Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WSAStartup() Failed or incorrect version of WinSock


  • This topic is locked This topic is locked
48 replies to this topic

#1 raven123

raven123

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 08 September 2011 - 06:49 PM

I have a friend's computer. Previously the owner was having trouble closing programs so he gave the computer to a friend to fix. After getting the computer back from the friend it will no longer connect to the internet. Now I have it. I have tried to run Malwarebytes after installing from a CD (although I am not able to update it). During the scan it did find one infection and then it stopped when it hit AppData\Roaming\uTorrent\dht.dat.old Now I can't do anything with Malwarebytes. It is sitting on the desktop doing nothing. I can't close it either. The computer uses windows Vista. When I turned the computer on it took almost 5 minutes to load. There were boxes on the desktop with

From uTorrent: WSAStartup() failed, or you have the incorrect version of Winsock Installed.

From Network Magic: Network Magic Cannot start properly. Please restart your computer then try starting Network Magic again.

Can someone help me with this? Remember I do not have internet on that computer so I will have to transfer any software, etc. from my computer to that one. Thanks in advance.

Edited by raven123, 08 September 2011 - 06:52 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 AM

Posted 13 September 2011 - 06:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/418115 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 raven123

raven123
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 13 September 2011 - 07:21 PM

Should I do the DDS and GMER logs by transferring the programs from my computer to the infected one or can we try to get the infected one back online first? I have not tried to do anything more with the computer as it is terribly slow. It takes 5-10 minutes just to get Vista loaded. I was hoping we could try to get it back online before running the programs but if I need to do it by transferring to a memory stick I can do that. Let me know what I should do. Thanks.

Edited by raven123, 13 September 2011 - 07:36 PM.


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:50 AM

Posted 14 September 2011 - 07:27 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

We Need to Repair Your Internet Connection
  • Please download WinsockXPFix from a working machine and copy it to a CD or flash media.
  • Copy the file to the desktop on the non working machine.
  • Double Click on Posted Image on your desktop.
  • Push the Posted Image button.
  • Allow your system to reboot.

Please let me know if your connection is restored in your next reply
Posted Image
m0le is a proud member of UNITE

#5 raven123

raven123
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 14 September 2011 - 07:49 PM

The Winsock Fix program says "registry information not found" but then following that it says Repair Completed Please Reboot. When I click OK to that I get "Run-Time error '53': File not found. I did not reboot manually. Should I?

And thank you for helping me.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:50 AM

Posted 14 September 2011 - 08:00 PM

Reboot and let's see :)
Posted Image
m0le is a proud member of UNITE

#7 raven123

raven123
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 14 September 2011 - 08:12 PM

Doesn't look like it worked. I'm still getting the WSAStartup Failed message from uTorrent. There's also a message from Windows that says Acer Empowering Technology Framework Launcher has stopped working. Another box said something about Windows Services has been stopped.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:50 AM

Posted 15 September 2011 - 04:30 PM

Okay, much more than a winsock issue then.

Please run aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#9 raven123

raven123
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 15 September 2011 - 04:43 PM

Hi, I had to download and transfer the file to the other computer. Here is the log from that computer

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-15 17:40:25
-----------------------------
17:40:25.304 OS Version: Windows 6.0.6002 Service Pack 2
17:40:25.304 Number of processors: 2 586 0x1706
17:40:25.304 ComputerName: CINDY-PC UserName: Cindy
17:40:25.944 Initialize success
17:40:34.243 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
17:40:34.259 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 8
17:40:36.287 Disk 0 MBR read successfully
17:40:36.287 Disk 0 MBR scan
17:40:36.287 Disk 0 unknown MBR code
17:40:36.302 Disk 0 scanning sectors +1250260992
17:40:36.365 Disk 0 scanning C:\Windows\system32\drivers
17:40:40.062 Service scanning
17:40:41.482 Service MpKsla30ba02d C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D13F844-BC76-47A9-B87C-21FA9CA3C242}\MpKsla30ba02d.sys **LOCKED** 32
17:40:41.482 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
17:40:42.106 Modules scanning
17:40:45.428 Disk 0 trace - called modules:
17:40:45.444 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
17:40:45.444 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8764aac8]
17:40:45.460 3 CLASSPNP.SYS[83fa58b3] -> nt!IofCallDriver -> [0x86db9700]
17:40:45.460 5 acpi.sys[83e9e6bc] -> nt!IofCallDriver -> \Device\00000068[0x8698d7b8]
17:40:45.460 Scan finished successfully
17:41:15.390 Disk 0 MBR has been saved successfully to "C:\Users\Cindy\Desktop\MBR.dat"
17:41:15.406 The log file has been saved successfully to "C:\Users\Cindy\Desktop\aswMBR.txt"

