False Java Update notification - MS Antispyware - de-activated windows 7 etc

This was followed of course by:

The attempt to take ownership of everything seemed to work except that it didn't seem to change my effective permissions at all.

Still cannot access local settings - access denied - "unable to display current owner" and I have NO effective permissions at all.....

c:\ program data\miscrost\microsoft antimalware\scans\history\cachemanager\MpScanCache-1.bin

This is a file added by MSE.
I'm checking with a colleague about this problem and I'll be back as soon as I have something.

ok, I read an article about a bug with similar symptoms and they recommended stopzilla - I looked it up and it looked legit so I installed it - reboot and it "found" catchme.dll and related files in my local settings folder - that I cannot get into - it deleted it then I ran a full scan - here is a list of the results: Vundo.A7 c:\windows\nircmd.exe
vundo.A7 c:\windows\swsc.exe
Google Redirector C:\windows\swreg.exe
Google Redirector C:\windows\swxcacls.exe
lpv4mons hklm\software\microsoft\windows\current version\control panel\load
digital protections d:\kevin's documents\gateway\hcc-145 medical terminology for health care workers\application\cd\content\audio\virus.mp3 (false positive?)
Winexec32 c:\avenger.txt (false positive in log)
Gain.Gator autocad drawing file? (false positive?)
Trojan.Win32.Cognac!a c:\windows\pev.exe

I manually put everything in the recycle bin. now I find that my IE icon is gone and - well I use firefox with nosript anyway but when I opened your site as usual the page does not display correctly - this text window it 3/4 of an inch square! and so I changed my default browser to get to IE and it displayed your site correctly but then I got a popup as follows:Caution! Your computer contains a variety of suspicious programs. Your System requires immediate checking! The system will perform a fast and free check your PC for malicious programs. only an OK button of course. I killed it with task manager.
I just finished another of many scans with antimalware bytes - 000000 infections! This is so fun!

Well I updated antimalware and superantispyware and and running simultaneous scans - I opened up firefox again and now your site looks normal.

Before this I ran CC cleaner to kill anything I might have picked up by running IE and of course it deleted everything in my recycle bin - so hopefully the listed files in the previous stopzilla log are not important!

Here is a screen capture of the "Message from webpage"

Its reaaaaalllly hard to post images!!!!

my computer says that IExporer.exe does not exist - yet something that looks like it runs if I click a web link......

OK downloaded MS Safety Scanner and am running a full scan....

MS Security Essentials was not running for some reason - ran it - updated it - quick scan revealed to infections:

Trojan:JS/redirector.HQ Removed
VirTool:JS/Obfuscator.CA Quarantined

I will run a full scan next

Did I not ask you to not run any scans unless I asked you to run them?

No you said not to remove anything and just report results.
The removals were automatic, and my intent was to keep everything in my recycle bin.

In any case we were not exactly getting anywhere.

I now have the drive in question hooked up to my laptop as a slave and have scanned it with antimalware - clean - it always runs clean - which really surprises me.

I am currently scanning with ms security essentials. Do you have any specific suggestions now that we are not running the os on that drive?

Whatever this bug is it sure hides reeeaaaalllly well.

Thanks for your help

Well, even external scans of the drive with both AntiMalware Bytes and MS Security Essentials come up clean.

Do you have anything you want me to try?

FYI,

I recreated the IE icon - iexplore.exe is located exactly were it should be.

When I use IE to go to GeekPolice.net I still get the popup:

Here is the message

Why is this so hard?

So I tried using IE to go to another site - Wallbase.net

Worked fine - after a few seconds I got the popup:

Internet Explorer has stopped working

A problem caused the program to stop working correctly.
Windows will close the program and notify you if a solution is available.

Close program button

I of course CTRL-ALT-DEL and END these

After doing so IE continued to run and was not locked up at all. Just to be safe I killed it as well.

The only real difference is I have add ons for firefox - NOSCRIPT as recommended by you guys - works great! also running Addblock plus, and WOT.

I found a site indicating the "message from website" is a add based attach but this seems to be active on any page and comes with different bait messages - so I think it is local to this system.

I have been watching to see if the original issue of the personal folders - access denied and weird rename is still occurring - not seen it yet. Maybe we killed that one?!!

Oh well - strike that last; it just did the access denied trick again.

So far we have found nothing and removed nothing associated with this.

