blofeld Posted March 24, 2011 ID:404450 Share Posted March 24, 2011 Apologies if this has already been dealt with8...I have the XP anti virus malware...Can't run MBAM....tried to run procexp.exe to kill System security process but did't work. Tried to use RootRepeal but it found no files so that didn't work. Completely stuck. Any suggestions appreciated. Link to post Share on other sites More sharing options...
trillionsin Posted March 24, 2011 ID:404462 Share Posted March 24, 2011 (edited) trillionsin,Please readhttp://forums.malwarebytes.org/index.php?showtopic=12264 Edited March 24, 2011 by LDTate Unauthorized post Link to post Share on other sites More sharing options...
MrCharlie Posted March 24, 2011 ID:404466 Share Posted March 24, 2011 Welcome to the forum, no need to apologize.Carefully read and follow this Guide.Make sure you run rkill and then immediately run MBAM as desribed.Most important....update MBAM before you run it.Post the logs back here, let me know....MrC Link to post Share on other sites More sharing options...
blofeld Posted March 27, 2011 Author ID:405967 Share Posted March 27, 2011 Hello, I followed the instructions that you sent me.....I think it was successful!...it appears to have gone but I await with bated breath in case the swine is till lurking here!Here are the reports:OTL logfile created on: 27/03/2011 21:49:24 - Run 1OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\DesktopWindows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy1,022.00 Mb Total Physical Memory | 247.00 Mb Available Physical Memory | 24.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File freePaging file location(s): C:\pagefile.sys 1536 3072 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 232.88 Gb Total Space | 196.34 Gb Free Space | 84.31% Space Free | Partition Type: NTFSUnable to calculate disk information.Computer Name: GE-82E8C3E7940F | User Name: Owner | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2011/03/27 21:48:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exePRC - [2011/03/23 19:17:40 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2011/02/22 10:00:25 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exePRC - [2011/02/22 10:00:18 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exePRC - [2011/02/22 10:00:10 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exePRC - [2009/12/07 12:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exePRC - [2009/08/20 09:25:33 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exePRC - [2009/08/20 09:25:23 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exePRC - [2009/08/20 09:24:58 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exePRC - [2009/04/23 06:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.binPRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exePRC - [2009/01/09 10:28:30 | 001,077,248 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exePRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exePRC - [2008/04/24 09:06:56 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exePRC - [2006/12/27 16:39:56 | 000,489,984 | ---- | M] () -- C:\Program Files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exePRC - [2006/09/13 10:58:44 | 002,154,496 | ---- | M] (Palit Microsystems, Inc.) -- C:\Program Files\VDOTool\TBPANEL.exePRC - [2006/07/25 02:01:00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exePRC - [2005/10/31 10:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exePRC - [2004/12/02 18:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exePRC - [2004/08/04 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe========== Modules (SafeList) ==========MOD - [2011/03/27 21:48:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exeMOD - [2009/12/07 12:50:46 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dllMOD - [2004/08/04 13:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll========== Win32 Services (SafeList) ==========SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)SRV - [2011/02/22 10:00:18 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)SRV - [2011/02/20 18:35:52 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)SRV - [2010/10/06 12:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)SRV - [2009/08/20 09:24:58 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)========== Driver Services (SafeList) ==========DRV - [2009/12/07 12:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)DRV - [2009/12/07 12:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)DRV - [2009/08/20 09:25:32 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)DRV - [2009/08/20 09:25:31 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)DRV - [2009/05/11 09:25:23 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)DRV - [2008/10/01 12:24:20 | 000,637,952 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)DRV - [2008/01/15 14:50:52 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)DRV - [2006/09/29 17:05:40 | 000,029,312 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l6dp.sys -- (L6DP)DRV - [2006/09/29 17:01:50 | 000,472,832 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L6TPortA.sys -- (L6TPortA)DRV - [2006/04/17 09:31:26 | 004,262,912 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2006/03/17 16:10:00 | 001,163,264 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)DRV - [2005/12/08 11:54:52 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)DRV - [2005/12/08 11:54:44 | 000,142,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)DRV - [2002/07/27 19:01:06 | 000,005,306 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)DRV - [2002/07/27 19:01:06 | 000,005,306 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)DRV - [2001/08/17 15:06:20 | 000,100,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icam5USB.sys -- (ICAM5USB) Intel®========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.htmlIE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1960408961-1757981266-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/IE - HKU\S-1-5-21-1960408961-1757981266-725345543-1003\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not foundIE - HKU\S-1-5-21-1960408961-1757981266-725345543-1003\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not foundIE - HKU\S-1-5-21-1960408961-1757981266-725345543-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()IE - HKU\S-1-5-21-1960408961-1757981266-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)IE - HKU\S-1-5-21-1960408961-1757981266-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4d637b47&v=6.010.006.004&i=23&tp=ab&iy=&ychte=uk&lng=en-US&q="FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/04/24 09:07:30 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2011/02/22 23:01:40 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2011/02/22 10:00:55 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 19:17:45 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 19:17:45 | 000,000,000 | ---D | M][2008/07/06 06:02:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions[2011/03/27 21:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uc72hsln.default\extensions[2011/02/20 20:04:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uc72hsln.