Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast keeps finding Sirefef and computer keeps randomly shutting down


  • This topic is locked This topic is locked
59 replies to this topic

#1 ajax1946

ajax1946

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 24 May 2012 - 03:37 PM

In response to http://www.bleepingcomputer.com/forums/topic454645.html/page__pid__2708965#entry2708965

My browser started redirecting me to spam sites when I would try to browse to Google or Bing. I ran a scan with AVG and all it said was that it recently protected me from a threat and did not find any viruses. It also warned me that my firewall was turned off. I went into the control panel to try to turn it back on but I received an error, "Windows Firewall can't change some of your settings. Error code 0x80070424." I uninstalled AVG and installed Avast and ran a scan, it found 5 viruses, Win32:Sirefef-PL, Win32:SmokeLoader-PV, Win64:Sirefef-A, Win32:DNSChanger-VJ and Win32:SmokeLoader-PV again.

I chose to move the viruses to the chest and Avast then told me to restart the computer to do a boot-time scan which found 17 Potentially unwanted programs, from OpinionSquare. I did a Google search on my phone to find out what this was before continuing. I found that it belonged to a survey company and then chose to delete the potentially unwanted program. It continued to scan and found Win32:Sirefef-PL again which it deleted without prompting me as to what I wanted to do.

The computer started up after the scan but hung at the Windows Welcome Screen for about 5 minutes then went to the desktop which was blank and just was a black screen, no start bar, just the arrow cursor. I tried to use ctrl+alt+del to get to the security options screen but it wouldn't come up. I force shut down the computer by holding in the power button and let it sit for about 10 minutes before turning it back on. I chose to start Windows in Normal Mode and it gave the same behavior, so I forced it off again and then started in safe mode and ran another scan with Avast and it found the same viruses again, so I moved them to the vault again. I tried to start the computer back up without the boot time scan, as it didn't tell me to do it this time and I am still getting a black screen but this time the start bar loads.

Earlier this morning the desktop did load in normal mode and I was able to use Defogger and DDS but when running Gmer the scan ran for about 10 minutes and then the computer shut itself off, no error messages and no blue screen. I tried to turn the computer back on but it wouldn't start up right away, so I waited about 5 minutes, turned it back on, was able to get it to start back up in normal mode and tried the scan again. I received a pop up from Gmer that said the files had been copied to the clipboard and to paste them into notepad. When I tried to open notepad the computer froze and then shut itself down again without any blue screen or error messages.

The redirection has stopped but the weird behavior continues and I am not sure if it is being caused by the viruses that continue to be found by Avast.

Thanks!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Megg at 9:06:50 on 2012-05-24
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\prxtbZyn0.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\prxtbZyn0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1066\TmIEPlg.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\prxtbZyn0.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\consumer input\dca-bho.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\prxtbZyn0.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO
uRun: [Google Update] "c:\users\megg\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Consumer Input Update] c:\program files\consumer input\dca-ua.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [AdobeBridge]
mRun: [<NO NAME>]
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\megg\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\megg\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3F84BDBF-CA03-4EC8-A588-51EEBC0384DB} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{8D5566C9-B74E-49EA-A314-C97943847BCA} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{8D5566C9-B74E-49EA-A314-C97943847BCA} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8D5566C9-B74E-49EA-A314-C97943847BCA}\241405C4 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{8D5566C9-B74E-49EA-A314-C97943847BCA}\241405C4 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8D5566C9-B74E-49EA-A314-C97943847BCA}\24279676864735973616D6F62756D27657563747 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{8D5566C9-B74E-49EA-A314-C97943847BCA}\24279676864735973616D6F62756D27657563747 : DhcpNameServer = 207.255.0.43 207.255.0.45
TCP: Interfaces\{8D5566C9-B74E-49EA-A314-C97943847BCA}\2456C6B696E6E233232344 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8D5566C9-B74E-49EA-A314-C97943847BCA}\550727F6F647024402358627572637 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8D5566C9-B74E-49EA-A314-C97943847BCA}\550727F6F6470244E202358627572637 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8D5566C9-B74E-49EA-A314-C97943847BCA}\550727F6F6470A44E20A358627572637 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9A2C832A-3E88-42DB-8D70-FFA7F014AFC6} : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\megg\appdata\roaming\mozilla\firefox\profiles\74015xdb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aimright-chromesbox-en-us&tb_uuid=20120321182618660&tb_oid=21-03-2012&tb_mrud=21-03-2012
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.aol.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aimright-ab-en-us&tb_uuid=20120321182618660&tb_oid=21-03-2012&tb_mrud=21-03-2012&query=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 10\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\megg\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\megg\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-05-22 01:51:02 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-05-22 01:51:02 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-05-22 01:51:02 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-05-22 01:51:02 55056 ----a-w- c:\windows\system32\drivers\tmeevw.sys
2012-05-22 01:51:02 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-05-22 01:51:02 171280 ----a-w- c:\windows\system32\drivers\tmnciesc.sys
2012-05-22 01:28:45 102400 ----a-w- c:\windows\RegBootClean.exe
2012-05-18 19:37:58 14 ----a-w- c:\windows\system32\SystemInfo32.sys
2012-05-05 16:53:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 16:53:11 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-21 01:31:09 14 ----a-w- c:\windows\system32\SysInfo.dll
2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 02:36:11 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-21 00:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-17 07:27:18 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-15 04:47:36 0 ----a-w- c:\windows\system32\sho9AC5.tmp
2012-03-13 00:56:40 947472 ----a-w- c:\windows\system32\msjava.dll
2012-03-08 22:50:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-08 22:37:20 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-08 22:32:24 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:02:14 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-03 05:31:19 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-01 05:46:57 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37:41 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 9:11:33.89 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:46 AM

Posted 27 May 2012 - 01:53 PM

Welcome to Bleeping Comp[uter, ajax1946!

Looks as if you are infected with ZeroAccess, a rootkit that uses advanced technology to hide its presence in a system it infects.

Please download the latest version of: TDSSKiller.exe
Save to the Desktop.

Windows Seven: Right-click the file and select 'Run as Administrator'

In the TDSSKiller Scan prompt, click on: Change parameters
Check the box besides: Detect TDLFS file system
Click: OK

Press the button: Start Scan

The tool scans and detects two object types:
Malicious (where the malware has been identified)
Suspicious (where the malware cannot be identified)

When the scan is over, the tool outputs a list of detected objects (Malicious or Suspicious) with their description.

It automatically selects an action (Cure or Delete) for Malicious objects. Leave the setting as it is.

It also prompts the User to select an action to apply to Suspicious objects (Skip, by default).
Leave the setting as it is.

After clicking 'Next/Continue', the tool applies the selected actions.
A Reboot Required prompt may appear after a disinfection.
Please reboot!!

By default, the tool outputs its log to the system disk root folder (the disk with the Windows operating system,
normally C:\).

Logs have a name like:
C:\TDSSKiller.2.4.7_22.02.2012_15.31.43_log.txt

Please post the TDSSKiller log in your reply.