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:



* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
******************************************************

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory..

Jotti's found nothing

TDSSKiller found nothing..

18:14:01.0820 0344 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
18:14:02.0350 0344 ============================================================
18:14:02.0350 0344 Current date / time: 2011/12/19 18:14:02.0350
18:14:02.0350 0344 SystemInfo:
18:14:02.0350 0344
18:14:02.0350 0344 OS Version: 6.1.7601 ServicePack: 1.0
18:14:02.0350 0344 Product type: Workstation
18:14:02.0350 0344 ComputerName: KEVINSDESKTOP
18:14:02.0350 0344 UserName: Kevin
18:14:02.0350 0344 Windows directory: C:\Windows
18:14:02.0350 0344 System windows directory: C:\Windows
18:14:02.0350 0344 Processor architecture: Intel x86
18:14:02.0350 0344 Number of processors: 2
18:14:02.0350 0344 Page size: 0x1000
18:14:02.0350 0344 Boot type: Normal boot
18:14:02.0350 0344 ============================================================
18:14:03.0520 0344 Initialize success
18:14:37.0934 3492 ============================================================
18:14:37.0934 3492 Scan started
18:14:37.0934 3492 Mode: Manual;
18:14:37.0934 3492 ============================================================
18:14:38.0355 3492 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:14:38.0355 3492 1394ohci - ok
18:14:38.0387 3492 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:14:38.0387 3492 ACPI - ok
18:14:38.0402 3492 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:14:38.0402 3492 AcpiPmi - ok
18:14:38.0433 3492 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:14:38.0433 3492 adp94xx - ok
18:14:38.0449 3492 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:14:38.0449 3492 adpahci - ok
18:14:38.0465 3492 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:14:38.0465 3492 adpu320 - ok
18:14:38.0511 3492 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:14:38.0511 3492 AFD - ok
18:14:38.0527 3492 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:14:38.0527 3492 agp440 - ok
18:14:38.0543 3492 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:14:38.0543 3492 aic78xx - ok
18:14:38.0636 3492 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:14:38.0636 3492 aliide - ok
18:14:38.0652 3492 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:14:38.0652 3492 amdagp - ok
18:14:38.0667 3492 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:14:38.0667 3492 amdide - ok
18:14:38.0699 3492 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:14:38.0699 3492 AmdK8 - ok
18:14:38.0714 3492 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:14:38.0714 3492 AmdPPM - ok
18:14:38.0730 3492 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:14:38.0730 3492 amdsata - ok
18:14:38.0745 3492 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:14:38.0745 3492 amdsbs - ok
18:14:38.0761 3492 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:14:38.0761 3492 amdxata - ok
18:14:38.0808 3492 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:14:38.0823 3492 AppID - ok
18:14:38.0855 3492 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:14:38.0855 3492 arc - ok
18:14:38.0870 3492 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:14:38.0870 3492 arcsas - ok
18:14:38.0917 3492 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:14:38.0917 3492 AsyncMac - ok
18:14:38.0948 3492 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:14:38.0948 3492 atapi - ok
18:14:38.0995 3492 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:14:38.0995 3492 b06bdrv - ok
18:14:39.0011 3492 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:14:39.0011 3492 b57nd60x - ok
18:14:39.0026 3492 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:14:39.0026 3492 Beep - ok
18:14:39.0057 3492 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:14:39.0057 3492 blbdrive - ok
18:14:39.0089 3492 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:14:39.0089 3492 bowser - ok
18:14:39.0104 3492 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:14:39.0104 3492 BrFiltLo - ok
18:14:39.0120 3492 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:14:39.0120 3492 BrFiltUp - ok
18:14:39.0151 3492 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:14:39.0151 3492 Brserid - ok
18:14:39.0182 3492 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:14:39.0182 3492 BrSerWdm - ok
18:14:39.0198 3492 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:14:39.0198 3492 BrUsbMdm - ok
18:14:39.0198 3492 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:14:39.0213 3492 BrUsbSer - ok
18:14:39.0229 3492 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:14:39.0229 3492 BTHMODEM - ok
18:14:39.0260 3492 c2scsi (35e02592f9d3b6f8133e55862c81f50e) C:\Windows\system32\DRIVERS\c2scsi.sys
18:14:39.0260 3492 c2scsi - ok
18:14:39.0307 3492 CA561 (50ded7c73e0fb40693edab8cad7c46e7) C:\Windows\system32\Drivers\SPCA561.SYS
18:14:39.0307 3492 CA561 - ok
18:14:39.0323 3492 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:14:39.0338 3492 cdfs - ok