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}[2009/01/03 19:02:05 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uc72hsln.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}[2011/03/27 21:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2007/06/22 20:36:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}[2007/09/02 10:07:13 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com[2011/02/22 23:01:40 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX[2011/02/22 10:00:55 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.010.006.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED[2009/07/23 20:19:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF[2009/08/27 21:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\Mozilla Firefox\plugins\npBTEmailConfig.dllO1 HOSTS File: ([2008/10/17 20:05:16 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()O3 - HKLM\..\Toolbar: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O3 - HKU\S-1-5-21-1960408961-1757981266-725345543-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.O3 - HKU\S-1-5-21-1960408961-1757981266-725345543-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()O3 - HKU\S-1-5-21-1960408961-1757981266-725345543-1003\..\Toolbar\WebBrowser: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O4 - HKLM..\Run: [ACQTMOUSE] C:\Program Files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe ()O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)O4 - HKLM..\Run: [CTXFIREG] File not foundO4 - HKLM..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe (Palit Microsystems, Inc.)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.DLL ()O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)O4 - HKLM..\Run: [updReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)O4 - HKU\S-1-5-21-1960408961-1757981266-725345543-1003..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)O4 - HKU\S-1-5-21-1960408961-1757981266-725345543-1003..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1960408961-1757981266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O15 - HKU\S-1-5-21-1960408961-1757981266-725345543-1003\..Trusted Domains: line6.net ([]* in Trusted sites)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2007/03/06 12:35:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2011/03/27 21:48:52 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe[2011/03/27 21:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes[2011/03/27 21:09:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2011/03/27 21:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware[2011/03/27 21:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2011/03/27 21:09:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2011/03/27 21:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2011/03/27 21:07:10 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.com[2011/03/24 10:57:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent[2011/03/24 10:13:28 | 003,404,136 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Owner\Desktop\winlogon2.exe[2011/03/24 10:13:28 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\rootrepeal.exe[2011/03/24 08:09:51 | 001,739,024 | ---- | C] (Secunia) -- C:\Documents and Settings\Owner\Desktop\PSISetup.exe[2011/03/23 20:57:46 | 000,331,776 | -HS- | C] (Valve Corporation) -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\jrm.exe[2011/03/23 20:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe[2011/03/23 20:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe[2011/03/23 20:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun[2011/03/23 18:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia[2007/03/06 14:19:37 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2011/03/27 22:05:34 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.com[2011/03/27 21:52:59 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI[2011/03/27 21:48:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe[2011/03/27 21:36:46 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2011/03/27 21:36:46 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2011/03/27 21:33:20 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml[2011/03/27 21:32:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2011/03/27 21:29:55 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2011/03/27 21:19:45 | 000,012,808 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3[2011/03/27 21:19:44 | 000,012,808 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3[2011/03/27 21:09:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2011/03/27 20:59:05 | 000,000,561 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fixme.bat[2011/03/27 18:30:50 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe[2011/03/24 20:20:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat[2011/03/24 10:44:42 | 003,404,136 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Owner\Desktop\winlogon2.exe[2011/03/24 09:44:46 | 072,974,991 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm[2011/03/23 23:45:32 | 001,739,024 | ---- | M] (Secunia) -- C:\Documents and Settings\Owner\Desktop\PSISetup.exe[2011/03/23 21:36:58 | 000,012,346 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\352076595[2011/03/23 21:36:39 | 000,012,330 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\966094971[2011/03/23 21:36:39 | 000,012,330 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\352076595[2011/03/23 21:35:23 | 000,012,322 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\966094971[2011/03/23 19:28:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\ Link to post Share on other sites More sharing options...
MrCharlie Posted March 27, 2011 ID:406009 Share Posted March 27, 2011 That's Good NewsPlease enable hidden files > link below explains how to:http://www.howtogeek.com/howto/windows/display-hidden-folders-in-xp/Then take a look at and in these folders and let me know if you recognize them:C:\Documents and Settings\All Users\Application Data\hqfsdmvaC:\Documents and Settings\Owner\Local Settings\Application Data\352076595C:\Documents and Settings\Owner\Local Settings\Application Data\966094971C:\Documents and Settings\All Users\Application Data\352076595C:\Documents and Settings\All Users\Application Data\966094971C:\Documents and Settings\Owner\ Link to post Share on other sites More sharing options...
blofeld Posted March 28, 2011 Author ID:406105 Share Posted March 28, 2011 Bad news.....firstly , I realised that when I got MBAM to run I only did quick scan. Anyway, it turns out it's still infected. Tried same proceedure but after Rkill is run all my desktop empties and I'm left with a black screen...can't access MBAM or anything...(agh!).....should I try suggestion posted above or what?.....thanks;; Link to post Share on other sites More sharing options...
