tyrus Posted December 29, 2010 Author ID:367067 Share Posted December 29, 2010 OK, when I trybootsect /nt60 C:\ I get a msg that the bootsect is activated.When I enter either:bootsect /nt60 SYSbootsect /nt60 ALLThey run and say they have been updated. When I reboot the problem remains. In the recovery environment when I select the dos option it goes to the x: drive. I assume this is the "boot drive" as it is not he c: drive.I have searched how to change "Since Bootsect is located inside the boot folder, you need to change the directory to boot" but have not found much to guide me.Can you confirm?Any ideas? Here is the latest scan since the above was done. Thanks, and Thanks again T.ComboFix 10-12-28.02 - Audet 28/12/2010 22:58:06.7.2 - x86Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.1913.1246 [GMT -7:00]Running from: c:\users\Audet\Desktop\COMBOFIXXX.exeAV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point.((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-29 ))))))))))))))))))))))))))))))).2010-12-29 06:03 . 2010-12-29 06:03 -------- d-----w- c:\users\Public\AppData\Local\temp2010-12-29 06:03 . 2010-12-29 06:03 -------- d-----w- c:\users\Default\AppData\Local\temp2010-12-28 17:04 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38CEC201-EFCA-4F8E-AAD4-582F9926ED87}\mpengine.dll2010-12-26 15:50 . 2010-12-26 15:58 -------- d-----w- C:\COMBOFIXXX2010-12-24 19:42 . 2010-12-24 19:51 -------- d-----w- C:\Combo-Fix2010-12-09 04:18 . 2010-12-24 19:33 -------- d-----w- C:\ComboFix.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-12-21 01:09 . 2010-11-21 15:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-12-21 01:08 . 2010-11-21 15:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-11-28 21:45 . 2010-11-28 21:45 388096 ----a-r- c:\users\Audet\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2010-11-13 01:53 . 2010-06-12 18:55 472808 ----a-w- c:\windows\system32\deployJava1.dll2010-10-19 17:41 . 2010-03-29 21:48 222080 ------w- c:\windows\system32\MpSigStub.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-10 7612960]"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]"TpShocks"="TpShocks.exe" [2009-07-09 337184]"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-12-10 865640]"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-08-05 244208]"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drvR2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 136176]R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-05 362992]R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-08-05 309744]R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-08-05 166384]R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-12-10 75112]R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-05 313840]R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-05 1124848]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-07 1343400]R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 268528]S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]S1 aswSP;aswSP; [x]S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-06-18 125568]S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 122880]S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 119256]S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12HPService REG_MULTI_SZ HPSLPSVChpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 12:27]2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 12:27]2010-12-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:43]2010-12-27 c:\windows\Tasks\SystemToolsDailyTest.job- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:43]..------- Supplementary Scan -------.uStart Page = hxxp://lenovo.msn.comIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000FF - ProfilePath - c:\users\Audet\AppData\Roaming\Mozilla\Firefox\Profiles\mr8mjq6m.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}..--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'Explorer.exe'(2912)c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLLc:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLLc:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL.Completion time: 2010-12-28 23:05:20ComboFix-quarantined-files.txt 2010-12-29 06:05ComboFix2.txt 2010-12-26 22:32ComboFix3.txt 2010-12-26 15:58ComboFix4.txt 2010-12-24 19:51ComboFix5.txt 2010-12-29 05:56Pre-Run: 143,672,918,016 bytes freePost-Run: 143,635,865,600 bytes free- - End Of File - - 194AAB8993C8EE48CA51D49B554E7A0F Link to post Share on other sites More sharing options...