18:14:39.0369 3492 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
18:14:39.0369 3492 cdrom - ok
18:14:39.0401 3492 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:14:39.0401 3492 circlass - ok
18:14:39.0432 3492 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:14:39.0432 3492 CLFS - ok
18:14:39.0463 3492 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:14:39.0463 3492 CmBatt - ok
18:14:39.0494 3492 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:14:39.0494 3492 cmdide - ok
18:14:39.0510 3492 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
18:14:39.0525 3492 CNG - ok
18:14:39.0541 3492 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:14:39.0541 3492 Compbatt - ok
18:14:39.0572 3492 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:14:39.0572 3492 CompositeBus - ok
18:14:39.0588 3492 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:14:39.0588 3492 crcdisk - ok
18:14:39.0635 3492 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
18:14:39.0635 3492 CSC - ok
18:14:39.0666 3492 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:14:39.0666 3492 DfsC - ok
18:14:39.0697 3492 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:14:39.0697 3492 discache - ok
18:14:39.0728 3492 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:14:39.0728 3492 Disk - ok
18:14:39.0775 3492 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:14:39.0775 3492 drmkaud - ok
18:14:39.0806 3492 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:14:39.0822 3492 dtsoftbus01 - ok
18:14:39.0853 3492 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:14:39.0869 3492 DXGKrnl - ok
18:14:39.0947 3492 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:14:39.0978 3492 ebdrv - ok
18:14:40.0025 3492 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:14:40.0025 3492 elxstor - ok
18:14:40.0040 3492 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:14:40.0040 3492 ErrDev - ok
18:14:40.0165 3492 EUBAKUP (f79bcfe089804b6c2994f80bc343373a) C:\Windows\system32\drivers\eubakup.sys
18:14:40.0181 3492 EUBAKUP - ok
18:14:40.0196 3492 EuDisk (c4bc617b3608624cdb7cdd1606691066) C:\Windows\system32\DRIVERS\EuDisk.sys
18:14:40.0212 3492 EuDisk - ok
18:14:40.0243 3492 EUDSKACS (1436f419be2486cb5f004b2ad3abc6e7) C:\Windows\system32\drivers\eudskacs.sys
18:14:40.0259 3492 EUDSKACS - ok
18:14:40.0274 3492 EUFS (fcfe5df3dbd650d6dd0d1e1aa6832e2d) C:\Windows\system32\drivers\eufs.sys
18:14:40.0290 3492 EUFS - ok
18:14:40.0321 3492 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:14:40.0321 3492 exfat - ok
18:14:40.0337 3492 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:14:40.0337 3492 fastfat - ok
18:14:40.0383 3492 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:14:40.0383 3492 fdc - ok
18:14:40.0399 3492 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:14:40.0399 3492 FileInfo - ok
18:14:40.0415 3492 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:14:40.0415 3492 Filetrace - ok
18:14:40.0446 3492 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:14:40.0446 3492 flpydisk - ok
18:14:40.0461 3492 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:14:40.0461 3492 FltMgr - ok
18:14:40.0477 3492 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:14:40.0477 3492 FsDepends - ok
18:14:40.0524 3492 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
18:14:40.0524 3492 fssfltr - ok
18:14:40.0555 3492 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:14:40.0555 3492 Fs_Rec - ok
18:14:40.0586 3492 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:14:40.0586 3492 fvevol - ok
18:14:40.0602 3492 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:14:40.0602 3492 gagp30kx - ok
18:14:40.0617 3492 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:14:40.0617 3492 GEARAspiWDM - ok
18:14:40.0664 3492 hcmon (6934d249d27aab3a0d86e4da9c3ae006) C:\Windows\system32\drivers\hcmon.sys
18:14:40.0664 3492 hcmon - ok
18:14:40.0711 3492 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:14:40.0711 3492 hcw85cir - ok
18:14:40.0742 3492 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:14:40.0758 3492 HdAudAddService - ok
18:14:40.0773 3492 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:14:40.0773 3492 HDAudBus - ok
18:14:40.0789 3492 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:14:40.0789 3492 HidBatt - ok
18:14:40.0805 3492 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:14:40.0805 3492 HidBth - ok
18:14:40.0805 3492 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:14:40.0820 3492 HidIr - ok
18:14:40.0851 3492 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
18:14:40.0851 3492 HidUsb - ok
18:14:40.0867 3492 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:14:40.0883 3492 HpSAMD - ok
18:14:40.0914 3492 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:14:40.0914 3492 HTTP - ok
18:14:40.0945 3492 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:14:40.0945 3492 hwpolicy - ok
18:14:40.0961 3492 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:14:40.0961 3492 i8042prt - ok
18:14:40.0976 3492 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:14:40.0992 3492 iaStorV - ok