MrCharlie Posted March 28, 2011 ID:406256 Share Posted March 28, 2011 Yes, run OTL first, don't worry about TDSSKiller for now, MrC------------------------------Edit:FYI: The malware is still on the system:C:\Documents and Settings\NetworkService\Local Settings\Application Data\jrm.exe C:\Documents and Settings\All Users\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3 C:\Documents and Settings\Owner\Local Settings\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3 C:\Documents and Settings\NetworkService\Local Settings\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3You'll have to enable hidden files to see them:http://www.howtogeek.com/howto/windows/display-hidden-folders-in-xp/If you can manually delete that file (or rename it) and folders, please do it.MrC Link to post Share on other sites More sharing options...
blofeld Posted March 28, 2011 Author ID:406384 Share Posted March 28, 2011 Yes, run OTL first, don't worry about TDSSKiller for now, MrC------------------------------Edit:FYI: The malware is still on the system:C:\Documents and Settings\NetworkService\Local Settings\Application Data\jrm.exe C:\Documents and Settings\All Users\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3 C:\Documents and Settings\Owner\Local Settings\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3 C:\Documents and Settings\NetworkService\Local Settings\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3You'll have to enable hidden files to see them:http://www.howtogeek.com/howto/windows/display-hidden-folders-in-xp/If you can manually delete that file (or rename it) and folders, please do it.MrC Link to post Share on other sites More sharing options...
blofeld Posted March 28, 2011 Author ID:406385 Share Posted March 28, 2011 Have run OTL as directed.Here is the log. Will try to delete files manually.All processes killed========== OTL ==========Registry value HKEY_USERS\S-1-5-21-1960408961-1757981266-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ deleted successfully.Registry value HKEY_USERS\S-1-5-21-1960408961-1757981266-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.Registry value HKEY_USERS\S-1-5-21-1960408961-1757981266-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CTXFIREG deleted successfully.C:\Documents and Settings\NetworkService\Local Settings\Application Data\jrm.exe moved successfully.C:\Documents and Settings\All Users\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3 moved successfully.C:\Documents and Settings\Owner\Local Settings\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3 moved successfully.C:\Documents and Settings\NetworkService\Local Settings\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3 moved successfully.========== COMMANDS ==========[EMPTYTEMP]User: All UsersUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytesUser: LocalService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 36268 bytesUser: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 75564 bytes->Flash cache emptied: 645 bytesUser: Owner->Temp folder emptied: 5585908 bytes->Temporary Internet Files folder emptied: 556608 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 55028084 bytes->Apple Safari cache emptied: 0 bytes->Flash cache emptied: 405 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 2142714 bytes%systemroot%\System32 .tmp files removed: 83985 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 2473112 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 63.00 mbOTL by OldTimer - Version 3.2.22.3 log created on 03282011_185024Files\Folders moved on Reboot...Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
MrCharlie Posted March 28, 2011 ID:406394 Share Posted March 28, 2011 OTL took care of it for you, my message to delete them manually was in case you couldn't' run OTL for some reason.Update and run a quick scan with MBAM > post the log, MrC Link to post Share on other sites More sharing options...
blofeld Posted March 28, 2011 Author ID:406446 Share Posted March 28, 2011 Well interestingly I did the Hidden files thing.....didnt find the files you listed above but I did find something called "Steam Valve Boiler" ...can't remember if it was an .exe...anyway my friend had tried to help me with this problem over the phone and, though unsuccesful, he did say he knew the culprit was calling itself "Steam"... just couldnt find it. I deleted "Steam" and ran MBAM. It found 5 infections. IF I can clear this thing I'm going to buy MBAM!...reluctant to try yet in case the Virus is still in the systemHere is the log. Thanks again:Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 6186Windows 5.1.2600 Service Pack 2Internet Explorer 6.0.2900.218028/03/2011 21:06:00mbam-log-2011-03-28 (21-06-00).txtScan type: Full scan (C:\|)Objects scanned: 202035Time elapsed: 37 minute(s), 47 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 3Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:c:\system volume information\_restore{501d31dc-7dd0-4a6d-882b-68882e641226}\RP929\A0150325.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.c:\_OTL\movedfiles\03282011_185024\c_documents and settings\networkservice\local settings\application data\jrm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
MrCharlie Posted March 28, 2011 ID:406509 Share Posted March 28, 2011 What about these folders:C:\Documents and Settings\All Users\Application Data\hqfsdmvaC:\Documents and Settings\Owner\Local Settings\Application Data\352076595C:\Documents and Settings\Owner\Local Settings\Application Data\966094971C:\Documents and Settings\All Users\Application Data\352076595C:\Documents and Settings\All Users\Application Data\966094971C:\Documents and Settings\Owner\ Link to post Share on other sites More sharing options...
blofeld Posted March 29, 2011 Author ID:406675 Share Posted March 29, 2011 Hello,I don't have the "all users\application" folder.I don't have "owner\local applications" folder.I HAVE GOT THE LAST ONE C:\DOCUMENTS AND SETTINGS\Owner\Y;Y;what next?Thanks.. Link to post Share on other sites More sharing options...
MrCharlie Posted March 29, 2011 ID:406727 Share Posted March 29, 2011 You'll have to enable hidden files to see them:http://www.howtogeek.com/howto/windows/display-hidden-folders-in-xp/C:\Documents and Settings\All Users\Application Data\hqfsdmvaC:\Documents and Settings\Owner\Local Settings\Application Data\352076595 C:\Documents and Settings\Owner\Local Settings\Application Data\966094971 C:\Documents and Settings\All Users\Application Data\352076595C:\Documents and Settings\All Users\Application Data\966094971See if you recognize them and what's inside or what they belong to.Don't delete them unless you're sure, MrC Link to post Share on other sites More sharing options...
blofeld Posted March 29, 2011 Author ID:406776 Share Posted March 29, 2011 Looked into hidden files.I have:C:\Documents and Settings\All Users\Application Data\hqfsdmvacan't see the others or anything that resembles them. Link to post Share on other sites More sharing options...
