x74FB0000 \Windows\System32\msasn1.dll

Processes (total 71):
0 System Idle Process
4 System
280 C:\Windows\System32\smss.exe
392 csrss.exe
452 C:\Windows\System32\wininit.exe
464 csrss.exe
500 C:\Windows\System32\services.exe
516 C:\Windows\System32\lsass.exe
524 C:\Windows\System32\lsm.exe
644 C:\Windows\System32\svchost.exe
712 C:\Windows\System32\winlogon.exe
748 C:\Windows\System32\nvvsvc.exe
792 C:\Windows\System32\svchost.exe
856 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
932 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\svchost.exe
1308 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1324 C:\Windows\System32\nvvsvc.exe
1504 C:\Windows\System32\svchost.exe
1576 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1736 C:\Windows\System32\spoolsv.exe
1816 C:\Windows\System32\svchost.exe
1948 C:\Program Files\SUPERAntiSpyware\SASCore.exe
2024 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
312 C:\Program Files\Bonjour\mDNSResponder.exe
336 C:\Windows\System32\svchost.exe
340 C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
1592 C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
1852 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1848 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
808 C:\Program Files\Microsoft\BingBar\SeaPort.EXE
2060 C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
2164 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2204 C:\Program Files\VMware\VMware Player\vmware-authd.exe
2332 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2404 unsecapp.exe
2592 WmiPrvSE.exe
2628 WmiPrvSE.exe
2908 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
3536 C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
3656 C:\Windows\System32\SearchIndexer.exe
3044 C:\Windows\System32\dwm.exe
1732 C:\Windows\explorer.exe
3652 C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
2752 C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
3200 C:\Program Files\VMware\VMware Player\hqtray.exe
3180 C:\Program Files\HawkingTech\Multifunction Print Server\Control Center.exe
3756 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
1988 C:\Program Files\iTunes\iTunesHelper.exe
1436 C:\Program Files\Microsoft Security Client\msseces.exe
1088 C:\Program Files\TweakNow PowerPack 2010\CDAuto.exe
1560 C:\Program Files\DAEMON Tools Lite\DTLite.exe
800 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2284 C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe
3508 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
2532 C:\Program Files\Avanquest\PowerDesk\pddlghlp.exe
3380 C:\Program Files\iPod\bin\iPodService.exe
2280 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
728 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
3876 C:\Users\Kevin\Downloads\RootRepeal.exe
3768 C:\Windows\System32\svchost.exe
2252 C:\Program Files\Mozilla Thunderbird\thunderbird.exe
2876 C:\Windows\System32\audiodg.exe
2964 C:\Program Files\Mozilla Firefox\firefox.exe
2072 C:\Windows\System32\SearchProtocolHost.exe
2836 C:\Windows\System32\SearchFilterHost.exe
1144 C:\Users\Kevin\Downloads\MBRCheck.exe
3424 C:\Windows\System32\conhost.exe
2036 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive1 Model Number: HitachiHDE721010SLA330, Rev: ST6OA3AA
PhysicalDrive0 Model Number: HitachiHDS722020ALA330, Rev: JKAOA3EA

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
1863 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

By the way.... Symptoms still occurring......

Just to verify; are the symptoms the same as what you outlined in your opening thread?

AVENGER

• Download The Avenger by Swandog46 from here.
  
• Unzip/extract it to a folder on your desktop.
  
• Double click on avenger.exe to run The Avenger.
  
• Click OK.
  
• Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  
• Click the Execute button.
  
• You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
  
• Click Yes.
  
• You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  
• Click Yes.
  
• Your PC will now be rebooted.
  
• After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  
• Please post this log in your next reply.
  

Yes, exact same symptoms - have you ever seen that before?

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.

Maybe I should mount my C drive in my 64 bit windows 7 laptop and scan it?

I know the alert is legit - that is why I downloaded it. However a previous alert was also legit but when I attempt to allow these legit alerts apparently I am redirected to a false path and get hit with the "download failed" fake alert and minutes later my MS Security Essentials goes off - then weird stuff ensues.

Apparently the update engine is redirecting the download path and using it to deliver a payload.

Is there a way to clean out this code? I thought by removing it last time and reinstalling java I had achieved this, but apparently its a reg hack or something redirecting me.

In any case I am infected with something that runs about every 5 minutes, apparently scans my personal folders and then quits or goes dormant.

ok,

So I scanned my c drive for files created on 11/29/2011 - the day it all happened.

Java Update was lats run at 7:35 PM on 11/29/11. Per Java Aplet

I have a file under the following path:
c:\ program data\miscrost\microsoft antimalware\scans\history\cachemanager\MpScanCache-1.bin

I cannot view contents, delete, copy, or anything to this file.
Open with notepad = access is denied etc. shutting down security essentials has no effect. The file is 4,812,800k

The containing folder seems to be tied to MSSecurity Essentials - but I am not sure if it is legit?