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:50 AM

Posted 15 September 2011 - 06:11 PM

You can assume when the instructions say download to PC that you need to download on a clean machine and transfer via USB unless the instructions say otherwise. :thumbup2:

Please run TDSSKiller and MBRCheck

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


And

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#11 raven123

raven123
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 15 September 2011 - 06:28 PM

2011/09/15 19:19:06.0044 5792 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/15 19:19:06.0044 5792 ================================================================================
2011/09/15 19:19:06.0044 5792 SystemInfo:
2011/09/15 19:19:06.0044 5792
2011/09/15 19:19:06.0044 5792 OS Version: 6.0.6002 ServicePack: 2.0
2011/09/15 19:19:06.0044 5792 Product type: Workstation
2011/09/15 19:19:06.0044 5792 ComputerName: CINDY-PC
2011/09/15 19:19:06.0044 5792 UserName: Cindy
2011/09/15 19:19:06.0044 5792 Windows directory: C:\Windows
2011/09/15 19:19:06.0044 5792 System windows directory: C:\Windows
2011/09/15 19:19:06.0044 5792 Processor architecture: Intel x86
2011/09/15 19:19:06.0044 5792 Number of processors: 2
2011/09/15 19:19:06.0044 5792 Page size: 0x1000
2011/09/15 19:19:06.0044 5792 Boot type: Normal boot
2011/09/15 19:19:06.0044 5792 ================================================================================
2011/09/15 19:19:06.0902 5792 Initialize success
2011/09/15 19:19:21.0347 5872 ================================================================================
2011/09/15 19:19:21.0347 5872 Scan started
2011/09/15 19:19:21.0347 5872 Mode: Manual;
2011/09/15 19:19:21.0347 5872 ================================================================================
2011/09/15 19:19:21.0659 5872 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/09/15 19:19:21.0737 5872 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/09/15 19:19:21.0768 5872 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/09/15 19:19:21.0800 5872 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/09/15 19:19:21.0831 5872 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/09/15 19:19:21.0893 5872 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/09/15 19:19:21.0924 5872 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/09/15 19:19:21.0956 5872 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/15 19:19:21.0987 5872 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/09/15 19:19:22.0018 5872 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/09/15 19:19:22.0034 5872 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/09/15 19:19:22.0065 5872 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/09/15 19:19:22.0080 5872 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/09/15 19:19:22.0127 5872 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/09/15 19:19:22.0143 5872 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/09/15 19:19:22.0174 5872 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/15 19:19:22.0221 5872 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/09/15 19:19:22.0268 5872 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/15 19:19:22.0299 5872 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/09/15 19:19:22.0361 5872 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/15 19:19:22.0392 5872 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/15 19:19:22.0408 5872 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/15 19:19:22.0439 5872 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/15 19:19:22.0455 5872 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/15 19:19:22.0470 5872 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/15 19:19:22.0517 5872 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/15 19:19:22.0533 5872 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/09/15 19:19:22.0580 5872 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/15 19:19:22.0611 5872 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/15 19:19:22.0626 5872 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/09/15 19:19:22.0673 5872 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/09/15 19:19:22.0720 5872 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/09/15 19:19:22.0736 5872 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/09/15 19:19:22.0782 5872 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/09/15 19:19:22.0814 5872 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/09/15 19:19:22.0860 5872 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/09/15 19:19:22.0907 5872 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/09/15 19:19:22.0954 5872 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/09/15 19:19:22.0985 5872 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/09/15 19:19:23.0016 5872 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/09/15 19:19:23.0063 5872 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/15 19:19:23.0110 5872 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/15 19:19:23.0141 5872 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/15 19:19:23.0219 5872 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/09/15 19:19:23.0282 5872 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/09/15 19:19:23.0344 5872 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/09/15 19:19:23.0406 5872 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/09/15 19:19:23.0469 5872 F-Secure Filter (c42b0105e09b1ece2dd75141cf64afd6) C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\Win2K\FSfilter.sys
2011/09/15 19:19:23.0516 5872 F-Secure Gatekeeper (b944feed1e1720da72f82695b0afb078) C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\minifilter\fsgk.sys
