Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes Not Working


  • This topic is locked This topic is locked
11 replies to this topic

#1 Aio

Aio

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 09 February 2012 - 03:58 PM

This problem is on my laptop. I have Windows 7. I went here http://www.bleepingcomputer.com/forums/topic419509.html and did what Broni said:
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility.
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here.

It still didn't work. In Broni's next post, he/she asked for Security Check, MiniToolBox, and GMER and post the results here. So, this is what I am doing.

Security Check
Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 14
Out of date Java installed!
Adobe Flash Player ( 10.3.183.7) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

MiniToolBox

MiniToolBox by Farbar Version: 18-01-2012
Ran by Fidgel (administrator) on 09-02-2012 at 12:52:46
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8187SE Wireless LAN PCIE Network Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Fidgel-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : arizona.edu

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : arizona.edu
Description . . . . . . . . . . . : Realtek RTL8187SE Wireless LAN PCIE Network Adapter
Physical Address. . . . . . . . . : 70-F1-A1-CA-E6-48
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d1bb:604c:a64:92a4%12(Preferred)
IPv4 Address. . . . . . . . . . . : 10.135.204.34(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.192.0
Lease Obtained. . . . . . . . . . : Thursday, February 09, 2012 12:18:46 PM
Lease Expires . . . . . . . . . . : Thursday, February 09, 2012 9:33:46 PM
Default Gateway . . . . . . . . . : 10.135.192.1
DHCP Server . . . . . . . . . . . : 10.133.127.254
DHCPv6 IAID . . . . . . . . . . . : 242282913
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-AE-F0-60-88-AE-1D-43-37-03
DNS Servers . . . . . . . . . . . : 128.196.11.234
128.196.11.233
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 88-AE-1D-43-37-03
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9A2C832A-3E88-42DB-8D70-FFA7F014AFC6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:34e5:30e5:f578:33dd(Preferred)
Link-local IPv6 Address . . . . . : fe80::34e5:30e5:f578:33dd%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.arizona.edu:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : arizona.edu
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: DNS4.Arizona.EDU
Address: 128.196.11.234

Name: google.com
Addresses: 209.85.145.104
209.85.145.105
209.85.145.106
209.85.145.147
209.85.145.99
209.85.145.103


Pinging google.com [209.85.145.99] with 32 bytes of data:
Reply from 209.85.145.99: bytes=32 time=57ms TTL=52
Reply from 209.85.145.99: bytes=32 time=55ms TTL=52

Ping statistics for 209.85.145.99:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 55ms, Maximum = 57ms, Average = 56ms
Server: DNS4.Arizona.EDU
Address: 128.196.11.234

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.2.43
98.137.149.56


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=115ms TTL=52
Reply from 98.137.149.56: bytes=32 time=115ms TTL=52

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 115ms, Maximum = 115ms, Average = 115ms
Server: DNS4.Arizona.EDU
Address: 128.196.11.234

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...70 f1 a1 ca e6 48 ......Realtek RTL8187SE Wireless LAN PCIE Network Adapter
10...88 ae 1d 43 37 03 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.135.192.1 10.135.204.34 25
10.135.192.0 255.255.192.0 On-link 10.135.204.34 281
10.135.204.34 255.255.255.255 On-link 10.135.204.34 281
10.135.255.255 255.255.255.255 On-link 10.135.204.34 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.135.204.34 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.135.204.34 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:34e5:30e5:f578:33dd/128
On-link
12 281 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::34e5:30e5:f578:33dd/128
On-link
12 281 fe80::d1bb:604c:a64:92a4/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/09/2012 00:43:32 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.60.0.61 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1218

Start Time: 01cce76306b60392

Termination Time: 117

Application Path: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Report Id: 54c16a25-5356-11e1-a925-88ae1d433703

Error: (02/09/2012 00:42:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: WINWORD.EXE, version: 14.0.6024.1000, time stamp: 0x4d83e310
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000374
Fault offset: 0x000c380b
Faulting process id: 0x14a8
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3

Error: (02/09/2012 00:42:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: WINWORD.EXE, version: 14.0.6024.1000, time stamp: 0x4d83e310
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000374
Fault offset: 0x000c380b
Faulting process id: 0x438
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3

Error: (02/09/2012 00:40:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: WINWORD.EXE, version: 14.0.6024.1000, time stamp: 0x4d83e310
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000374
Fault offset: 0x000c380b
Faulting process id: 0x1094
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3

Error: (02/09/2012 00:37:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: WINWORD.EXE, version: 14.0.6024.1000, time stamp: 0x4d83e310
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000374
Fault offset: 0x000c380b
Faulting process id: 0x1058
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3

Error: (02/09/2012 09:09:50 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (02/08/2012 00:18:07 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.60.0.61 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1084

Start Time: 01cce695d1785d17

Termination Time: 39

Application Path: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Report Id: 90e48719-5289-11e1-a027-88ae1d433703

Error: (02/08/2012 00:13:51 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.60.0.61 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2a0

Start Time: 01cce695a48d083c

Termination Time: 202

Application Path: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Report Id: 04b6805c-5289-11e1-a027-88ae1d433703

Error: (02/08/2012 11:01:43 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (02/07/2012 11:13:37 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005


System errors:
=============
Error: (02/09/2012 00:18:37 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/09/2012 10:42:53 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/09/2012 08:50:00 AM) (Source: Schannel) (User: SYSTEM)
Description: The following fatal alert was received: 40.

Error: (02/09/2012 08:48:58 AM) (Source: Schannel) (User: SYSTEM)
Description: The following fatal alert was received: 40.