MrCharlie Posted March 29, 2011 ID:406780 Share Posted March 29, 2011 Download and run unhide.exe, now see if you can find them.Let me know, MrC Link to post Share on other sites More sharing options...
blofeld Posted March 29, 2011 Author ID:406793 Share Posted March 29, 2011 Ran unhide.exe but still cant see those files except for the first one in the list (...hqfsdmva) which is apparently empty ( according to properties). Link to post Share on other sites More sharing options...
MrCharlie Posted March 29, 2011 ID:406806 Share Posted March 29, 2011 OK, you can delete that folder:C:\Documents and Settings\All Users\Application Data\hqfsdmva-------------------------Please do this:Please download SystemLook from one of the links below and save it to your Desktop.Download Mirror #1Download Mirror #2Double-click SystemLook.exe to run it.Copy the content of the following codebox into the main textfield: :dirC:\Documents and Settings\Owner\Local Settings\Application Data\352076595 C:\Documents and Settings\Owner\Local Settings\Application Data\966094971C:\Documents and Settings\All Users\Application Data\352076595C:\Documents and Settings\All Users\Application Data\966094971Click the Look button to start the scan.When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txtMrC Link to post Share on other sites More sharing options...
blofeld Posted March 29, 2011 Author ID:406816 Share Posted March 29, 2011 Ran SystemLook but it didn't appear to find them either.Here is the log:SystemLook 04.09.10 by jpshortstuffLog created at 19:02 on 29/03/2011 by OwnerAdministrator - Elevation successful========== dir ==========C:\Documents and Settings\Owner\Local Settings\Application Data\352076595 - Unable to find folder.C:\Documents and Settings\Owner\Local Settings\Application Data\966094971 - Unable to find folder.C:\Documents and Settings\All Users\Application Data\352076595 - Unable to find folder.C:\Documents and Settings\All Users\Application Data\966094971 - Unable to find folder.-= EOF =- Link to post Share on other sites More sharing options...
MrCharlie Posted March 29, 2011 ID:406821 Share Posted March 29, 2011 OK Good that confirms it.Lets run TDSSKiller now:Download TDSSKiller to your Desktop. Doubleclick on TDSSKiller.exe to run the application, then click on Start Scan. Don't Change These Settings:If an infected file is detected, the default action will be Cure, click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue. You may be asked you to reboot the computer to complete the process. Click on Reboot Now To view the report: Click the Report button and copy/paste the contents of it into your next reply.Note:It will also create a log in the C:\ directory and look something like this:TDSSKiller.2.4.17.0_12.02.2011_14.35.56_log.txtIf nothing is found, you don't have to post the log...just let me know.-----------------------------------------Then Update and run a Quick scan with MBAM and post the log.Let me know how it's running now also, MrC Link to post Share on other sites More sharing options...
blofeld Posted March 29, 2011 Author ID:406827 Share Posted March 29, 2011 Ran TDSSKiller...looks like it got something. Here is the log:3/29 19:24:17.0953 1868 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:282011/03/29 19:24:18.0265 1868 ================================================================================2011/03/29 19:24:18.0265 1868 SystemInfo:2011/03/29 19:24:18.0265 1868 2011/03/29 19:24:18.0265 1868 OS Version: 5.1.2600 ServicePack: 2.02011/03/29 19:24:18.0265 1868 Product type: Workstation2011/03/29 19:24:18.0265 1868 ComputerName: GE-82E8C3E7940F2011/03/29 19:24:18.0265 1868 UserName: Owner2011/03/29 19:24:18.0265 1868 Windows directory: C:\WINDOWS2011/03/29 19:24:18.0265 1868 System windows directory: C:\WINDOWS2011/03/29 19:24:18.0265 1868 Processor architecture: Intel x862011/03/29 19:24:18.0265 1868 Number of processors: 22011/03/29 19:24:18.0265 1868 Page size: 0x10002011/03/29 19:24:18.0265 1868 Boot type: Normal boot2011/03/29 19:24:18.0265 1868 ================================================================================2011/03/29 19:24:18.0625 1868 Initialize success2011/03/29 19:24:23.0140 2140 ================================================================================2011/03/29 19:24:23.0140 2140 Scan started2011/03/29 19:24:23.0140 2140 Mode: Manual; 2011/03/29 19:24:23.0140 2140 ================================================================================2011/03/29 19:24:24.0078 2140 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys2011/03/29 19:24:24.0140 2140 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys2011/03/29 19:24:24.0250 2140 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys2011/03/29 19:24:24.0312 2140 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys2011/03/29 19:24:24.0359 2140 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys2011/03/29 19:24:24.0781 2140 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys2011/03/29 19:24:24.0843 2140 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys2011/03/29 19:24:24.0906 2140 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys2011/03/29 19:24:24.0984 2140 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys2011/03/29 19:24:25.0015 2140 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys2011/03/29 19:24:25.0078 2140 Cardex (175418424b0973ae9004257ebc60431c) C:\WINDOWS\system32\drivers\TBPANEL.SYS2011/03/29 19:24:25.0109 2140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys2011/03/29 19:24:25.0187 2140 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys2011/03/29 19:24:25.0296 2140 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys2011/03/29 19:24:25.0343 2140 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys2011/03/29 19:24:25.0375 2140 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys2011/03/29 19:24:25.0562 2140 ctsfm2k (fcbb8ea6fe935d2c531d3a4dee9f985b) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys2011/03/29 19:24:25.0671 2140 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys2011/03/29 