Maniac Posted December 29, 2010 ID:367130 Share Posted December 29, 2010 Why you ran ComboFix without my instructions? I need a new fresh copy GMER log file. Link to post Share on other sites More sharing options...
tyrus Posted December 29, 2010 Author ID:367201 Share Posted December 29, 2010 My mistake. Here is the latest GMER log. Thanks.GMER 1.0.15.15530 - http://www.gmer.netRootkit scan 2010-12-29 09:01:26Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.14.0Running: 8due8ge9.exe; Driver: C:\Users\Audet\AppData\Local\Temp\kgrdqpob.sys---- System - GMER 1.0.15 ----INT 0x61 ? 9283C058INT 0x71 ? 9283C2D8INT 0x82 ? 9283CCD8INT 0xA2 ? 9283C7D8Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8D938BAE]Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8D9389D2]Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8D938B0C]Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSectionCode \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject---- Kernel code sections - GMER 1.0.15 ----.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E93599 1 Byte [06].text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB7F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}PAGE ntkrnlpa.exe!ZwLoadDriver 82FF1291 7 Bytes JMP 8D938B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83058FBF 5 Bytes JMP 8D9345D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)PAGE ntkrnlpa.exe!ObInsertObject + 27 83072CF3 5 Bytes JMP 8D936012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)PAGE ntkrnlpa.exe!NtCreateSection 83080D63 7 Bytes JMP 8D9389D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)PAGE ntkrnlpa.exe!ZwCreateProcessEx 8312AEAC 7 Bytes JMP 8D938BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)? C:\Users\Audet\AppData\Local\Temp\catchme.sys The system cannot find the file specified. !? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !---- User code sections - GMER 1.0.15 ----.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1308] kernel32.dll!SetUnhandledExceptionFilter 756D3162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }.text C:\Program Files\Mozilla Firefox\firefox.exe[5228] ntdll.dll!LdrLoadDll 7728F625 5 Bytes JMP 00D313F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)---- Devices - GMER 1.0.15 ----AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)Device \Driver\iaStor \Device\Ide\iaStor0 dvd43llh.sys (dvd43llh.sys/RIF)Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 dvd43llh.sys (dvd43llh.sys/RIF)Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 dvd43llh.sys (dvd43llh.sys/RIF)AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)---- Registry - GMER 1.0.15 ----Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{66B83FF8-A374-485D-B703-3B337F65D337}\Connection@Name Local Area Connection* 11Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{1F8631FE-800F-4030-83F9-647A20204939}?\Device\{66B83FF8-A374-485D-B703-3B337F65D337}?\Device\{FE24CCFD-8B58-4116-AFAC-F5F19506270B}?\Device\{632E3BA5-1818-4F7F-8521-6604650691E2}?Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{1F8631FE-800F-4030-83F9-647A20204939}"?"{66B83FF8-A374-485D-B703-3B337F65D337}"?"{FE24CCFD-8B58-4116-AFAC-F5F19506270B}"?"{632E3BA5-1818-4F7F-8521-6604650691E2}"?Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{1F8631FE-800F-4030-83F9-647A20204939}?\Device\TCPIP6TUNNEL_{66B83FF8-A374-485D-B703-3B337F65D337}?\Device\TCPIP6TUNNEL_{FE24CCFD-8B58-4116-AFAC-F5F19506270B}?\Device\TCPIP6TUNNEL_{632E3BA5-1818-4F7F-8521-6604650691E2}?Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f68b Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{66B83FF8-A374-485D-B703-3B337F65D337}@InterfaceName isatap.{ABDD02A1-2DC6-4D0E-92FA-F291C9AB6618}Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{66B83FF8-A374-485D-B703-3B337F65D337}@ReusableType 0Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f68b (not active ControlSet) ---- Disk sectors - GMER 1.0.15 ----Disk \Device\Harddisk0\DR0 sector 08: copy of MBR---- EOF - GMER 1.0.15 ---- Link to post Share on other sites More sharing options...
Maniac Posted December 29, 2010 ID:367208 Share Posted December 29, 2010 What are the options when right-clicking on this line:Disk \Device\Harddisk0\DR0 sector 08: copy of MBR Link to post Share on other sites More sharing options...
tyrus Posted December 29, 2010 Author ID:367220 Share Posted December 29, 2010 When I right click on this line in GMER I get a menu. Many items are greyed out except Copy, Options, About. Options ha a sub directory that contains IRP Hooks, NTAPI Registry Scan, File Version Info, Only Non MS Files Link to post Share on other sites More sharing options...