Error: (02/09/2012 08:48:37 AM) (Source: Schannel) (User: SYSTEM)
Description: The following fatal alert was received: 40.

Error: (02/09/2012 08:48:30 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/09/2012 08:48:30 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (02/08/2012 06:41:50 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/08/2012 06:29:01 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/08/2012 06:29:01 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter


Microsoft Office Sessions:
=========================
Error: (02/09/2012 00:43:32 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.60.0.61121801cce76306b60392117C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe54c16a25-5356-11e1-a925-88ae1d433703

Error: (02/09/2012 00:42:35 PM) (Source: Application Error)(User: )
Description: WINWORD.EXE14.0.6024.10004d83e310ntdll.dll6.1.7601.177254ec49b60c0000374000c380b14a801cce762f74a0013C:\Program Files\Microsoft Office\Office14\WINWORD.EXEC:\windows\SYSTEM32\ntdll.dll36a6e9f5-5356-11e1-a925-88ae1d433703

Error: (02/09/2012 00:42:18 PM) (Source: Application Error)(User: )
Description: WINWORD.EXE14.0.6024.10004d83e310ntdll.dll6.1.7601.177254ec49b60c0000374000c380b43801cce762edb52422C:\Program Files\Microsoft Office\Office14\WINWORD.EXEC:\windows\SYSTEM32\ntdll.dll2c56d12d-5356-11e1-a925-88ae1d433703

Error: (02/09/2012 00:40:50 PM) (Source: Application Error)(User: )
Description: WINWORD.EXE14.0.6024.10004d83e310ntdll.dll6.1.7601.177254ec49b60c0000374000c380b109401cce762b9261fb0C:\Program Files\Microsoft Office\Office14\WINWORD.EXEC:\windows\SYSTEM32\ntdll.dllf831daf5-5355-11e1-a925-88ae1d433703

Error: (02/09/2012 00:37:48 PM) (Source: Application Error)(User: )
Description: WINWORD.EXE14.0.6024.10004d83e310ntdll.dll6.1.7601.177254ec49b60c0000374000c380b105801cce762466be7bcC:\Program Files\Microsoft Office\Office14\WINWORD.EXEC:\windows\SYSTEM32\ntdll.dll8b3db346-5355-11e1-a925-88ae1d433703

Error: (02/09/2012 09:09:50 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (02/08/2012 00:18:07 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.60.0.61108401cce695d1785d1739C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe90e48719-5289-11e1-a027-88ae1d433703

Error: (02/08/2012 00:13:51 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.60.0.612a001cce695a48d083c202C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe04b6805c-5289-11e1-a027-88ae1d433703

Error: (02/08/2012 11:01:43 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (02/07/2012 11:13:37 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005


=========================== Installed Programs ============================

7-Zip 9.20
Adobe AIR (Version: 2.5.0.16600)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.7)
Adobe Flash Player 10 Plugin (Version: 10.3.183.7)
Adobe Reader 9.4.1 (Version: 9.4.1)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
ATI Catalyst Install Manager (Version: 3.0.732.0)
Canon MP250 series MP Drivers
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Full Existing (Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Full New (Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Light (Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Previews Common (Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0729.2238.38827)
Catalyst Control Center InstallProxy (Version: 2009.0729.2238.38827)
Catalyst Control Center Localization All (Version: 2009.0729.2238.38827)
ccc-core-static (Version: 2009.0729.2238.38827)
ccc-utility (Version: 2009.0729.2238.38827)
CCC Help Chinese Standard (Version: 2009.0729.2237.38827)
CCC Help Chinese Traditional (Version: 2009.0729.2237.38827)
CCC Help Czech (Version: 2009.0729.2237.38827)
CCC Help Danish (Version: 2009.0729.2237.38827)
CCC Help Dutch (Version: 2009.0729.2237.38827)
CCC Help English (Version: 2009.0729.2237.38827)
CCC Help Finnish (Version: 2009.0729.2237.38827)
CCC Help French (Version: 2009.0729.2237.38827)
CCC Help German (Version: 2009.0729.2237.38827)
CCC Help Greek (Version: 2009.0729.2237.38827)
CCC Help Hungarian (Version: 2009.0729.2237.38827)
CCC Help Italian (Version: 2009.0729.2237.38827)
CCC Help Japanese (Version: 2009.0729.2237.38827)
CCC Help Korean (Version: 2009.0729.2237.38827)
CCC Help Norwegian (Version: 2009.0729.2237.38827)
CCC Help Polish (Version: 2009.0729.2237.38827)
CCC Help Portuguese (Version: 2009.0729.2237.38827)
CCC Help Russian (Version: 2009.0729.2237.38827)
CCC Help Spanish (Version: 2009.0729.2237.38827)
CCC Help Swedish (Version: 2009.0729.2237.38827)
CCC Help Thai (Version: 2009.0729.2237.38827)
CCC Help Turkish (Version: 2009.0729.2237.38827)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Google Chrome (Version: 17.0.963.46)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2427.2330)
Google Update Helper (Version: 1.3.21.99)
Java™ 6 Update 14 (Version: 6.0.140)
Junk Mail filter update (Version: 14.0.8089.726)
Label@Once 1.0 (Version: 1.0)
League of Legends (Version: 1.3)
Logitech Vid (Version: 1.10.1009)
Logitech Webcam Software (Version: 12.10.1113)
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft IntelliPoint 8.0 (Version: 8.0.225.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Microsoft Works 6.0 (Version: 06.00.0000)
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word (Version: 2.0.0.0000)
Microsoft Works Suite Add-in for Microsoft Word (Version: 8.0.0.0000)
Mozilla Firefox 10.0 (x86 en-US) (Version: 10.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyToshiba (Version: 2.2.0.3)
NetZero Launcher (Version: 2.01)
Pando Media Booster (Version: 2.6.0.1)
PlayReady PC Runtime x86 (Version: 1.3.0)
Quickbooks Financial Center (Version: 2.02)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0005)
Realtek High Definition Audio Driver (Version: 6.0.1.5904)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
Realtek WLAN Driver (Version: 2.00.0006)
Skype Toolbars (Version: 5.3.7280)
Skype™ 5.3 (Version: 5.3.116)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 13.2.6.1)
Toshiba Application and Driver Installer (Version: 9.0.0.9)
TOSHIBA Assist (Version: 2.01.11)
TOSHIBA ConfigFree (Version: 8.0.21)
TOSHIBA Disc Creator (Version: 2.1.0.1)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.4C)
TOSHIBA Hardware Setup (Version: 1.63.0.11C)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.0)
Toshiba Online Backup (Version: 1.2.0.35)
Toshiba Quality Application (Version: 1.001.0000)
TOSHIBA Recovery Media Creator (Version: 2.1.0.2)
TOSHIBA Service Station (Version: 2.1.33)
TOSHIBA Speech System Applications (Version: 1.00.2518)
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 1.63.0.6C)
TOSHIBA Value Added Package (Version: 1.2.25)
ToshibaRegistration (Version: 1.0.3)
Trillian
Unity Web Player (Version: 2.6.1f3_31223)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Utility Common Driver (Version: 1.0.50.26C)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Works Suite OS Pack (Version: 1.0.0.0000)
Works Synchronization (Version: 1.0.0.0000)
Works Upgrade (Version: 8.0.0.0000)
World of Warcraft (Version: 4.2.2.14545)