18:14:41.0054 3492 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:14:41.0054 3492 iirsp - ok
18:14:41.0070 3492 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:14:41.0070 3492 intelide - ok
18:14:41.0101 3492 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:14:41.0101 3492 intelppm - ok
18:14:41.0117 3492 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:14:41.0117 3492 IpFilterDriver - ok
18:14:41.0132 3492 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:14:41.0132 3492 IPMIDRV - ok
18:14:41.0148 3492 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:14:41.0148 3492 IPNAT - ok
18:14:41.0195 3492 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:14:41.0195 3492 IRENUM - ok
18:14:41.0210 3492 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:14:41.0210 3492 isapnp - ok
18:14:41.0226 3492 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:14:41.0226 3492 iScsiPrt - ok
18:14:41.0241 3492 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:14:41.0241 3492 kbdclass - ok
18:14:41.0257 3492 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
18:14:41.0257 3492 kbdhid - ok
18:14:41.0288 3492 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
18:14:41.0288 3492 KSecDD - ok
18:14:41.0304 3492 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
18:14:41.0304 3492 KSecPkg - ok
18:14:41.0335 3492 KUSBusByTCP (42c6e99f58dd9dea6911f0803109a21a) C:\Windows\system32\Drivers\KUSBusByTCP.sys
18:14:41.0382 3492 KUSBusByTCP - ok
18:14:41.0429 3492 KUSBusByTCPMasterBus (3411b9bbad2d937205ebb72d00f63435) C:\Windows\system32\Drivers\KUSBusByTCPMasterBus.sys
18:14:41.0460 3492 KUSBusByTCPMasterBus - ok
18:14:41.0507 3492 Lavasoft Kernexplorer - ok
18:14:41.0522 3492 Lbd - ok
18:14:41.0553 3492 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:14:41.0553 3492 lltdio - ok
18:14:41.0569 3492 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:14:41.0569 3492 LSI_FC - ok
18:14:41.0585 3492 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:14:41.0585 3492 LSI_SAS - ok
18:14:41.0600 3492 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:14:41.0600 3492 LSI_SAS2 - ok
18:14:41.0631 3492 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:14:41.0631 3492 LSI_SCSI - ok
18:14:41.0663 3492 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:14:41.0663 3492 luafv - ok
18:14:41.0678 3492 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:14:41.0678 3492 megasas - ok
18:14:41.0694 3492 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:14:41.0694 3492 MegaSR - ok
18:14:41.0694 3492 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:14:41.0709 3492 Modem - ok
18:14:41.0725 3492 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:14:41.0725 3492 monitor - ok
18:14:41.0756 3492 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:14:41.0756 3492 mouclass - ok
18:14:41.0772 3492 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:14:41.0772 3492 mouhid - ok
18:14:41.0819 3492 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:14:41.0819 3492 mountmgr - ok
18:14:41.0865 3492 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
18:14:41.0865 3492 MpFilter - ok
18:14:41.0881 3492 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:14:41.0897 3492 mpio - ok
18:14:41.0975 3492 MpKsl63a20a54 (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{08EBCFE9-36CB-43B2-AE5E-90D1111F9B46}\MpKsl63a20a54.sys
18:14:41.0975 3492 MpKsl63a20a54 - ok
18:14:42.0006 3492 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:14:42.0006 3492 MpNWMon - ok
18:14:42.0037 3492 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:14:42.0037 3492 mpsdrv - ok
18:14:42.0068 3492 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:14:42.0068 3492 MRxDAV - ok
18:14:42.0099 3492 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:14:42.0099 3492 mrxsmb - ok
18:14:42.0146 3492 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:14:42.0146 3492 mrxsmb10 - ok
18:14:42.0193 3492 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:14:42.0193 3492 mrxsmb20 - ok
18:14:42.0224 3492 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:14:42.0224 3492 msahci - ok
18:14:42.0240 3492 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:14:42.0255 3492 msdsm - ok
18:14:42.0287 3492 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:14:42.0287 3492 Msfs - ok
18:14:42.0349 3492 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:14:42.0349 3492 mshidkmdf - ok
18:14:42.0349 3492 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:14:42.0349 3492 msisadrv - ok
18:14:42.0380 3492 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:14:42.0380 3492 MSKSSRV - ok
18:14:42.0427 3492 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:14:42.0427 3492 MSPCLOCK - ok
18:14:42.0443 3492 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:14:42.0458 3492 MSPQM - ok
18:14:42.0474 3492 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:14:42.0474 3492 MsRPC - ok
18:14:42.0474 3492 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:14:42.0489 3492 mssmbios - ok
18:14:42.0489 3492 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:14:42.0489 3492 MSTEE - ok