Maniac Posted December 29, 2010 ID:367330 Share Posted December 29, 2010 Let's see if Dr.Web is able to detect and remove this rootkit.Please download to your Desktop: Dr.Web CureItAfter the file has downloaded, disable your current Anti-Virus and disconnect from the InternetDoubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.Once the short scan has finished, Click on the Complete scan radio button.Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the LanguageChoose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)On the File types tab ensure you select All filesClick on the Actions tab and set the following:Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = ReportInfected packages Archive = Move, E-mails = Report, Containers = MoveMalware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = MoveDo not change the Rename extension - default is: #??Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\Leave prompt on Action checked[*]On the Log file tab leave the Log to file checked.[*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log[*]Log mode = Append[*]Encoding = ANSI[*]Details Leave Names of file packers and Statistics checked.[*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.[*]On the General tab leave the Scan Priority on High[*]Click the Apply button at the bottom, and then the OK button.[*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.[*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives[*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.[*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.[*]Click 'Yes to all' if it asks if you want to cure/move the files.[*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)[*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list[*]Save the report to your Desktop. The report will be called DrWeb.csv[*]Close Dr.Web Cureit.[*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.[*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply. Link to post Share on other sites More sharing options...
tyrus Posted December 30, 2010 Author ID:367735 Share Posted December 30, 2010 I followed directions exactly and ran an express scan and then a long scan. Nothing was found. No change in problem. The log file is 95MB large. Do you want me to post it? I searched it for %Device\Harddisk0\DR0% and did not find it in log. Link to post Share on other sites More sharing options...
Maniac Posted December 30, 2010 ID:367747 Share Posted December 30, 2010 Please attach it. Link to post Share on other sites More sharing options...
tyrus Posted December 30, 2010 Author ID:367868 Share Posted December 30, 2010 Cure-it log won't attach. Error from forum."Select a file Attachment space used 6.31K of 10MBYou did not select a file to upload"Of course I did select a file and it tried to upload for 5-10minutes two times now.??? Thanks again. Link to post Share on other sites More sharing options...
Maniac Posted January 2, 2011 ID:368796 Share Posted January 2, 2011 Can you please try to upload somewhere? For example here: http://www.mediafire.com/ Link to post Share on other sites More sharing options...
tyrus Posted January 4, 2011 Author ID:369521 Share Posted January 4, 2011 File should be here. http://www.mediafire.com/file/nkkucyrwd6bbywb/CureIt.logThanks again for your help. Link to post Share on other sites More sharing options...
Maniac Posted January 5, 2011 ID:370175 Share Posted January 5, 2011 Any change? Link to post Share on other sites More sharing options...
tyrus Posted January 5, 2011 Author ID:370214 Share Posted January 5, 2011 No change in the problems that have been existing since the start. Rundll32 still loading on startup and interfering with streaming media and interfering with the battery monitor. Can still shut off in task manager. Checked to see if Rundll32.exe is in startup in msconfig but not listed there.???Thanks Link to post Share on other sites More sharing options...
Maniac Posted January 5, 2011 ID:370220 Share Posted January 5, 2011 Hope this helps:http://www.sevenforums.com/general-discuss...and-prompt.html Link to post Share on other sites More sharing options...
tyrus Posted January 8, 2011 Author ID:371567 Share Posted January 8, 2011 Hope this helps:http://www.sevenforums.com/general-discuss...and-prompt.htmlWent through thread and I still get:'fixmbr' is not a recognized as an internal or external command, operable program or batch file.As before I have tried many combination of /FixMbr etc. etc.When I go into System Recovery Options > Command Prompt I get X:\\sources\recovery>Is the correct area I should be entering in?When I enter BootRec.exe it seems to start OK and tells me the following commands are supported: /FixMbr, /FixBoot, /ScanOs, /RebuidBcd .Entering these does not seem to work. When entering the command line still says X:\\sources\recovery>Any ideas?Should I consider reinstalling windows?Thanks again. Link to post Share on other sites More sharing options...