Just hunting around and found that I no longer had ownership of folders like c:\users\Kevin\local settings

& certainly not:
c:\ program data\miscrost\microsoft antimalware\scans\history\cachemanager\MpScanCache-1.bin

I attempted to take ownership of the entire C drive but guess what files I could not take ownership of?

c:\ program data\miscrost\microsoft antimalware\scans\history\cachemanager\MpScanCache-1.bin

This was followed of course by:

The attempt to take ownership of everything seemed to work except that it didn't seem to change my effective permissions at all.

Still cannot access local settings - access denied - "unable to display current owner" and I have NO effective permissions at all.....

c:\ program data\miscrost\microsoft antimalware\scans\history\cachemanager\MpScanCache-1.bin

This is a file added by MSE.
I'm checking with a colleague about this problem and I'll be back as soon as I have something.

ok, I read an article about a bug with similar symptoms and they recommended stopzilla - I looked it up and it looked legit so I installed it - reboot and it "found" catchme.dll and related files in my local settings folder - that I cannot get into - it deleted it then I ran a full scan - here is a list of the results: Vundo.A7 c:\windows\nircmd.exe
vundo.A7 c:\windows\swsc.exe
Google Redirector C:\windows\swreg.exe
Google Redirector C:\windows\swxcacls.exe
lpv4mons hklm\software\microsoft\windows\current version\control panel\load
digital protections d:\kevin's documents\gateway\hcc-145 medical terminology for health care workers\application\cd\content\audio\virus.mp3 (false positive?)
Winexec32 c:\avenger.txt (false positive in log)
Gain.Gator autocad drawing file? (false positive?)
Trojan.Win32.Cognac!a c:\windows\pev.exe

I manually put everything in the recycle bin. now I find that my IE icon is gone and - well I use firefox with nosript anyway but when I opened your site as usual the page does not display correctly - this text window it 3/4 of an inch square! and so I changed my default browser to get to IE and it displayed your site correctly but then I got a popup as follows:Caution! Your computer contains a variety of suspicious programs. Your System requires immediate checking! The system will perform a fast and free check your PC for malicious programs. only an OK button of course. I killed it with task manager.
I just finished another of many scans with antimalware bytes - 000000 infections! This is so fun!

Well I updated antimalware and superantispyware and and running simultaneous scans - I opened up firefox again and now your site looks normal.

Before this I ran CC cleaner to kill anything I might have picked up by running IE and of course it deleted everything in my recycle bin - so hopefully the listed files in the previous stopzilla log are not important!

Here is a screen capture of the "Message from webpage"

Its reaaaaalllly hard to post images!!!!

my computer says that IExporer.exe does not exist - yet something that looks like it runs if I click a web link......

OK downloaded MS Safety Scanner and am running a full scan....

MS Security Essentials was not running for some reason - ran it - updated it - quick scan revealed to infections:

Trojan:JS/redirector.HQ Removed
VirTool:JS/Obfuscator.CA Quarantined

I will run a full scan next

Did I not ask you to not run any scans unless I asked you to run them?

No you said not to remove anything and just report results.
The removals were automatic, and my intent was to keep everything in my recycle bin.

In any case we were not exactly getting anywhere.

I now have the drive in question hooked up to my laptop as a slave and have scanned it with antimalware - clean - it always runs clean - which really surprises me.

I am currently scanning with ms security essentials. Do you have any specific suggestions now that we are not running the os on that drive?

Whatever this bug is it sure hides reeeaaaalllly well.

Thanks for your help

Well, even external scans of the drive with both AntiMalware Bytes and MS Security Essentials come up clean.

Do you have anything you want me to try?

FYI,

I recreated the IE icon - iexplore.exe is located exactly were it should be.

When I use IE to go to GeekPolice.net I still get the popup:

Here is the message

Why is this so hard?

So I tried using IE to go to another site - Wallbase.net

Worked fine - after a few seconds I got the popup:

Internet Explorer has stopped working

A problem caused the program to stop working correctly.
Windows will close the program and notify you if a solution is available.

Close program button

I of course CTRL-ALT-DEL and END these

After doing so IE continued to run and was not locked up at all. Just to be safe I killed it as well.

The only real difference is I have add ons for firefox - NOSCRIPT as recommended by you guys - works great! also running Addblock plus, and WOT.

I found a site indicating the "message from website" is a add based attach but this seems to be active on any page and comes with different bait messages - so I think it is local to this system.

I have been watching to see if the original issue of the personal folders - access denied and weird rename is still occurring - not seen it yet. Maybe we killed that one?!!

Oh well - strike that last; it just did the access denied trick again.

So far we have found nothing and removed nothing associated with this.

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:



* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
******************************************************

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory..

Jotti's found nothing

TDSSKiller found nothing..