19:24:25.0750 2140 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys2011/03/29 19:24:25.0812 2140 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys2011/03/29 19:24:25.0859 2140 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys2011/03/29 19:24:25.0921 2140 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys2011/03/29 19:24:26.0000 2140 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys2011/03/29 19:24:26.0078 2140 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys2011/03/29 19:24:26.0109 2140 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys2011/03/29 19:24:26.0156 2140 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys2011/03/29 19:24:26.0203 2140 FETNDISB (a583bc166495b07f704533754ce29cbd) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys2011/03/29 19:24:26.0250 2140 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys2011/03/29 19:24:26.0296 2140 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys2011/03/29 19:24:26.0343 2140 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys2011/03/29 19:24:26.0375 2140 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys2011/03/29 19:24:26.0406 2140 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys2011/03/29 19:24:26.0453 2140 gagp30kx (4216cd545e5c30807b560c5dcaa812e6) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys2011/03/29 19:24:26.0500 2140 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys2011/03/29 19:24:26.0593 2140 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys2011/03/29 19:24:26.0640 2140 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys2011/03/29 19:24:26.0703 2140 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys2011/03/29 19:24:26.0812 2140 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys2011/03/29 19:24:26.0843 2140 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys2011/03/29 19:24:26.0859 2140 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys2011/03/29 19:24:26.0937 2140 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys2011/03/29 19:24:27.0062 2140 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys2011/03/29 19:24:27.0125 2140 ICAM5USB (0a8a464d0dfd3257b72792248b44fc93) C:\WINDOWS\system32\Drivers\Icam5USB.sys2011/03/29 19:24:27.0234 2140 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys2011/03/29 19:24:27.0421 2140 IntcAzAudAddService (71ae838a88b07268d732f596fc17ced5) C:\WINDOWS\system32\drivers\RtkHDAud.sys2011/03/29 19:24:27.0562 2140 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys2011/03/29 19:24:27.0609 2140 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys2011/03/29 19:24:27.0640 2140 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys2011/03/29 19:24:27.0718 2140 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys2011/03/29 19:24:27.0781 2140 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys2011/03/29 19:24:27.0843 2140 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys2011/03/29 19:24:27.0875 2140 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys2011/03/29 19:24:27.0921 2140 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys2011/03/29 19:24:27.0968 2140 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys2011/03/29 19:24:28.0031 2140 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys2011/03/29 19:24:28.0078 2140 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys2011/03/29 19:24:28.0125 2140 L6DP (cd83854b89bd69f86225d9fc086c1abf) C:\WINDOWS\system32\Drivers\l6dp.sys2011/03/29 19:24:28.0171 2140 L6TPortA (585e0a1368a84d4fbedca77418a9f7f1) C:\WINDOWS\system32\Drivers\L6TPortA.sys2011/03/29 19:24:28.0281 2140 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys2011/03/29 19:24:28.0328 2140 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys2011/03/29 19:24:28.0375 2140 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys2011/03/29 19:24:28.0421 2140 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys2011/03/29 19:24:28.0468 2140 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys2011/03/29 19:24:28.0593 2140 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS2011/03/29 19:24:28.0656 2140 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS2011/03/29 19:24:28.0687 2140 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys2011/03/29 19:24:28.0750 2140 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys2011/03/29 19:24:28.0781 2140 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys2011/03/29 19:24:28.0843 2140 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys2011/03/29 19:24:28.0875 2140 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys2011/03/29 19:24:28.0906 2140 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys2011/03/29 19:24:28.0968 2140 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys2011/03/29 19:24:29.0015 2140 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys2011/03/29 19:24:29.0062 2140 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys2011/03/29 19:24:29.0093 2140 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys2011/03/29 19:24:29.0109 2140 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys2011/03/29 19:24:29.0156 2140 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys2011/03/29 19:24:29.0187 2140 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys2011/03/29 19:24:29.0250 2140 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys2011/03/29 19:24:29.0265 2140 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys2011/03/29 19:24:29.0296 2140 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys2011/03/29 19:24:29.0343 2140 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys2011/03/29 19:24:29.0375 2140 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys2011/03/29 19:24:29.0453 2140 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys2011/03/29 19:24:29.0500 2140 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys2011/03/29 19:24:29.0562 2140 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys2011/03/29 19:24:29.0687 2140 nv (5645072033c2e51386e91bc137c0beb5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys2011/03/29 