Maniac Posted January 12, 2011 ID:373089 Share Posted January 12, 2011 Should be:bootrec.exe /fixmbrhttp://windows7themes.net/how-to-fix-mbr-in-windows-7.html Link to post Share on other sites More sharing options...
tyrus Posted January 14, 2011 Author ID:373791 Share Posted January 14, 2011 Thanks for the continued help.Entered bootrec.exe /fixmbrand report is "The operation was completed successfully"What next? Link to post Share on other sites More sharing options...
Maniac Posted January 14, 2011 ID:373884 Share Posted January 14, 2011 I need a new fresh GMER log. Link to post Share on other sites More sharing options...
tyrus Posted January 15, 2011 Author ID:374291 Share Posted January 15, 2011 Here you go. Thanks.GMER 1.0.15.15530 - http://www.gmer.netRootkit scan 2011-01-14 21:57:59Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.14.0Running: 3ws5np4n.exe; Driver: C:\Users\Audet\AppData\Local\Temp\kgrdqpob.sys---- System - GMER 1.0.15 ----INT 0x61 ? 90C6BCD8INT 0x90 ? 90C6BA58Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E70DBAE]Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8E70D9D2]Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8E70DB0C]Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSectionCode \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject---- Kernel code sections - GMER 1.0.15 ----.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E8D599 1 Byte [06].text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB1F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}PAGE spsys.sys!?SPRevision@@3PADA + 4F90 AC49F000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]PAGE spsys.sys!?SPRevision@@3PADA + 50B3 AC49F123 629 Bytes [A5, 49, AC, FE, 05, 34, A5, ...]PAGE spsys.sys!?SPRevision@@3PADA + 5329 AC49F399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]PAGE spsys.sys!?SPRevision@@3PADA + 538F AC49F3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]PAGE spsys.sys!?SPRevision@@3PADA + 543B AC49F4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]PAGE ... ---- User code sections - GMER 1.0.15 ----.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1404] kernel32.dll!SetUnhandledExceptionFilter 75CF3162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }.text C:\Program Files\Mozilla Firefox\firefox.exe[6108] ntdll.dll!LdrLoadDll 7779F625 5 Bytes JMP 008A13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)---- Devices - GMER 1.0.15 ----AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)Device \Driver\iaStor \Device\Ide\iaStor0 dvd43llh.sys (dvd43llh.sys/RIF)Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 dvd43llh.sys (dvd43llh.sys/RIF)Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 dvd43llh.sys (dvd43llh.sys/RIF)AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)---- Threads - GMER 1.0.15 ----Thread System [4:4988] AC4ACF2E---- Registry - GMER 1.0.15 ----Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f68b Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f68b (not active ControlSet) Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers@AliveServerCount 1---- Disk sectors - GMER 1.0.15 ----Disk \Device\Harddisk0\DR0 sector 08: copy of MBR---- EOF - GMER 1.0.15 ---- Link to post Share on other sites More sharing options...
Maniac Posted January 15, 2011 ID:374326 Share Posted January 15, 2011 Do you still have a problem? Link to post Share on other sites More sharing options...
tyrus Posted January 15, 2011 Author ID:374392 Share Posted January 15, 2011 yes problem is still there. I also did an Avast boot time can and a MWBytes quick scan and nothing was found. Thanks. T Link to post Share on other sites More sharing options...
Maniac Posted January 15, 2011 ID:374489 Share Posted January 15, 2011 Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, change it to Cure and then click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.Click the Report button and copy/paste the contents of it into your next replyNote:It will also create a log in the C:\ directory. Link to post Share on other sites More sharing options...
