Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Picked up a virus called Windows Vista Fix


  • Please log in to reply
21 replies to this topic

#1 angelca

angelca

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 07 July 2011 - 02:06 PM

I recently had the Windows Vista Antivirus 2012 and was able to remove it following the instructions on bleepingcomputer. However, a few days later, I now have something called the Windows Vista Fix. I have no idea if I picked it up with all the google redirects or through the sites and forums that I visit. But right now, my whole computer background has gone black and is wiped clear of all my icons and I can't access (or even find) anything.

I tried going through the same steps that I did last time with the 2012 Antivirus but it didn't work. Every time I try to run Rkill, I get a message saying "Access is denied". When I try to go ahead and run Malwarebytes anyway, it gets to the installation part, then the message "Access is denied" is also displayed.

Please help!

Edited by angelca, 07 July 2011 - 02:08 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:50 AM

Posted 07 July 2011 - 02:24 PM

Hello ansd welcome. I am thinking you meant Windows Vista Repair...

Please follow our Removal Guide here Remove Windows Vista Repair (Uninstall Guide) .
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 angelca

angelca
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 07 July 2011 - 04:04 PM

Hi! Thanks so much for replying! Unfortunately, I got freaked out after repeatedly trying to run Rkill and Malwarebytes, and found that I could perform system restore so I tried that instead. It took a lot longer than usual but it appears to have worked. However, a lot of my icons are still missing, and it looks like I've set it back to right before the 2012 virus shut everything down so I'll have to see if I can't get rid of that right now before it starts acting up again, and get my icons back also.

Anyway, the virus I have definitely said Windows Vista Fix on the name tab, not Windows Vista Repair, whenever it tried to scan my computer for infections. Believe me, I looked at the name, over and over again, and compared it to the one I found here just because I couldn't believe there was a difference. The pop up box showed a windows icon similar to the one seen on the Repair one though, but in the box itself, it gave a list of drives?, folders? (sorry, I was frantically trying to stop it and closing it, and didn't get a good look at what exactly it was scanning) being automatically scanned with the bars showing percentage completed, and looked more like the second screenshot shown for the Repair virus (a new version perhaps?).

I forgot to mention I did find the solution for Windows Vista Repair, and because that was the one that sounded the most like the one I have with the critical messages popping up concerning the hard drive and memory space, I tried that out too. The only difference I noticed was the TDSS killer which I also downloaded and ran, but it found nothing.

Um, here's the log from Rkill:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/07/2011 at 11:20:55.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 07/07/2011 at 11:22:32.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/07/2011 at 11:38:38.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:

Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/07/2011 at 11:41:10.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:

Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/07/2011 at 11:42:33.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 07/07/2011 at 11:42:44.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/07/2011 at 11:59:49.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\system32\DRIVERS\xaudio.exe


Rkill completed on 07/07/2011 at 12:00:01.


Thank you so much for your help! At the rate that I seem to be getting viruses now, I have a feeling I'll be back soon. *crosses fingers*

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:50 AM

Posted 07 July 2011 - 06:44 PM

Hi angelica ,this maybe new as it appears to be a cross between the onw we just did and another ,,so letys run these now and see how you are after.
This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes. From a clean computer, please download the following file and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive.

FixNCR.reg

insert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg file to fix the Registry on your infected computer.


Rerun RKill then MBAM
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 angelca

angelca
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 08 July 2011 - 12:41 AM

Hi boopme. Thank you so much for all your help.

I did try installing and running Rkill and mbam after the system restore but the same messages saying "Access is denied" appeared again. After receiving the error message, Malwarebytes opened up anyway so I performed a scan but it came up with zero objects infected. So then, I did what you suggested and went back and reran FixNCR and when I ran Rkill again, I got this message instead:

Rkill by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2010 BleepingComputer.com


Preparing Rkill.


The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
Terminating known malware processes.
Please be patient.



And this is the log (although it supposedly couldn't be accessed?):

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/07/2011 at 21:30:48.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 07/07/2011 at 21:32:27.



When I tried to run and update Malwarebytes, a box popped up with this message:

An error has occurred. Please report this error code to our support team.

PROGRAM_ERROR_UPDATING(2,0, CreateFile)

The system cannot find the file specified.