========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 1790.42 MB
Available physical RAM: 940.59 MB
Total Pagefile: 3580.84 MB
Available Pagefile: 2376.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.47 MB

========================= Partitions: =====================================

1 Drive c: (TI105866W0A) (Fixed) (Total:223.33 GB) (Free:164 GB) NTFS

========================= Users: ========================================

User accounts for \\FIDGEL-PC

Administrator ASPNET Fidgel
Guest


**** End of log ****

GMER Report

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-09 13:53:59
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 TOSHIBA_MK2555GSXN rev.GC002M
Running: d863vg8p.exe; Driver: C:\Users\Fidgel\AppData\Local\Temp\kwriipod.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4068] USER32.dll!SetWindowLongA 76108BA3 4 Bytes JMP 625766DC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4068] USER32.dll!SetWindowLongW 76114449 4 Bytes JMP 6257666E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4068] USER32.dll!GetWindowInfo 76114B5E 5 Bytes JMP 6230A4E7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4068] USER32.dll!TrackPopupMenu 76122228 4 Bytes JMP 6230AABD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[144] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 62191B30 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C4B369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C84D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 99E08C9D 28 Bytes [9E, 08, 7A, EA, 94, 3D, 94, ...]
.text peauth.sys 99E08CC1 28 Bytes [9E, 08, 7A, EA, 94, 3D, 94, ...]
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8D802000, 0x2D5526, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

I also ran TDDSKiller. Here’s the report from that:

13:53:24.0362 1044 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
13:53:24.0721 1044 ============================================================
13:53:24.0721 1044 Current date / time: 2012/02/09 13:53:24.0721
13:53:24.0721 1044 SystemInfo:
13:53:24.0721 1044
13:53:24.0722 1044 OS Version: 6.1.7601 ServicePack: 1.0
13:53:24.0722 1044 Product type: Workstation
13:53:24.0722 1044 ComputerName: FIDGEL-PC
13:53:24.0722 1044 UserName: Fidgel
13:53:24.0722 1044 Windows directory: C:\windows
13:53:24.0722 1044 System windows directory: C:\windows
13:53:24.0722 1044 Processor architecture: Intel x86
13:53:24.0722 1044 Number of processors: 1
13:53:24.0722 1044 Page size: 0x1000
13:53:24.0722 1044 Boot type: Normal boot
13:53:24.0722 1044 ============================================================
13:53:26.0254 1044 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:53:26.0256 1044 \Device\Harddisk0\DR0:
13:53:26.0256 1044 MBR used
13:53:26.0256 1044 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BEAA800
13:53:26.0298 1044 Initialize success
13:53:26.0298 1044 ============================================================
13:53:27.0246 4836 ============================================================
13:53:27.0246 4836 Scan started
13:53:27.0246 4836 Mode: Manual;
13:53:27.0246 4836 ============================================================
13:53:28.0618 4836 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
13:53:28.0621 4836 1394ohci - ok
13:53:28.0848 4836 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
13:53:28.0851 4836 ACPI - ok
13:53:28.0991 4836 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
13:53:28.0992 4836 AcpiPmi - ok
13:53:29.0220 4836 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
13:53:29.0227 4836 adp94xx - ok
13:53:29.0370 4836 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
13:53:29.0724 4836 adpahci - ok
13:53:29.0930 4836 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
13:53:29.0933 4836 adpu320 - ok
13:53:30.0159 4836 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
13:53:30.0163 4836 AFD - ok
13:53:30.0382 4836 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys
13:53:30.0395 4836 AgereSoftModem - ok
13:53:30.0542 4836 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
13:53:30.0544 4836 agp440 - ok
13:53:30.0708 4836 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
13:53:30.0710 4836 aic78xx - ok
13:53:30.0894 4836 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
13:53:30.0896 4836 aliide - ok
13:53:31.0062 4836 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
13:53:31.0064 4836 amdagp - ok
13:53:31.0200 4836 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
13:53:31.0201 4836 amdide - ok
13:53:31.0392 4836 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
13:53:31.0395 4836 AmdK8 - ok
13:53:31.0560 4836 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
13:53:31.0561 4836 AmdPPM - ok
13:53:31.0709 4836 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
13:53:31.0713 4836 amdsata - ok
13:53:31.0866 4836 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
13:53:31.0869 4836 amdsbs - ok
13:53:32.0031 4836 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
13:53:32.0032 4836 amdxata - ok
13:53:32.0171 4836 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
13:53:32.0172 4836 AppID - ok
13:53:32.0326 4836 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
13:53:32.0328 4836 arc - ok
13:53:32.0451 4836 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
13:53:32.0453 4836 arcsas - ok
13:53:32.0628 4836 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
13:53:32.0629 4836 AsyncMac - ok
13:53:32.0747 4836 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
13:53:32.0748 4836 atapi - ok
13:53:33.0069 4836 atikmdag (c97be8350fbcb1960b22fad2e6c2b514) C:\windows\system32\DRIVERS\atikmdag.sys
13:53:33.0109 4836 atikmdag - ok
13:53:33.0281 4836 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\windows\system32\DRIVERS\AtiPcie.sys
13:53:33.0283 4836 AtiPcie - ok
13:53:33.0479 4836 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
13:53:33.0486 4836 b06bdrv - ok
13:53:33.0618 4836 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
13:53:33.0623 4836 b57nd60x - ok
13:53:33.0751 4836 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
13:53:33.0751 4836 Beep - ok
13:53:33.0919 4836 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
13:53:33.0920 4836 blbdrive - ok
13:53:34.0066 4836 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
13:53:34.0067 4836 bowser - ok
13:53:34.0197 4836 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
13:53:34.0198 4836 BrFiltLo - ok
13:53:34.0330 4836 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
13:53:34.0332 4836 BrFiltUp - ok
13:53:34.0521 4836 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
13:53:34.0526 4836 Brserid - ok
13:53:34.0642 4836 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
13:53:34.0644 4836 BrSerWdm - ok
13:53:34.0775 4836 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
13:53:34.0777 4836 BrUsbMdm - ok
13:53:34.0920 4836 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
13:53:34.0923 4836 BrUsbSer - ok
13:53:35.0044 4836 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
13:53:35.0046 4836 BTHMODEM - ok
13:53:35.0211 4836 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
13:53:35.0213 4836 cdfs - ok
13:53:35.0366 4836 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
13:53:35.0368 4836 cdrom - ok
13:53:35.0526 4836 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
13:53:35.0528 4836 circlass - ok
13:53:35.0635 4836 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
13:53:35.0637 4836 CLFS - ok
13:53:35.0795 4836 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
13:53:35.0796 4836 CmBatt - ok
13:53:35.0905 4836 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
13:53:35.0907 4836 cmdide - ok
13:53:36.0027 4836 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
13:53:36.0031 4836 CNG - ok
13:53:36.0162 4836 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
13:53:36.0163 4836 Compbatt - ok
13:53:36.0280 4836 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
13:53:36.0281 4836 CompositeBus - ok
13:53:36.0409 4836 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
13:53:36.0411 4836 crcdisk - ok
13:53:36.0570 4836 dc3d (b6672f62f75fb952d7ae7cb4e80011a9) C:\windows\system32\DRIVERS\dc3d.sys
13:53:36.0572 4836 dc3d - ok
13:53:36.0746 4836 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
13:53:36.0747 4836 DfsC - ok
13:53:36.0889 4836 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
13:53:36.0889 4836 discache - ok
13:53:37.0007 4836 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
13:53:37.0008 4836 Disk - ok
13:53:37.0156 4836 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
13:53:37.0157 4836 drmkaud - ok
13:53:37.0278 4836 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
13:53:37.0287 4836 DXGKrnl - ok
13:53:37.0494 4836 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
13:53:37.0552 4836 ebdrv - ok
13:53:37.0710 4836 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
13:53:37.0719 4836 elxstor - ok
13:53:37.0830 4836 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