Also need to know whether TDSSKiller needed a reboot.



~~~~
Next, download: aswMBR
Save it to the Desktop.

Windows Seven: Right-click the file and select 'Run as Administrator'

When promped with: This Application can use the Avast! Free AntiVirus for scanning...etc.
Select: Yes

The last line of the run in progress will provide the status of the Avast! scan.
It will say: Downloading Avast! virus definitiond database, etc.
When the Avast! scan is done, the last line changes to: Avast Engine definitions #####

At this point, click the Scan button on the lower left of the aswMBR screen.
The last line will now say "Scanning" while in progress.

Upon completion of the scan, click >Save log< and save it to the Desktop.
Note: Please do NOT attempt to fix anything!!

Exit the program.

Please post the new aswMBR log in your reply.


Note that a file named MBR.dat is also created on the Desktop.

Keep the file on the Desktop, and do not remove.
This is important, just in case we need to access the MBR information!!

Please submit MBR.dat for analysis to VirusTotal

When you get to the website, use the Browse button to navigate to the location of MBR.dat
Click on the file, then, click the Open button.
The file is now displayed in the Submit Box.

Scroll down and click Send File, and wait for the results.

If you get a message saying: 'File has already been analyzed', click: 'Reanalyze file now'

Once scanned, and you see the full results page on your screen, go up to the address bar at the top of the browser, and copy the http:\\etc. address there.

Then, provide the http:\\ address to the results page in your reply.

Old duck...


#3 ajax1946

ajax1946
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 31 May 2012 - 08:50 PM

Thanks for your response.

Tdsskiller didn't require a reboot. Here is the log from that scan:

21:22:39.0019 1360 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:22:39.0444 1360 ============================================================
21:22:39.0444 1360 Current date / time: 2012/05/31 21:22:39.0444
21:22:39.0444 1360 SystemInfo:
21:22:39.0444 1360
21:22:39.0444 1360 OS Version: 6.1.7601 ServicePack: 1.0
21:22:39.0444 1360 Product type: Workstation
21:22:39.0444 1360 ComputerName: EDWARD-PC
21:22:39.0444 1360 UserName: Megg
21:22:39.0444 1360 Windows directory: C:\windows
21:22:39.0444 1360 System windows directory: C:\windows
21:22:39.0444 1360 Processor architecture: Intel x86
21:22:39.0444 1360 Number of processors: 1
21:22:39.0444 1360 Page size: 0x1000
21:22:39.0444 1360 Boot type: Safe boot with network
21:22:39.0444 1360 ============================================================
21:22:40.0716 1360 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:22:40.0718 1360 ============================================================
21:22:40.0718 1360 \Device\Harddisk0\DR0:
21:22:40.0718 1360 MBR partitions:
21:22:40.0718 1360 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BEAA800
21:22:40.0718 1360 ============================================================
21:22:40.0751 1360 C: <-> \Device\Harddisk0\DR0\Partition0
21:22:40.0751 1360 ============================================================
21:22:40.0751 1360 Initialize success
21:22:40.0751 1360 ============================================================
21:22:45.0155 1384 ============================================================
21:22:45.0155 1384 Scan started
21:22:45.0155 1384 Mode: Manual; TDLFS;
21:22:45.0155 1384 ============================================================
21:22:46.0446 1384 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
21:22:46.0449 1384 1394ohci - ok
21:22:46.0669 1384 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
21:22:46.0674 1384 ACPI - ok
21:22:46.0734 1384 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
21:22:46.0734 1384 AcpiPmi - ok
21:22:47.0198 1384 AdobeActiveFileMonitor10.0 (c245e08ec469a52a622efdc9787a0dcc) C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
21:22:47.0200 1384 AdobeActiveFileMonitor10.0 - ok
21:22:47.0498 1384 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:22:47.0500 1384 AdobeARMservice - ok
21:22:47.0763 1384 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:22:47.0763 1384 AdobeFlashPlayerUpdateSvc - ok
21:22:47.0894 1384 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
21:22:47.0899 1384 adp94xx - ok
21:22:48.0047 1384 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
21:22:48.0052 1384 adpahci - ok
21:22:48.0129 1384 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
21:22:48.0132 1384 adpu320 - ok
21:22:48.0232 1384 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
21:22:48.0234 1384 AeLookupSvc - ok
21:22:48.0349 1384 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
21:22:48.0354 1384 AFD - ok
21:22:48.0724 1384 AffinegyService (7e077309910ce334c3b2b7b8665a55c4) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
21:22:48.0787 1384 AffinegyService - ok
21:22:49.0279 1384 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys
21:22:49.0287 1384 AgereSoftModem - ok
21:22:49.0392 1384 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
21:22:49.0394 1384 agp440 - ok
21:22:49.0524 1384 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
21:22:49.0527 1384 aic78xx - ok
21:22:49.0599 1384 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
21:22:49.0602 1384 ALG - ok
21:22:49.0709 1384 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
21:22:49.0709 1384 aliide - ok
21:22:49.0932 1384 AMD External Events Utility (0bc6704f6fb4c63cdcb85401e8263a1b) C:\windows\system32\atiesrxx.exe
21:22:49.0932 1384 AMD External Events Utility - ok
21:22:49.0963 1384 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
21:22:49.0963 1384 amdagp - ok
21:22:50.0071 1384 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
21:22:50.0071 1384 amdide - ok
21:22:50.0181 1384 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
21:22:50.0181 1384 AmdK8 - ok
21:22:50.0339 1384 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
21:22:50.0339 1384 AmdPPM - ok
21:22:50.0449 1384 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
21:22:50.0456 1384 amdsata - ok
21:22:50.0569 1384 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
21:22:50.0571 1384 amdsbs - ok
21:22:50.0659 1384 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
21:22:50.0659 1384 amdxata - ok
21:22:50.0966 1384 Amsp (feb0b5022c012a4a68dabcb711faff03) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
21:22:50.0969 1384 Amsp - ok
21:22:51.0109 1384 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
21:22:51.0111 1384 AppID - ok
21:22:51.0164 1384 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
21:22:51.0164 1384 AppIDSvc - ok
21:22:51.0229 1384 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
21:22:51.0231 1384 Appinfo - ok
21:22:51.0521 1384 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:22:51.0581 1384 Apple Mobile Device - ok
21:22:51.0691 1384 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
21:22:51.0694 1384 arc - ok
21:22:51.0704 1384 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
21:22:51.0706 1384 arcsas - ok
21:22:51.0826 1384 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\windows\system32\drivers\aswFsBlk.sys
21:22:51.0826 1384 aswFsBlk - ok
21:22:51.0934 1384 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\windows\system32\drivers\aswMonFlt.sys
21:22:51.0936 1384 aswMonFlt - ok
21:22:52.0021 1384 aswRdr (225013c16fe096714d71649ad7a20e8b) C:\windows\System32\Drivers\aswrdr2.sys
21:22:52.0021 1384 aswRdr - ok
21:22:52.0190 1384 aswSnx (dcb199b967375753b5019ec15f008f53) C:\windows\system32\drivers\aswSnx.sys
21:22:52.0205 1384 aswSnx - ok
21:22:52.0320 1384 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\windows\system32\drivers\aswSP.sys
21:22:52.0325 1384 aswSP - ok
21:22:52.0465 1384 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\windows\system32\drivers\aswTdi.sys
21:22:52.0465 1384 aswTdi - ok
21:22:52.0560 1384 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
21:22:52.0560 1384 AsyncMac - ok
21:22:52.0590 1384 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
21:22:52.0593 1384 atapi - ok
21:22:52.0978 1384 atikmdag (c97be8350fbcb1960b22fad2e6c2b514) C:\windows\system32\DRIVERS\atikmdag.sys
21:22:53.0015 1384 atikmdag - ok
21:22:53.0690 1384 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\windows\system32\DRIVERS\AtiPcie.sys
21:22:53.0690 1384 AtiPcie - ok
21:22:53.0928 1384 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
21:22:53.0935 1384 AudioEndpointBuilder - ok
21:22:53.0948 1384 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
21:22:54.0013 1384 Audiosrv - ok
21:22:54.0345 1384 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:22:54.0345 1384 avast! Antivirus - ok
21:22:54.0465 1384 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
21:22:54.0465 1384 AxInstSV - ok