I decided to try running mbam setup anyway and this time, I was able to install it although I still couldn't update it (it wouldn't install at all after Windows Vista Fix first popped up this morning). However, after performing the scan, I received the same log that I got after I ran it following the system restore:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 7045

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

7/7/2011 9:23:49 PM
mbam-log-2011-07-07 (21-23-49).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 342887
Time elapsed: 1 hour(s), 37 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)


Obviously, something is still there though because neither Rkill nor Malwarebytes is running right. But whew, I'm burned out. I won't have time to get on the computer tomorrow but I'll mess around with it some more on Saturday and see if maybe I missed a step or something. But any suggestions or ideas you can give me in the meantime is greatly appreciated.

Thanks again for everything!


PS The above log from Rkill actually came after I ran mbam because I assumed the logs would be saved automatically even if I didn't save them myself but they don't. So yeah, I ran it again but it came up with the same problem and log so I just copied that one onto this post.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:50 AM

Posted 08 July 2011 - 08:30 PM

I or someone will be back soon
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 angelca

angelca
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 09 July 2011 - 06:56 PM

Okay, redid everything twice today (FixNCR, Rkill, and mbam).

The first time I ran Rkill, I got the same message about not being able to access the file due to another process using it (oh, and I've been forgetting to mention that each time that happened, another box would pop up saying "Installation failed"). Anyway, I just got angry and clicked on Rkill again and this time, I got the regular Rkill message so I ran it. However, I got the same logs as before (both on Rkill and mbam). Here's the log from Rkill:


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/09/2011 at 11:54:50.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 07/09/2011 at 11:54:59.



And here are the results from Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 7060

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

7/9/2011 1:19:47 PM
mbam-log-2011-07-09 (13-19-47).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 343066
Time elapsed: 1 hour(s), 22 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


As I said above, I ran everything twice but the logs are completely the same and these ones posted are from the first time today. But I do have the results saved from the last run if you need it.

I'm wondering though, about Windows Defender. It popped up and tried to perform a scan the night before, but the thing is I don't really remember it doing that until just a few weeks ago or if I even remember seeing the program prior to the pop-ups. I googled it and it seems that it could be a virus, but it could also be a legitimate program that came preinstalled so I don't know if I should try to get rid of it. It's missing from the taskbar at the moment but I did a search for it and it's still in the computer. I guess it only shows up on the taskbar when it's running a scan or something.

Anyway, I'd appreciate it if you could get back to me on all of this. Thanks again for all your help!

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:50 AM

Posted 09 July 2011 - 10:59 PM

Hello, yes there is also a Fake windows defender virus.

Lets see this
But I do have the results saved from the last run if you need it.


now run an online scan.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 angelca

angelca
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 10 July 2011 - 12:09 PM

Hi, boopme! Thanks so much for getting back to me.

Here you go, the logs from the last run yesterday on Rkill and Malwarebytes:


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/09/2011 at 13:57:07.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 07/09/2011 at 13:57:20.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 7060

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

7/9/2011 3:21:18 PM
mbam-log-2011-07-09 (15-21-18).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 342874
Time elapsed: 1 hour(s), 21 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


And the results from ESET last night:

C:\Users\Lisa\AppData\Local\Temp\jar_cache10532.tmp a variant of Java/TrojanDownloader.Agent.NAN trojan deleted - quarantined
C:\Users\Lisa\AppData\Local\Temp\wJQs.exe a variant of Win32/TrojanDownloader.FakeAlert.NQ trojan cleaned by deleting - quarantined
C:\Users\Lisa\Desktop\New Folder\Final Fantasy 7, 8 & 9 for PSX\LoveFetish4.iso probably a variant of Win32/Agent.DMBNKV trojan deleted - quarantined


Boohoo *cries* I'm upset about the last one on that list that it cleared out. Was it really harmful to my computer? I've had it on my laptop for at least a year now waiting for the day I get a new computer so I can play one of the files on it.

Anyway, Windows Defender is still in my computer. You think I should still try to get rid of it?

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:50 AM

Posted 10 July 2011 - 07:15 PM

How is it running now?

What version of JAVA is running?
Go into Control Panel> Programs > Uninstall a Program.
Go down the list and tell me what Java applications are installed and their version.
Same with Adobe.

Dont empty the Quarantine as we may be able to save the Final Fantasy.

As MBAM did not flag Win Defender yours is the legit one.

Open up the control panel then go into Administrative Tools then open up the Services then scroll down to Windows Defender then right click on it and go into the properties
Then for the startup type it should be on automatic delayed then ok everything.
After that right click on windows defender and select start then you can open windows defender.