18:14:42.0505 3492 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:14:42.0505 3492 MTConfig - ok
18:14:42.0521 3492 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:14:42.0521 3492 Mup - ok
18:14:42.0552 3492 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:14:42.0552 3492 NativeWifiP - ok
18:14:42.0583 3492 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:14:42.0599 3492 NDIS - ok
18:14:42.0630 3492 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:14:42.0630 3492 NdisCap - ok
18:14:42.0645 3492 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:14:42.0645 3492 NdisTapi - ok
18:14:42.0677 3492 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:14:42.0677 3492 Ndisuio - ok
18:14:42.0708 3492 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:14:42.0708 3492 NdisWan - ok
18:14:42.0723 3492 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:14:42.0723 3492 NDProxy - ok
18:14:42.0755 3492 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:14:42.0755 3492 NetBIOS - ok
18:14:42.0786 3492 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:14:42.0786 3492 NetBT - ok
18:14:42.0833 3492 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:14:42.0833 3492 nfrd960 - ok
18:14:42.0879 3492 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:14:42.0879 3492 NisDrv - ok
18:14:42.0911 3492 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:14:42.0911 3492 Npfs - ok
18:14:42.0926 3492 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:14:42.0926 3492 nsiproxy - ok
18:14:42.0973 3492 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:14:42.0989 3492 Ntfs - ok
18:14:43.0004 3492 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:14:43.0004 3492 Null - ok
18:14:43.0207 3492 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:14:43.0285 3492 nvlddmkm - ok
18:14:43.0347 3492 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:14:43.0347 3492 nvraid - ok
18:14:43.0363 3492 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:14:43.0363 3492 nvstor - ok
18:14:43.0394 3492 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:14:43.0394 3492 nv_agp - ok
18:14:43.0425 3492 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:14:43.0425 3492 ohci1394 - ok
18:14:43.0457 3492 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:14:43.0457 3492 Parport - ok
18:14:43.0488 3492 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:14:43.0488 3492 partmgr - ok
18:14:43.0503 3492 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:14:43.0503 3492 Parvdm - ok
18:14:43.0519 3492 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:14:43.0519 3492 pci - ok
18:14:43.0535 3492 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:14:43.0535 3492 pciide - ok
18:14:43.0550 3492 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:14:43.0566 3492 pcmcia - ok
18:14:43.0566 3492 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:14:43.0566 3492 pcw - ok
18:14:43.0597 3492 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:14:43.0597 3492 PEAUTH - ok
18:14:43.0644 3492 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:14:43.0644 3492 PptpMiniport - ok
18:14:43.0659 3492 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:14:43.0659 3492 Processor - ok
18:14:43.0737 3492 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:14:43.0737 3492 Psched - ok
18:14:43.0769 3492 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
18:14:43.0769 3492 PxHelp20 - ok
18:14:43.0800 3492 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:14:43.0815 3492 ql2300 - ok
18:14:43.0847 3492 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:14:43.0847 3492 ql40xx - ok
18:14:43.0862 3492 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:14:43.0862 3492 QWAVEdrv - ok
18:14:43.0878 3492 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:14:43.0878 3492 RasAcd - ok
18:14:43.0893 3492 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:14:43.0893 3492 RasAgileVpn - ok
18:14:43.0909 3492 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:14:43.0909 3492 Rasl2tp - ok
18:14:43.0940 3492 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:14:43.0940 3492 RasPppoe - ok
18:14:43.0956 3492 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:14:43.0956 3492 RasSstp - ok
18:14:43.0987 3492 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:14:43.0987 3492 rdbss - ok
18:14:44.0018 3492 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:14:44.0018 3492 rdpbus - ok
18:14:44.0049 3492 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:14:44.0049 3492 RDPCDD - ok
18:14:44.0096 3492 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
18:14:44.0096 3492 RDPDR - ok
18:14:44.0127 3492 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:14:44.0127 3492 RDPENCDD - ok
18:14:44.0143 3492 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:14:44.0143 3492 RDPREFMP - ok
18:14:44.0174 3492 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
18:14:44.0174 3492 RDPWD - ok
18:14:44.0205 3492 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:14:44.0205 3492 rdyboost - ok
18:14:44.0252 3492 rootrepeal - ok