2011/09/15 19:19:23.0562 5872 F-Secure HIPS (dc0720248dc4d1f303df94ccc3adff96) C:\Program Files\eastlinkinternetsecurityservices\HIPS\drivers\fshs.sys
2011/09/15 19:19:23.0578 5872 F-Secure Recognizer (17b22d1bb6770d8a86573387345c1738) C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\Win2K\FSrec.sys
2011/09/15 19:19:23.0609 5872 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/09/15 19:19:23.0656 5872 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/15 19:19:23.0703 5872 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/15 19:19:23.0750 5872 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/15 19:19:23.0765 5872 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/15 19:19:23.0812 5872 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/09/15 19:19:23.0859 5872 fsbts (0e3e5d0486c4e2128b9f0e1c2fd410c4) C:\Windows\system32\Drivers\fsbts.sys
2011/09/15 19:19:23.0906 5872 FSES (45d83eb65fc09acfffa5d27053eb9ff3) C:\Windows\system32\drivers\fses.sys
2011/09/15 19:19:23.0921 5872 FSFW (4873e90a180e1585f9b6c6d52aebf52c) C:\Windows\system32\drivers\fsdfw.sys
2011/09/15 19:19:24.0015 5872 fsvista (d8b300c1c744460dae837db72bc2ccbd) C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\minifilter\fsvista.sys
2011/09/15 19:19:24.0046 5872 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/15 19:19:24.0077 5872 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/15 19:19:24.0108 5872 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/15 19:19:24.0171 5872 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/09/15 19:19:24.0202 5872 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/15 19:19:24.0233 5872 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/09/15 19:19:24.0249 5872 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/09/15 19:19:24.0327 5872 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/15 19:19:24.0342 5872 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/09/15 19:19:24.0405 5872 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/09/15 19:19:24.0436 5872 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/09/15 19:19:24.0467 5872 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/15 19:19:24.0498 5872 iaStor (580bfec487c55264bfe3d60c3c24eee1) C:\Windows\system32\drivers\iastor.sys
2011/09/15 19:19:24.0530 5872 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/09/15 19:19:24.0561 5872 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/15 19:19:24.0623 5872 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/09/15 19:19:24.0686 5872 IntcAzAudAddService (4c01298060cf930d26a75a86b874b6ae) C:\Windows\system32\drivers\RTKVHDA.sys
2011/09/15 19:19:24.0764 5872 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/09/15 19:19:24.0795 5872 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/15 19:19:24.0842 5872 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/15 19:19:24.0888 5872 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/15 19:19:24.0920 5872 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/15 19:19:24.0951 5872 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/15 19:19:24.0966 5872 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/09/15 19:19:25.0013 5872 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/15 19:19:25.0044 5872 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/15 19:19:25.0091 5872 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/15 19:19:25.0122 5872 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/15 19:19:25.0154 5872 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/15 19:19:25.0216 5872 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/15 19:19:25.0294 5872 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/15 19:19:25.0341 5872 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/15 19:19:25.0372 5872 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/15 19:19:25.0403 5872 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/15 19:19:25.0419 5872 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/15 19:19:25.0450 5872 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/09/15 19:19:25.0497 5872 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/09/15 19:19:25.0528 5872 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/15 19:19:25.0544 5872 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/15 19:19:25.0575 5872 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/15 19:19:25.0590 5872 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/15 19:19:25.0606 5872 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/15 19:19:25.0637 5872 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/09/15 19:19:25.0668 5872 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/09/15 19:19:25.0762 5872 MpKsla30ba02d (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D13F844-BC76-47A9-B87C-21FA9CA3C242}\MpKsla30ba02d.sys
2011/09/15 19:19:25.0887 5872 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/09/15 19:19:25.0902 5872 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/15 19:19:25.0949 5872 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/15 19:19:25.0980 5872 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/15 19:19:26.0043 5872 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/15 19:19:26.0074 5872 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/15 19:19:26.0105 5872 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/15 19:19:26.0136 5872 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/09/15 19:19:26.0168 5872 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/09/15 19:19:26.0199 5872 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/15 19:19:26.0230 5872 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/15 19:19:26.0292 5872 