tyrus Posted January 16, 2011 Author ID:374772 Share Posted January 16, 2011 Scan complete (fast just 15sec). Nothing found. Here is the log. Thanks.2011/01/16 08:02:47.0073 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:112011/01/16 08:02:47.0073 ================================================================================2011/01/16 08:02:47.0073 SystemInfo:2011/01/16 08:02:47.0073 2011/01/16 08:02:47.0073 OS Version: 6.1.7600 ServicePack: 0.02011/01/16 08:02:47.0073 Product type: Workstation2011/01/16 08:02:47.0073 ComputerName: AUDET-LAPTOP2011/01/16 08:02:47.0075 UserName: Audet2011/01/16 08:02:47.0075 Windows directory: C:\Windows2011/01/16 08:02:47.0075 System windows directory: C:\Windows2011/01/16 08:02:47.0075 Processor architecture: Intel x862011/01/16 08:02:47.0075 Number of processors: 22011/01/16 08:02:47.0075 Page size: 0x10002011/01/16 08:02:47.0075 Boot type: Normal boot2011/01/16 08:02:47.0075 ================================================================================2011/01/16 08:02:53.0727 Initialize success2011/01/16 08:02:58.0509 ================================================================================2011/01/16 08:02:58.0509 Scan started2011/01/16 08:02:58.0509 Mode: Manual; 2011/01/16 08:02:58.0509 ================================================================================2011/01/16 08:02:59.0049 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys2011/01/16 08:02:59.0147 5U877 (d623af0d0db0f13d32cae34d3f0dad39) C:\Windows\system32\DRIVERS\5U877.sys2011/01/16 08:02:59.0218 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys2011/01/16 08:02:59.0275 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys2011/01/16 08:02:59.0402 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys2011/01/16 08:02:59.0473 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys2011/01/16 08:02:59.0532 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys2011/01/16 08:02:59.0609 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys2011/01/16 08:02:59.0648 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys2011/01/16 08:02:59.0706 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys2011/01/16 08:02:59.0839 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys2011/01/16 08:02:59.0886 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys2011/01/16 08:02:59.0911 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys2011/01/16 08:02:59.0956 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys2011/01/16 08:02:59.0981 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys2011/01/16 08:03:00.0043 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys2011/01/16 08:03:00.0112 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys2011/01/16 08:03:00.0159 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys2011/01/16 08:03:00.0199 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys2011/01/16 08:03:00.0381 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys2011/01/16 08:03:00.0410 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys2011/01/16 08:03:00.0475 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys2011/01/16 08:03:00.0517 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys2011/01/16 08:03:00.0546 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys2011/01/16 08:03:00.0573 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys2011/01/16 08:03:00.0609 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys2011/01/16 08:03:00.0649 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys2011/01/16 08:03:00.0702 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys2011/01/16 08:03:00.0784 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys2011/01/16 08:03:00.0819 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys2011/01/16 08:03:00.0873 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys2011/01/16 08:03:00.0920 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys2011/01/16 08:03:00.0947 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys2011/01/16 08:03:00.0974 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys2011/01/16 08:03:00.0996 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys2011/01/16 08:03:01.0028 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys2011/01/16 08:03:01.0051 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys2011/01/16 08:03:01.0084 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys2011/01/16 08:03:01.0103 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys2011/01/16 08:03:01.0141 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys2011/01/16 08:03:01.0165 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys2011/01/16 08:03:01.0205 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys2011/01/16 08:03:01.0233 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys2011/01/16 08:03:01.0280 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys2011/01/16 08:03:01.0498 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys2011/01/16 08:03:01.0563 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys2011/01/16 08:03:01.0617 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys2011/01/16 08:03:01.0670 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys2011/01/16 08:03:01.0736 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys2011/01/16 08:03:01.0756 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys2011/01/16 08:03:01.0808 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys2011/01/16 08:03:01.0848 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys2011/01/16 08:03:01.0890 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys2011/01/16 08:03:01.0929 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys2011/01/16 08:03:01.0992 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys2011/01/16 08:03:02.0068 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys2011/01/16 08:03:02.0100 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys2011/01/16 08:03:02.0145 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys2011/01/16 08:03:02.0215 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys2011/01/16 08:03:02.0290 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\Windows\system32\DRIVERS\dvd43llh.sys2011/01/16 08:03:02.0361 