19:24:29.0843 2140 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys2011/03/29 19:24:29.0875 2140 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys2011/03/29 19:24:29.0953 2140 ossrv (3649eefa90990249267dd6c7808cbc86) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys2011/03/29 19:24:30.0015 2140 P17 (9a1c06e3888891757913ef08cb9f8a81) C:\WINDOWS\system32\drivers\P17.sys2011/03/29 19:24:30.0109 2140 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys2011/03/29 19:24:30.0187 2140 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys2011/03/29 19:24:30.0234 2140 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys2011/03/29 19:24:30.0265 2140 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys2011/03/29 19:24:30.0312 2140 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys2011/03/29 19:24:30.0359 2140 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys2011/03/29 19:24:30.0687 2140 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys2011/03/29 19:24:30.0718 2140 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys2011/03/29 19:24:30.0750 2140 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys2011/03/29 19:24:30.0796 2140 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys2011/03/29 19:24:30.0875 2140 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys2011/03/29 19:24:31.0078 2140 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys2011/03/29 19:24:31.0140 2140 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys2011/03/29 19:24:31.0171 2140 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys2011/03/29 19:24:31.0203 2140 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys2011/03/29 19:24:31.0250 2140 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys2011/03/29 19:24:31.0296 2140 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys2011/03/29 19:24:31.0343 2140 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys2011/03/29 19:24:31.0390 2140 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys2011/03/29 19:24:31.0500 2140 rt2870 (65a31e0eeaacc22871fe97c5ac23156c) C:\WINDOWS\system32\DRIVERS\rt2870.sys2011/03/29 19:24:31.0578 2140 RT73 (c7bcf9808e2a1b4cabe16ff7fbce5fab) C:\WINDOWS\system32\DRIVERS\rt73.sys2011/03/29 19:24:31.0656 2140 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys2011/03/29 19:24:31.0703 2140 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys2011/03/29 19:24:31.0734 2140 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys2011/03/29 19:24:31.0765 2140 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys2011/03/29 19:24:31.0843 2140 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys2011/03/29 19:24:31.0937 2140 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys2011/03/29 19:24:32.0000 2140 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys2011/03/29 19:24:32.0062 2140 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys2011/03/29 19:24:32.0125 2140 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys2011/03/29 19:24:32.0187 2140 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys2011/03/29 19:24:32.0234 2140 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys2011/03/29 19:24:32.0437 2140 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys2011/03/29 19:24:32.0531 2140 TBPanel (175418424b0973ae9004257ebc60431c) C:\WINDOWS\system32\drivers\TBPanel.sys2011/03/29 19:24:32.0593 2140 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys2011/03/29 19:24:32.0640 2140 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys2011/03/29 19:24:32.0656 2140 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys2011/03/29 19:24:32.0703 2140 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys2011/03/29 19:24:32.0796 2140 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys2011/03/29 19:24:32.0890 2140 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys2011/03/29 19:24:32.0953 2140 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys2011/03/29 19:24:32.0984 2140 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys2011/03/29 19:24:33.0015 2140 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys2011/03/29 19:24:33.0062 2140 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys2011/03/29 19:24:33.0093 2140 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys2011/03/29 19:24:33.0156 2140 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS2011/03/29 19:24:33.0218 2140 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys2011/03/29 19:24:33.0281 2140 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys2011/03/29 19:24:33.0328 2140 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys2011/03/29 19:24:33.0375 2140 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys2011/03/29 19:24:33.0437 2140 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys2011/03/29 19:24:33.0531 2140 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys2011/03/29 19:24:33.0625 2140 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys2011/03/29 19:24:33.0687 2140 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS2011/03/29 19:24:33.0781 2140 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)2011/03/29 19:24:33.0781 2140 ================================================================================2011/03/29 19:24:33.0781 2140 Scan finished2011/03/29 19:24:33.0781 2140 ================================================================================2011/03/29 19:24:33.0812 3576 Detected object count: 12011/03/29 19:24:57.0687 3576 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot2011/03/29 19:24:57.0687 3576 \HardDisk0 - ok2011/03/29 19:24:57.0687 3576 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/03/29 19:25:02.0140 2616 Deinitialize success Link to post Share on other sites More sharing options...
MrCharlie Posted March 29, 2011 ID:406828 Share Posted March 29, 2011 Good, that's why we run it.Run it again and make sure nothing is found.If nothing is found....run MBAM as described and post the log, MrC Link to post Share on other sites More sharing options...