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/15 19:19:26.0324 5872 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/15 19:19:26.0355 5872 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/15 19:19:26.0386 5872 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/09/15 19:19:26.0417 5872 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/15 19:19:26.0433 5872 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/15 19:19:26.0464 5872 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/09/15 19:19:26.0511 5872 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/15 19:19:26.0573 5872 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/09/15 19:19:26.0604 5872 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/15 19:19:26.0636 5872 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/15 19:19:26.0667 5872 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/15 19:19:26.0682 5872 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/15 19:19:26.0714 5872 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/15 19:19:26.0745 5872 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/15 19:19:26.0792 5872 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/15 19:19:26.0823 5872 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/09/15 19:19:26.0870 5872 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/09/15 19:19:26.0901 5872 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/15 19:19:26.0932 5872 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/09/15 19:19:26.0979 5872 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/09/15 19:19:27.0010 5872 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/15 19:19:27.0026 5872 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/15 19:19:27.0072 5872 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/09/15 19:19:27.0119 5872 NVHDA (f3ef6cb754c908c5e79fe5bb4a7e39ba) C:\Windows\system32\drivers\nvhda32v.sys
2011/09/15 19:19:27.0306 5872 nvlddmkm (00832a21237ba36901b5a3e499f2e197) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/15 19:19:27.0462 5872 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/09/15 19:19:27.0509 5872 nvrd32 (6934105ecc6a19570160d794e301e595) C:\Windows\system32\drivers\nvrd32.sys
2011/09/15 19:19:27.0525 5872 nvsmu (7ec12a73067baca25a8e3e2a58ae83d8) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/09/15 19:19:27.0556 5872 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/09/15 19:19:27.0587 5872 nvstor32 (d7b213299852d2026dbc90dab77ef06c) C:\Windows\system32\drivers\nvstor32.sys
2011/09/15 19:19:27.0618 5872 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/09/15 19:19:27.0696 5872 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/15 19:19:27.0743 5872 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/15 19:19:27.0774 5872 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/09/15 19:19:27.0806 5872 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/15 19:19:27.0852 5872 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/09/15 19:19:27.0884 5872 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/09/15 19:19:27.0915 5872 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/09/15 19:19:27.0962 5872 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/15 19:19:28.0055 5872 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/15 19:19:28.0086 5872 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/09/15 19:19:28.0118 5872 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/15 19:19:28.0149 5872 PSDFilter (ab94285ff6c6bc5433407d8d182a4bb4) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/09/15 19:19:28.0180 5872 PSDNServ (2aaf9a5d7a63d26bfaea853c5f2292bc) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/09/15 19:19:28.0196 5872 psdvdisk (0eb8cec99855beae5b0d02c2302619ef) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/09/15 19:19:28.0258 5872 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/09/15 19:19:28.0320 5872 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/15 19:19:28.0352 5872 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/15 19:19:28.0445 5872 RapportCerberus_26762 (7bf4f7e3ff7067b80b7d3d1e031bcb0e) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys
2011/09/15 19:19:28.0508 5872 RapportEI (d299e4973da2dc9ded9066232e99e3d2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
2011/09/15 19:19:28.0539 5872 RapportKELL (b4fedb7c55968ebe2bb9b8d7612eb2d5) C:\Windows\system32\Drivers\RapportKELL.sys
2011/09/15 19:19:28.0586 5872 RapportPG (352cae4a3c3b6f6ccdaa246a0a6a61c6) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/09/15 19:19:28.0617 5872 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/15 19:19:28.0648 5872 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/15 19:19:28.0679 5872 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/15 19:19:28.0710 5872 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/15 19:19:28.0726 5872 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/15 19:19:28.0757 5872 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/15 19:19:28.0788 5872 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/09/15 19:19:28.0804 5872 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/15 19:19:28.0851 5872 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/09/15 19:19:28.0898 5872 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/15 19:19:28.0929 5872 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/15 19:19:28.0976 5872 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/15 19:19:28.0991 5872 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/15 19:19:29.0022 5872 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/09/15 19:19:29.0054 5872 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/15 19:19:29.0100 5872 