EDIT
I see Grinler has written a fix for this here
http://www.bleepingcomputer.com/virus-removal/remove-windows-vista-fix

We need to run step 5
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

Edited by boopme, 10 July 2011 - 08:25 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 angelca

angelca
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 11 July 2011 - 01:20 PM

Dont empty the Quarantine as we may be able to save the Final Fantasy.

Oh, yay! Thank you, thank you, thank you! I was really, really hoping it wasn’t what had caused the infection because that would mean I can’t get it again. Um...how do I empty the quarantine anyway?

Everything feels like it’s running smoothly so I guess we’re almost done. I’m thinking about downloading and getting the full Malwarebytes version for $25 so I don’t have to deal with another one of these things anytime soon, but I don’t know if it’ll mess with my current security system (NOD32). It should be okay to have both of these programs running on my computer, right?

And yes, I did see the guide for Windows Vista Fix removal a couple of days ago but it looks like we’ve pretty much been going through the same steps anyway (minus the tdsskiller, which I’ve gone ahead and done again last night)? I think I also followed the same instructions for removing it the very first day I came on here when I couldn’t find a guide for Fix but found the Repair one instead and did that one. And iirc, I had trouble getting Rkill to start and could not get either it or mbam to install. It wasn’t until you suggested FixNCR first that Rkill was able to run so that helped a LOT.

Okay, here’s the information requested:
Java™ 6 Update 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2


I did try to go into Windows Defender but this is the message I got when I tried to change the startup:

The delayed auto-start flag could not be set.
Error 87: The parameter is incorrect.

It won’t let me change it so it’s still on “Automatic” as opposed to “Automatic (Delayed Start)".


I ran tdsskiller again as you asked but did not get a log. When it finished, the box was empty and at the top, it read “not found” next to “Infection”. I’m guessing (hoping) that’s good. Either way, my computer feels like it's running normal and it's all thanks to you! Btw, you should also have a donation button in your sig. Just a suggestion. :)

Edit: Never mind, found it (should read the instructions more carefully next time). Um...it's really long. Sorry, can't figure out how to do a link.