18:14:01.0820 0344 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
18:14:02.0350 0344 ============================================================
18:14:02.0350 0344 Current date / time: 2011/12/19 18:14:02.0350
18:14:02.0350 0344 SystemInfo:
18:14:02.0350 0344
18:14:02.0350 0344 OS Version: 6.1.7601 ServicePack: 1.0
18:14:02.0350 0344 Product type: Workstation
18:14:02.0350 0344 ComputerName: KEVINSDESKTOP
18:14:02.0350 0344 UserName: Kevin
18:14:02.0350 0344 Windows directory: C:\Windows
18:14:02.0350 0344 System windows directory: C:\Windows
18:14:02.0350 0344 Processor architecture: Intel x86
18:14:02.0350 0344 Number of processors: 2
18:14:02.0350 0344 Page size: 0x1000
18:14:02.0350 0344 Boot type: Normal boot
18:14:02.0350 0344 ============================================================
18:14:03.0520 0344 Initialize success
18:14:37.0934 3492 ============================================================
18:14:37.0934 3492 Scan started
18:14:37.0934 3492 Mode: Manual;
18:14:37.0934 3492 ============================================================
18:14:38.0355 3492 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:14:38.0355 3492 1394ohci - ok
18:14:38.0387 3492 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:14:38.0387 3492 ACPI - ok
18:14:38.0402 3492 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:14:38.0402 3492 AcpiPmi - ok
18:14:38.0433 3492 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:14:38.0433 3492 adp94xx - ok
18:14:38.0449 3492 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:14:38.0449 3492 adpahci - ok
18:14:38.0465 3492 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:14:38.0465 3492 adpu320 - ok
18:14:38.0511 3492 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:14:38.0511 3492 AFD - ok
18:14:38.0527 3492 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:14:38.0527 3492 agp440 - ok
18:14:38.0543 3492 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:14:38.0543 3492 aic78xx - ok
18:14:38.0636 3492 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:14:38.0636 3492 aliide - ok
18:14:38.0652 3492 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:14:38.0652 3492 amdagp - ok
18:14:38.0667 3492 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:14:38.0667 3492 amdide - ok
18:14:38.0699 3492 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:14:38.0699 3492 AmdK8 - ok
18:14:38.0714 3492 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:14:38.0714 3492 AmdPPM - ok
18:14:38.0730 3492 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:14:38.0730 3492 amdsata - ok
18:14:38.0745 3492 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:14:38.0745 3492 amdsbs - ok
18:14:38.0761 3492 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:14:38.0761 3492 amdxata - ok
18:14:38.0808 3492 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:14:38.0823 3492 AppID - ok
18:14:38.0855 3492 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:14:38.0855 3492 arc - ok
18:14:38.0870 3492 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:14:38.0870 3492 arcsas - ok
18:14:38.0917 3492 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:14:38.0917 3492 AsyncMac - ok
18:14:38.0948 3492 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:14:38.0948 3492 atapi - ok
18:14:38.0995 3492 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:14:38.0995 3492 b06bdrv - ok
18:14:39.0011 3492 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:14:39.0011 3492 b57nd60x - ok
18:14:39.0026 3492 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:14:39.0026 3492 Beep - ok
18:14:39.0057 3492 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:14:39.0057 3492 blbdrive - ok
18:14:39.0089 3492 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:14:39.0089 3492 bowser - ok
18:14:39.0104 3492 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:14:39.0104 3492 BrFiltLo - ok
18:14:39.0120 3492 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:14:39.0120 3492 BrFiltUp - ok
18:14:39.0151 3492 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:14:39.0151 3492 Brserid - ok
18:14:39.0182 3492 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:14:39.0182 3492 BrSerWdm - ok
18:14:39.0198 3492 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:14:39.0198 3492 BrUsbMdm - ok
18:14:39.0198 3492 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:14:39.0213 3492 BrUsbSer - ok
18:14:39.0229 3492 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:14:39.0229 3492 BTHMODEM - ok
18:14:39.0260 3492 c2scsi (35e02592f9d3b6f8133e55862c81f50e) C:\Windows\system32\DRIVERS\c2scsi.sys
18:14:39.0260 3492 c2scsi - ok
18:14:39.0307 3492 CA561 (50ded7c73e0fb40693edab8cad7c46e7) C:\Windows\system32\Drivers\SPCA561.SYS
18:14:39.0307 3492 CA561 - ok
18:14:39.0323 3492 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:14:39.0338 3492 cdfs - ok
18:14:39.0369 3492 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
18:14:39.0369 3492 cdrom - ok
18:14:39.0401 3492 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:14:39.0401 3492 circlass - ok
18:14:39.0432 3492 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:14:39.0432 3492 CLFS - ok
18:14:39.0463 3492 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:14:39.0463 3492 CmBatt - ok
18:14:39.0494 3492 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:14:39.0494 3492 cmdide - ok
18:14:39.0510 3492 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
18:14:39.0525 3492 CNG - ok
18:14:39.0541 3492 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:14:39.0541 3492 Compbatt - ok
18:14:39.0572 3492 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:14:39.0572 3492 CompositeBus - ok
18:14:39.0588 3492 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:14:39.0588 3492 crcdisk - ok
18:14:39.0635 3492 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
18:14:39.0635 3492 CSC - ok
18:14:39.0666 3492 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:14:39.0666 3492 DfsC - ok
18:14:39.0697 3492 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:14:39.0697 3492 discache - ok