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/09/15 19:19:29.0116 5872 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/15 19:19:29.0147 5872 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/15 19:19:29.0178 5872 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/09/15 19:19:29.0210 5872 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/09/15 19:19:29.0225 5872 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/09/15 19:19:29.0256 5872 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/09/15 19:19:29.0319 5872 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/09/15 19:19:29.0381 5872 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/15 19:19:29.0428 5872 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/09/15 19:19:29.0475 5872 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/15 19:19:29.0522 5872 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/15 19:19:29.0553 5872 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/15 19:19:29.0600 5872 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/15 19:19:29.0631 5872 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/15 19:19:29.0662 5872 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/15 19:19:29.0740 5872 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/09/15 19:19:29.0787 5872 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/15 19:19:29.0818 5872 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/15 19:19:29.0865 5872 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/15 19:19:29.0896 5872 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/15 19:19:29.0943 5872 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/15 19:19:29.0974 5872 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/15 19:19:30.0036 5872 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/15 19:19:30.0114 5872 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
2011/09/15 19:19:30.0146 5872 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/15 19:19:30.0177 5872 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/15 19:19:30.0208 5872 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\Windows\system32\drivers\tvicport.sys
2011/09/15 19:19:30.0239 5872 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/09/15 19:19:30.0270 5872 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/15 19:19:30.0317 5872 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/15 19:19:30.0348 5872 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/09/15 19:19:30.0380 5872 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/15 19:19:30.0411 5872 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/15 19:19:30.0426 5872 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/15 19:19:30.0473 5872 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2011/09/15 19:19:30.0504 5872 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/15 19:19:30.0520 5872 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/15 19:19:30.0567 5872 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/15 19:19:30.0582 5872 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/15 19:19:30.0614 5872 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/15 19:19:30.0645 5872 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/15 19:19:30.0676 5872 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/15 19:19:30.0707 5872 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/15 19:19:30.0723 5872 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/15 19:19:30.0785 5872 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/15 19:19:30.0816 5872 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/15 19:19:30.0832 5872 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/09/15 19:19:30.0848 5872 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/09/15 19:19:30.0879 5872 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/09/15 19:19:30.0894 5872 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/15 19:19:30.0941 5872 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/09/15 19:19:30.0972 5872 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/09/15 19:19:31.0004 5872 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/09/15 19:19:31.0050 5872 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/15 19:19:31.0082 5872 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/15 19:19:31.0097 5872 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/15 19:19:31.0128 5872 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/09/15 19:19:31.0175 5872 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/15 19:19:31.0269 5872 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/15 19:19:31.0331 5872 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/15 19:19:31.0378 5872 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/15 19:19:31.0425 5872 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\Windows\system32\drivers\zntport.sys
2011/09/15 19:19:31.0440 5872 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
2011/09/15 19:19:32.0018 5872 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR6
2011/09/15 19:19:32.0049 5872 Boot (0x1200) (387aba6cc787a8fa9ba645238375f063) \Device\Harddisk0\DR0\Partition0
2011/09/15 19:19:32.0080 5872 Boot (0x1200) (1c40b52d62b0357cab7d02e97a361f93) \Device\Harddisk0\DR0\Partition1
2011/09/15 19:19:32.0096 5872 Boot (0x1200) (ccf97aed5b8d3ace94465e651502119c) \Device\Harddisk5\DR6\Partition0
2011/09/15 19:19:32.0096 5872 ================================================================================
2011/09/15 19:19:32.0096 5872 Scan finished
2011/09/15 19:19:32.0096 5872 ================================================================================
2011/09/15 19:19:32.0111 0764 Detected object count: 0
2011/09/15 19:19:32.0111 0764 Actual detected object count: 0