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys2011/01/16 08:03:02.0494 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys2011/01/16 08:03:02.0628 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys2011/01/16 08:03:02.0680 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys2011/01/16 08:03:02.0736 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys2011/01/16 08:03:02.0772 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys2011/01/16 08:03:02.0822 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys2011/01/16 08:03:02.0870 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys2011/01/16 08:03:02.0905 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys2011/01/16 08:03:02.0926 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys2011/01/16 08:03:02.0964 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys2011/01/16 08:03:03.0019 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys2011/01/16 08:03:03.0049 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys2011/01/16 08:03:03.0103 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys2011/01/16 08:03:03.0146 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys2011/01/16 08:03:03.0185 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys2011/01/16 08:03:03.0213 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys2011/01/16 08:03:03.0269 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys2011/01/16 08:03:03.0294 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys2011/01/16 08:03:03.0320 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys2011/01/16 08:03:03.0344 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys2011/01/16 08:03:03.0396 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys2011/01/16 08:03:03.0455 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys2011/01/16 08:03:03.0511 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys2011/01/16 08:03:03.0557 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys2011/01/16 08:03:03.0596 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys2011/01/16 08:03:03.0656 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys2011/01/16 08:03:03.0693 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys2011/01/16 08:03:03.0743 IBMPMDRV (4dcfc1792be8fc092ab41eafa9d0fde5) C:\Windows\system32\DRIVERS\ibmpmdrv.sys2011/01/16 08:03:03.0945 igfx (c7fee838fd0216ee0ad3d765ab4f40f4) C:\Windows\system32\DRIVERS\igdkmd32.sys2011/01/16 08:03:04.0293 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys2011/01/16 08:03:04.0469 IntcAzAudAddService (d991871aa47da7989540ac2c0f6ec533) C:\Windows\system32\drivers\RTKVHDA.sys2011/01/16 08:03:04.0613 IntcHdmiAddService (264632ade8127b7baa2190cf6fad435b) C:\Windows\system32\drivers\IntcHdmi.sys2011/01/16 08:03:04.0660 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys2011/01/16 08:03:04.0702 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys2011/01/16 08:03:04.0734 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys2011/01/16 08:03:04.0766 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys2011/01/16 08:03:04.0792 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys2011/01/16 08:03:04.0831 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys2011/01/16 08:03:04.0855 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys2011/01/16 08:03:04.0893 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys2011/01/16 08:03:04.0951 JMCR (2137795d207280d5707554aaf936fd19) C:\Windows\system32\DRIVERS\jmcr.sys2011/01/16 08:03:04.0998 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys2011/01/16 08:03:05.0030 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys2011/01/16 08:03:05.0068 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys2011/01/16 08:03:05.0129 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys2011/01/16 08:03:05.0209 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys2011/01/16 08:03:05.0280 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys2011/01/16 08:03:05.0332 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys2011/01/16 08:03:05.0354 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys2011/01/16 08:03:05.0395 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys2011/01/16 08:03:05.0417 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys2011/01/16 08:03:05.0469 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys2011/01/16 08:03:05.0497 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys2011/01/16 08:03:05.0543 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys2011/01/16 08:03:05.0580 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys2011/01/16 08:03:05.0642 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys2011/01/16 08:03:05.0687 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys2011/01/16 08:03:05.0718 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys2011/01/16 08:03:05.0756 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys2011/01/16 08:03:05.0778 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys2011/01/16 08:03:05.0817 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys2011/01/16 08:03:05.0847 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys2011/01/16 08:03:05.0918 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys2011/01/16 08:03:05.0951 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys2011/01/16 08:03:06.0012 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys2011/01/16 08:03:06.0045 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys2011/01/16 08:03:06.0079 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys2011/01/16 08:03:06.0131 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys2011/01/16 08:03:06.0157 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys2011/01/16 08:03:06.0187 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys2011/01/16 08:03:06.0240 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys2011/01/16 08:03:06.0274 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys2011/01/16 08:03:06.0302 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys2011/01/16 08:03:06.0341 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys2011/01/16 08:03:06.0382 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys2011/01/16 08:03:06.0457 