21:22:54.0695 1384 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
21:22:54.0700 1384 b06bdrv - ok
21:22:54.0830 1384 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
21:22:54.0890 1384 b57nd60x - ok
21:22:55.0135 1384 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
21:22:55.0135 1384 BDESVC - ok
21:22:55.0253 1384 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
21:22:55.0253 1384 Beep - ok
21:22:55.0439 1384 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
21:22:55.0446 1384 BITS - ok
21:22:55.0549 1384 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
21:22:55.0549 1384 blbdrive - ok
21:22:55.0929 1384 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:22:55.0934 1384 Bonjour Service - ok
21:22:56.0046 1384 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
21:22:56.0046 1384 bowser - ok
21:22:56.0119 1384 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
21:22:56.0121 1384 BrFiltLo - ok
21:22:56.0156 1384 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
21:22:56.0156 1384 BrFiltUp - ok
21:22:56.0319 1384 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
21:22:56.0321 1384 Browser - ok
21:22:56.0426 1384 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
21:22:56.0434 1384 Brserid - ok
21:22:56.0446 1384 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
21:22:56.0449 1384 BrSerWdm - ok
21:22:56.0461 1384 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
21:22:56.0461 1384 BrUsbMdm - ok
21:22:56.0534 1384 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
21:22:56.0534 1384 BrUsbSer - ok
21:22:56.0549 1384 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
21:22:56.0549 1384 BTHMODEM - ok
21:22:56.0671 1384 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
21:22:56.0671 1384 bthserv - ok
21:22:56.0851 1384 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
21:22:56.0854 1384 cdfs - ok
21:22:57.0021 1384 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
21:22:57.0021 1384 cdrom - ok
21:22:57.0241 1384 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
21:22:57.0244 1384 CertPropSvc - ok
21:22:57.0591 1384 cfWiMAXService (1f8a319d29394f9ce1b7ae020df2ebbf) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
21:22:57.0594 1384 cfWiMAXService - ok
21:22:57.0729 1384 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
21:22:57.0731 1384 circlass - ok
21:22:57.0854 1384 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
21:22:57.0856 1384 CLFS - ok
21:22:58.0141 1384 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:22:58.0144 1384 clr_optimization_v2.0.50727_32 - ok
21:22:58.0496 1384 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:22:58.0499 1384 clr_optimization_v4.0.30319_32 - ok
21:22:58.0594 1384 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
21:22:58.0594 1384 CmBatt - ok
21:22:58.0689 1384 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
21:22:58.0691 1384 cmdide - ok
21:22:58.0856 1384 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
21:22:58.0921 1384 CNG - ok
21:22:59.0036 1384 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
21:22:59.0039 1384 Compbatt - ok
21:22:59.0151 1384 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
21:22:59.0151 1384 CompositeBus - ok
21:22:59.0234 1384 COMSysApp - ok
21:22:59.0599 1384 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
21:22:59.0599 1384 ConfigFree Service - ok
21:22:59.0696 1384 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
21:22:59.0696 1384 crcdisk - ok
21:22:59.0876 1384 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll
21:22:59.0879 1384 CryptSvc - ok
21:23:00.0144 1384 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:23:00.0154 1384 cvhsvc - ok
21:23:00.0339 1384 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
21:23:00.0346 1384 DcomLaunch - ok
21:23:00.0509 1384 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
21:23:00.0509 1384 defragsvc - ok
21:23:00.0813 1384 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
21:23:00.0813 1384 DfsC - ok
21:23:00.0933 1384 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
21:23:00.0935 1384 Dhcp - ok
21:23:01.0078 1384 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
21:23:01.0078 1384 discache - ok
21:23:01.0148 1384 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
21:23:01.0150 1384 Disk - ok
21:23:01.0263 1384 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
21:23:01.0265 1384 Dnscache - ok
21:23:01.0480 1384 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
21:23:01.0485 1384 dot3svc - ok
21:23:01.0525 1384 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
21:23:01.0528 1384 DPS - ok
21:23:01.0625 1384 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
21:23:01.0628 1384 drmkaud - ok
21:23:01.0805 1384 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
21:23:01.0813 1384 DXGKrnl - ok
21:23:02.0040 1384 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
21:23:02.0043 1384 EapHost - ok
21:23:02.0323 1384 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
21:23:02.0363 1384 ebdrv - ok
21:23:02.0945 1384 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
21:23:02.0945 1384 EFS - ok
21:23:03.0235 1384 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
21:23:03.0303 1384 ehRecvr - ok
21:23:03.0393 1384 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
21:23:03.0395 1384 ehSched - ok
21:23:03.0751 1384 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
21:23:03.0761 1384 elxstor - ok
21:23:03.0863 1384 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
21:23:03.0866 1384 ErrDev - ok
21:23:03.0976 1384 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
21:23:03.0978 1384 EventSystem - ok
21:23:04.0068 1384 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
21:23:04.0071 1384 exfat - ok
21:23:04.0088 1384 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
21:23:04.0091 1384 fastfat - ok
21:23:04.0216 1384 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
21:23:04.0281 1384 Fax - ok
21:23:04.0421 1384 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
21:23:04.0423 1384 fdc - ok
21:23:04.0528 1384 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
21:23:04.0531 1384 fdPHost - ok
21:23:04.0543 1384 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
21:23:04.0546 1384 FDResPub - ok
21:23:04.0623 1384 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
21:23:04.0626 1384 FileInfo - ok
21:23:04.0716 1384 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
21:23:04.0718 1384 Filetrace - ok
21:23:04.0788 1384 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
21:23:04.0791 1384 flpydisk - ok
21:23:04.0943 1384 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
21:23:04.0946 1384 FltMgr - ok
21:23:05.0121 1384 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
21:23:05.0196 1384 FontCache - ok
21:23:05.0453 1384 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:23:05.0453 1384 FontCache3.0.0.0 - ok
21:23:05.0551 1384 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
21:23:05.0553 1384 FsDepends - ok
21:23:05.0671 1384 fssfltr (b0082808a6856a252f7cdd939892ce50) C:\windows\system32\DRIVERS\fssfltr.sys
21:23:05.0673 1384 fssfltr - ok
21:23:06.0069 1384 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:23:06.0084 1384 fsssvc - ok
21:23:06.0742 1384 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
21:23:06.0742 1384 Fs_Rec - ok
21:23:06.0851 1384 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
21:23:06.0851 1384 fvevol - ok
21:23:06.0961 1384 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
21:23:06.0976 1384 gagp30kx - ok
21:23:07.0257 1384 GameConsoleService (1fda0df739234c4023851a282dd28704) C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
21:23:07.0273 1384 GameConsoleService - ok
21:23:07.0366 1384 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
21:23:07.0366 1384 GEARAspiWDM - ok
21:23:07.0569 1384 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
21:23:07.0569 1384 gpsvc - ok
21:23:07.0803 1384 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
21:23:07.0865 1384 hcw85cir - ok
21:23:08.0037 1384 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
21:23:08.0037 1384 HdAudAddService - ok
21:23:08.0149 1384 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
21:23:08.0149 1384 HDAudBus - ok
21:23:08.0187 1384 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
21:23:08.0187 1384 HidBatt - ok
21:23:08.0265 1384 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
21:23:08.0265 1384 HidBth - ok
21:23:08.0343 1384 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
21:23:08.0358 1384 HidIr - ok
21:23:08.0390 1384 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
21:23:08.0390 1384 hidserv - ok
21:23:08.0499 1384 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
21:23:08.0499 1384 HidUsb - ok
21:23:08.0592 1384 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
21:23:08.0597 1384 hkmsvc - ok