18:14:39.0728 3492 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:14:39.0728 3492 Disk - ok
18:14:39.0775 3492 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:14:39.0775 3492 drmkaud - ok
18:14:39.0806 3492 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:14:39.0822 3492 dtsoftbus01 - ok
18:14:39.0853 3492 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:14:39.0869 3492 DXGKrnl - ok
18:14:39.0947 3492 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:14:39.0978 3492 ebdrv - ok
18:14:40.0025 3492 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:14:40.0025 3492 elxstor - ok
18:14:40.0040 3492 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:14:40.0040 3492 ErrDev - ok
18:14:40.0165 3492 EUBAKUP (f79bcfe089804b6c2994f80bc343373a) C:\Windows\system32\drivers\eubakup.sys
18:14:40.0181 3492 EUBAKUP - ok
18:14:40.0196 3492 EuDisk (c4bc617b3608624cdb7cdd1606691066) C:\Windows\system32\DRIVERS\EuDisk.sys
18:14:40.0212 3492 EuDisk - ok
18:14:40.0243 3492 EUDSKACS (1436f419be2486cb5f004b2ad3abc6e7) C:\Windows\system32\drivers\eudskacs.sys
18:14:40.0259 3492 EUDSKACS - ok
18:14:40.0274 3492 EUFS (fcfe5df3dbd650d6dd0d1e1aa6832e2d) C:\Windows\system32\drivers\eufs.sys
18:14:40.0290 3492 EUFS - ok
18:14:40.0321 3492 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:14:40.0321 3492 exfat - ok
18:14:40.0337 3492 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:14:40.0337 3492 fastfat - ok
18:14:40.0383 3492 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:14:40.0383 3492 fdc - ok
18:14:40.0399 3492 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:14:40.0399 3492 FileInfo - ok
18:14:40.0415 3492 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:14:40.0415 3492 Filetrace - ok
18:14:40.0446 3492 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:14:40.0446 3492 flpydisk - ok
18:14:40.0461 3492 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:14:40.0461 3492 FltMgr - ok
18:14:40.0477 3492 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:14:40.0477 3492 FsDepends - ok
18:14:40.0524 3492 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
18:14:40.0524 3492 fssfltr - ok
18:14:40.0555 3492 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:14:40.0555 3492 Fs_Rec - ok
18:14:40.0586 3492 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:14:40.0586 3492 fvevol - ok
18:14:40.0602 3492 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:14:40.0602 3492 gagp30kx - ok
18:14:40.0617 3492 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:14:40.0617 3492 GEARAspiWDM - ok
18:14:40.0664 3492 hcmon (6934d249d27aab3a0d86e4da9c3ae006) C:\Windows\system32\drivers\hcmon.sys
18:14:40.0664 3492 hcmon - ok
18:14:40.0711 3492 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:14:40.0711 3492 hcw85cir - ok
18:14:40.0742 3492 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:14:40.0758 3492 HdAudAddService - ok
18:14:40.0773 3492 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:14:40.0773 3492 HDAudBus - ok
18:14:40.0789 3492 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:14:40.0789 3492 HidBatt - ok
18:14:40.0805 3492 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:14:40.0805 3492 HidBth - ok
18:14:40.0805 3492 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:14:40.0820 3492 HidIr - ok
18:14:40.0851 3492 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
18:14:40.0851 3492 HidUsb - ok
18:14:40.0867 3492 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:14:40.0883 3492 HpSAMD - ok
18:14:40.0914 3492 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:14:40.0914 3492 HTTP - ok
18:14:40.0945 3492 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:14:40.0945 3492 hwpolicy - ok
18:14:40.0961 3492 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:14:40.0961 3492 i8042prt - ok
18:14:40.0976 3492 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:14:40.0992 3492 iaStorV - ok
18:14:41.0054 3492 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:14:41.0054 3492 iirsp - ok
18:14:41.0070 3492 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:14:41.0070 3492 intelide - ok
18:14:41.0101 3492 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:14:41.0101 3492 intelppm - ok
18:14:41.0117 3492 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:14:41.0117 3492 IpFilterDriver - ok
18:14:41.0132 3492 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:14:41.0132 3492 IPMIDRV - ok
18:14:41.0148 3492 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:14:41.0148 3492 IPNAT - ok
18:14:41.0195 3492 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:14:41.0195 3492 IRENUM - ok
18:14:41.0210 3492 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:14:41.0210 3492 isapnp - ok
18:14:41.0226 3492 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:14:41.0226 3492 iScsiPrt - ok
18:14:41.0241 3492 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:14:41.0241 3492 kbdclass - ok
18:14:41.0257 3492 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
18:14:41.0257 3492 kbdhid - ok
18:14:41.0288 3492 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
18:14:41.0288 3492 KSecDD - ok
18:14:41.0304 3492 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
18:14:41.0304 3492 KSecPkg - ok
18:14:41.0335 3492 KUSBusByTCP (42c6e99f58dd9dea6911f0803109a21a) C:\Windows\system32\Drivers\KUSBusByTCP.sys
18:14:41.0382 3492 KUSBusByTCP - ok
18:14:41.0429 3492 KUSBusByTCPMasterBus (3411b9bbad2d937205ebb72d00f63435) C:\Windows\system32\Drivers\KUSBusByTCPMasterBus.sys
18:14:41.0460 3492 KUSBusByTCPMasterBus - ok
18:14:41.0507 3492 Lavasoft Kernexplorer - ok
18:14:41.0522 3492 Lbd - ok
18:14:41.0553 3492 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:14:41.0553 3492 lltdio - ok
18:14:41.0569 3492 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:14:41.0569 3492 LSI_FC - ok
18:14:41.0585 3492 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:14:41.0585 3492 LSI_SAS - ok
18:14:41.0600 3492 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:14:41.0600 3492 LSI_SAS2 - ok
18:14:41.0631 3492 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:14:41.0631 3492 LSI_SCSI - ok