2011/07/11 01:10:08.0272 3992 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/11 01:10:09.0115 3992 ================================================================================
2011/07/11 01:10:09.0116 3992 SystemInfo:
2011/07/11 01:10:09.0116 3992
2011/07/11 01:10:09.0116 3992 OS Version: 6.0.6001 ServicePack: 1.0
2011/07/11 01:10:09.0116 3992 Product type: Workstation
2011/07/11 01:10:09.0116 3992 ComputerName: LISA-PC
2011/07/11 01:10:09.0117 3992 UserName: Lisa
2011/07/11 01:10:09.0117 3992 Windows directory: C:\Windows
2011/07/11 01:10:09.0117 3992 System windows directory: C:\Windows
2011/07/11 01:10:09.0117 3992 Processor architecture: Intel x86
2011/07/11 01:10:09.0117 3992 Number of processors: 2
2011/07/11 01:10:09.0117 3992 Page size: 0x1000
2011/07/11 01:10:09.0117 3992 Boot type: Normal boot
2011/07/11 01:10:09.0117 3992 ================================================================================
2011/07/11 01:10:10.0678 3992 Initialize success
2011/07/11 01:10:14.0144 4136 ================================================================================
2011/07/11 01:10:14.0144 4136 Scan started
2011/07/11 01:10:14.0144 4136 Mode: Manual;
2011/07/11 01:10:14.0144 4136 ================================================================================
2011/07/11 01:10:16.0523 4136 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/07/11 01:10:16.0720 4136 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/07/11 01:10:16.0793 4136 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/07/11 01:10:16.0860 4136 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/07/11 01:10:17.0023 4136 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/07/11 01:10:17.0219 4136 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/07/11 01:10:17.0305 4136 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/07/11 01:10:17.0368 4136 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/11 01:10:17.0532 4136 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/07/11 01:10:17.0601 4136 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/07/11 01:10:17.0718 4136 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/07/11 01:10:17.0820 4136 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/07/11 01:10:17.0903 4136 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/11 01:10:18.0102 4136 AMON (98ecca556d67deba604a4b4b1fdb02b8) C:\Windows\system32\drivers\amon.sys
2011/07/11 01:10:18.0202 4136 AnyDVD (b1985816d3df57b2d78da9d7bd874fef) C:\Windows\system32\Drivers\AnyDVD.sys
2011/07/11 01:10:18.0330 4136 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/11 01:10:18.0435 4136 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/07/11 01:10:18.0502 4136 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/07/11 01:10:18.0546 4136 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/11 01:10:18.0690 4136 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/07/11 01:10:18.0796 4136 athr (0437199c88f6e88a387cfec8a8886a6e) C:\Windows\system32\DRIVERS\athr.sys
2011/07/11 01:10:19.0048 4136 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/07/11 01:10:19.0127 4136 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/11 01:10:19.0241 4136 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/07/11 01:10:19.0347 4136 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/11 01:10:19.0417 4136 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/11 01:10:19.0493 4136 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/11 01:10:19.0586 4136 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/11 01:10:19.0645 4136 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/11 01:10:19.0686 4136 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/11 01:10:19.0799 4136 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/11 01:10:19.0885 4136 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/11 01:10:19.0952 4136 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/11 01:10:20.0093 4136 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/11 01:10:20.0162 4136 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/07/11 01:10:20.0285 4136 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/07/11 01:10:20.0400 4136 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/11 01:10:20.0460 4136 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/07/11 01:10:20.0515 4136 CnxtHdAudService (2e39f9c51912f4f211b0334aed33e7bd) C:\Windows\system32\drivers\CHDRT32.sys
2011/07/11 01:10:20.0668 4136 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/11 01:10:20.0733 4136 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/07/11 01:10:20.0794 4136 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/07/11 01:10:20.0944 4136 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/07/11 01:10:21.0016 4136 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/07/11 01:10:21.0166 4136 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/11 01:10:21.0347 4136 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/11 01:10:21.0471 4136 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/11 01:10:21.0634 4136 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/07/11 01:10:21.0764 4136 ElbyCDIO (084a13f18856d610d44d3109a9d2acde) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/07/11 01:10:21.0811 4136 ElbyDelay (df9957db3bfe5136aad3c2c101806c98) C:\Windows\system32\Drivers\ElbyDelay.sys
2011/07/11 01:10:21.0959 4136 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/07/11 01:10:22.0059 4136 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/07/11 01:10:22.0238 4136 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/07/11 01:10:22.0304 4136 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/07/11 01:10:22.0357 4136 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/11 01:10:22.0507 4136 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/11 01:10:22.0573 4136 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/11 01:10:22.0628 4136 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/11 01:10:22.0712 4136 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/07/11 01:10:22.0837 4136 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/11 01:10:22.0892 4136 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/11 01:10:23.0039 4136 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/11 01:10:23.0122 4136 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/07/11 01:10:23.0268 4136 HdAudAddService (a1be5a64ddcb0880301cf860be3f0a07) C:\Windows\system32\drivers\CHDART.sys
2011/07/11 01:10:23.0340 4136 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/11 01:10:23.0397 4136 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/11 01:10:23.0516 4136 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/11 01:10:23.0592 4136 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/11 01:10:23.0758 4136 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/07/11 01:10:23.0823 4136 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/07/11 01:10:23.0984 4136 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/07/11 01:10:24.0082 4136 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/07/11 01:10:24.0270 4136 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/07/11 01:10:24.0466 4136 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/07/11 01:10:24.0542 4136 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/07/11 01:10:24.0598 4136 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/11 01:10:24.0813 4136 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/11 01:10:24.0876 4136 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/07/11 01:10:25.0117 4136 igfx (04e385059da704ec6659ddb1526c4193) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/11 01:10:25.0355 4136 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/11 01:10:25.0440 4136 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/07/11 01:10:25.0600 4136 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/11 01:10:25.0678 4136 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/11 01:10:25.0837 4136 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/11 01:10:25.0899 4136 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/11 01:10:26.0052 4136 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/11 01:10:26.0102 4136 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/07/11 01:10:26.0243 4136 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/11 01:10:26.0391 4136 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/11 01:10:26.0451 4136 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/11 01:10:26.0547 4136 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/11 01:10:26.0636 4136 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/11 01:10:26.0810 4136 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/11 01:10:27.0009 4136 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/11 01:10:27.0179 4136 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/11 01:10:27.0286 4136 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/11 01:10:27.0393 4136 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/11 01:10:27.0451 4136 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/11 01:10:27.0534 4136 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/07/11 01:10:27.0652 4136 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/07/11 01:10:27.0800 4136 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/07/11 01:10:27.0910 4136 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/11 01:10:28.0000 4136 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/11 01:10:28.0062 4136 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/11 01:10:28.0157 4136 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/11 01:10:28.0244 4136 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/11 01:10:28.0401 4136 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/07/11 01:10:28.0455 4136 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/11 01:10:28.0620 4136 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/11 01:10:28.0678 4136 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/07/11 01:10:28.0774 4136 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/11 01:10:28.0941 4136 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/11 01:10:29.0018 4136 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/11 01:10:29.0162 4136 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/07/11 01:10:29.0315 4136 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/07/11 01:10:29.0483 4136 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/11 01:10:29.0620 4136 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/11 01:10:29.0812 4136 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/11 01:10:29.0967 4136 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/11 01:10:30.0031 4136 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/11 01:10:30.0196 4136 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/07/11 01:10:30.0271 4136 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/11 01:10:30.0367 4136 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/11 01:10:30.0448 4136 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/07/11 01:10:30.0611 4136 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/11 01:10:30.0788 4136 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/07/11 01:10:30.0909 4136 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/11 01:10:30.0996 4136 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/11 01:10:31.0045 4136 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/11 01:10:31.0169 4136 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/11 01:10:31.0274 4136 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/11 01:10:31.0352 4136 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/11 01:10:31.0652 4136 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/07/11 01:10:31.0961 4136 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/11 01:10:32.0421 4136 nod32drv (18c1c4b7098130e672cb9d28cf67f81e) C:\Windows\system32\drivers\nod32drv.sys