13:53:37.0832 4836 ErrDev - ok
13:53:37.0974 4836 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
13:53:37.0977 4836 exfat - ok
13:53:38.0087 4836 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
13:53:38.0090 4836 fastfat - ok
13:53:38.0222 4836 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
13:53:38.0224 4836 fdc - ok
13:53:38.0345 4836 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
13:53:38.0346 4836 FileInfo - ok
13:53:38.0469 4836 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
13:53:38.0471 4836 Filetrace - ok
13:53:38.0569 4836 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
13:53:38.0570 4836 flpydisk - ok
13:53:38.0685 4836 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
13:53:38.0688 4836 FltMgr - ok
13:53:38.0810 4836 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
13:53:38.0811 4836 FsDepends - ok
13:53:38.0922 4836 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
13:53:38.0922 4836 Fs_Rec - ok
13:53:39.0083 4836 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
13:53:39.0087 4836 fvevol - ok
13:53:39.0221 4836 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
13:53:39.0223 4836 gagp30kx - ok
13:53:39.0425 4836 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
13:53:39.0427 4836 hcw85cir - ok
13:53:39.0567 4836 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
13:53:39.0574 4836 HdAudAddService - ok
13:53:39.0684 4836 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
13:53:39.0686 4836 HDAudBus - ok
13:53:39.0802 4836 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
13:53:39.0806 4836 HidBatt - ok
13:53:39.0919 4836 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
13:53:39.0921 4836 HidBth - ok
13:53:40.0042 4836 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
13:53:40.0044 4836 HidIr - ok
13:53:40.0177 4836 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
13:53:40.0179 4836 HidUsb - ok
13:53:40.0308 4836 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
13:53:40.0311 4836 HpSAMD - ok
13:53:40.0446 4836 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
13:53:40.0451 4836 HTTP - ok
13:53:40.0569 4836 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
13:53:40.0569 4836 hwpolicy - ok
13:53:40.0691 4836 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
13:53:40.0692 4836 i8042prt - ok
13:53:40.0831 4836 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
13:53:40.0836 4836 iaStorV - ok
13:53:40.0966 4836 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
13:53:40.0968 4836 iirsp - ok
13:53:41.0175 4836 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
13:53:41.0198 4836 IntcAzAudAddService - ok
13:53:41.0330 4836 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
13:53:41.0331 4836 intelide - ok
13:53:41.0446 4836 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
13:53:41.0465 4836 intelppm - ok
13:53:41.0591 4836 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
13:53:41.0595 4836 IpFilterDriver - ok
13:53:41.0761 4836 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
13:53:41.0764 4836 IPMIDRV - ok
13:53:41.0883 4836 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
13:53:41.0886 4836 IPNAT - ok
13:53:41.0995 4836 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
13:53:41.0997 4836 IRENUM - ok
13:53:42.0155 4836 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
13:53:42.0157 4836 isapnp - ok
13:53:42.0303 4836 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
13:53:42.0307 4836 iScsiPrt - ok
13:53:42.0452 4836 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
13:53:42.0453 4836 kbdclass - ok
13:53:42.0578 4836 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
13:53:42.0581 4836 kbdhid - ok
13:53:42.0700 4836 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
13:53:42.0701 4836 KSecDD - ok
13:53:42.0835 4836 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
13:53:42.0837 4836 KSecPkg - ok
13:53:42.0988 4836 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
13:53:42.0989 4836 lltdio - ok
13:53:43.0292 4836 LPCFilter (6e3d3816749e107883eec5734ce44493) C:\windows\system32\DRIVERS\LPCFilter.sys
13:53:43.0293 4836 LPCFilter - ok
13:53:43.0493 4836 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
13:53:43.0497 4836 LSI_FC - ok
13:53:43.0719 4836 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
13:53:43.0723 4836 LSI_SAS - ok
13:53:43.0919 4836 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
13:53:43.0923 4836 LSI_SAS2 - ok
13:53:44.0110 4836 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
13:53:44.0126 4836 LSI_SCSI - ok
13:53:44.0256 4836 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
13:53:44.0258 4836 luafv - ok
13:53:44.0387 4836 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\windows\system32\DRIVERS\LVPr2Mon.sys
13:53:44.0389 4836 LVPr2Mon - ok
13:53:44.0522 4836 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\windows\system32\DRIVERS\lvrs.sys
13:53:44.0531 4836 LVRS - ok
13:53:44.0649 4836 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\windows\system32\drivers\LVUSBSta.sys
13:53:44.0650 4836 LVUSBSta - ok
13:53:44.0793 4836 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\windows\system32\drivers\mbamswissarmy.sys
13:53:44.0794 4836 MBAMSwissArmy - ok
13:53:44.0846 4836 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
13:53:44.0847 4836 megasas - ok
13:53:44.0966 4836 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
13:53:44.0972 4836 MegaSR - ok
13:53:45.0087 4836 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
13:53:45.0089 4836 Modem - ok
13:53:45.0221 4836 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
13:53:45.0222 4836 monitor - ok
13:53:45.0365 4836 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
13:53:45.0367 4836 mouclass - ok
13:53:45.0501 4836 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
13:53:45.0502 4836 mouhid - ok
13:53:45.0623 4836 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
13:53:45.0625 4836 mountmgr - ok
13:53:45.0738 4836 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
13:53:45.0741 4836 mpio - ok
13:53:45.0842 4836 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
13:53:45.0843 4836 mpsdrv - ok
13:53:45.0968 4836 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
13:53:45.0971 4836 MRxDAV - ok
13:53:46.0102 4836 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
13:53:46.0104 4836 mrxsmb - ok
13:53:46.0224 4836 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
13:53:46.0227 4836 mrxsmb10 - ok
13:53:46.0330 4836 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
13:53:46.0331 4836 mrxsmb20 - ok
13:53:46.0442 4836 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
13:53:46.0443 4836 msahci - ok
13:53:46.0551 4836 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
13:53:46.0554 4836 msdsm - ok
13:53:46.0690 4836 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
13:53:46.0691 4836 Msfs - ok
13:53:46.0811 4836 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
13:53:46.0812 4836 mshidkmdf - ok
13:53:46.0930 4836 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
13:53:46.0930 4836 msisadrv - ok
13:53:47.0084 4836 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
13:53:47.0085 4836 MSKSSRV - ok