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys2011/01/16 08:03:06.0486 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys2011/01/16 08:03:06.0522 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys2011/01/16 08:03:06.0566 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys2011/01/16 08:03:06.0632 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys2011/01/16 08:03:06.0683 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys2011/01/16 08:03:06.0725 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys2011/01/16 08:03:06.0775 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys2011/01/16 08:03:06.0808 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys2011/01/16 08:03:06.0830 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys2011/01/16 08:03:06.0900 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys2011/01/16 08:03:06.0944 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys2011/01/16 08:03:07.0221 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys2011/01/16 08:03:07.0574 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys2011/01/16 08:03:07.0705 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys2011/01/16 08:03:07.0753 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys2011/01/16 08:03:07.0779 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys2011/01/16 08:03:07.0845 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys2011/01/16 08:03:07.0907 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys2011/01/16 08:03:07.0941 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys2011/01/16 08:03:07.0964 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys2011/01/16 08:03:07.0989 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys2011/01/16 08:03:08.0017 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys2011/01/16 08:03:08.0103 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys2011/01/16 08:03:08.0132 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys2011/01/16 08:03:08.0162 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys2011/01/16 08:03:08.0205 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys2011/01/16 08:03:08.0247 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys2011/01/16 08:03:08.0271 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys2011/01/16 08:03:08.0315 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys2011/01/16 08:03:08.0385 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys2011/01/16 08:03:08.0582 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys2011/01/16 08:03:08.0639 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys2011/01/16 08:03:08.0701 psadd (72de205cd4006dc45b1401859c506679) C:\Windows\system32\DRIVERS\psadd.sys2011/01/16 08:03:08.0737 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys2011/01/16 08:03:08.0788 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys2011/01/16 08:03:08.0853 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys2011/01/16 08:03:08.0927 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys2011/01/16 08:03:08.0973 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys2011/01/16 08:03:09.0004 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys2011/01/16 08:03:09.0054 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys2011/01/16 08:03:09.0094 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys2011/01/16 08:03:09.0136 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys2011/01/16 08:03:09.0165 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys2011/01/16 08:03:09.0204 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys2011/01/16 08:03:09.0239 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys2011/01/16 08:03:09.0260 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys2011/01/16 08:03:09.0307 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys2011/01/16 08:03:09.0358 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys2011/01/16 08:03:09.0387 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys2011/01/16 08:03:09.0423 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys2011/01/16 08:03:09.0466 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys2011/01/16 08:03:09.0517 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys2011/01/16 08:03:09.0586 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys2011/01/16 08:03:09.0663 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys2011/01/16 08:03:09.0724 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys2011/01/16 08:03:09.0763 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys2011/01/16 08:03:09.0809 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys2011/01/16 08:03:09.0852 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys2011/01/16 08:03:09.0884 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys2011/01/16 08:03:09.0947 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys2011/01/16 08:03:10.0010 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys2011/01/16 08:03:10.0043 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys2011/01/16 08:03:10.0070 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys2011/01/16 08:03:10.0127 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys2011/01/16 08:03:10.0147 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys2011/01/16 08:03:10.0172 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys2011/01/16 08:03:10.0198 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys2011/01/16 08:03:10.0252 Shockprf (fc0127343bd1ce1986ba12f8937f1057) C:\Windows\system32\DRIVERS\Apsx86.sys2011/01/16 08:03:10.0274 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys2011/01/16 08:03:10.0307 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys2011/01/16 08:03:10.0332 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys2011/01/16 08:03:10.0358 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys2011/01/16 08:03:10.0413 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys2011/01/16 08:03:10.0514 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys2011/01/16 08:03:10.0578 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys2011/01/16 08:03:10.0624 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS2011/01/16 08:03:10.0671 