18:14:41.0663 3492 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:14:41.0663 3492 luafv - ok
18:14:41.0678 3492 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:14:41.0678 3492 megasas - ok
18:14:41.0694 3492 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:14:41.0694 3492 MegaSR - ok
18:14:41.0694 3492 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:14:41.0709 3492 Modem - ok
18:14:41.0725 3492 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:14:41.0725 3492 monitor - ok
18:14:41.0756 3492 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:14:41.0756 3492 mouclass - ok
18:14:41.0772 3492 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:14:41.0772 3492 mouhid - ok
18:14:41.0819 3492 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:14:41.0819 3492 mountmgr - ok
18:14:41.0865 3492 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
18:14:41.0865 3492 MpFilter - ok
18:14:41.0881 3492 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:14:41.0897 3492 mpio - ok
18:14:41.0975 3492 MpKsl63a20a54 (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{08EBCFE9-36CB-43B2-AE5E-90D1111F9B46}\MpKsl63a20a54.sys
18:14:41.0975 3492 MpKsl63a20a54 - ok
18:14:42.0006 3492 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:14:42.0006 3492 MpNWMon - ok
18:14:42.0037 3492 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:14:42.0037 3492 mpsdrv - ok
18:14:42.0068 3492 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:14:42.0068 3492 MRxDAV - ok
18:14:42.0099 3492 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:14:42.0099 3492 mrxsmb - ok
18:14:42.0146 3492 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:14:42.0146 3492 mrxsmb10 - ok
18:14:42.0193 3492 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:14:42.0193 3492 mrxsmb20 - ok
18:14:42.0224 3492 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:14:42.0224 3492 msahci - ok
18:14:42.0240 3492 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:14:42.0255 3492 msdsm - ok
18:14:42.0287 3492 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:14:42.0287 3492 Msfs - ok
18:14:42.0349 3492 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:14:42.0349 3492 mshidkmdf - ok
18:14:42.0349 3492 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:14:42.0349 3492 msisadrv - ok
18:14:42.0380 3492 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:14:42.0380 3492 MSKSSRV - ok
18:14:42.0427 3492 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:14:42.0427 3492 MSPCLOCK - ok
18:14:42.0443 3492 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:14:42.0458 3492 MSPQM - ok
18:14:42.0474 3492 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:14:42.0474 3492 MsRPC - ok
18:14:42.0474 3492 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:14:42.0489 3492 mssmbios - ok
18:14:42.0489 3492 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:14:42.0489 3492 MSTEE - ok
18:14:42.0505 3492 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:14:42.0505 3492 MTConfig - ok
18:14:42.0521 3492 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:14:42.0521 3492 Mup - ok
18:14:42.0552 3492 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:14:42.0552 3492 NativeWifiP - ok
18:14:42.0583 3492 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:14:42.0599 3492 NDIS - ok
18:14:42.0630 3492 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:14:42.0630 3492 NdisCap - ok
18:14:42.0645 3492 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:14:42.0645 3492 NdisTapi - ok
18:14:42.0677 3492 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:14:42.0677 3492 Ndisuio - ok
18:14:42.0708 3492 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:14:42.0708 3492 NdisWan - ok
18:14:42.0723 3492 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:14:42.0723 3492 NDProxy - ok
18:14:42.0755 3492 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:14:42.0755 3492 NetBIOS - ok
18:14:42.0786 3492 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:14:42.0786 3492 NetBT - ok
18:14:42.0833 3492 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:14:42.0833 3492 nfrd960 - ok
18:14:42.0879 3492 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:14:42.0879 3492 NisDrv - ok
18:14:42.0911 3492 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:14:42.0911 3492 Npfs - ok
18:14:42.0926 3492 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:14:42.0926 3492 nsiproxy - ok
18:14:42.0973 3492 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:14:42.0989 3492 Ntfs - ok
18:14:43.0004 3492 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:14:43.0004 3492 Null - ok
18:14:43.0207 3492 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:14:43.0285 3492 nvlddmkm - ok
18:14:43.0347 3492 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:14:43.0347 3492 nvraid - ok
18:14:43.0363 3492 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:14:43.0363 3492 nvstor - ok
18:14:43.0394 3492 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:14:43.0394 3492 nv_agp - ok
18:14:43.0425 3492 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:14:43.0425 3492 ohci1394 - ok
18:14:43.0457 3492 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:14:43.0457 3492 Parport - ok
18:14:43.0488 3492 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:14:43.0488 3492 partmgr - ok
18:14:43.0503 3492 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:14:43.0503 3492 Parvdm - ok
18:14:43.0519 3492 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:14:43.0519 3492 pci - ok
18:14:43.0535 3492 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:14:43.0535 3492 pciide - ok
18:14:43.0550 3492 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:14:43.0566 3492 pcmcia - ok
18:14:43.0566 3492 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:14:43.0566 3492 pcw - ok
18:14:43.0597 3492 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:14:43.0597 3492 PEAUTH - ok
18:14:43.0644 3492 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:14:43.0644 3492 PptpMiniport - ok
18:14:43.0659 3492 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:14:43.0659 3492 Processor - ok