blofeld Posted March 29, 2011 Author ID:406830 Share Posted March 29, 2011 Didn't find anything this time....then ran MBAM...also clear...Here is the log:2011/03/29 20:02:02.0234 1224 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:282011/03/29 20:02:02.0546 1224 ================================================================================2011/03/29 20:02:02.0546 1224 SystemInfo:2011/03/29 20:02:02.0546 1224 2011/03/29 20:02:02.0562 1224 OS Version: 5.1.2600 ServicePack: 2.02011/03/29 20:02:02.0562 1224 Product type: Workstation2011/03/29 20:02:02.0562 1224 ComputerName: GE-82E8C3E7940F2011/03/29 20:02:02.0562 1224 UserName: Owner2011/03/29 20:02:02.0562 1224 Windows directory: C:\WINDOWS2011/03/29 20:02:02.0562 1224 System windows directory: C:\WINDOWS2011/03/29 20:02:02.0562 1224 Processor architecture: Intel x862011/03/29 20:02:02.0562 1224 Number of processors: 22011/03/29 20:02:02.0562 1224 Page size: 0x10002011/03/29 20:02:02.0562 1224 Boot type: Normal boot2011/03/29 20:02:02.0562 1224 ================================================================================2011/03/29 20:02:02.0671 1224 Initialize success2011/03/29 20:02:05.0109 2056 ================================================================================2011/03/29 20:02:05.0109 2056 Scan started2011/03/29 20:02:05.0109 2056 Mode: Manual; 2011/03/29 20:02:05.0109 2056 ================================================================================2011/03/29 20:02:06.0390 2056 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys2011/03/29 20:02:06.0453 2056 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys2011/03/29 20:02:06.0546 2056 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys2011/03/29 20:02:06.0640 2056 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys2011/03/29 20:02:06.0718 2056 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys2011/03/29 20:02:07.0046 2056 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys2011/03/29 20:02:07.0109 2056 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys2011/03/29 20:02:07.0171 2056 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys2011/03/29 20:02:07.0234 2056 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys2011/03/29 20:02:07.0281 2056 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys2011/03/29 20:02:07.0343 2056 Cardex (175418424b0973ae9004257ebc60431c) C:\WINDOWS\system32\drivers\TBPANEL.SYS2011/03/29 20:02:07.0375 2056 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys2011/03/29 20:02:07.0437 2056 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys2011/03/29 20:02:07.0515 2056 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys2011/03/29 20:02:07.0562 2056 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys2011/03/29 20:02:07.0796 2056 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys2011/03/29 20:02:08.0109 2056 ctsfm2k (fcbb8ea6fe935d2c531d3a4dee9f985b) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys2011/03/29 20:02:08.0234 2056 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys2011/03/29 20:02:08.0296 2056 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys2011/03/29 20:02:08.0328 2056 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys2011/03/29 20:02:08.0359 2056 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys2011/03/29 20:02:08.0437 2056 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys2011/03/29 20:02:08.0500 2056 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys2011/03/29 20:02:08.0609 2056 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys2011/03/29 20:02:08.0687 2056 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys2011/03/29 20:02:08.0765 2056 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys2011/03/29 20:02:08.0812 2056 FETNDISB (a583bc166495b07f704533754ce29cbd) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys2011/03/29 20:02:08.0859 2056 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys2011/03/29 20:02:08.0921 2056 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys2011/03/29 20:02:08.0968 2056 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys2011/03/29 20:02:09.0000 2056 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys2011/03/29 20:02:09.0046 2056 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys2011/03/29 20:02:09.0093 2056 gagp30kx (4216cd545e5c30807b560c5dcaa812e6) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys2011/03/29 20:02:09.0156 2056 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys2011/03/29 20:02:09.0218 2056 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys2011/03/29 20:02:09.0250 2056 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys2011/03/29 20:02:09.0328 2056 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys2011/03/29 20:02:09.0406 2056 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys2011/03/29 20:02:09.0437 2056 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys2011/03/29 20:02:09.0468 2056 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys2011/03/29 20:02:09.0515 2056 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys2011/03/29 20:02:09.0656 2056 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys2011/03/29 20:02:09.0703 2056 ICAM5USB (0a8a464d0dfd3257b72792248b44fc93) C:\WINDOWS\system32\Drivers\Icam5USB.sys2011/03/29 20:02:09.0765 2056 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys2011/03/29 20:02:10.0000 2056 IntcAzAudAddService (71ae838a88b07268d732f596fc17ced5) C:\WINDOWS\system32\drivers\RtkHDAud.sys2011/03/29 20:02:10.0125 2056 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys2011/03/29 20:02:10.0187 2056 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys2011/03/29 20:02:10.0218 2056 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys2011/03/29 20:02:10.0281 2056 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys2011/03/29 20:02:10.0328 2056 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys2011/03/29 20:02:10.0375 2056 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys2011/03/29 20:02:10.0421 2056 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys2011/03/29 20:02:10.0468 2056 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys2011/03/29 20:02:10.0500 2056 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys2011/03/29 20:02:10.0562 2056 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys2011/03/29 20:02:10.0625 2056 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys2011/03/29 20:02:10.0671 2056 L6DP (cd83854b89bd69f86225d9fc086c1abf) C:\WINDOWS\system32\Drivers\l6dp.sys2011/03/29 20:02:10.0750 2056 L6TPortA (585e0a1368a84d4fbedca77418a9f7f1) C:\WINDOWS\system32\Drivers\L6TPortA.sys2011/03/29 20:02:10.0921 2056 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys2011/03/29 20:02:10.0968 2056 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys2011/03/29 20:02:11.0015 2056 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys2011/03/29 20:02:11.0062 2056 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys2011/03/29 20:02:11.0109 2056 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys2011/03/29 20:02:11.0234 2056 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS2011/03/29 20:02:11.0296 2056 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS2011/03/29 20:02:11.0375 2056 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys2011/03/29 20:02:11.0421 2056 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys2011/03/29 20:02:11.0453 2056 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys2011/03/29 