-----------------------------------------------------------


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ACER
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ACER
System Product Name: Aspire M1640
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 156):
0x8384B000 \SystemRoot\system32\ntkrnlpa.exe
0x83818000 \SystemRoot\system32\hal.dll
0x80602000 \SystemRoot\system32\kdcom.dll
0x80609000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80679000 \SystemRoot\system32\PSHED.dll
0x8068A000 \SystemRoot\system32\BOOTVID.dll
0x80692000 \SystemRoot\system32\CLFS.SYS
0x806D3000 \SystemRoot\system32\CI.dll
0x83E0D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83E89000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83E96000 \SystemRoot\system32\drivers\acpi.sys
0x83EDC000 \SystemRoot\system32\drivers\WMILIB.SYS
0x83EE5000 \SystemRoot\system32\drivers\msisadrv.sys
0x83EED000 \SystemRoot\system32\drivers\pci.sys
0x83F14000 \SystemRoot\System32\drivers\partmgr.sys
0x83F23000 \SystemRoot\system32\drivers\volmgr.sys
0x83F32000 \SystemRoot\System32\drivers\volmgrx.sys
0x83F7C000 \SystemRoot\system32\drivers\nvrd32.sys
0x83FA0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x83FC1000 \SystemRoot\system32\drivers\pciide.sys
0x83FC8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x83FD6000 \SystemRoot\System32\drivers\mountmgr.sys
0x807B3000 \SystemRoot\system32\drivers\nvraid.sys
0x83FE6000 \SystemRoot\system32\drivers\atapi.sys
0x807CE000 \SystemRoot\system32\drivers\ataport.SYS
0x8AE04000 \SystemRoot\system32\drivers\nvstor32.sys
0x8AE29000 \SystemRoot\system32\drivers\storport.sys
0x8AE6A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AE9C000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AEAC000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8AEB5000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B009000 \SystemRoot\system32\drivers\ndis.sys
0x8B114000 \SystemRoot\system32\drivers\msrpc.sys
0x8B13F000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B201000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B311000 \SystemRoot\system32\drivers\wd.sys
0x8B319000 \SystemRoot\system32\drivers\volsnap.sys
0x8B352000 \SystemRoot\System32\Drivers\spldr.sys
0x8B35A000 \SystemRoot\System32\Drivers\mup.sys
0x8B369000 \SystemRoot\system32\Drivers\fsbts.sys
0x8B372000 \SystemRoot\System32\drivers\ecache.sys
0x8B399000 \SystemRoot\system32\drivers\disk.sys
0x8B3AA000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B3EF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B17A000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B183000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B192000 \SystemRoot\system32\DRIVERS\serial.sys
0x8B1AC000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8B1B6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B1C9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B1D4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B3FA000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8B1DF000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8AF26000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B1E9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AF64000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x83FEE000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8AFF1000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x90801000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90819000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x9081B000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x90821000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x90C09000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x91313000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x913B3000 \SystemRoot\System32\drivers\watchdog.sys
0x913BF000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x913C8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90921000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9092C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90943000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9094E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90971000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90980000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90994000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x909A9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x913F7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x909B9000 \SystemRoot\system32\DRIVERS\ks.sys
0x909E3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x909ED000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90607000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9063C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91A09000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x91C0A000 \SystemRoot\system32\drivers\portcls.sys
0x91C37000 \SystemRoot\system32\drivers\drmk.sys
0x91C5C000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x91C83000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91C8C000 \SystemRoot\System32\Drivers\Null.SYS
0x91C93000 \SystemRoot\System32\Drivers\Beep.SYS
0x91CA3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x91CAA000 \SystemRoot\System32\drivers\vga.sys
0x91CB6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91CD7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91CDF000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91CE7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91CF2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91D00000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91D09000 \SystemRoot\System32\drivers\tcpip.sys
0x9064D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x90668000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9067E000 \SystemRoot\system32\DRIVERS\smb.sys
0x90692000 \SystemRoot\system32\drivers\afd.sys
0x906DA000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9070C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90722000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90730000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90743000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9077F000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
0x907A5000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
0x907B4000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys
0x91DF6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91A00000 \??\C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\minifilter\fsvista.sys
0x907C1000 \SystemRoot\System32\drivers\fsdfw.sys
0x91C9A000 \SystemRoot\System32\drivers\fses.sys
0x907D1000 \??\C:\Program Files\eastlinkinternetsecurityservices\HIPS\drivers\fshs.sys
0x907E0000 \SystemRoot\System32\Drivers\dfsc.sys
0x9240C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x92421000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x92423000 \SystemRoot\System32\Drivers\crashdmp.sys
0x92430000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x9243A000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x99EB0000 \SystemRoot\System32\win32k.sys
0x9245F000 \SystemRoot\System32\drivers\Dxapi.sys
0x9A0D0000 \SystemRoot\System32\TSDDD.dll
0x9A0F0000 \SystemRoot\System32\cdd.dll
0x92478000 \SystemRoot\system32\drivers\luafv.sys
0x92493000 \SystemRoot\system32\drivers\spsys.sys
0x92543000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x92553000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x92566000 \SystemRoot\system32\drivers\HTTP.sys
0x925D3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x8B3B3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8B3CC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9E809000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9E828000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9E861000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9E879000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9E8A1000 \SystemRoot\System32\DRIVERS\srv.sys
0x9E8F0000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0x9E8F7000 \SystemRoot\system32\drivers\peauth.sys
0x9E9D5000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0x9E9DE000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0x9E9F0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x925F0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9E9FA000 \??\C:\Windows\system32\drivers\tvicport.sys
0xA220D000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA2222000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA2234000 \??\C:\Windows\system32\drivers\zntport.sys
0xA2235000 \??\C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\minifilter\fsgk.sys
0xA225D000 \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
0xA2262000 \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D13F844-BC76-47A9-B87C-21FA9CA3C242}\MpKsla30ba02d.sys
0xA2268000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA227E000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0xA2296000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA22A9000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA22D1000 \??\C:\Users\Cindy\AppData\Local\Temp\aswMBR.sys
0x77AA0000 \Windows\System32\ntdll.dll