18:14:43.0737 3492 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:14:43.0737 3492 Psched - ok
18:14:43.0769 3492 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
18:14:43.0769 3492 PxHelp20 - ok
18:14:43.0800 3492 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:14:43.0815 3492 ql2300 - ok
18:14:43.0847 3492 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:14:43.0847 3492 ql40xx - ok
18:14:43.0862 3492 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:14:43.0862 3492 QWAVEdrv - ok
18:14:43.0878 3492 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:14:43.0878 3492 RasAcd - ok
18:14:43.0893 3492 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:14:43.0893 3492 RasAgileVpn - ok
18:14:43.0909 3492 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:14:43.0909 3492 Rasl2tp - ok
18:14:43.0940 3492 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:14:43.0940 3492 RasPppoe - ok
18:14:43.0956 3492 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:14:43.0956 3492 RasSstp - ok
18:14:43.0987 3492 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:14:43.0987 3492 rdbss - ok
18:14:44.0018 3492 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:14:44.0018 3492 rdpbus - ok
18:14:44.0049 3492 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:14:44.0049 3492 RDPCDD - ok
18:14:44.0096 3492 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
18:14:44.0096 3492 RDPDR - ok
18:14:44.0127 3492 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:14:44.0127 3492 RDPENCDD - ok
18:14:44.0143 3492 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:14:44.0143 3492 RDPREFMP - ok
18:14:44.0174 3492 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
18:14:44.0174 3492 RDPWD - ok
18:14:44.0205 3492 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:14:44.0205 3492 rdyboost - ok
18:14:44.0252 3492 rootrepeal - ok
18:14:44.0283 3492 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:14:44.0283 3492 rspndr - ok
18:14:44.0330 3492 RTL8167 (5283b9a27ff230f2ff70d92451ff409a) C:\Windows\system32\DRIVERS\Rt86win7.sys
18:14:44.0330 3492 RTL8167 - ok
18:14:44.0361 3492 RxFilter (c3f676bfb12292ffbc5b5fe4c8daf2d4) C:\Windows\system32\DRIVERS\RxFilter.sys
18:14:44.0361 3492 RxFilter - ok
18:14:44.0393 3492 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
18:14:44.0393 3492 s3cap - ok
18:14:44.0439 3492 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:14:44.0455 3492 SASDIFSV - ok
18:14:44.0455 3492 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:14:44.0455 3492 SASKUTIL - ok
18:14:44.0517 3492 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:14:44.0517 3492 scfilter - ok
18:14:44.0564 3492 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:14:44.0564 3492 secdrv - ok
18:14:44.0595 3492 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:14:44.0595 3492 Serenum - ok
18:14:44.0611 3492 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:14:44.0611 3492 Serial - ok
18:14:44.0627 3492 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:14:44.0627 3492 sermouse - ok
18:14:44.0658 3492 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:14:44.0658 3492 sffdisk - ok
18:14:44.0673 3492 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:14:44.0673 3492 sffp_mmc - ok
18:14:44.0689 3492 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:14:44.0689 3492 sffp_sd - ok
18:14:44.0705 3492 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:14:44.0705 3492 sfloppy - ok
18:14:44.0720 3492 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:14:44.0720 3492 sisagp - ok
18:14:44.0751 3492 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:14:44.0751 3492 SiSRaid2 - ok
18:14:44.0767 3492 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:14:44.0767 3492 SiSRaid4 - ok
18:14:44.0783 3492 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:14:44.0783 3492 Smb - ok
18:14:44.0814 3492 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:14:44.0829 3492 spldr - ok
18:14:44.0861 3492 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:14:44.0861 3492 srv - ok
18:14:44.0923 3492 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:14:44.0923 3492 srv2 - ok
18:14:44.0939 3492 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:14:44.0939 3492 srvnet - ok
18:14:44.0970 3492 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:14:44.0970 3492 stexstor - ok
18:14:45.0001 3492 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
18:14:45.0001 3492 storflt - ok
18:14:45.0032 3492 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
18:14:45.0032 3492 storvsc - ok
18:14:45.0048 3492 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:14:45.0048 3492 swenum - ok
18:14:45.0110 3492 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:14:45.0110 3492 Tcpip - ok
18:14:45.0141 3492 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:14:45.0157 3492 TCPIP6 - ok
18:14:45.0188 3492 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:14:45.0188 3492 tcpipreg - ok
18:14:45.0204 3492 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:14:45.0204 3492 TDPIPE - ok
18:14:45.0219 3492 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
18:14:45.0219 3492 TDTCP - ok
18:14:45.0235 3492 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:14:45.0235 3492 tdx - ok
18:14:45.0251 3492 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:14:45.0251 3492 TermDD - ok
18:14:45.0282 3492 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:14:45.0297 3492 tssecsrv - ok
18:14:45.0313 3492 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:14:45.0313 3492 TsUsbFlt - ok
18:14:45.0375 3492 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:14:45.0375 3492 tunnel - ok
18:14:45.0407 3492 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:14:45.0407 3492 uagp35 - ok
18:14:45.0438 3492 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:14:45.0438 3492 udfs - ok
18:14:45.0500 3492 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:14:45.0500 3492 uliagpkx - ok
18:14:45.0516 3492 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:14:45.0516 3492 umbus - ok