20:02:11.0531 2056 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys2011/03/29 20:02:11.0562 2056 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys2011/03/29 20:02:11.0578 2056 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys2011/03/29 20:02:11.0640 2056 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys2011/03/29 20:02:11.0687 2056 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys2011/03/29 20:02:11.0750 2056 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys2011/03/29 20:02:11.0796 2056 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys2011/03/29 20:02:11.0859 2056 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys2011/03/29 20:02:11.0921 2056 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys2011/03/29 20:02:12.0000 2056 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys2011/03/29 20:02:12.0062 2056 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys2011/03/29 20:02:12.0109 2056 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys2011/03/29 20:02:12.0156 2056 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys2011/03/29 20:02:12.0187 2056 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys2011/03/29 20:02:12.0218 2056 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys2011/03/29 20:02:12.0312 2056 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys2011/03/29 20:02:12.0343 2056 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys2011/03/29 20:02:12.0390 2056 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys2011/03/29 20:02:12.0531 2056 nv (5645072033c2e51386e91bc137c0beb5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys2011/03/29 20:02:12.0625 2056 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys2011/03/29 20:02:12.0687 2056 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys2011/03/29 20:02:12.0765 2056 ossrv (3649eefa90990249267dd6c7808cbc86) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys2011/03/29 20:02:12.0812 2056 P17 (9a1c06e3888891757913ef08cb9f8a81) C:\WINDOWS\system32\drivers\P17.sys2011/03/29 20:02:12.0890 2056 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys2011/03/29 20:02:12.0921 2056 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys2011/03/29 20:02:12.0953 2056 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys2011/03/29 20:02:12.0984 2056 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys2011/03/29 20:02:13.0078 2056 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys2011/03/29 20:02:13.0125 2056 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys2011/03/29 20:02:13.0453 2056 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys2011/03/29 20:02:13.0484 2056 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys2011/03/29 20:02:13.0562 2056 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys2011/03/29 20:02:13.0578 2056 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys2011/03/29 20:02:13.0671 2056 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys2011/03/29 20:02:13.0828 2056 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys2011/03/29 20:02:13.0890 2056 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys2011/03/29 20:02:13.0921 2056 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys2011/03/29 20:02:13.0937 2056 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys2011/03/29 20:02:14.0000 2056 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys2011/03/29 20:02:14.0015 2056 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys2011/03/29 20:02:14.0109 2056 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys2011/03/29 20:02:14.0171 2056 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys2011/03/29 20:02:14.0281 2056 rt2870 (65a31e0eeaacc22871fe97c5ac23156c) C:\WINDOWS\system32\DRIVERS\rt2870.sys2011/03/29 20:02:14.0343 2056 RT73 (c7bcf9808e2a1b4cabe16ff7fbce5fab) C:\WINDOWS\system32\DRIVERS\rt73.sys2011/03/29 20:02:14.0421 2056 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys2011/03/29 20:02:14.0500 2056 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys2011/03/29 20:02:14.0531 2056 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys2011/03/29 20:02:14.0546 2056 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys2011/03/29 20:02:14.0625 2056 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys2011/03/29 20:02:14.0718 2056 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys2011/03/29 20:02:14.0781 2056 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys2011/03/29 20:02:14.0843 2056 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys2011/03/29 20:02:14.0906 2056 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys2011/03/29 20:02:14.0953 2056 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys2011/03/29 20:02:15.0000 2056 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys2011/03/29 20:02:15.0203 2056 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys2011/03/29 20:02:15.0250 2056 TBPanel (175418424b0973ae9004257ebc60431c) C:\WINDOWS\system32\drivers\TBPanel.sys2011/03/29 20:02:15.0296 2056 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys2011/03/29 20:02:15.0343 2056 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys2011/03/29 20:02:15.0359 2056 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys2011/03/29 20:02:15.0390 2056 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys2011/03/29 20:02:15.0484 2056 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys2011/03/29 20:02:15.0562 2056 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys2011/03/29 20:02:15.0625 2056 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys2011/03/29 20:02:15.0671 2056 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys2011/03/29 20:02:15.0703 2056 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys2011/03/29 20:02:15.0765 2056 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys2011/03/29 20:02:15.0812 2056 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys2011/03/29 20:02:15.0859 2056 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS2011/03/29 20:02:15.0906 2056 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys2011/03/29 20:02:15.0953 2056 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys2011/03/29 20:02:16.0046 2056 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys2011/03/29 20:02:16.0062 2056 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys2011/03/29 20:02:16.0125 2056 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys2011/03/29 20:02:16.0234 2056 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys2011/03/29 20:02:16.0359 2056 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys2011/03/29 20:02:16.0421 2056 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS2011/03/29 20:02:16.0593 2056 ================================================================================2011/03/29 20:02:16.0593 2056 Scan finished2011/03/29 20:02:16.0593 2056 ================================================================================2011/03/29 20:02:25.0515 3944 Deinitialize success Link to post Share on other sites More sharing options...
MrCharlie Posted March 29, 2011 ID:406842 Share Posted March 29, 2011 How's it running, MrC Link to post Share on other sites More sharing options...
blofeld Posted March 29, 2011 Author ID:406846 Share Posted March 29, 2011 It seems to be okay...no nasty pop windows covering my screen..and I seem to be able to run programs without any bother...all quiet on the western front! Link to post Share on other sites More sharing options...
Recommended Posts