Processes (total 85):
0 System Idle Process
4 System
464 C:\Windows\System32\smss.exe
600 csrss.exe
652 C:\Windows\System32\wininit.exe
664 csrss.exe
696 C:\Windows\System32\services.exe
708 C:\Windows\System32\lsass.exe
716 C:\Windows\System32\lsm.exe
864 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\winlogon.exe
952 C:\Windows\System32\nvvsvc.exe
980 C:\Windows\System32\svchost.exe
1020 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1076 C:\Windows\System32\svchost.exe
1140 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
1376 C:\Windows\System32\svchost.exe
1432 C:\Windows\System32\svchost.exe
1448 C:\Windows\System32\svchost.exe
1512 C:\Windows\System32\audiodg.exe
1556 C:\Windows\System32\SLsvc.exe
1620 C:\Windows\System32\svchost.exe
1744 C:\Windows\System32\rundll32.exe
1900 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
1628 C:\Windows\System32\dwm.exe
1844 C:\Windows\System32\svchost.exe
1684 C:\Windows\System32\svchost.exe
1848 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
1828 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
1676 C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsgk32st.exe
1652 C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsgk32.exe
1672 C:\Program Files\eastlinkinternetsecurityservices\Common\FSMA32.EXE
576 C:\Windows\System32\svchost.exe
564 C:\Program Files\eastlinkinternetsecurityservices\Common\FSHDLL32.EXE
812 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2064 C:\Windows\System32\svchost.exe
2148 C:\Windows\System32\svchost.exe
2236 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
2340 C:\Windows\System32\svchost.exe
2372 C:\Windows\System32\SearchIndexer.exe
2460 WUDFHost.exe
2496 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
2732 WmiPrvSE.exe
2888 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
3748 C:\Program Files\Windows Defender\MSASCui.exe
3756 C:\Windows\RtHDVCpl.exe
3764 C:\Acer\Empowering Technology\SysMonitor.exe
3772 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
3808 C:\Program Files\eastlinkinternetsecurityservices\Common\FSM32.EXE
3832 C:\Program Files\Microsoft Security Client\msseces.exe
3840 C:\Program Files\Ask.com\Updater\Updater.exe
3848 C:\Program Files\Windows Sidebar\sidebar.exe
3860 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3884 C:\Windows\ehome\ehtray.exe
3920 C:\Program Files\Windows Media Player\wmpnscfg.exe
3976 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
4080 C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fssm32.exe
2088 C:\Program Files\eastlinkinternetsecurityservices\ORSP Client\fsorsp.exe
2768 C:\Windows\System32\wermgr.exe
3356 C:\Windows\System32\wbem\unsecapp.exe
3420 WmiPrvSE.exe
2676 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
2944 C:\Windows\ehome\ehmsas.exe
592 C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsav32.exe
3308 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
2860 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
1888 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
4360 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
5380 C:\Windows\System32\svchost.exe
5428 C:\Program Files\Google\Update\GoogleUpdate.exe
5836 C:\Windows\System32\wbem\WMIADAP.exe
3940 C:\Program Files\Internet Explorer\ieuser.exe
3952 C:\Program Files\Internet Explorer\iexplore.exe
3656 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
2536 C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
3164 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
4600 WerFault.exe
3344 C:\Windows\explorer.exe
3788 C:\Windows\System32\svchost.exe
5028 C:\Windows\System32\SearchProtocolHost.exe
3668 C:\Windows\System32\SearchFilterHost.exe
3988 dllhost.exe
5260 dllhost.exe
3180 C:\Users\Cindy\Desktop\MBRCheck.exe
6124 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000004b`c6000000 (NTFS)