21:23:08.0682 1384 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
21:23:08.0687 1384 HomeGroupListener - ok
21:23:08.0790 1384 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
21:23:08.0790 1384 HomeGroupProvider - ok
21:23:08.0946 1384 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
21:23:08.0962 1384 HpSAMD - ok
21:23:09.0008 1384 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
21:23:09.0071 1384 HTTP - ok
21:23:09.0149 1384 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
21:23:09.0149 1384 hwpolicy - ok
21:23:09.0276 1384 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
21:23:09.0276 1384 i8042prt - ok
21:23:09.0379 1384 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
21:23:09.0384 1384 iaStorV - ok
21:23:09.0732 1384 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:23:09.0747 1384 idsvc - ok
21:23:09.0919 1384 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
21:23:09.0919 1384 iirsp - ok
21:23:10.0044 1384 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
21:23:10.0059 1384 IKEEXT - ok
21:23:10.0309 1384 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
21:23:10.0371 1384 IntcAzAudAddService - ok
21:23:10.0917 1384 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
21:23:10.0917 1384 intelide - ok
21:23:11.0089 1384 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
21:23:11.0089 1384 intelppm - ok
21:23:11.0276 1384 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
21:23:11.0276 1384 IPBusEnum - ok
21:23:11.0354 1384 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:23:11.0354 1384 IpFilterDriver - ok
21:23:11.0401 1384 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
21:23:11.0401 1384 IPMIDRV - ok
21:23:11.0510 1384 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
21:23:11.0573 1384 IPNAT - ok
21:23:11.0887 1384 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
21:23:11.0897 1384 iPod Service - ok
21:23:11.0945 1384 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
21:23:11.0945 1384 IRENUM - ok
21:23:12.0098 1384 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
21:23:12.0098 1384 isapnp - ok
21:23:12.0129 1384 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
21:23:12.0144 1384 iScsiPrt - ok
21:23:12.0238 1384 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
21:23:12.0238 1384 kbdclass - ok
21:23:12.0347 1384 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
21:23:12.0347 1384 kbdhid - ok
21:23:12.0482 1384 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:23:12.0482 1384 KeyIso - ok
21:23:12.0529 1384 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
21:23:12.0529 1384 KSecDD - ok
21:23:12.0622 1384 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
21:23:12.0622 1384 KSecPkg - ok
21:23:12.0716 1384 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
21:23:12.0716 1384 KtmRm - ok
21:23:12.0841 1384 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll
21:23:12.0841 1384 LanmanServer - ok
21:23:12.0934 1384 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
21:23:12.0934 1384 LanmanWorkstation - ok
21:23:13.0059 1384 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
21:23:13.0059 1384 lltdio - ok
21:23:13.0153 1384 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
21:23:13.0153 1384 lltdsvc - ok
21:23:13.0168 1384 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
21:23:13.0168 1384 lmhosts - ok
21:23:13.0293 1384 LPCFilter (6e3d3816749e107883eec5734ce44493) C:\windows\system32\DRIVERS\LPCFilter.sys
21:23:13.0293 1384 LPCFilter - ok
21:23:13.0465 1384 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
21:23:13.0480 1384 LSI_FC - ok
21:23:13.0496 1384 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
21:23:13.0496 1384 LSI_SAS - ok
21:23:13.0574 1384 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
21:23:13.0574 1384 LSI_SAS2 - ok
21:23:13.0590 1384 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
21:23:13.0605 1384 LSI_SCSI - ok
21:23:13.0621 1384 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
21:23:13.0621 1384 luafv - ok
21:23:13.0714 1384 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
21:23:13.0714 1384 Mcx2Svc - ok
21:23:13.0808 1384 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
21:23:13.0808 1384 megasas - ok
21:23:13.0839 1384 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
21:23:13.0902 1384 MegaSR - ok
21:23:14.0307 1384 Microsoft SharePoint Workspace Audit Service - ok
21:23:14.0401 1384 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
21:23:14.0416 1384 MMCSS - ok
21:23:14.0445 1384 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
21:23:14.0447 1384 Modem - ok
21:23:14.0537 1384 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
21:23:14.0537 1384 monitor - ok
21:23:14.0640 1384 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
21:23:14.0642 1384 mouclass - ok
21:23:14.0737 1384 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
21:23:14.0740 1384 mouhid - ok
21:23:14.0832 1384 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
21:23:14.0835 1384 mountmgr - ok
21:23:14.0960 1384 MozillaMaintenance (8b4518efde714cd9fe61abb0ddd758b7) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:23:14.0976 1384 MozillaMaintenance - ok
21:23:15.0163 1384 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\windows\system32\DRIVERS\MpFilter.sys
21:23:15.0163 1384 MpFilter - ok
21:23:15.0194 1384 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
21:23:15.0194 1384 mpio - ok
21:23:15.0464 1384 MpKsl6485e94a - ok
21:23:15.0636 1384 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
21:23:15.0636 1384 mpsdrv - ok
21:23:15.0683 1384 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
21:23:15.0745 1384 MRxDAV - ok
21:23:15.0792 1384 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
21:23:15.0792 1384 mrxsmb - ok
21:23:15.0901 1384 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:23:15.0901 1384 mrxsmb10 - ok
21:23:15.0979 1384 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:23:15.0995 1384 mrxsmb20 - ok
21:23:16.0010 1384 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
21:23:16.0010 1384 msahci - ok
21:23:16.0120 1384 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
21:23:16.0120 1384 msdsm - ok
21:23:16.0229 1384 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
21:23:16.0229 1384 MSDTC - ok
21:23:16.0424 1384 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
21:23:16.0427 1384 Msfs - ok
21:23:16.0437 1384 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
21:23:16.0439 1384 mshidkmdf - ok
21:23:16.0572 1384 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
21:23:16.0572 1384 msisadrv - ok
21:23:16.0697 1384 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
21:23:16.0697 1384 MSiSCSI - ok
21:23:16.0712 1384 msiserver - ok
21:23:16.0821 1384 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
21:23:16.0821 1384 MSKSSRV - ok
21:23:17.0133 1384 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:23:17.0133 1384 MsMpSvc - ok
21:23:17.0243 1384 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
21:23:17.0243 1384 MSPCLOCK - ok
21:23:17.0274 1384 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
21:23:17.0274 1384 MSPQM - ok
21:23:17.0352 1384 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
21:23:17.0352 1384 MsRPC - ok
21:23:17.0461 1384 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
21:23:17.0461 1384 mssmbios - ok
21:23:17.0580 1384 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
21:23:17.0580 1384 MSTEE - ok
21:23:17.0592 1384 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
21:23:17.0595 1384 MTConfig - ok
21:23:17.0665 1384 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
21:23:17.0725 1384 Mup - ok
21:23:17.0835 1384 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
21:23:17.0840 1384 napagent - ok
21:23:17.0970 1384 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
21:23:17.0972 1384 NativeWifiP - ok
21:23:18.0080 1384 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
21:23:18.0096 1384 NDIS - ok
21:23:18.0205 1384 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
21:23:18.0205 1384 NdisCap - ok
21:23:18.0283 1384 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
21:23:18.0283 1384 NdisTapi - ok
21:23:18.0377 1384 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
21:23:18.0377 1384 Ndisuio - ok
21:23:18.0532 1384 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
21:23:18.0535 1384 NdisWan - ok
21:23:18.0565 1384 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
21:23:18.0565 1384 NDProxy - ok
21:23:18.0752 1384 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
21:23:18.0752 1384 NetBIOS - ok
21:23:18.0799 1384 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
21:23:18.0861 1384 NetBT - ok
21:23:18.0892 1384 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:23:18.0892 1384 Netlogon - ok
21:23:19.0001 1384 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