2011/07/11 01:10:32.0550 4136 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/07/11 01:10:32.0624 4136 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/11 01:10:32.0854 4136 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/07/11 01:10:33.0101 4136 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/11 01:10:33.0159 4136 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/11 01:10:33.0238 4136 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
2011/07/11 01:10:33.0311 4136 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/07/11 01:10:33.0453 4136 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/07/11 01:10:33.0516 4136 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/07/11 01:10:33.0721 4136 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/07/11 01:10:33.0905 4136 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/11 01:10:33.0983 4136 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/07/11 01:10:34.0088 4136 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/11 01:10:34.0203 4136 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/07/11 01:10:34.0255 4136 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/07/11 01:10:34.0363 4136 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/11 01:10:34.0539 4136 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/11 01:10:34.0764 4136 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\Windows\system32\DRIVERS\pnetmdm.sys
2011/07/11 01:10:34.0889 4136 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/11 01:10:34.0991 4136 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/07/11 01:10:35.0131 4136 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/11 01:10:35.0363 4136 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/07/11 01:10:35.0551 4136 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/11 01:10:35.0678 4136 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/11 01:10:35.0806 4136 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/11 01:10:36.0009 4136 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/11 01:10:36.0095 4136 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/11 01:10:36.0153 4136 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/11 01:10:36.0276 4136 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/11 01:10:36.0429 4136 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/11 01:10:36.0674 4136 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/07/11 01:10:36.0916 4136 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/11 01:10:37.0019 4136 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/07/11 01:10:37.0193 4136 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/07/11 01:10:37.0350 4136 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/11 01:10:37.0440 4136 RTL8023xp (8de22fb05e4a0f797b1e442eb4b3b51c) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/07/11 01:10:37.0523 4136 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/11 01:10:37.0698 4136 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/11 01:10:37.0789 4136 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/11 01:10:37.0853 4136 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/11 01:10:37.0969 4136 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/11 01:10:38.0115 4136 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/07/11 01:10:38.0209 4136 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/11 01:10:38.0307 4136 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/11 01:10:38.0415 4136 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/11 01:10:38.0521 4136 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/07/11 01:10:38.0611 4136 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/07/11 01:10:38.0753 4136 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/07/11 01:10:38.0928 4136 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/07/11 01:10:39.0027 4136 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/11 01:10:39.0202 4136 srv (9a0163e7fbe59da0591bb1ad77d92e63) C:\Windows\system32\DRIVERS\srv.sys
2011/07/11 01:10:39.0275 4136 srv2 (c7da26d2c7d480b1dd38ca19cc90b821) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/11 01:10:39.0321 4136 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/11 01:10:39.0456 4136 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/11 01:10:39.0587 4136 sxuptp (9d006c733cf95cb46e8553d9ee552b1f) C:\Windows\system32\DRIVERS\sxuptp.sys
2011/07/11 01:10:39.0663 4136 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/11 01:10:39.0848 4136 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/11 01:10:39.0911 4136 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/11 01:10:40.0121 4136 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/07/11 01:10:40.0335 4136 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/11 01:10:40.0425 4136 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/11 01:10:40.0475 4136 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/11 01:10:40.0580 4136 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/11 01:10:40.0669 4136 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/11 01:10:40.0720 4136 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/11 01:10:40.0858 4136 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/11 01:10:40.0921 4136 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/11 01:10:40.0962 4136 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/11 01:10:41.0115 4136 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/07/11 01:10:41.0220 4136 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/11 01:10:41.0364 4136 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/11 01:10:41.0423 4136 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/07/11 01:10:41.0587 4136 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/11 01:10:41.0734 4136 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/11 01:10:41.0781 4136 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/11 01:10:41.0941 4136 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/11 01:10:42.0067 4136 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/11 01:10:42.0122 4136 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/11 01:10:42.0259 4136 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/11 01:10:42.0322 4136 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/11 01:10:42.0425 4136 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/11 01:10:42.0529 4136 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/11 01:10:42.0631 4136 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/11 01:10:42.0714 4136 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/11 01:10:42.0871 4136 usb_rndisx (ee181a08e09db23cf4a49b46a1e66bb8) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/07/11 01:10:43.0039 4136 VClone (e69eb856ba6528d0373000683cc869a8) C:\Windows\system32\DRIVERS\VClone.sys
2011/07/11 01:10:43.0190 4136 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/11 01:10:43.0316 4136 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/11 01:10:43.0402 4136 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/07/11 01:10:43.0458 4136 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/07/11 01:10:43.0556 4136 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/07/11 01:10:43.0648 4136 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/11 01:10:43.0757 4136 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/07/11 01:10:43.0873 4136 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/07/11 01:10:43.0938 4136 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/07/11 01:10:44.0069 4136 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/11 01:10:44.0172 4136 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/11 01:10:44.0256 4136 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/11 01:10:44.0377 4136 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/07/11 01:10:44.0577 4136 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/11 01:10:44.0922 4136 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/07/11 01:10:45.0228 4136 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/11 01:10:45.0423 4136 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/11 01:10:45.0568 4136 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/11 01:10:45.0747 4136 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
2011/07/11 01:10:45.0939 4136 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
2011/07/11 01:10:46.0070 4136 Boot (0x1200) (82654b11e9991203a42987322c8b0696) \Device\Harddisk0\DR0\Partition0
2011/07/11 01:10:46.0151 4136 Boot (0x1200) (14036682aa497390dd55e68356503180) \Device\Harddisk0\DR0\Partition1
2011/07/11 01:10:46.0191 4136 ================================================================================
2011/07/11 01:10:46.0191 4136 Scan finished
2011/07/11 01:10:46.0191 4136 ================================================================================
2011/07/11 01:10:46.0226 5744 Detected object count: 0
2011/07/11 01:10:46.0226 5744 Actual detected object count: 0