18:14:44.0283 3492 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:14:44.0283 3492 rspndr - ok
18:14:44.0330 3492 RTL8167 (5283b9a27ff230f2ff70d92451ff409a) C:\Windows\system32\DRIVERS\Rt86win7.sys
18:14:44.0330 3492 RTL8167 - ok
18:14:44.0361 3492 RxFilter (c3f676bfb12292ffbc5b5fe4c8daf2d4) C:\Windows\system32\DRIVERS\RxFilter.sys
18:14:44.0361 3492 RxFilter - ok
18:14:44.0393 3492 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
18:14:44.0393 3492 s3cap - ok
18:14:44.0439 3492 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:14:44.0455 3492 SASDIFSV - ok
18:14:44.0455 3492 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:14:44.0455 3492 SASKUTIL - ok
18:14:44.0517 3492 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:14:44.0517 3492 scfilter - ok
18:14:44.0564 3492 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:14:44.0564 3492 secdrv - ok
18:14:44.0595 3492 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:14:44.0595 3492 Serenum - ok
18:14:44.0611 3492 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:14:44.0611 3492 Serial - ok
18:14:44.0627 3492 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:14:44.0627 3492 sermouse - ok
18:14:44.0658 3492 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:14:44.0658 3492 sffdisk - ok
18:14:44.0673 3492 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:14:44.0673 3492 sffp_mmc - ok
18:14:44.0689 3492 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:14:44.0689 3492 sffp_sd - ok
18:14:44.0705 3492 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:14:44.0705 3492 sfloppy - ok
18:14:44.0720 3492 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:14:44.0720 3492 sisagp - ok
18:14:44.0751 3492 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:14:44.0751 3492 SiSRaid2 - ok
18:14:44.0767 3492 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:14:44.0767 3492 SiSRaid4 - ok
18:14:44.0783 3492 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:14:44.0783 3492 Smb - ok
18:14:44.0814 3492 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:14:44.0829 3492 spldr - ok
18:14:44.0861 3492 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:14:44.0861 3492 srv - ok
18:14:44.0923 3492 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:14:44.0923 3492 srv2 - ok
18:14:44.0939 3492 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:14:44.0939 3492 srvnet - ok
18:14:44.0970 3492 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:14:44.0970 3492 stexstor - ok
18:14:45.0001 3492 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
18:14:45.0001 3492 storflt - ok
18:14:45.0032 3492 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
18:14:45.0032 3492 storvsc - ok
18:14:45.0048 3492 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:14:45.0048 3492 swenum - ok
18:14:45.0110 3492 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:14:45.0110 3492 Tcpip - ok
18:14:45.0141 3492 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:14:45.0157 3492 TCPIP6 - ok
18:14:45.0188 3492 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:14:45.0188 3492 tcpipreg - ok
18:14:45.0204 3492 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:14:45.0204 3492 TDPIPE - ok
18:14:45.0219 3492 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
18:14:45.0219 3492 TDTCP - ok
18:14:45.0235 3492 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:14:45.0235 3492 tdx - ok
18:14:45.0251 3492 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:14:45.0251 3492 TermDD - ok
18:14:45.0282 3492 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:14:45.0297 3492 tssecsrv - ok
18:14:45.0313 3492 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:14:45.0313 3492 TsUsbFlt - ok
18:14:45.0375 3492 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:14:45.0375 3492 tunnel - ok
18:14:45.0407 3492 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:14:45.0407 3492 uagp35 - ok
18:14:45.0438 3492 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:14:45.0438 3492 udfs - ok
18:14:45.0500 3492 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:14:45.0500 3492 uliagpkx - ok
18:14:45.0516 3492 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:14:45.0516 3492 umbus - ok
18:14:45.0516 3492 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:14:45.0516 3492 UmPass - ok
18:14:45.0563 3492 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:14:45.0563 3492 usbccgp - ok
18:14:45.0578 3492 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:14:45.0578 3492 usbcir - ok
18:14:45.0594 3492 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
18:14:45.0594 3492 usbehci - ok
18:14:45.0609 3492 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:14:45.0625 3492 usbhub - ok
18:14:45.0641 3492 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
18:14:45.0641 3492 usbohci - ok
18:14:45.0656 3492 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:14:45.0656 3492 usbprint - ok
18:14:45.0687 3492 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
18:14:45.0687 3492 usbscan - ok
18:14:45.0734 3492 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
18:14:45.0734 3492 USBSTOR - ok