21:23:19.0001 1384 Netman - ok
21:23:19.0017 1384 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
21:23:19.0079 1384 netprofm - ok
21:23:19.0267 1384 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:23:19.0267 1384 NetTcpPortSharing - ok
21:23:19.0376 1384 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
21:23:19.0376 1384 nfrd960 - ok
21:23:19.0563 1384 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\windows\system32\DRIVERS\NisDrvWFP.sys
21:23:19.0563 1384 NisDrv - ok
21:23:19.0911 1384 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
21:23:19.0911 1384 NisSrv - ok
21:23:20.0020 1384 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
21:23:20.0020 1384 NlaSvc - ok
21:23:20.0098 1384 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
21:23:20.0098 1384 Npfs - ok
21:23:20.0145 1384 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
21:23:20.0145 1384 nsi - ok
21:23:20.0223 1384 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
21:23:20.0223 1384 nsiproxy - ok
21:23:20.0364 1384 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
21:23:20.0379 1384 Ntfs - ok
21:23:20.0410 1384 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
21:23:20.0410 1384 Null - ok
21:23:20.0520 1384 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
21:23:20.0520 1384 nvraid - ok
21:23:20.0616 1384 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
21:23:20.0618 1384 nvstor - ok
21:23:20.0711 1384 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
21:23:20.0713 1384 nv_agp - ok
21:23:20.0803 1384 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
21:23:20.0806 1384 ohci1394 - ok
21:23:21.0072 1384 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:23:21.0072 1384 ose - ok
21:23:21.0494 1384 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:23:21.0667 1384 osppsvc - ok
21:23:22.0115 1384 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
21:23:22.0120 1384 p2pimsvc - ok
21:23:22.0145 1384 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
21:23:22.0210 1384 p2psvc - ok
21:23:22.0472 1384 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
21:23:22.0475 1384 Parport - ok
21:23:22.0572 1384 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
21:23:22.0575 1384 partmgr - ok
21:23:22.0675 1384 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
21:23:22.0675 1384 Parvdm - ok
21:23:22.0770 1384 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
21:23:22.0772 1384 PcaSvc - ok
21:23:22.0883 1384 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
21:23:22.0883 1384 pci - ok
21:23:22.0899 1384 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
21:23:22.0899 1384 pciide - ok
21:23:23.0008 1384 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
21:23:23.0008 1384 pcmcia - ok
21:23:23.0024 1384 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
21:23:23.0024 1384 pcw - ok
21:23:23.0117 1384 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
21:23:23.0117 1384 PEAUTH - ok
21:23:23.0351 1384 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
21:23:23.0382 1384 pla - ok
21:23:23.0900 1384 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
21:23:23.0900 1384 PlugPlay - ok
21:23:23.0994 1384 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
21:23:23.0994 1384 PNRPAutoReg - ok
21:23:24.0072 1384 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
21:23:24.0088 1384 PNRPsvc - ok
21:23:24.0197 1384 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
21:23:24.0197 1384 PolicyAgent - ok
21:23:24.0306 1384 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
21:23:24.0306 1384 Power - ok
21:23:24.0533 1384 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
21:23:24.0533 1384 PptpMiniport - ok
21:23:24.0555 1384 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
21:23:24.0558 1384 Processor - ok
21:23:24.0673 1384 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll
21:23:24.0675 1384 ProfSvc - ok
21:23:24.0758 1384 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:23:24.0760 1384 ProtectedStorage - ok
21:23:24.0865 1384 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
21:23:24.0865 1384 Psched - ok
21:23:24.0990 1384 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\windows\system32\Drivers\PxHelp20.sys
21:23:24.0990 1384 PxHelp20 - ok
21:23:25.0115 1384 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
21:23:25.0193 1384 ql2300 - ok
21:23:25.0803 1384 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
21:23:25.0806 1384 ql40xx - ok
21:23:25.0891 1384 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
21:23:25.0906 1384 QWAVE - ok
21:23:25.0969 1384 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
21:23:25.0984 1384 QWAVEdrv - ok
21:23:25.0984 1384 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
21:23:25.0984 1384 RasAcd - ok
21:23:26.0109 1384 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
21:23:26.0109 1384 RasAgileVpn - ok
21:23:26.0187 1384 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
21:23:26.0203 1384 RasAuto - ok
21:23:26.0312 1384 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
21:23:26.0312 1384 Rasl2tp - ok
21:23:26.0437 1384 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
21:23:26.0437 1384 RasMan - ok
21:23:26.0546 1384 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
21:23:26.0546 1384 RasPppoe - ok
21:23:26.0640 1384 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
21:23:26.0640 1384 RasSstp - ok
21:23:26.0749 1384 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
21:23:26.0749 1384 rdbss - ok
21:23:26.0780 1384 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
21:23:26.0780 1384 rdpbus - ok
21:23:26.0888 1384 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
21:23:26.0888 1384 RDPCDD - ok
21:23:27.0012 1384 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
21:23:27.0012 1384 RDPENCDD - ok
21:23:27.0090 1384 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
21:23:27.0090 1384 RDPREFMP - ok
21:23:27.0199 1384 RDPWD (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys
21:23:27.0199 1384 RDPWD - ok
21:23:27.0324 1384 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
21:23:27.0324 1384 rdyboost - ok
21:23:27.0433 1384 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
21:23:27.0433 1384 RemoteAccess - ok
21:23:27.0449 1384 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
21:23:27.0511 1384 RemoteRegistry - ok
21:23:27.0655 1384 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
21:23:27.0657 1384 RpcEptMapper - ok
21:23:27.0757 1384 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
21:23:27.0760 1384 RpcLocator - ok
21:23:27.0862 1384 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
21:23:27.0870 1384 RpcSs - ok
21:23:27.0985 1384 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
21:23:27.0985 1384 rspndr - ok
21:23:28.0088 1384 RSUSBSTOR (ef8b2afc3c0751c5e5a59983c8893260) C:\windows\system32\Drivers\RtsUStor.sys
21:23:28.0088 1384 RSUSBSTOR - ok
21:23:28.0276 1384 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\windows\system32\DRIVERS\Rt86win7.sys
21:23:28.0276 1384 RTL8167 - ok
21:23:28.0400 1384 RTL8187Se (e48daf453d773a89a44134ce4ba9af44) C:\windows\system32\DRIVERS\RTL8187Se.sys
21:23:28.0400 1384 RTL8187Se - ok
21:23:28.0494 1384 RtsUIR - ok
21:23:28.0525 1384 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:23:28.0525 1384 SamSs - ok
21:23:28.0696 1384 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
21:23:28.0699 1384 sbp2port - ok
21:23:28.0801 1384 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
21:23:28.0806 1384 SCardSvr - ok
21:23:28.0909 1384 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
21:23:28.0911 1384 scfilter - ok
21:23:29.0021 1384 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
21:23:29.0089 1384 Schedule - ok
21:23:29.0124 1384 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
21:23:29.0124 1384 SCPolicySvc - ok
21:23:29.0218 1384 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
21:23:29.0234 1384 SDRSVC - ok
21:23:29.0327 1384 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
21:23:29.0327 1384 secdrv - ok
21:23:29.0436 1384 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
21:23:29.0436 1384 seclogon - ok
21:23:29.0546 1384 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
21:23:29.0546 1384 SENS - ok
21:23:29.0639 1384 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
21:23:29.0639 1384 SensrSvc - ok
21:23:29.0733 1384 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
21:23:29.0733 1384 Serenum - ok
21:23:29.0813 1384 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
21:23:29.0813 1384 Serial - ok
21:23:29.0920 1384 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
21:23:29.0923 1384 sermouse - ok
21:23:30.0035 1384 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
21:23:30.0040 1384 SessionEnv - ok
21:23:30.0120 1384 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