Edited by angelca, 11 July 2011 - 01:37 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:50 AM

Posted 11 July 2011 - 03:11 PM

OK, looks clean now. We need to do a couple of things yet.

Java™ 6 Update 2 <<--OLD
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2 <<--OLD

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u26-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Go in Control Panel and remove Adobe Reader 8.1.2,then installAdobe Reader X (10.1)

NOTE: UN check the bos in front of Include in your download
Free Google Toolbar


Good choice on the MBAM and it will not interfere with ESET. Leave Defender alone,I believ ESET has it like that.

Lets get a last check.
Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 angelca

angelca
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 11 July 2011 - 08:08 PM

All right, posting the latest info. Here's the log from Security Check:

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 1 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
NOD32 antivirus system
ESET Online Scanner v3
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader X (10.1.0)
Mozilla Firefox (3.6.18)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Eset nod32krn.exe
ESET nod32kui.exe
Windows Defender MSASCui.exe
``````````End of Log````````````


Just curious, does Adobe AIR automatically get installed with Adobe Reader X because I seem to have that now too? Also McAfee Security--I didn't see it as an option with the Java dl but it did come on the Adobe one and I wasn't sure whether I should uncheck it or not so I went with the default and kept it checked. Can I uninstall the program since I plan on getting Malwarebytes once we're all done here or should I just leave it alone?

Again thanks for all your help and time, and especially for walking me through all of this!

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:50 AM

Posted 11 July 2011 - 08:33 PM

Hello you should install Vista Service Pack 2
http://support.microsoft.com/kb/935791

I see that AIR is being installled since Reader 9
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 angelca

angelca
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 12 July 2011 - 02:57 AM

Ugh...tried to install Pack 2 earlier and nothing happened so I messed around with the time and may have set the update to tomorrow night. Look like I gotta wait till then and see whether or not anything happens. I guess I'll be back tomorrow night.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users