18:14:45.0516 3492 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:14:45.0516 3492 UmPass - ok
18:14:45.0563 3492 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:14:45.0563 3492 usbccgp - ok
18:14:45.0578 3492 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:14:45.0578 3492 usbcir - ok
18:14:45.0594 3492 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
18:14:45.0594 3492 usbehci - ok
18:14:45.0609 3492 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:14:45.0625 3492 usbhub - ok
18:14:45.0641 3492 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
18:14:45.0641 3492 usbohci - ok
18:14:45.0656 3492 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:14:45.0656 3492 usbprint - ok
18:14:45.0687 3492 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
18:14:45.0687 3492 usbscan - ok
18:14:45.0734 3492 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
18:14:45.0734 3492 USBSTOR - ok
18:14:45.0750 3492 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:14:45.0750 3492 usbuhci - ok
18:14:45.0765 3492 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:14:45.0765 3492 vdrvroot - ok
18:14:45.0797 3492 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:14:45.0797 3492 vga - ok
18:14:45.0812 3492 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:14:45.0812 3492 VgaSave - ok
18:14:45.0828 3492 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:14:45.0828 3492 vhdmp - ok
18:14:45.0859 3492 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:14:45.0859 3492 viaagp - ok
18:14:45.0875 3492 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:14:45.0875 3492 ViaC7 - ok
18:14:45.0890 3492 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:14:45.0890 3492 viaide - ok
18:14:45.0921 3492 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
18:14:45.0921 3492 vmbus - ok
18:14:45.0921 3492 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
18:14:45.0921 3492 VMBusHID - ok
18:14:45.0953 3492 vmci (c560b5363ad494541deda5da539fb870) C:\Windows\system32\Drivers\vmci.sys
18:14:45.0953 3492 vmci - ok
18:14:46.0046 3492 vmkbd (45e341e59f14cd88a64fdbe74ed0dd13) C:\Windows\system32\drivers\VMkbd.sys
18:14:46.0062 3492 vmkbd - ok
18:14:46.0077 3492 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\Windows\system32\DRIVERS\vmnetadapter.sys
18:14:46.0077 3492 VMnetAdapter - ok
18:14:46.0093 3492 VMnetBridge (462f2a31ea8b87a28962aca998df1869) C:\Windows\system32\DRIVERS\vmnetbridge.sys
18:14:46.0093 3492 VMnetBridge - ok
18:14:46.0109 3492 VMnetuserif (c4172c1661789d50f27e222288132a72) C:\Windows\system32\drivers\vmnetuserif.sys
18:14:46.0109 3492 VMnetuserif - ok
18:14:46.0124 3492 VMparport (c8f7ad7ad7785a4bc59bf4dfce5df13a) C:\Windows\system32\Drivers\VMparport.sys
18:14:46.0124 3492 VMparport - ok
18:14:46.0155 3492 vmusb (afb10ad9aa91d2f70c9f0e6bda0d119b) C:\Windows\system32\Drivers\vmusb.sys
18:14:46.0155 3492 vmusb - ok
18:14:46.0265 3492 vmx86 (2177f7269c6cc6a5657f1779eaa6c460) C:\Windows\system32\Drivers\vmx86.sys
18:14:46.0265 3492 vmx86 - ok
18:14:46.0280 3492 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:14:46.0280 3492 volmgr - ok
18:14:46.0311 3492 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:14:46.0311 3492 volmgrx - ok
18:14:46.0327 3492 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:14:46.0327 3492 volsnap - ok
18:14:46.0358 3492 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
18:14:46.0358 3492 vpcbus - ok
18:14:46.0389 3492 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
18:14:46.0389 3492 vpcnfltr - ok
18:14:46.0405 3492 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
18:14:46.0405 3492 vpcusb - ok
18:14:46.0421 3492 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys
18:14:46.0421 3492 vpcvmm - ok
18:14:46.0452 3492 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:14:46.0452 3492 vsmraid - ok
18:14:46.0499 3492 vstor2-ws60 (98929c5c5314c4c048e2f60492c26723) C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
18:14:46.0499 3492 vstor2-ws60 - ok
18:14:46.0514 3492 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:14:46.0514 3492 vwifibus - ok
18:14:46.0545 3492 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:14:46.0545 3492 WacomPen - ok
18:14:46.0592 3492 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:14:46.0592 3492 WANARP - ok
18:14:46.0608 3492 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:14:46.0608 3492 Wanarpv6 - ok
18:14:46.0655 3492 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:14:46.0655 3492 Wd - ok
18:14:46.0670 3492 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:14:46.0670 3492 Wdf01000 - ok
18:14:46.0717 3492 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:14:46.0717 3492 WfpLwf - ok
18:14:46.0733 3492 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:14:46.0733 3492 WIMMount - ok
18:14:46.0795 3492 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:14:46.0795 3492 WmiAcpi - ok
18:14:46.0826 3492 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:14:46.0826 3492 ws2ifsl - ok
18:14:46.0857 3492 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:14:46.0857 3492 WudfPf - ok
18:14:46.0873 3492 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:14:46.0873 3492 WUDFRd - ok
18:14:46.0904 3492 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:14:46.0904 3492 \Device\Harddisk0\DR0 - ok
18:14:46.0920 3492 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
18:14:46.0920 3492 \Device\Harddisk1\DR1 - ok
18:14:46.0935 3492 Boot (0x1200) (adeadb6ca2f04926b3738c27da7d5ec0) \Device\Harddisk1\DR1\Partition0
18:14:46.0935 3492 \Device\Harddisk1\DR1\Partition0 - ok
18:14:46.0935 3492 Boot (0x1200) (edeb3fd0a5db3183f3965b37982b277c) \Device\Harddisk1\DR1\Partition1
18:14:46.0935 3492 \Device\Harddisk1\DR1\Partition1 - ok
18:14:46.0935 3492 ============================================================
18:14:46.0935 3492 Scan finished
18:14:46.0935 3492 ============================================================
18:14:46.0951 3136 Detected object count: 0
18:14:46.0951 3136 Actual detected object count: 0
18:15:05.0967 3700 Deinitialize success