13:53:47.0240 4836 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
13:53:47.0241 4836 MSPCLOCK - ok
13:53:47.0384 4836 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
13:53:47.0386 4836 MSPQM - ok
13:53:47.0500 4836 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
13:53:47.0502 4836 MsRPC - ok
13:53:47.0615 4836 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
13:53:47.0616 4836 mssmbios - ok
13:53:47.0747 4836 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
13:53:47.0748 4836 MSTEE - ok
13:53:47.0858 4836 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
13:53:47.0859 4836 MTConfig - ok
13:53:47.0992 4836 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
13:53:47.0993 4836 Mup - ok
13:53:48.0140 4836 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
13:53:48.0143 4836 NativeWifiP - ok
13:53:48.0274 4836 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
13:53:48.0280 4836 NDIS - ok
13:53:48.0414 4836 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
13:53:48.0417 4836 NdisCap - ok
13:53:48.0548 4836 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
13:53:48.0550 4836 NdisTapi - ok
13:53:48.0691 4836 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
13:53:48.0692 4836 Ndisuio - ok
13:53:48.0824 4836 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
13:53:48.0826 4836 NdisWan - ok
13:53:48.0969 4836 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
13:53:48.0971 4836 NDProxy - ok
13:53:49.0097 4836 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
13:53:49.0098 4836 NetBIOS - ok
13:53:49.0221 4836 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
13:53:49.0224 4836 NetBT - ok
13:53:49.0389 4836 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
13:53:49.0390 4836 nfrd960 - ok
13:53:49.0522 4836 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
13:53:49.0523 4836 Npfs - ok
13:53:49.0645 4836 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
13:53:49.0646 4836 nsiproxy - ok
13:53:49.0798 4836 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
13:53:49.0809 4836 Ntfs - ok
13:53:49.0933 4836 NuidFltr (ef2b9a14ec5dd74ade3417faf1b45e16) C:\windows\system32\DRIVERS\NuidFltr.sys
13:53:49.0935 4836 NuidFltr - ok
13:53:50.0047 4836 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
13:53:50.0048 4836 Null - ok
13:53:50.0174 4836 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
13:53:50.0177 4836 nvraid - ok
13:53:50.0290 4836 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
13:53:50.0293 4836 nvstor - ok
13:53:50.0422 4836 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
13:53:50.0425 4836 nv_agp - ok
13:53:50.0537 4836 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
13:53:50.0539 4836 ohci1394 - ok
13:53:50.0745 4836 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
13:53:50.0752 4836 Parport - ok
13:53:50.0868 4836 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
13:53:50.0869 4836 partmgr - ok
13:53:51.0003 4836 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
13:53:51.0006 4836 Parvdm - ok
13:53:51.0133 4836 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
13:53:51.0135 4836 pci - ok
13:53:51.0246 4836 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
13:53:51.0247 4836 pciide - ok
13:53:51.0359 4836 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
13:53:51.0363 4836 pcmcia - ok
13:53:51.0481 4836 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
13:53:51.0482 4836 pcw - ok
13:53:51.0606 4836 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
13:53:51.0614 4836 PEAUTH - ok
13:53:51.0732 4836 pepifilter (a05f0d7419cf4680eedd5736e6549e7b) C:\windows\system32\DRIVERS\lv302af.sys
13:53:51.0733 4836 pepifilter - ok
13:53:51.0972 4836 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\windows\system32\DRIVERS\LV302V32.SYS
13:53:52.0015 4836 PID_PEPI - ok
13:53:52.0179 4836 Point32 (60a044879c4fa76314494f5fddc43b93) C:\windows\system32\DRIVERS\point32.sys
13:53:52.0181 4836 Point32 - ok
13:53:52.0333 4836 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
13:53:52.0335 4836 PptpMiniport - ok
13:53:52.0443 4836 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
13:53:52.0446 4836 Processor - ok
13:53:52.0598 4836 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
13:53:52.0600 4836 Psched - ok
13:53:52.0746 4836 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
13:53:52.0769 4836 ql2300 - ok
13:53:52.0884 4836 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
13:53:52.0887 4836 ql40xx - ok
13:53:53.0017 4836 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
13:53:53.0019 4836 QWAVEdrv - ok
13:53:53.0139 4836 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
13:53:53.0142 4836 RasAcd - ok
13:53:53.0418 4836 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
13:53:53.0419 4836 RasAgileVpn - ok
13:53:54.0041 4836 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
13:53:54.0043 4836 Rasl2tp - ok
13:53:54.0176 4836 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
13:53:54.0178 4836 RasPppoe - ok
13:53:54.0302 4836 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
13:53:54.0304 4836 RasSstp - ok
13:53:54.0436 4836 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
13:53:54.0440 4836 rdbss - ok
13:53:54.0554 4836 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
13:53:54.0556 4836 rdpbus - ok
13:53:54.0668 4836 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
13:53:54.0669 4836 RDPCDD - ok
13:53:54.0788 4836 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
13:53:54.0789 4836 RDPENCDD - ok
13:53:54.0922 4836 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
13:53:54.0923 4836 RDPREFMP - ok
13:53:55.0043 4836 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
13:53:55.0047 4836 RDPWD - ok
13:53:55.0194 4836 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
13:53:55.0196 4836 rdyboost - ok
13:53:55.0365 4836 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
13:53:55.0367 4836 rspndr - ok
13:53:55.0462 4836 RSUSBSTOR - ok
13:53:55.0882 4836 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\windows\system32\DRIVERS\Rt86win7.sys
13:53:55.0886 4836 RTL8167 - ok
13:53:56.0037 4836 RTL8187Se (5bd298bdf62e6a8a0fc69f73a82a52bb) C:\windows\system32\DRIVERS\RTL8187Se.sys
13:53:56.0049 4836 RTL8187Se - ok
13:53:56.0144 4836 RtsUIR - ok
13:53:56.0289 4836 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
13:53:56.0293 4836 sbp2port - ok
13:53:56.0444 4836 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
13:53:56.0447 4836 scfilter - ok
13:53:56.0599 4836 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
13:53:56.0601 4836 secdrv - ok
13:53:56.0878 4836 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
13:53:56.0880 4836 Serenum - ok
13:53:57.0114 4836 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
13:53:57.0119 4836 Serial - ok
13:53:57.0323 4836 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
13:53:57.0326 4836 sermouse - ok
13:53:57.0568 4836 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
13:53:57.0573 4836 sffdisk - ok
13:53:57.0779 4836 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
13:53:57.0782 4836 sffp_mmc - ok
13:53:57.0974 4836 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
13:53:57.0991 4836 sffp_sd - ok
13:53:58.0226 4836 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