PhysicalDrive0 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 84AF3DB4B068D820F14DC9DE8C495DCE1F62BC64


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:50 AM

Posted 15 September 2011 - 06:33 PM

We need to replace the fake MBR. The easiest way is using your installation disk.

1. Put the Windows Vista or Windows 7 installation disc in the disc drive, and then start the computer.
2. Press a key when you are prompted.
3. Select a language, a time, a currency, a keyboard or an input method, and then click Next.
4. Click Repair your computer.
5. Click the operating system that you want to repair, and then click Next.
6. In the System Recovery Options dialog box, click Command Prompt.
7. Type Bootrec.exe, and then press ENTER.
8. Type Bootrec.exe /FixMbr


If there's no disk then use NTBR

  • Download NTBR_CD by noahdfear to the desktop.
  • Click on the NTBR_CD.exe to extract its contents to the desktop.
  • Once extracted, open the NTBR_CD folder and click on the BurnItCD application.
  • Insert a blank CD when prompted. The .iso image will be burned to the CD.
  • Boot the computer with the CD you just burned and follow the prompts.
  • Press Enter for English.
  • At the menu type 1 to select MBRWORK then hit Enter

    This screen will show the hard drive configuration.
    Posted Image
  • Type 5 to Install standard MBR code then hit Enter
  • Type 1 to select Standard then hit Enter
  • Type Y then hit Enter to confirm
  • Type E then hit Enter to exit
  • Back at the menu, type 6 to Quit.
  • Press Ctrl+Alt+Del to restart the machine.
  • Eject the CD upon restart and boot normally.

Posted Image
m0le is a proud member of UNITE

#13 raven123

raven123
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 15 September 2011 - 06:38 PM

I have two recovery disks here. That's not the same as an installation disk, right?

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:50 AM

Posted 15 September 2011 - 06:43 PM

Right. We'd better go with NTBR then :)
Posted Image
m0le is a proud member of UNITE

#15 raven123

raven123
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 15 September 2011 - 07:05 PM

I made the CD, left it in the machine, rebooted but it didn't boot to the CD. I have to go into setup to change the boot order now, right? If yes, what button do I press to get into setup, do you know?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users