I did do my best to completely uninstall and delete all vestiges of the old Java install, then downloaded directly from sun and reinstalled.

So the entry point should have been eliminated. I have also disabled the update wizard for good measure.

Next?

Please give me an update on your computer.

Well, I notice that MS Security Essentials was not starting automatically, so I added the icon to the startup group.

Also I am trying to update Itunes and even when I run the install as admin I get the error:

The path "C:\Users\Kevin\AppData\Local\Apple\Apple Software Update\iTunes.msi cannot be found. Verity that you have access to this location and try again, or tyr to find the installation package "iTunes.msi" in a folder from which you can install the product iTunes.

Well the folder and file is there.... i finally just tried double clicking on the iTunes.msi file and it worked....

Something is just not right. Stumped.

I did the test again on the personal folders - still get the access denied and weird glif chinese characters - just as before.

So no beneficial change.

I am heavily considering a full drive wipe and reinstall. Any comments?

I am heavily considering a full drive wipe and reinstall. Any comments?.

If you can save your important data, that could be the fastest way to go. We could be hacking away at this for another two weeks or more. If you do a re-format be sure to scan your documents, files, pictures, music with at least two good AV scanners before putting them back on your computer.

I have a D drive with almost all my data on it - I don't like keeping all my data on the C - for just this reason.

I am very frustrated that we cannot get a handle on this. I never had a virus that I could not find and at least id.

With all the tools we have thrown at this I just don't have any more tricks!

Someone out there has come up with something very subtle and hard to find - and worse yet we don't know what it does.

I am willing to try one more round if you are but we need to step up to a new level - this aint no ordinary bug.

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.



Set the slider to Maximum.



IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.



On the General tab, make sure all of the boxes are checked.



On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.


Click Create Report to run it.


It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply..

Sorry for the delay - I was out of town.

Here is the link:

http://www.getsysteminfo.com/read.php?file=5761cbc54efc6a5e87840291888d94c4

Please uninstall your version of MBAM and download the new one. Please post the log.

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.04.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Kevin :: KEVINSDESKTOP [administrator]

1/4/2012 6:40:03 PM
mbam-log-2012-01-04 (18-40-03).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 419659
Time elapsed: 48 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

no effect.....

We are out of ideas as how to fix this problem. Sorry.