13:53:58.0231 4836 sfloppy - ok
13:53:58.0721 4836 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
13:53:58.0723 4836 sisagp - ok
13:53:58.0873 4836 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
13:53:58.0875 4836 SiSRaid2 - ok
13:53:59.0076 4836 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
13:53:59.0083 4836 SiSRaid4 - ok
13:53:59.0245 4836 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
13:53:59.0253 4836 Smb - ok
13:53:59.0668 4836 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
13:53:59.0669 4836 spldr - ok
13:54:00.0022 4836 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
13:54:00.0030 4836 srv - ok
13:54:00.0242 4836 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
13:54:00.0250 4836 srv2 - ok
13:54:00.0399 4836 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
13:54:00.0406 4836 srvnet - ok
13:54:00.0644 4836 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
13:54:00.0646 4836 stexstor - ok
13:54:00.0808 4836 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
13:54:00.0808 4836 swenum - ok
13:54:01.0303 4836 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
13:54:01.0308 4836 SynTP - ok
13:54:01.0491 4836 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
13:54:01.0503 4836 Tcpip - ok
13:54:01.0687 4836 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
13:54:01.0702 4836 TCPIP6 - ok
13:54:02.0008 4836 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
13:54:02.0010 4836 tcpipreg - ok
13:54:02.0143 4836 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
13:54:02.0144 4836 tdcmdpst - ok
13:54:02.0250 4836 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
13:54:02.0252 4836 TDPIPE - ok
13:54:02.0371 4836 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
13:54:02.0373 4836 TDTCP - ok
13:54:02.0497 4836 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
13:54:02.0498 4836 tdx - ok
13:54:02.0610 4836 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
13:54:02.0611 4836 TermDD - ok
13:54:02.0891 4836 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
13:54:02.0925 4836 tssecsrv - ok
13:54:03.0075 4836 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
13:54:03.0079 4836 TsUsbFlt - ok
13:54:03.0262 4836 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
13:54:03.0263 4836 tunnel - ok
13:54:03.0387 4836 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
13:54:03.0388 4836 TVALZ - ok
13:54:03.0506 4836 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
13:54:03.0509 4836 uagp35 - ok
13:54:03.0641 4836 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
13:54:03.0645 4836 udfs - ok
13:54:03.0810 4836 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
13:54:03.0813 4836 uliagpkx - ok
13:54:03.0925 4836 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
13:54:03.0926 4836 umbus - ok
13:54:04.0050 4836 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
13:54:04.0051 4836 UmPass - ok
13:54:04.0166 4836 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\windows\system32\drivers\usbaudio.sys
13:54:04.0186 4836 usbaudio - ok
13:54:04.0300 4836 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
13:54:04.0302 4836 usbccgp - ok
13:54:04.0406 4836 USBCCID - ok
13:54:04.0510 4836 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
13:54:04.0512 4836 usbcir - ok
13:54:04.0633 4836 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
13:54:04.0634 4836 usbehci - ok
13:54:04.0782 4836 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
13:54:04.0785 4836 usbhub - ok
13:54:04.0911 4836 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\DRIVERS\usbohci.sys
13:54:04.0912 4836 usbohci - ok
13:54:05.0040 4836 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
13:54:05.0042 4836 usbprint - ok
13:54:05.0158 4836 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
13:54:05.0159 4836 usbscan - ok
13:54:05.0272 4836 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
13:54:05.0275 4836 USBSTOR - ok
13:54:05.0394 4836 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
13:54:05.0396 4836 usbuhci - ok
13:54:05.0528 4836 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
13:54:05.0529 4836 vdrvroot - ok
13:54:05.0645 4836 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
13:54:05.0647 4836 vga - ok
13:54:05.0755 4836 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
13:54:05.0756 4836 VgaSave - ok
13:54:05.0858 4836 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
13:54:05.0861 4836 vhdmp - ok
13:54:05.0978 4836 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
13:54:05.0981 4836 viaagp - ok
13:54:06.0087 4836 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
13:54:06.0089 4836 ViaC7 - ok
13:54:06.0201 4836 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
13:54:06.0203 4836 viaide - ok
13:54:06.0355 4836 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
13:54:06.0356 4836 volmgr - ok
13:54:06.0477 4836 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
13:54:06.0481 4836 volmgrx - ok
13:54:06.0594 4836 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
13:54:06.0597 4836 volsnap - ok
13:54:06.0713 4836 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
13:54:06.0717 4836 vsmraid - ok
13:54:06.0857 4836 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
13:54:06.0858 4836 vwifibus - ok
13:54:07.0080 4836 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
13:54:07.0081 4836 vwififlt - ok
13:54:07.0270 4836 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
13:54:07.0271 4836 WacomPen - ok
13:54:07.0415 4836 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
13:54:07.0417 4836 WANARP - ok
13:54:07.0435 4836 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
13:54:07.0437 4836 Wanarpv6 - ok
13:54:07.0595 4836 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
13:54:07.0597 4836 Wd - ok
13:54:07.0730 4836 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
13:54:07.0737 4836 Wdf01000 - ok
13:54:07.0925 4836 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
13:54:07.0926 4836 WfpLwf - ok
13:54:08.0036 4836 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
13:54:08.0038 4836 WIMMount - ok
13:54:08.0234 4836 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
13:54:08.0236 4836 WinUsb - ok
13:54:08.0351 4836 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
13:54:08.0353 4836 WmiAcpi - ok
13:54:08.0515 4836 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
13:54:08.0517 4836 ws2ifsl - ok
13:54:08.0657 4836 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
13:54:08.0659 4836 WudfPf - ok
13:54:08.0832 4836 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
13:54:08.0836 4836 WUDFRd - ok
13:54:08.0937 4836 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
13:54:09.0000 4836 \Device\Harddisk0\DR0 - ok
13:54:09.0020 4836 Boot (0x1200) (d3d7be52a601234197775f17478fffea) \Device\Harddisk0\DR0\Partition0
13:54:09.0021 4836 \Device\Harddisk0\DR0\Partition0 - ok
13:54:09.0026 4836 ============================================================
13:54:09.0026 4836 Scan finished
13:54:09.0026 4836 ============================================================
13:54:09.0054 2756 Detected object count: 0
13:54:09.0054 2756 Actual detected object count: 0