18:14:45.0750 3492 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:14:45.0750 3492 usbuhci - ok
18:14:45.0765 3492 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:14:45.0765 3492 vdrvroot - ok
18:14:45.0797 3492 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:14:45.0797 3492 vga - ok
18:14:45.0812 3492 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:14:45.0812 3492 VgaSave - ok
18:14:45.0828 3492 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:14:45.0828 3492 vhdmp - ok
18:14:45.0859 3492 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:14:45.0859 3492 viaagp - ok
18:14:45.0875 3492 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:14:45.0875 3492 ViaC7 - ok
18:14:45.0890 3492 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:14:45.0890 3492 viaide - ok
18:14:45.0921 3492 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
18:14:45.0921 3492 vmbus - ok
18:14:45.0921 3492 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
18:14:45.0921 3492 VMBusHID - ok
18:14:45.0953 3492 vmci (c560b5363ad494541deda5da539fb870) C:\Windows\system32\Drivers\vmci.sys
18:14:45.0953 3492 vmci - ok
18:14:46.0046 3492 vmkbd (45e341e59f14cd88a64fdbe74ed0dd13) C:\Windows\system32\drivers\VMkbd.sys
18:14:46.0062 3492 vmkbd - ok
18:14:46.0077 3492 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\Windows\system32\DRIVERS\vmnetadapter.sys
18:14:46.0077 3492 VMnetAdapter - ok
18:14:46.0093 3492 VMnetBridge (462f2a31ea8b87a28962aca998df1869) C:\Windows\system32\DRIVERS\vmnetbridge.sys
18:14:46.0093 3492 VMnetBridge - ok
18:14:46.0109 3492 VMnetuserif (c4172c1661789d50f27e222288132a72) C:\Windows\system32\drivers\vmnetuserif.sys
18:14:46.0109 3492 VMnetuserif - ok
18:14:46.0124 3492 VMparport (c8f7ad7ad7785a4bc59bf4dfce5df13a) C:\Windows\system32\Drivers\VMparport.sys
18:14:46.0124 3492 VMparport - ok
18:14:46.0155 3492 vmusb (afb10ad9aa91d2f70c9f0e6bda0d119b) C:\Windows\system32\Drivers\vmusb.sys
18:14:46.0155 3492 vmusb - ok
18:14:46.0265 3492 vmx86 (2177f7269c6cc6a5657f1779eaa6c460) C:\Windows\system32\Drivers\vmx86.sys
18:14:46.0265 3492 vmx86 - ok
18:14:46.0280 3492 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:14:46.0280 3492 volmgr - ok
18:14:46.0311 3492 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:14:46.0311 3492 volmgrx - ok
18:14:46.0327 3492 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:14:46.0327 3492 volsnap - ok
18:14:46.0358 3492 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
18:14:46.0358 3492 vpcbus - ok
18:14:46.0389 3492 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
18:14:46.0389 3492 vpcnfltr - ok
18:14:46.0405 3492 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
18:14:46.0405 3492 vpcusb - ok
18:14:46.0421 3492 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys
18:14:46.0421 3492 vpcvmm - ok
18:14:46.0452 3492 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:14:46.0452 3492 vsmraid - ok
18:14:46.0499 3492 vstor2-ws60 (98929c5c5314c4c048e2f60492c26723) C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
18:14:46.0499 3492 vstor2-ws60 - ok
18:14:46.0514 3492 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:14:46.0514 3492 vwifibus - ok
18:14:46.0545 3492 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:14:46.0545 3492 WacomPen - ok
18:14:46.0592 3492 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:14:46.0592 3492 WANARP - ok
18:14:46.0608 3492 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:14:46.0608 3492 Wanarpv6 - ok
18:14:46.0655 3492 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:14:46.0655 3492 Wd - ok
18:14:46.0670 3492 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:14:46.0670 3492 Wdf01000 - ok
18:14:46.0717 3492 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:14:46.0717 3492 WfpLwf - ok
18:14:46.0733 3492 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:14:46.0733 3492 WIMMount - ok
18:14:46.0795 3492 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:14:46.0795 3492 WmiAcpi - ok
18:14:46.0826 3492 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:14:46.0826 3492 ws2ifsl - ok
18:14:46.0857 3492 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:14:46.0857 3492 WudfPf - ok
18:14:46.0873 3492 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:14:46.0873 3492 WUDFRd - ok
18:14:46.0904 3492 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:14:46.0904 3492 \Device\Harddisk0\DR0 - ok
18:14:46.0920 3492 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
18:14:46.0920 3492 \Device\Harddisk1\DR1 - ok
18:14:46.0935 3492 Boot (0x1200) (adeadb6ca2f04926b3738c27da7d5ec0) \Device\Harddisk1\DR1\Partition0
18:14:46.0935 3492 \Device\Harddisk1\DR1\Partition0 - ok
18:14:46.0935 3492 Boot (0x1200) (edeb3fd0a5db3183f3965b37982b277c) \Device\Harddisk1\DR1\Partition1
18:14:46.0935 3492 \Device\Harddisk1\DR1\Partition1 - ok
18:14:46.0935 3492 ============================================================
18:14:46.0935 3492 Scan finished
18:14:46.0935 3492 ============================================================
18:14:46.0951 3136 Detected object count: 0
18:14:46.0951 3136 Actual detected object count: 0
18:15:05.0967 3700 Deinitialize success