21:23:30.0120 1384 sffdisk - ok
21:23:30.0143 1384 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
21:23:30.0145 1384 sffp_mmc - ok
21:23:30.0161 1384 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
21:23:30.0161 1384 sffp_sd - ok
21:23:30.0270 1384 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
21:23:30.0270 1384 sfloppy - ok
21:23:30.0442 1384 Sftfs (d9b734638dd8dba9d59aad3189cd0fad) C:\windows\system32\DRIVERS\Sftfslh.sys
21:23:30.0457 1384 Sftfs - ok
21:23:30.0830 1384 sftlist (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
21:23:30.0837 1384 sftlist - ok
21:23:30.0957 1384 Sftplay (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\windows\system32\DRIVERS\Sftplaylh.sys
21:23:30.0960 1384 Sftplay - ok
21:23:31.0032 1384 Sftredir (518bac0179f94304f422696b47c0ec12) C:\windows\system32\DRIVERS\Sftredirlh.sys
21:23:31.0032 1384 Sftredir - ok
21:23:31.0060 1384 Sftvol (747325236d88b3f05ffd27ff9ec711c5) C:\windows\system32\DRIVERS\Sftvollh.sys
21:23:31.0060 1384 Sftvol - ok
21:23:31.0165 1384 sftvsa (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
21:23:31.0165 1384 sftvsa - ok
21:23:31.0274 1384 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
21:23:31.0274 1384 ShellHWDetection - ok
21:23:31.0368 1384 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
21:23:31.0368 1384 sisagp - ok
21:23:31.0493 1384 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
21:23:31.0493 1384 SiSRaid2 - ok
21:23:31.0508 1384 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
21:23:31.0508 1384 SiSRaid4 - ok
21:23:31.0586 1384 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
21:23:31.0586 1384 Smb - ok
21:23:31.0789 1384 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
21:23:31.0791 1384 SNMPTRAP - ok
21:23:31.0999 1384 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
21:23:32.0001 1384 Sony SCSI Helper Service - ok
21:23:32.0084 1384 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
21:23:32.0086 1384 spldr - ok
21:23:32.0186 1384 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
21:23:32.0186 1384 Spooler - ok
21:23:32.0373 1384 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
21:23:32.0451 1384 sppsvc - ok
21:23:33.0017 1384 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
21:23:33.0019 1384 sppuinotify - ok
21:23:33.0207 1384 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
21:23:33.0270 1384 srv - ok
21:23:33.0301 1384 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
21:23:33.0316 1384 srv2 - ok
21:23:33.0457 1384 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
21:23:33.0457 1384 srvnet - ok
21:23:33.0550 1384 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\windows\system32\DRIVERS\sscdbus.sys
21:23:33.0566 1384 sscdbus - ok
21:23:33.0675 1384 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\windows\system32\DRIVERS\sscdmdfl.sys
21:23:33.0677 1384 sscdmdfl - ok
21:23:33.0773 1384 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\windows\system32\DRIVERS\sscdmdm.sys
21:23:33.0773 1384 sscdmdm - ok
21:23:33.0898 1384 sscdserd (d04bd59f28c78e2e66632092cafc0a2b) C:\windows\system32\DRIVERS\sscdserd.sys
21:23:33.0898 1384 sscdserd - ok
21:23:34.0007 1384 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
21:23:34.0007 1384 SSDPSRV - ok
21:23:34.0022 1384 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
21:23:34.0022 1384 SstpSvc - ok
21:23:34.0116 1384 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
21:23:34.0119 1384 stexstor - ok
21:23:34.0243 1384 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
21:23:34.0243 1384 StiSvc - ok
21:23:34.0633 1384 SupportSoft RemoteAssist (42fef84684d217870f3c8813b6f58276) C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
21:23:34.0648 1384 SupportSoft RemoteAssist - ok
21:23:34.0726 1384 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
21:23:34.0726 1384 swenum - ok
21:23:35.0065 1384 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:23:35.0073 1384 SwitchBoard - ok
21:23:35.0178 1384 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
21:23:35.0185 1384 swprv - ok
21:23:35.0351 1384 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
21:23:35.0414 1384 SynTP - ok
21:23:35.0570 1384 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
21:23:35.0585 1384 SysMain - ok
21:23:35.0616 1384 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
21:23:35.0616 1384 TabletInputService - ok
21:23:35.0710 1384 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
21:23:35.0710 1384 TapiSrv - ok
21:23:35.0804 1384 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
21:23:35.0804 1384 TBS - ok
21:23:36.0190 1384 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
21:23:36.0205 1384 Tcpip - ok
21:23:36.0297 1384 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
21:23:36.0305 1384 TCPIP6 - ok
21:23:36.0415 1384 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
21:23:36.0417 1384 tcpipreg - ok
21:23:36.0545 1384 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
21:23:36.0547 1384 tdcmdpst - ok
21:23:36.0715 1384 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
21:23:36.0717 1384 TDPIPE - ok
21:23:36.0822 1384 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
21:23:36.0825 1384 TDTCP - ok
21:23:36.0932 1384 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
21:23:36.0932 1384 tdx - ok
21:23:36.0975 1384 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
21:23:36.0975 1384 TermDD - ok
21:23:37.0147 1384 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
21:23:37.0155 1384 TermService - ok
21:23:37.0207 1384 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
21:23:37.0210 1384 Themes - ok
21:23:37.0310 1384 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
21:23:37.0312 1384 THREADORDER - ok
21:23:37.0628 1384 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
21:23:37.0628 1384 TMachInfo - ok
21:23:37.0753 1384 tmactmon (e8e528896ff2595cfada88749cd72ef8) C:\windows\system32\DRIVERS\tmactmon.sys
21:23:37.0753 1384 tmactmon - ok
21:23:37.0877 1384 tmcomm (1837512d4aab862bd297a2ef035fba14) C:\windows\system32\DRIVERS\tmcomm.sys
21:23:37.0942 1384 tmcomm - ok
21:23:38.0115 1384 tmeevw (f49ca5c26378f4d5603f2a2fc86e09a1) C:\windows\system32\DRIVERS\tmeevw.sys
21:23:38.0117 1384 tmeevw - ok
21:23:38.0170 1384 tmevtmgr (dbac510d1c7cc66b7a78eb2264f3072e) C:\windows\system32\DRIVERS\tmevtmgr.sys
21:23:38.0170 1384 tmevtmgr - ok
21:23:38.0272 1384 tmnciesc (2e078184034a179c47787f87f238d5ba) C:\windows\system32\DRIVERS\tmnciesc.sys
21:23:38.0277 1384 tmnciesc - ok
21:23:38.0475 1384 tmtdi (a6e20b094a8d3e3f46d10bbe7e1ebb82) C:\windows\system32\DRIVERS\tmtdi.sys
21:23:38.0477 1384 tmtdi - ok
21:23:38.0652 1384 TODDSrv (fe65d33b7d4ff07dd1d29526a48df810) C:\Windows\system32\TODDSrv.exe
21:23:38.0657 1384 TODDSrv - ok
21:23:38.0797 1384 TosCoSrv (451b09ba1a0d019ba0b5a27229559d55) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
21:23:38.0862 1384 TosCoSrv - ok
21:23:39.0027 1384 TOSHIBA HDD SSD Alert Service (67c1da40d78c92622081a3e780c926b2) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
21:23:39.0027 1384 TOSHIBA HDD SSD Alert Service - ok
21:23:39.0162 1384 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
21:23:39.0167 1384 TrkWks - ok
21:23:39.0355 1384 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
21:23:39.0357 1384 TrustedInstaller - ok
21:23:39.0380 1384 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
21:23:39.0380 1384 tssecsrv - ok
21:23:39.0565 1384 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
21:23:39.0567 1384 TsUsbFlt - ok
21:23:39.0675 1384 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
21:23:39.0677 1384 tunnel - ok
21:23:39.0802 1384 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
21:23:39.0802 1384 TVALZ - ok
21:23:39.0900 1384 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
21:23:39.0900 1384 uagp35 - ok
21:23:40.0015 1384 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
21:23:40.0020 1384 udfs - ok
21:23:40.0130 1384 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
21:23:40.0135 1384 UI0Detect - ok
21:23:40.0222 1384 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
21:23:40.0222 1384 uliagpkx - ok
21:23:40.0392 1384 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
21:23:40.0395 1384 umbus - ok
21:23:40.0439 1384 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
21:23:40.0439 1384 UmPass - ok
21:23:40.0532 1384 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
21:23:40.0532 1384 upnphost - ok
21:23:40.0641 1384 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
21:23:40.0641 1384 usbccgp - ok
21:23:40.0657 1384 USBCCID - ok
21:23:40.0735 1384 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
21:23:40.0751 1384 usbcir - ok
21:23:40.0766 1384 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
21:23:40.0766 1384 usbehci - ok
21:23:41.0000 1384 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