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS2011/01/16 08:03:10.0732 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS2011/01/16 08:03:10.0800 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys2011/01/16 08:03:10.0849 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys2011/01/16 08:03:10.0899 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys2011/01/16 08:03:10.0934 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys2011/01/16 08:03:10.0978 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys2011/01/16 08:03:11.0053 SynTP (53d429d38e8fb5e0cd9225353006af0f) C:\Windows\system32\DRIVERS\SynTP.sys2011/01/16 08:03:11.0157 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys2011/01/16 08:03:11.0253 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys2011/01/16 08:03:11.0313 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys2011/01/16 08:03:11.0350 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys2011/01/16 08:03:11.0371 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys2011/01/16 08:03:11.0407 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys2011/01/16 08:03:11.0438 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys2011/01/16 08:03:11.0512 TPDIGIMN (521866a3ce5a1a69b4b4a87bdb52be26) C:\Windows\system32\DRIVERS\ApsHM86.sys2011/01/16 08:03:11.0562 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys2011/01/16 08:03:11.0614 TPPWRIF (6412da2b8d079d821b99b3a99943284e) C:\Windows\system32\drivers\Tppwr32v.sys2011/01/16 08:03:11.0662 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys2011/01/16 08:03:11.0697 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys2011/01/16 08:03:11.0740 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys2011/01/16 08:03:11.0775 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys2011/01/16 08:03:11.0822 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys2011/01/16 08:03:11.0853 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys2011/01/16 08:03:11.0885 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys2011/01/16 08:03:11.0932 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys2011/01/16 08:03:11.0955 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys2011/01/16 08:03:11.0996 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys2011/01/16 08:03:12.0039 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys2011/01/16 08:03:12.0063 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys2011/01/16 08:03:12.0101 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys2011/01/16 08:03:12.0129 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS2011/01/16 08:03:12.0166 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys2011/01/16 08:03:12.0240 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys2011/01/16 08:03:12.0290 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys2011/01/16 08:03:12.0335 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys2011/01/16 08:03:12.0367 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys2011/01/16 08:03:12.0391 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys2011/01/16 08:03:12.0423 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys2011/01/16 08:03:12.0451 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys2011/01/16 08:03:12.0475 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys2011/01/16 08:03:12.0504 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys2011/01/16 08:03:12.0527 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys2011/01/16 08:03:12.0567 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys2011/01/16 08:03:12.0608 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys2011/01/16 08:03:12.0649 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys2011/01/16 08:03:12.0699 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys2011/01/16 08:03:12.0736 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys2011/01/16 08:03:12.0775 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys2011/01/16 08:03:12.0811 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys2011/01/16 08:03:12.0857 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys2011/01/16 08:03:12.0896 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys2011/01/16 08:03:12.0910 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys2011/01/16 08:03:12.0970 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys2011/01/16 08:03:13.0015 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys2011/01/16 08:03:13.0094 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys2011/01/16 08:03:13.0116 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys2011/01/16 08:03:13.0226 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys2011/01/16 08:03:13.0292 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys2011/01/16 08:03:13.0350 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys2011/01/16 08:03:13.0409 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys2011/01/16 08:03:13.0439 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys2011/01/16 08:03:13.0527 ================================================================================2011/01/16 08:03:13.0527 Scan finished2011/01/16 08:03:13.0527 ================================================================================ Link to post Share on other sites More sharing options...
Maniac Posted January 16, 2011 ID:374867 Share Posted January 16, 2011 Please download mbr.exe and save it to your desktop.Go to Start => Run... then copy and paste the following red text into the Open field then click OK:"%userprofile%\desktop\mbr.exe" -fNext, double click on the mbr.exe file and post the contents of the new mbr.log Link to post Share on other sites More sharing options...
tyrus Posted January 16, 2011 Author ID:374878 Share Posted January 16, 2011 I downloaded mbr.exe to desk top then I entered "%userprofile%\desktop\mbr.exe" into the run command prompt. MBR.exe runs and then immediately shuts down (1 second of seeing the MBR screen). Tried a couple of times. Also tried entering %userprofile%\desktop\mbr.exe no change. Also tried shutting down all antivirus and using Killitall to avoid conflicts. No change. Ideas? Thanks. Link to post Share on other sites More sharing options...
Recommended Posts