Is this the same computer as your other topic here: http://www.bleepingcomputer.com/forums/topic441919.html


No. This problem is on my laptop. That other thread is about my PC.

Edited by Budapest, 09 February 2012 - 06:03 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:42 AM

Posted 13 February 2012 - 06:09 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Aio

Aio
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 13 February 2012 - 07:04 PM

Hello. Thank you for answering this topic. I can't do anything with my laptop until Friday afternoon since I need to use it to take notes at my university and I'm worried about it being held up to fix it. I hope you don't mind. At least it will give you a few days to help out someone else. I apologize for this but, I can't afford to have my laptop act off during a school week anymore then it already is.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:42 AM

Posted 13 February 2012 - 08:08 PM

No problem. PM me when you're ready to continue. I'll bump the topic at the beginning of next week if I haven't heard from you. :)
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:42 AM

Posted 17 February 2012 - 09:04 PM

Yep, there's rootkit behaviour showing on the Gmer scan but that doesn't always mean rootkit. Let's test it.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#6 Aio

Aio
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 17 February 2012 - 11:53 PM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-17 21:20:58
-----------------------------
21:20:58.644 OS Version: Windows 6.1.7601 Service Pack 1
21:20:58.644 Number of processors: 1 586 0x301
21:20:58.646 ComputerName: FIDGEL-PC UserName: Fidgel
21:20:59.822 Initialize success
21:43:51.696 AVAST engine defs: 12021701
21:44:17.737 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
21:44:17.746 Disk 0 Vendor: TOSHIBA_MK2555GSXN GC002M Size: 238475MB BusType: 11
21:44:17.773 Disk 0 MBR read successfully
21:44:17.785 Disk 0 MBR scan
21:44:17.804 Disk 0 Windows VISTA default MBR code
21:44:17.821 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
21:44:17.845 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 228693 MB offset 3074048
21:44:17.894 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8281 MB offset 471437312
21:44:17.941 Disk 0 scanning sectors +488396800
21:44:18.066 Disk 0 scanning C:\windows\system32\drivers
21:44:35.269 Service scanning
21:44:37.219 Modules scanning
21:45:04.392 Disk 0 trace - called modules:
21:45:04.823 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
21:45:04.842 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c56500]
21:45:04.903 3 CLASSPNP.SYS[8858c59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85c53908]
21:45:06.922 AVAST engine scan C:\windows
21:45:09.889 AVAST engine scan C:\windows\system32
21:49:29.642 AVAST engine scan C:\windows\system32\drivers
21:49:51.806 AVAST engine scan C:\Users\Fidgel
21:53:27.038 Disk 0 MBR has been saved successfully to "C:\Users\Fidgel\Desktop\MBR.dat"
21:53:27.040 The log file has been saved successfully to "C:\Users\Fidgel\Desktop\aswMBR.txt"

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:42 AM

Posted 18 February 2012 - 02:35 PM

There is a small possibility that a process is killing MBAM running. To test that please run Rkill prior to trying MBAM

Download and Run RKill

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • Please post the resulting log in your next reply.

Posted Image
m0le is a proud member of UNITE

#8 Aio

Aio
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 18 February 2012 - 02:53 PM

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/18/2012 at 12:52:35.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 02/18/2012 at 12:52:45.

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:42 AM

Posted 18 February 2012 - 05:14 PM

It didn't kill anything so MBAM isn't going to run.

If you are not seeing any other symptoms then I would do the following:

Please read this tutorial on the Malwarebytes' site which gives a run down of troubleshooting options. If, after trying all the methods, it is still not running then the final post explains how to post help on the site.


If there are other symptoms then please list them for me
Posted Image
m0le is a proud member of UNITE

#10 Aio

Aio
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 18 February 2012 - 06:24 PM

I reran ReKill again just for the hell of it and it gave me this log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/18/2012 at 16:23:18.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\System32\grpconv.exe


Rkill completed on 02/18/2012 at 16:23:32.

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:42 AM

Posted 18 February 2012 - 06:28 PM

It's a legitimate system file. RKill sometimes stops these processes because they interfere with the tool.

I would definitely give the troubleshoot a try. :)
Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:42 AM

Posted 23 February 2012 - 08:47 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users