21:23:41.0005 1384 usbhub - ok
21:23:41.0033 1384 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\DRIVERS\usbohci.sys
21:23:41.0035 1384 usbohci - ok
21:23:41.0128 1384 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
21:23:41.0130 1384 usbprint - ok
21:23:41.0210 1384 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:23:41.0210 1384 USBSTOR - ok
21:23:41.0240 1384 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
21:23:41.0240 1384 usbuhci - ok
21:23:41.0350 1384 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\windows\system32\DRIVERS\usb8023x.sys
21:23:41.0350 1384 usb_rndisx - ok
21:23:41.0438 1384 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
21:23:41.0438 1384 UxSms - ok
21:23:41.0531 1384 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:23:41.0531 1384 VaultSvc - ok
21:23:41.0656 1384 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
21:23:41.0656 1384 vdrvroot - ok
21:23:41.0765 1384 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
21:23:41.0781 1384 vds - ok
21:23:41.0875 1384 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
21:23:41.0937 1384 vga - ok
21:23:41.0953 1384 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
21:23:42.0026 1384 VgaSave - ok
21:23:42.0138 1384 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
21:23:42.0141 1384 vhdmp - ok
21:23:42.0176 1384 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
21:23:42.0178 1384 viaagp - ok
21:23:42.0283 1384 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
21:23:42.0286 1384 ViaC7 - ok
21:23:42.0388 1384 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
21:23:42.0391 1384 viaide - ok
21:23:42.0476 1384 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
21:23:42.0476 1384 volmgr - ok
21:23:42.0588 1384 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
21:23:42.0593 1384 volmgrx - ok
21:23:42.0701 1384 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
21:23:42.0703 1384 volsnap - ok
21:23:42.0888 1384 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
21:23:42.0893 1384 vsmraid - ok
21:23:43.0018 1384 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
21:23:43.0033 1384 VSS - ok
21:23:43.0113 1384 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
21:23:43.0113 1384 vwifibus - ok
21:23:43.0151 1384 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
21:23:43.0151 1384 vwififlt - ok
21:23:43.0241 1384 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
21:23:43.0257 1384 W32Time - ok
21:23:43.0350 1384 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
21:23:43.0350 1384 WacomPen - ok
21:23:43.0460 1384 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
21:23:43.0460 1384 WANARP - ok
21:23:43.0475 1384 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
21:23:43.0475 1384 Wanarpv6 - ok
21:23:43.0756 1384 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
21:23:43.0772 1384 WatAdminSvc - ok
21:23:43.0974 1384 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
21:23:43.0990 1384 wbengine - ok
21:23:44.0099 1384 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
21:23:44.0099 1384 WbioSrvc - ok
21:23:44.0250 1384 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
21:23:44.0250 1384 wcncsvc - ok
21:23:44.0343 1384 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
21:23:44.0343 1384 WcsPlugInService - ok
21:23:44.0609 1384 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
21:23:44.0609 1384 Wd - ok
21:23:44.0687 1384 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
21:23:44.0702 1384 Wdf01000 - ok
21:23:44.0796 1384 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
21:23:44.0796 1384 WdiServiceHost - ok
21:23:44.0811 1384 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
21:23:44.0811 1384 WdiSystemHost - ok
21:23:44.0905 1384 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
21:23:44.0921 1384 WebClient - ok
21:23:44.0999 1384 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
21:23:45.0014 1384 Wecsvc - ok
21:23:45.0030 1384 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
21:23:45.0030 1384 wercplsupport - ok
21:23:45.0152 1384 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
21:23:45.0154 1384 WerSvc - ok
21:23:45.0294 1384 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
21:23:45.0294 1384 WfpLwf - ok
21:23:45.0325 1384 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
21:23:45.0325 1384 WIMMount - ok
21:23:45.0403 1384 WinHttpAutoProxySvc - ok
21:23:45.0575 1384 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
21:23:45.0591 1384 Winmgmt - ok
21:23:45.0778 1384 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
21:23:45.0793 1384 WinRM - ok
21:23:46.0043 1384 WinUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\drivers\WinUsb.sys
21:23:46.0043 1384 WinUSB - ok
21:23:46.0168 1384 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
21:23:46.0230 1384 Wlansvc - ok
21:23:46.0610 1384 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:23:46.0610 1384 wlcrasvc - ok
21:23:46.0937 1384 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:23:47.0015 1384 wlidsvc - ok
21:23:47.0660 1384 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
21:23:47.0660 1384 WmiAcpi - ok
21:23:47.0909 1384 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
21:23:47.0911 1384 wmiApSrv - ok
21:23:48.0251 1384 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:23:48.0324 1384 WMPNetworkSvc - ok
21:23:48.0569 1384 WMZuneComm (cac923906c526433e789d76f4f596601) c:\Program Files\Zune\WMZuneComm.exe
21:23:48.0571 1384 WMZuneComm - ok
21:23:49.0039 1384 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
21:23:49.0039 1384 WPCSvc - ok
21:23:49.0132 1384 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
21:23:49.0148 1384 WPDBusEnum - ok
21:23:49.0398 1384 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
21:23:49.0398 1384 ws2ifsl - ok
21:23:49.0516 1384 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll
21:23:49.0516 1384 wscsvc - ok
21:23:49.0532 1384 WSearch - ok
21:23:49.0735 1384 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
21:23:49.0766 1384 wuauserv - ok
21:23:50.0313 1384 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
21:23:50.0313 1384 WudfPf - ok
21:23:50.0482 1384 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
21:23:50.0485 1384 WUDFRd - ok
21:23:50.0595 1384 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
21:23:50.0595 1384 wudfsvc - ok
21:23:50.0705 1384 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
21:23:50.0705 1384 WwanSvc - ok
21:23:51.0391 1384 ZuneNetworkSvc (7288e904b5514d601ba004954e4393bb) c:\Program Files\Zune\ZuneNss.exe
21:23:51.0563 1384 ZuneNetworkSvc - ok
21:23:52.0102 1384 ZuneWlanCfgSvc (945eba97cb6c85f5baea4dd2e8410c81) c:\windows\system32\ZuneWlanCfgSvc.exe
21:23:52.0112 1384 ZuneWlanCfgSvc - ok
21:23:52.0282 1384 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
21:23:52.0588 1384 \Device\Harddisk0\DR0 - ok
21:23:52.0666 1384 Boot (0x1200) (d3d7be52a601234197775f17478fffea) \Device\Harddisk0\DR0\Partition0
21:23:52.0666 1384 \Device\Harddisk0\DR0\Partition0 - ok
21:23:52.0681 1384 ============================================================
21:23:52.0681 1384 Scan finished
21:23:52.0681 1384 ============================================================
21:23:52.0697 1268 Detected object count: 0
21:23:52.0697 1268 Actual detected object count: 0
21:23:56.0633 0612 Deinitialize success


The aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-31 21:25:39
-----------------------------
21:25:39.060 OS Version: Windows 6.1.7601 Service Pack 1
21:25:39.060 Number of processors: 1 586 0x301
21:25:39.063 ComputerName: EDWARD-PC UserName: Megg
21:25:39.563 Initialize success
21:25:39.766 AVAST engine defs: 12052401
21:26:11.829 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
21:26:11.834 Disk 0 Vendor: TOSHIBA_MK2555GSXN GC002M Size: 238475MB BusType: 11
21:26:11.864 Disk 0 MBR read successfully
21:26:11.867 Disk 0 MBR scan
21:26:12.628 Disk 0 Windows VISTA default MBR code
21:26:12.659 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
21:26:13.341 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 228693 MB offset 3074048
21:26:13.481 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8281 MB offset 471437312
21:26:13.590 Disk 0 scanning sectors +488396800
21:26:14.170 Disk 0 scanning C:\windows\system32\drivers
21:26:40.120 Service scanning
21:27:54.962 Modules scanning
21:28:19.803 Disk 0 trace - called modules:
21:28:19.823 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
21:28:19.823 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c4f828]
21:28:19.823 3 CLASSPNP.SYS[8798259e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x84c3f908]
21:28:20.633 AVAST engine scan C:\windows
21:28:23.421 AVAST engine scan C:\windows\system32
21:31:53.647 AVAST engine scan C:\windows\system32\drivers
21:32:28.190 AVAST engine scan C:\Users\Megg