I did do my best to completely uninstall and delete all vestiges of the old Java install, then downloaded directly from sun and reinstalled.

So the entry point should have been eliminated. I have also disabled the update wizard for good measure.

Next?

Please give me an update on your computer.

Well, I notice that MS Security Essentials was not starting automatically, so I added the icon to the startup group.

Also I am trying to update Itunes and even when I run the install as admin I get the error:

The path "C:\Users\Kevin\AppData\Local\Apple\Apple Software Update\iTunes.msi cannot be found. Verity that you have access to this location and try again, or tyr to find the installation package "iTunes.msi" in a folder from which you can install the product iTunes.

Well the folder and file is there.... i finally just tried double clicking on the iTunes.msi file and it worked....

Something is just not right. Stumped.

I did the test again on the personal folders - still get the access denied and weird glif chinese characters - just as before.

So no beneficial change.

I am heavily considering a full drive wipe and reinstall. Any comments?

I am heavily considering a full drive wipe and reinstall. Any comments?.

If you can save your important data, that could be the fastest way to go. We could be hacking away at this for another two weeks or more. If you do a re-format be sure to scan your documents, files, pictures, music with at least two good AV scanners before putting them back on your computer.

I have a D drive with almost all my data on it - I don't like keeping all my data on the C - for just this reason.

I am very frustrated that we cannot get a handle on this. I never had a virus that I could not find and at least id.

With all the tools we have thrown at this I just don't have any more tricks!

Someone out there has come up with something very subtle and hard to find - and worse yet we don't know what it does.

I am willing to try one more round if you are but we need to step up to a new level - this aint no ordinary bug.

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.



Set the slider to Maximum.



IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.



On the General tab, make sure all of the boxes are checked.



On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.


Click Create Report to run it.


It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply..

Sorry for the delay - I was out of town.

Here is the link:

http://www.getsysteminfo.com/read.php?file=5761cbc54efc6a5e87840291888d94c4

Please uninstall your version of MBAM and download the new one. Please post the log.

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.04.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Kevin :: KEVINSDESKTOP [administrator]

1/4/2012 6:40:03 PM
mbam-log-2012-01-04 (18-40-03).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 419659
Time elapsed: 48 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

no effect.....

We are out of ideas as how to fix this problem. Sorry.