21:44:13.515 Disk 0 MBR has been saved successfully to "C:\Users\Megg\Desktop\MBR.dat"
21:44:13.531 The log file has been saved successfully to "C:\Users\Megg\Desktop\aswMBR.txt"


The link to the virustotal scan:

https://www.virustotal.com/file/eff9691766d97cf304fdc370d3a97a12aaa42379fe5c9b3fdaf600070fcf77f2/analysis/1338515371/

#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:46 AM

Posted 31 May 2012 - 10:22 PM

Hmmm, so far, no malware showing...

Please download Farbar Service Scanner
Save to the Desktop
Double-click the program, and run on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press: Scan
  • The program creates a log, FSS.txt, in the same directory where the tool is run (Desktop).
Please provide the information on the FSS.txt in your reply.

Old duck...


#5 ajax1946

ajax1946
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 01 June 2012 - 12:21 PM

Farbar Service Scanner Version: 27-05-2012
Ran by Megg (administrator) on 01-06-2012 at 13:20:41
Running from "C:\Users\Megg\Desktop"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc: "C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted".
The ServiceDll of wscsvc: ""C:\windows\system32\wscsvc.dll"".


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#6 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:46 AM

Posted 03 June 2012 - 11:47 AM

My apology for the delay, was not aware you had replied. :blush:

The Farbar Service Scanner shows a few areas that need attention.

We will take care of these areas in stages.

First, the corruption with the Firewall entries:

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Will be back shortly with instructions to effect a repair on these.

Thanks for your patience.

Old duck...


#7 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:46 AM

Posted 03 June 2012 - 01:10 PM

Please do the following:

Step 1:
Download the following files to the Desktop <<Important!!:

MpsSvc.reg
BFE.reg

And also, for Windows Defender:
http://download.bleepingcomputer.com/win-services/7/WinDefend.reg'>WinDefend.reg


Step 2:
Since we are fixing entries in the Registry, let's back it up:

Download ERUNT (Emergency Recovery Utility for NT)
Press: Download Now 2000/XP/Vista/7...
Save to the Desktop.
  • Double-click erunt-setup-exe to start the install process.
  • Follow the install prompts, and use the default install settings.
  • In the next prompt, make sure the first two check boxes are selected.
  • Click Next, then click Install, select whichever options you desire, then click: Finish
Next,
  • In the prompt with C:\WINDOWS\ERDNT\DD-MM-YYYY, under the Backup to area, make sure these items are selected:
    • System Registry.
    • Current user Registry.
  • Click: OK, and, when asked to create the folder, select: Yes
  • The program runs, and a 'Registry backup is complete!' message appears.
  • Click: OK
If this step does not complete successfully. < STOP > Do not continue with any other steps. < STOP > Please post back on the issue!


Step 3:
  • If the ERUNT backup completed successfully, please click Start, and in the Search programs and files area above, type: regedit
  • A regedit.exe appears in the Programs area.
  • Right-click on regedit.exe and select 'Run As Administrator'
  • In the Registry Editor menu bar, click File and select: Import
  • Navigate to the previously downloaded MpsSvc.reg file saved on the Desktop.
  • Double-click on the file, and allow it to add/merge into the Registry.
Repeat the Registry Editor > Import process for the Bfe.reg, and for WinDefend.reg files.


Step 4:
Restart the computer.


Step 5:
Last, please download and run Farbar Service Scanner
>> Updated link >> here

Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
Press: Scan
The program creates a report, FSS.txt, in the same directory the tool is run.
Please provide the new FSS.txt in your reply.

Edited by Aaflac, 03 June 2012 - 05:23 PM.

Old duck...


#8 ajax1946

ajax1946
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 04 June 2012 - 10:22 AM

No worries about the late replies, I had done the same thing before, only I had thought I was watching the topic but forgot to do so.

ERUNT ran successfully and I received the registry backup complete message. Do I go on with the other steps now?

#9 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:46 AM

Posted 04 June 2012 - 11:02 AM

Since ERUNT completed successfully, please press on with Steps 3, 4, 5.

Old duck...


#10 ajax1946

ajax1946
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 05 June 2012 - 12:24 AM

I opened regedit.exe as an administrator and received the following message, "The keys and values contained in C:\Users\Megg\Desktop\MpsSvc.reg have been successfully added to the registry". I received the same message for bot BFE.reg and WinDefend.reg.

I restarted the computer, it defaulted to normal mode. When the cursor was moved onto the start bar the whirling circle hourglass symbol would appear, the arrow cursor was showing up on any other part of the desktop but nothing was clickable. I forced the computer off and then restarted in safe mode with networking.

I followed the instructions to download, check the boxes, and run the scan in Farbar and received this log:



Farbar Service Scanner Version: 05-06-2012
Ran by Megg (administrator) on 05-06-2012 at 01:20:19
Running from "C:\Users\Megg\Desktop"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc: "C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted".
The ServiceDll of wscsvc: ""C:\windows\system32\wscsvc.dll"".


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#11 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:46 AM

Posted 05 June 2012 - 05:19 PM

Please try this Microsoft tool: Diagnose and fix Windows Firewall service problems automatically


Next, run Farbar Service Scanner once again.

Make sure the following options are checked:
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
Press: Scan

Please provide the new FSS.txt in your reply.

Old duck...


#12 ajax1946

ajax1946
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 05 June 2012 - 09:49 PM

I tried saving the Fix It to the desktop and running it and also choosing run from the prompt that appears after clicking the Run Now button.

I get this error both times:

Troubleshooting cannot continue because an error has occurred
We're sorry but the program encountered an error and can not continue.
Please try again later.

#13 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:46 AM

Posted 05 June 2012 - 10:19 PM

Rats!

Thought that tool would fix the problem.
So much for that...


Let's try the following:

Please download RestoreBFE.exe
Double-click on the downloaded file.
It should only take a few seconds to run.
When done, the following message appears: Done! Please check if BFE service is running now.

However, there are certain Permissions required...

Posted Image

So, click: Start and in the Start Search box type: regedit
Press: Enter

Under Programs, right-click: regedit, and select 'Run as Administrator'
The Registry editor opens...
Please navigate to the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy

You do so by clicking on the [>] to the left of the following:
HKEY_LOCAL_MACHINE
SYSTEM
CurrentControlSet
Services
BFE
Parameters
Policy


When you reach the Policy key on the left pane (it looks like a folder), right-click on it, and click: Permissions
  • Click Advanced
  • Under the Permissions tab click Add...
  • A window pops up, copy and paste the following in the Enter the object box: NT SERVICE\BFE
  • Click OK.
  • A new window pops up, check the following boxes under Allow and click OK:

    • Query Value
    • Set Value
    • Create Subkey
    • Enumerate Subkeys
    • Notify
    • Read control
  • Click OK to close all the open windows, and restart the computer.


Now, run Farbar Service Scanner once again.
Please provide the FSS.txt in your reply.

Old duck...


#14 ajax1946

ajax1946
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 06 June 2012 - 12:10 AM

Farbar Service Scanner Version: 05-06-2012
Ran by Megg (administrator) on 06-06-2012 at 01:09:49
Running from "C:\Users\Megg\Desktop"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc: "C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted".
The ServiceDll of wscsvc: ""C:\windows\system32\wscsvc.dll"".


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#15 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:46 AM

Posted 06 June 2012 - 12:21 AM

Are you still running the Farbar Service Scanner from Safe Mode?

Also, check the Windows Firewall service:

Click Start, in Start Search bar, type: services.msc
Press: Enter
In the right pane, double-click: Windows Firewall

Is the Startup type set to: Automatic?
What does the Service status say?

Edited by Aaflac, 12 June 2012 - 01:01 AM.

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users